Play interactive tour

Edit tour

Analysis Report http://novobanco.pt/

Overview

General Information

Sample URL:	http://novobanco.pt/
Analysis ID:	383841
Infos:
Most interesting Screenshot:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Form action URLs do not match main URL

HTML title does not match URL

Submit button contains javascript call

Uses insecure TLS / SSL version for HTTPS connection

Classification

Startup

System is w10x64

iexplore.exe (PID: 6024 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 5920 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6024 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://www.onetrust.com/products/cookie-consent/	HTTP Parser: Form action: https://s2025046056.t.eloqua.com/e/f2 onetrust eloqua
Source: https://www.onetrust.com/products/cookie-consent/	HTTP Parser: Form action: https://s2025046056.t.eloqua.com/e/f2 onetrust eloqua

Source: https://www.novobanco.pt/site/cms.aspx?plg=D8C12C68-0D55-4D37-949A-53038EE8E069	HTTP Parser: Title: Servio Residentes no Estrangeiro does not match URL
Source: https://www.novobanco.pt/site/cms.aspx?plg=D8C12C68-0D55-4D37-949A-53038EE8E069	HTTP Parser: Title: Servio Residentes no Estrangeiro does not match URL

Source: https://www.novobanco.pt/site/cms.aspx?plg=D8C12C68-0D55-4D37-949A-53038EE8E069	HTTP Parser: On click: validateSurveyFormBySideData_606ec47a18f44();
Source: https://www.novobanco.pt/site/cms.aspx?plg=D8C12C68-0D55-4D37-949A-53038EE8E069	HTTP Parser: On click: validateSurveyFormBySideData_606ec47a18f44();

Source: https://www.novobanco.pt/site/cms.aspx?plg=D8C12C68-0D55-4D37-949A-53038EE8E069	HTTP Parser: No <meta name="author".. found
Source: https://www.novobanco.pt/site/cms.aspx?plg=D8C12C68-0D55-4D37-949A-53038EE8E069	HTTP Parser: No <meta name="author".. found

Source: https://www.novobanco.pt/site/cms.aspx?plg=D8C12C68-0D55-4D37-949A-53038EE8E069	HTTP Parser: No <meta name="copyright".. found
Source: https://www.novobanco.pt/site/cms.aspx?plg=D8C12C68-0D55-4D37-949A-53038EE8E069	HTTP Parser: No <meta name="copyright".. found
Source: https://www.onetrust.com/products/cookie-consent/	HTTP Parser: No <meta name="copyright".. found
Source: https://www.onetrust.com/products/cookie-consent/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49723 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49722 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49790 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49789 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49792 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49793 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49799 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49800 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49806 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49807 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49814 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49815 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49820 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49819 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49831 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49832 version: TLS 1.0

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: unknown	HTTPS traffic detected: 194.145.121.90:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.145.121.90:443 -> 192.168.2.7:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.148.64:443 -> 192.168.2.7:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.148.64:443 -> 192.168.2.7:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.28.184.69:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.28.184.69:443 -> 192.168.2.7:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.145.121.90:443 -> 192.168.2.7:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.28.184.75:443 -> 192.168.2.7:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.28.184.75:443 -> 192.168.2.7:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.145.121.101:443 -> 192.168.2.7:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.145.121.101:443 -> 192.168.2.7:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.145.121.90:443 -> 192.168.2.7:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.7:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.7:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.185.68:443 -> 192.168.2.7:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.185.68:443 -> 192.168.2.7:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.1.153:443 -> 192.168.2.7:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.1.153:443 -> 192.168.2.7:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.19.194.29:443 -> 192.168.2.7:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.19.194.29:443 -> 192.168.2.7:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.174.11.69:443 -> 192.168.2.7:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.174.11.69:443 -> 192.168.2.7:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.7:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.7:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.207.146.247:443 -> 192.168.2.7:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.0.129.236:443 -> 192.168.2.7:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.0.129.236:443 -> 192.168.2.7:49773 version: TLS 1.2

Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49723 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49722 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49790 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49789 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49792 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49793 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49799 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49800 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49806 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49807 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49814 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49815 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49820 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49819 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49831 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 93.190.67.182:443 -> 192.168.2.7:49832 version: TLS 1.0

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: novobanco.ptConnection: Keep-Alive

Source: site[1].htm.2.dr	String found in binary or memory: $(".footer-credits div").prepend('<div class="linksRedes"><a href="https://www.facebook.com/novobanco" rel="nofollow" target="_blank" title="Facebook"><img src="images/nbsi/facebook_desktop.png" alt="" name="facebook" border="0" id="facebook" /></a> <a href="https://www.linkedin.com/company/novo-banco/" rel="nofollow" target="_blank" title="LinkedIn"><img src="images/nbsi/linkedin_desktop.png" alt="" name="linkedin" border="0" id="linkedin" /></a></div>'); equals www.facebook.com (Facebook)
Source: site[1].htm.2.dr	String found in binary or memory: $(".footer-credits div").prepend('<div class="linksRedes"><a href="https://www.facebook.com/novobanco" rel="nofollow" target="_blank" title="Facebook"><img src="images/nbsi/facebook_desktop.png" alt="" name="facebook" border="0" id="facebook" /></a> <a href="https://www.linkedin.com/company/novo-banco/" rel="nofollow" target="_blank" title="LinkedIn"><img src="images/nbsi/linkedin_desktop.png" alt="" name="linkedin" border="0" id="linkedin" /></a></div>'); equals www.linkedin.com (Linkedin)
Source: 9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	String found in binary or memory: IsSession:!1,Length:1475},{Name:"APISID",Host:".youtube.com",IsSession:!1,Length:2914846},{Name:"LOGIN_INFO",Host:".www.youtube.com",IsSession:!1,Length:2914846},{Name:"GPS",Host:".youtube.com",IsSession:!1,Length:0},{Name:"SSID",Host:".youtube.com",IsSession:!1,Length:2914846},{Name:"YSC",Host:".youtube.com",IsSession:!0,Length:0},{Name:"SAPISID",Host:".youtube.com",IsSession:!1,Length:2914846}],Purposes:[],CustomGroupId:null,GroupId:100845},{ShowInPopup:!0,Order:5,OptanonGroupId:8,Parent:null,GroupLanguagePropertiesSets:[{DefaultStatus:{Text:"Inactive"}, equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: novobanco.pt

Source: besx[1].js.2.dr	String found in binary or memory: http://bes-sec.bes.pt/bes/erronadesaobic/erronadesaobic.html
Source: 9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	String found in binary or memory: http://cookiepedia.co.uk/cookies/
Source: 9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	String found in binary or memory: http://cookiepedia.co.uk/host/
Source: 77EC63BDA74BD0D0E0426DC8F8008506.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: allIntegrations[1].js.2.dr	String found in binary or memory: http://developers.hubspot.com/docs/methods/tracking_code_api/tracking_code_overview
Source: bootstrap-modal.min[2].js.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: bootstrap-modal.min[2].js.2.dr	String found in binary or memory: http://getbootstrap.com/customize/?id=882ae53829879e4fa3e0b82b256bf5a6)
Source: search-filter.min[1].css.2.dr, V7NB360_default.min[1].css.2.dr	String found in binary or memory: http://getharvest.com
Source: v7.nb.min[1].js0.2.dr	String found in binary or memory: http://j.hn/)
Source: style[1].css.2.dr	String found in binary or memory: http://jqueryui.com
Source: style[1].css.2.dr	String found in binary or memory: http://jqueryui.com/themeroller/?scope=&folderName=base&cornerRadiusShadow=8px&offsetLeftShadow=0px&
Source: modernizr-2.8.3-custom[1].js0.2.dr	String found in binary or memory: http://modernizr.com/download/#-touch-shiv-cssclasses-teststyles-prefixes-load
Source: v7.nb.min[1].js0.2.dr	String found in binary or memory: http://mths.be/placeholder
Source: Open-Sans[1].eot.2.dr, opensans-extrabold[1].eot.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Open-Sans[1].eot.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Digitized
Source: opensans-bold[1].eot.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Webfont
Source: opensans-extrabold[1].eot.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0http://www.apache.org/licenses/LICENSE-2.0
Source: Open-Sans[1].eot.2.dr	String found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
Source: byside_webcare[1].js.2.dr	String found in binary or memory: http://www.byside.com
Source: v7.nb.min[1].js0.2.dr	String found in binary or memory: http://www.mediaelementjs.com/
Source: cms[1].htm2.2.dr	String found in binary or memory: http://www.nbcultura.pt/
Source: ErrorPage[1].htm.2.dr	String found in binary or memory: http://www.novobanco.pt/
Source: ErrorPage[1].htm.2.dr	String found in binary or memory: http://www.novobanco.pt/site/cms.aspx?labelid=novocertificado
Source: c156950155d22be03bd9a933e25cd03ca11e3e0d[1].dat.2.dr, d5df9da78009bdf3c3975b196fef8584d58c897b[1].dat.2.dr	String found in binary or memory: http://www.videolan.org/x264.html
Source: site[1].htm.2.dr	String found in binary or memory: https://cdn.cookielaw.org/consent/9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6.js
Source: fff8df06-1dd2-491b-88f6-01cae248cd17[1].js.2.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/googleData.json
Source: fff8df06-1dd2-491b-88f6-01cae248cd17[1].js.2.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/iab2Data.json
Source: fff8df06-1dd2-491b-88f6-01cae248cd17[1].js.2.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/iabData.json
Source: 9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	String found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/EU?callback
Source: fff8df06-1dd2-491b-88f6-01cae248cd17[1].js.2.dr	String found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Source: bootstrap-modal.min[2].js.2.dr	String found in binary or memory: https://gist.github.com/882ae53829879e4fa3e0b82b256bf5a6
Source: byside_webcare[1].js.2.dr	String found in binary or memory: https://github.com/dperini/ContentLoaded
Source: search-filter.min[1].css.2.dr	String found in binary or memory: https://github.com/harvesthq/chosen
Source: search-filter.min[1].css.2.dr, chosen.jquery.min[1].js.2.dr	String found in binary or memory: https://github.com/harvesthq/chosen/blob/master/LICENSE.md
Source: bootstrap-modal.min[2].js.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: cms[1].htm2.2.dr	String found in binary or memory: https://nbcultura.pt/
Source: 9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	String found in binary or memory: https://onetrust.com/poweredbyonetrust
Source: 9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	String found in binary or memory: https://optanon.blob.core.windows.net/logos/302/302:novobanco.pt/Novo-Banco-logo-365x131.jpg
Source: 9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	String found in binary or memory: https://optanon.blob.core.windows.net/skins/5.6.0/default_flat_top_two_button_black/v2/css/optanon.c
Source: 9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	String found in binary or memory: https://optanon.blob.core.windows.net/skins/5.6.0/default_flat_top_two_button_black/v2/images/cookie
Source: 9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	String found in binary or memory: https://optanon.blob.core.windows.net/skins/5.6.0/default_flat_top_two_button_black/v2/images/optano
Source: insight.min[1].js.2.dr	String found in binary or memory: https://px.ads.linkedin.com/collect?
Source: insight.min[1].js.2.dr	String found in binary or memory: https://px.ads.linkedin.com/insight_tag_errors.gif?
Source: ErrorPage[1].htm.2.dr	String found in binary or memory: https://sec.novobanco.pt/
Source: site[1].htm.2.dr, ErrorPage[1].htm.2.dr	String found in binary or memory: https://sec.novobanco.pt/web/LoginHandler/LoginHandler.aspx?app=1
Source: site[1].htm.2.dr, ErrorPage[1].htm.2.dr	String found in binary or memory: https://sec.novobanco.pt/web/LoginHandler/LoginHandler.aspx?app=3
Source: site[1].htm.2.dr	String found in binary or memory: https://sec.novobanco.pt/web/PTEW1/tpl.asp
Source: site[1].htm.2.dr	String found in binary or memory: https://sec.novobanco.pt/web/PTPW1/tpl.asp
Source: ErrorPage[1].htm.2.dr	String found in binary or memory: https://sec.novobanco.pt/webcf/LoginHandler/LoginHandler.aspx
Source: site[1].htm.2.dr	String found in binary or memory: https://sec.novobanco.pt/webcf/LoginHandler/LoginHandler.aspx?app=3
Source: triangle-bottom-right[1].svg.2.dr	String found in binary or memory: https://sketch.com
Source: footer-info-computer[1].svg.2.dr	String found in binary or memory: https://sketchapp.com
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr, cms[2].htm2.2.dr	String found in binary or memory: https://srv.novobanco.pt/site/errorhandling/NovoBanco/ErrorPage.html
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://srv.novobanco.pt/site/errorhandling/NovoBanco/ErrorPage.htmlRNovo
Source: site[1].htm.2.dr	String found in binary or memory: https://www.livroreclamacoes.pt/inicio
Source: site[1].htm.2.dr	String found in binary or memory: https://www.nbcultura.pt/
Source: site[1].htm.2.dr	String found in binary or memory: https://www.novobanco.pt/SITE/cms.aspx?labelid=conta100
Source: site[1].htm.2.dr	String found in binary or memory: https://www.novobanco.pt/SITE/cms.aspx?labelid=lp_contas
Source: site[1].htm.2.dr	String found in binary or memory: https://www.novobanco.pt/SITE/cms.aspx?labelid=oferta_nao_financeira
Source: cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/SITE/cms.aspx?labelid=transferencias_imediatas
Source: cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/SITE/cms.aspx?plg=53BAD189-E0DE-4C1C-92B0-1B250C27D8E7
Source: cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/SITE/cms.aspx?plg=B6DF31E1-8CCB-4C2B-A112-EB0238E11748
Source: cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/SITE/cms.aspx?plg=BE486DD7-0C81-4076-A815-8BA284B32EC0
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.novobanco.pt/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://www.novobanco.pt/favicon.ico~
Source: page_CD_PO[1].css.2.dr	String found in binary or memory: https://www.novobanco.pt/images/chlandingpage19/NB.ttf
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr, IIRLPOW4.htm.2.dr	String found in binary or memory: https://www.novobanco.pt/site/
Source: site[1].htm.2.dr	String found in binary or memory: https://www.novobanco.pt/site/?labelid=guia_fiscal_2020
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/PNovo
Source: nb.stats-ext.min[1].js.2.dr	String found in binary or memory: https://www.novobanco.pt/site/Stats/GenericHandler.ashx
Source: site[1].htm.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=360
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=360as_nb_covid
Source: cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=CONTAS
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=HP
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=HPPNovo
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=HPidas_nb_covid
Source: cms[1].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=INSTITUCIONAL
Source: cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=abertura_conta_cmd
Source: cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=abertura_conta_videochamada
Source: v7.nb.min[1].js0.2.dr, site[1].htm.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=aberturadeconta
Source: cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=aberturadecontabalcao
Source: site[1].htm.2.dr, cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=conta100
Source: cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=conta1831
Source: cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=conta360
Source: cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=contabase
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=contas
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=contasErrorPage.html
Source: cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=contas_nbwork
Source: cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=contaservicosminimos
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=contasfConhe
Source: cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=contaup
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=diaadia
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=diaadiarorPage.html
Source: cms[1].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=empresas_covid19
Source: cms[1].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=fintech365
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=hcempresas
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=hcempresas&NOVO
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=hcempresasD37-949A-53038EE8E069
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=hcempresasD37-949A-53038EE8E069A-53038EE8E069
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=institucional
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=institucional0NOVO
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=institucional949A-53038EE8E069
Source: site[1].htm.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=lp_contas
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=medidas_nb_covid
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=medidas_nb_covid:Medidas
Source: site[1].htm.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=poupanca_investimento
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=produtos
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=produtosonal
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=produtospM
Source: v7.nb.min[1].js0.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=reemissaopin
Source: cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?labelid=solucaonbordenado
Source: cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?plg=5590560f-9398-4a17-b755-07bbb5cea13a
Source: cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?plg=67480d32-95a7-427b-86ed-c40521b2c8f5
Source: cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?plg=7286D7A0-C462-46E7-9E50-C3DB540DDE06
Source: cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?plg=8055EA3A-BBCF-4ED1-91A5-131B682C3F7F
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?plg=D8C12C68-0D55-4D37-949A-53038EE8E069
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?plg=D8C12C68-0D55-4D37-949A-53038EE8E069BServi
Source: cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?plg=b97efdf2-16d9-4fa0-81d9-6ed9d0d103aa
Source: cms[2].htm2.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?plg=c1286008-e150-4b09-8a75-510d9a9f3508
Source: 9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?srv
Source: v7.nb.min[1].js0.2.dr, site[1].htm.2.dr	String found in binary or memory: https://www.novobanco.pt/site/cms.aspx?srv=12551#1
Source: page[1].htm.2.dr	String found in binary or memory: https://www.novobanco.pt/site/images/campanha_creditopessoal_2019/page.js
Source: NB[1].htm.2.dr	String found in binary or memory: https://www.novobanco.pt/site/images/chlandingpage19/NB.ttf
Source: 9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	String found in binary or memory: https://www.novobanco.pt/site/images/nbsi/cookies/One-Trust-icon-functional-cookies-64x64.png
Source: 9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	String found in binary or memory: https://www.novobanco.pt/site/images/nbsi/cookies/One-Trust-icon-more-info-64x64.png
Source: 9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	String found in binary or memory: https://www.novobanco.pt/site/images/nbsi/cookies/One-Trust-icon-necessary-cookies-64x64.png)
Source: 9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	String found in binary or memory: https://www.novobanco.pt/site/images/nbsi/cookies/One-Trust-icon-performance-cookies-64x64.png
Source: 9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	String found in binary or memory: https://www.novobanco.pt/site/images/nbsi/cookies/One-Trust-icon-publicidade-terceiros-64x64.png
Source: 9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	String found in binary or memory: https://www.novobanco.pt/site/images/nbsi/cookies/One-Trust-icon-targeting-cookies-64x64.png
Source: 9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	String found in binary or memory: https://www.novobanco.pt/site/images/nbsi/cookies/One-Trust-icon-your-privacy-64x64.png
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.novobanco.pt/site/s.aspx?labelid=institucional
Source: en[1].js.2.dr	String found in binary or memory: https://www.onetrust.com/cookie-policy/
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.onetrust.com/products/cookie-consent/
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.onetrust.com/products/cookie-consent/HCookie
Source: ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.onetrust.com/products/cookie-consent/onetrust-theme-logo-1-300x300.jpg
Source: imagestore.dat.2.dr, ~DFCA2EC2575C3CEAF9.TMP.1.dr	String found in binary or memory: https://www.onetrust.com/wp-content/uploads/2017/01/cropped-onetrust-theme-logo-1-150x150.jpg
Source: site[1].htm.2.dr	String found in binary or memory: https://wwwq.novobanco.pt/pbn/startupnb.html?setref=1

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 194.145.121.90:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.145.121.90:443 -> 192.168.2.7:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.148.64:443 -> 192.168.2.7:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.148.64:443 -> 192.168.2.7:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.28.184.69:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.28.184.69:443 -> 192.168.2.7:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.145.121.90:443 -> 192.168.2.7:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.28.184.75:443 -> 192.168.2.7:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.28.184.75:443 -> 192.168.2.7:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.145.121.101:443 -> 192.168.2.7:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.145.121.101:443 -> 192.168.2.7:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.145.121.90:443 -> 192.168.2.7:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.7:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.7:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.185.68:443 -> 192.168.2.7:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.185.68:443 -> 192.168.2.7:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.1.153:443 -> 192.168.2.7:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.1.153:443 -> 192.168.2.7:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.19.194.29:443 -> 192.168.2.7:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.19.194.29:443 -> 192.168.2.7:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.174.11.69:443 -> 192.168.2.7:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.174.11.69:443 -> 192.168.2.7:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.7:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.7:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.207.146.247:443 -> 192.168.2.7:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.0.129.236:443 -> 192.168.2.7:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.0.129.236:443 -> 192.168.2.7:49773 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@3/335@20/14

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{314A9691-9893-11EB-90E6-ECF4BB82F7E0}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user~1\AppData\Local\Temp\~DF98B396AC1BFD8EC6.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6024 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6024 CREDAT:17410 /prefetch:2

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Windows\SysWOW64\Macromed\Flash\ss.cfg

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Scripting1	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol2	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Scripting1	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer1	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://novobanco.pt/	0%	Virustotal		Browse
http://novobanco.pt/	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://www.nbcultura.pt/	0%	Virustotal		Browse
http://www.nbcultura.pt/	0%	Avira URL Cloud	safe
http://getbootstrap.com)	0%	Avira URL Cloud	safe
http://cookiepedia.co.uk/cookies/	0%	Virustotal		Browse
http://cookiepedia.co.uk/cookies/	0%	Avira URL Cloud	safe
https://nbcultura.pt/	0%	Virustotal		Browse
https://nbcultura.pt/	0%	Avira URL Cloud	safe
https://sketch.com	0%	URL Reputation	safe
https://sketch.com	0%	URL Reputation	safe
https://sketch.com	0%	URL Reputation	safe
https://sketch.com	0%	URL Reputation	safe
http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed	0%	URL Reputation	safe
http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed	0%	URL Reputation	safe
http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed	0%	URL Reputation	safe
http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed	0%	URL Reputation	safe
http://cookiepedia.co.uk/host/	0%	Avira URL Cloud	safe
http://bes-sec.bes.pt/bes/erronadesaobic/erronadesaobic.html	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
webcare.byside.com	62.28.184.69	true	false	high
a4d6c1c8368a911ea98860aeb4e6dc37-182063218.us-east-1.elb.amazonaws.com	52.0.129.236	true	false	high
onetrust.cloudflareaccess.com	104.19.194.29	true	false	high
www.novobanco.pt	194.145.121.90	true	false	high
pop-eda6.mix.linkedin.com	108.174.11.69	true	false	high
onetrust-dev.web.onetrust.dev	104.18.1.153	true	false	unknown
www.onetrust.com	104.20.185.68	true	false	high
prod-east-stats-tap-alb-627711272.us-east-1.elb.amazonaws.com	52.207.146.247	true	false	high
srv.novobanco.pt	194.145.121.101	true	false	high
onetrust.com	104.20.184.68	true	false	high
s1.byside.com	62.28.184.75	true	false	high
cdn.cookielaw.org	104.16.148.64	true	false	high
geolocation.onetrust.com	104.20.184.68	true	false	high
novobanco.pt	194.145.121.90	true	false	high
grmtech.net	93.190.67.182	true	false	unknown
fast.wistia.com	unknown	unknown	false	high
www.linkedin.com	unknown	unknown	false	high
px.ads.linkedin.com	unknown	unknown	false	high
embed-fastly.wistia.com	unknown	unknown	false	high
snap.licdn.com	unknown	unknown	false	high
fg8vvsvnieiv3ej16jby.litix.io	unknown	unknown	false	unknown
distillery.wistia.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://www.novobanco.pt/site/cms.aspx?labelid=HP	false	high
https://www.novobanco.pt/site/cms.aspx?labelid=contas	false	high
https://www.novobanco.pt/site/cms.aspx?labelid=360	false	high
https://www.novobanco.pt/site/cms.aspx?plg=D8C12C68-0D55-4D37-949A-53038EE8E069	false	high
https://www.onetrust.com/products/cookie-consent/	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.novobanco.pt/site/cms.aspx?labelid=novocertificado	ErrorPage[1].htm.2.dr	false		high
http://www.byside.com	byside_webcare[1].js.2.dr	false		high
https://onetrust.com/poweredbyonetrust	9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	false		high
https://www.onetrust.com/products/cookie-consent/	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=institucional	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
https://sec.novobanco.pt/webcf/LoginHandler/LoginHandler.aspx?app=3	site[1].htm.2.dr	false		high
https://www.novobanco.pt/site/PNovo	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
http://jqueryui.com	style[1].css.2.dr	false		high
http://www.nbcultura.pt/	cms[1].htm2.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.novobanco.pt/site/images/chlandingpage19/NB.ttf	NB[1].htm.2.dr	false		high
https://px.ads.linkedin.com/collect?	insight.min[1].js.2.dr	false		high
https://optanon.blob.core.windows.net/skins/5.6.0/default_flat_top_two_button_black/v2/images/cookie	9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?plg=D8C12C68-0D55-4D37-949A-53038EE8E069	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
https://www.novobanco.pt/site/images/nbsi/cookies/One-Trust-icon-your-privacy-64x64.png	9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	false		high
https://www.onetrust.com/wp-content/uploads/2017/01/cropped-onetrust-theme-logo-1-150x150.jpg	imagestore.dat.2.dr, ~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
http://www.videolan.org/x264.html	c156950155d22be03bd9a933e25cd03ca11e3e0d[1].dat.2.dr, d5df9da78009bdf3c3975b196fef8584d58c897b[1].dat.2.dr	false		high
http://getbootstrap.com)	bootstrap-modal.min[2].js.2.dr	false	Avira URL Cloud: safe	low
https://gist.github.com/882ae53829879e4fa3e0b82b256bf5a6	bootstrap-modal.min[2].js.2.dr	false		high
http://www.novobanco.pt/	ErrorPage[1].htm.2.dr	false		high
https://www.novobanco.pt/SITE/cms.aspx?labelid=transferencias_imediatas	cms[2].htm2.2.dr	false		high
http://www.mediaelementjs.com/	v7.nb.min[1].js0.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=diaadiarorPage.html	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
http://cookiepedia.co.uk/cookies/	9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://getbootstrap.com/customize/?id=882ae53829879e4fa3e0b82b256bf5a6)	bootstrap-modal.min[2].js.2.dr	false		high
https://www.novobanco.pt/favicon.ico~	imagestore.dat.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=abertura_conta_cmd	cms[2].htm2.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=empresas_covid19	cms[1].htm2.2.dr	false		high
https://www.novobanco.pt/site/images/nbsi/cookies/One-Trust-icon-more-info-64x64.png	9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	false		high
https://optanon.blob.core.windows.net/skins/5.6.0/default_flat_top_two_button_black/v2/images/optano	9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	false		high
https://www.novobanco.pt/SITE/cms.aspx?plg=B6DF31E1-8CCB-4C2B-A112-EB0238E11748	cms[2].htm2.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=aberturadeconta	v7.nb.min[1].js0.2.dr, site[1].htm.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=aberturadecontabalcao	cms[2].htm2.2.dr	false		high
https://www.onetrust.com/products/cookie-consent/HCookie	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
https://sec.novobanco.pt/	ErrorPage[1].htm.2.dr	false		high
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/EU?callback	9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=360	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
https://www.novobanco.pt/site/cms.aspx?plg=8055EA3A-BBCF-4ED1-91A5-131B682C3F7F	cms[2].htm2.2.dr	false		high
https://www.novobanco.pt/SITE/cms.aspx?labelid=conta100	site[1].htm.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=hcempresas&NOVO	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
https://www.novobanco.pt/site/Stats/GenericHandler.ashx	nb.stats-ext.min[1].js.2.dr	false		high
http://jqueryui.com/themeroller/?scope=&folderName=base&cornerRadiusShadow=8px&offsetLeftShadow=0px&	style[1].css.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=contasErrorPage.html	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=institucional0NOVO	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=produtospM	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=contabase	cms[2].htm2.2.dr	false		high
https://optanon.blob.core.windows.net/logos/302/302:novobanco.pt/Novo-Banco-logo-365x131.jpg	9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=produtos	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
https://www.novobanco.pt/site/cms.aspx?plg=b97efdf2-16d9-4fa0-81d9-6ed9d0d103aa	cms[2].htm2.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?srv	9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=medidas_nb_covid	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
https://www.novobanco.pt/site/s.aspx?labelid=institucional	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
https://www.novobanco.pt/site/cms.aspx?plg=67480d32-95a7-427b-86ed-c40521b2c8f5	cms[2].htm2.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=360as_nb_covid	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
https://github.com/dperini/ContentLoaded	byside_webcare[1].js.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?plg=5590560f-9398-4a17-b755-07bbb5cea13a	cms[2].htm2.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=INSTITUCIONAL	cms[1].htm2.2.dr	false		high
https://github.com/twbs/bootstrap/blob/master/LICENSE)	bootstrap-modal.min[2].js.2.dr	false		high
https://srv.novobanco.pt/site/errorhandling/NovoBanco/ErrorPage.html	~DFCA2EC2575C3CEAF9.TMP.1.dr, cms[2].htm2.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=lp_contas	site[1].htm.2.dr	false		high
https://www.novobanco.pt/SITE/cms.aspx?plg=BE486DD7-0C81-4076-A815-8BA284B32EC0	cms[2].htm2.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=contasfConhe	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
https://www.novobanco.pt/site/images/nbsi/cookies/One-Trust-icon-targeting-cookies-64x64.png	9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	false		high
https://srv.novobanco.pt/site/errorhandling/NovoBanco/ErrorPage.htmlRNovo	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
https://www.novobanco.pt/site/cms.aspx?plg=D8C12C68-0D55-4D37-949A-53038EE8E069BServi	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=conta1831	cms[2].htm2.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=hcempresasD37-949A-53038EE8E069	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=medidas_nb_covid:Medidas	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
https://www.novobanco.pt/site/images/nbsi/cookies/One-Trust-icon-publicidade-terceiros-64x64.png	9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=hcempresas	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=contaup	cms[2].htm2.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=produtosonal	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
http://modernizr.com/download/#-touch-shiv-cssclasses-teststyles-prefixes-load	modernizr-2.8.3-custom[1].js0.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=CONTAS	cms[2].htm2.2.dr	false		high
https://nbcultura.pt/	cms[1].htm2.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.livroreclamacoes.pt/inicio	site[1].htm.2.dr	false		high
https://www.novobanco.pt/site/	~DFCA2EC2575C3CEAF9.TMP.1.dr, IIRLPOW4.htm.2.dr	false		high
https://sketch.com	triangle-bottom-right[1].svg.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location	fff8df06-1dd2-491b-88f6-01cae248cd17[1].js.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=conta360	cms[2].htm2.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=hcempresasD37-949A-53038EE8E069A-53038EE8E069	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high
https://optanon.blob.core.windows.net/skins/5.6.0/default_flat_top_two_button_black/v2/css/optanon.c	9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	false		high
https://sec.novobanco.pt/webcf/LoginHandler/LoginHandler.aspx	ErrorPage[1].htm.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=contas_nbwork	cms[2].htm2.2.dr	false		high
https://sketchapp.com	footer-info-computer[1].svg.2.dr	false		high
https://sec.novobanco.pt/web/LoginHandler/LoginHandler.aspx?app=1	site[1].htm.2.dr, ErrorPage[1].htm.2.dr	false		high
https://sec.novobanco.pt/web/LoginHandler/LoginHandler.aspx?app=3	site[1].htm.2.dr, ErrorPage[1].htm.2.dr	false		high
https://cdn.cookielaw.org/vendorlist/googleData.json	fff8df06-1dd2-491b-88f6-01cae248cd17[1].js.2.dr	false		high
http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed	Open-Sans[1].eot.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.novobanco.pt/SITE/cms.aspx?labelid=lp_contas	site[1].htm.2.dr	false		high
http://cookiepedia.co.uk/host/	9d8b17d7-dd3b-44bd-9c8c-e08f43334bb6[1].js.2.dr	false	Avira URL Cloud: safe	unknown
https://www.novobanco.pt/site/cms.aspx?labelid=conta100	site[1].htm.2.dr, cms[2].htm2.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?plg=c1286008-e150-4b09-8a75-510d9a9f3508	cms[2].htm2.2.dr	false		high
http://bes-sec.bes.pt/bes/erronadesaobic/erronadesaobic.html	besx[1].js.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn.cookielaw.org/vendorlist/iabData.json	fff8df06-1dd2-491b-88f6-01cae248cd17[1].js.2.dr	false		high
https://www.novobanco.pt/site/cms.aspx?labelid=HPidas_nb_covid	~DFCA2EC2575C3CEAF9.TMP.1.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
62.28.184.69	webcare.byside.com	Portugal	15525	MEO-EMPRESASPT	false
194.145.121.90	www.novobanco.pt	Portugal	9118	NovoBancoPT	false
62.28.184.75	s1.byside.com	Portugal	15525	MEO-EMPRESASPT	false
104.19.194.29	onetrust.cloudflareaccess.com	United States	13335	CLOUDFLARENETUS	false
104.16.148.64	cdn.cookielaw.org	United States	13335	CLOUDFLARENETUS	false
104.18.1.153	onetrust-dev.web.onetrust.dev	United States	13335	CLOUDFLARENETUS	false
104.20.184.68	onetrust.com	United States	13335	CLOUDFLARENETUS	false
104.20.185.68	www.onetrust.com	United States	13335	CLOUDFLARENETUS	false
93.190.67.182	grmtech.net	Germany	47215	FILOO-ASNRhedaerStrasse25DE	false
52.207.146.247	prod-east-stats-tap-alb-627711272.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
52.0.129.236	a4d6c1c8368a911ea98860aeb4e6dc37-182063218.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
194.145.121.101	srv.novobanco.pt	Portugal	9118	NovoBancoPT	false
108.174.11.69	pop-eda6.mix.linkedin.com	United States	14413	LINKEDINUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	383841
Start date:	08.04.2021
Start time:	10:51:43
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 9s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	http://novobanco.pt/
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@3/335@20/14
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://onetrust.com/poweredbyonetrust Browsing link: https://www.novobanco.pt/site/cms.aspx?labelid=medidas_nb_covid Browsing link: https://www.novobanco.pt/site/cms.aspx?labelid=HP Browsing link: https://www.novobanco.pt/site/cms.aspx?labelid=360 Browsing link: https://www.novobanco.pt/site/cms.aspx?labelid=residentesestrangeiro Browsing link: https://www.novobanco.pt/site/cms.aspx?labelid=hcempresas Browsing link: https://www.novobanco.pt/site/cms.aspx?labelid=institucional Browsing link: https://www.novobanco.pt/site/ Browsing link: https://www.novobanco.pt/site/cms.aspx?labelid=produtos Browsing link: https://www.novobanco.pt/site/cms.aspx?labelid=diaadia Browsing link: https://www.novobanco.pt/site/cms.aspx?labelid=contas_1
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, audiodg.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded IPs from analysis (whitelisted): 168.61.161.212, 104.43.193.48, 13.88.21.125, 104.83.120.32, 172.217.168.10, 216.58.215.227, 8.238.32.126, 8.238.36.126, 8.238.85.254, 8.238.29.126, 8.238.35.254, 52.147.198.201, 151.101.2.110, 151.101.66.110, 151.101.130.110, 151.101.194.110, 95.100.54.203, 216.58.215.232, 95.100.49.215, 13.107.42.14, 151.101.2.133, 151.101.66.133, 151.101.130.133, 151.101.194.133, 152.199.19.161, 172.217.168.72, 52.255.188.83, 40.126.31.2, 40.126.31.3, 40.126.31.9, 20.190.159.131, 20.190.159.135, 20.190.159.137, 40.126.31.138, 40.126.31.136, 20.82.210.154, 23.0.174.200, 23.0.174.185, 23.10.249.26, 23.10.249.43 Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, www.tm.lg.prod.aadmsa.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, e9706.dscg.akamaiedge.net, iecvlist.microsoft.com, l-0005.l-msedge.net, go.microsoft.com, www.googletagmanager.com, login.live.com, audownload.windowsupdate.nsatc.net, dualstack.f4.shared.global.fastly.net, ssl-google-analytics.l.google.com, arc.trafficmanager.net, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www-linkedin-com.l-0005.l-msedge.net, fonts.googleapis.com, fs.microsoft.com, fonts.gstatic.com, ie9comview.vo.msecnd.net, www-googletagmanager.l.google.com, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, www.tm.a.prd.aadg.akadns.net, a767.dscg3.akamai.net, d.sni.global.fastly.net, login.msa.msidentity.com, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ssl.google-analytics.com, skypedataprdcoleus17.cloudapp.net, wildcard.licdn.com.edgekey.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus15.cloudapp.net, cs9.wpc.v0cdn.net Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing network information. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Microsoft Cabinet archive data, 58596 bytes, 1 file
Category:	dropped
Size (bytes):	175788
Entropy (8bit):	7.995478615012125
Encrypted:	true
SSDEEP:	3072:F2qSSwIm1m/QEBbgb1om2qSSwIm1m/QEBbgb1om2qSSwIm1m/QEBbgb1oQ:FJdwIm1m/QEOb1omJdwIm1m/QEOb1omg
MD5:	DB24FDC997F8577846EE720CB6DB0C89
SHA1:	B5581E0720C0BDE9E56BE910B7B798E551F80F04
SHA-256:	1B17537137AC14C0D53D9AEFFE1B1517215CFC281482B6071CFEEC95231F2625
SHA-512:	81479AC4E0B4C722EC1970807CBA897BAEB28873E1E3174D9C3D4A5910550A6F75C81026A2BF8CA8CEF90AF286A4F694F83027291E032C09A8E3C613100BB9EB
Malicious:	false
Reputation:	low
Preview:	MSCF............,...................I........T........bR. .authroot.stl...s~.4..CK..8T....c_.d....A.K......&.-.J...."Y...$E.KB..D...D.....3.n..u.............\|..=H4..c&.......f.,..=..-....p2.:..`HX......b.......Di.a......M.....4.....i..}..:~N.<..>..V..CX......B......,.q.M.....HB..E~Q...)..Gax../..}7..f......O0...x..k..ha...y.K.0.h..(....{2Y.].g...yw..\|0.+?.`-../.xvy..e......w.+^...w\|.Q.k.9&.Q.EzS.f......>?w.G.......v.F......A......-P.$.Y...u....Z..g..>.0&.y.(..<.].`>... ..R.q...g.Y..s.y.B..B....Z.4.<?.R....1.8.<.=.8..[a.s.......add..).NtX....r....R.&W4.5]....k.._iK..xzW.w.M.>,5.}..}.tLX5Ls3_..).!..X.~...%.B.....YS9m.,.....BV`.Cee.....?......:.x-.q9j...Yps..W...1.A<.X.O....7.ei..a\.~=X....HN.#....h,....y...\.br.8.y"k).....~B..v....GR.g\|.z..+.D8.m..F .h............ItNs.\....s..,.f`D...]..k...:9..lk.<D....u...........[...*.wY.O....P?.U.l....Fc.ObLq......Fvk..G9.8..!..\T:K`.......'.3......;.u..h...uD..^.bS...r........j..j .=...s .FxV....g.c.s..9.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	978
Entropy (8bit):	3.1093004139857627
Encrypted:	false
SSDEEP:	12:RwTJrkPlE99SNxAhUe0hbwTJrkPlE99SNxAhUe0hIswTJrkPlE99SNxAhUe0ht:m5kPcUQUPhc5kPcUQUPho5kPcUQUPht
MD5:	F3E6CDC22E522990AAEFE4FC09266B19
SHA1:	6917ED5E3F67EFA60B22FFF959B275120457A1FC
SHA-256:	4C97C73A02090E66071F6A8E71F626F77A31D684BB63FD08E5BAF136A10A887F
SHA-512:	E186BB46F3840B0CCEA70CC365DA0F3D5BF9573D3F63F7CDEA876FFBF4E447771FB1C2D8340C5992702290CFCBA774C59451EC79D2768D1264C29F9D1C7B600C
Malicious:	false
Reputation:	low
Preview:	p...... ........p.E..,..(....................................................... ...................$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.d.8.f.4.f.3.f.6.f.d.7.1.:.0."...p...... ........p.E..,..(....................................................... ...................$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.d.8.f.4.f.3.f.6.f.d.7.1.:.0."...p...... ........Eac..,..(....................................................... ...................$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.d.8.f.4.f.3.f.6.f.d.7.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\IUHEMSR9\www.onetrust[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2383
Entropy (8bit):	5.190384457785889
Encrypted:	false
SSDEEP:	48:LFOYQEFOYQtMQEFOYQtMQDAQEFOYQtMQGH0QEFOYQtlQGH0QEFOYQtlQGH0Qr5yr:QYQzYQOQzYQOQDAQzYQOQhQzYQ7QhQza
MD5:	34EB655CD13EC97DCB3ECB657CD9DA52
SHA1:	6A2BB8691783BF717B9920D25120927740EEFE55
SHA-256:	8413AF7AA308E783B7BA33BE98593AF477169F978E1127F10FDB93191E60DC41
SHA-512:	CF2C7CDF2ED96B1385E99C59638D5B70CDF5771EF0104BE6A6DC013A83063AFB25AB8475A3EDDF01D5754701DA6829BD3A6ADE97FA51A857D932ED8F9D36BCA7
Malicious:	false
Reputation:	low
Preview:	<root></root><root><item name="undefined" value="null" ltime="38831520" htime="30878880" /></root><root><item name="undefined" value="null" ltime="38831520" htime="30878880" /><item name="loglevel" value="WARN" ltime="51151520" htime="30878880" /></root><root><item name="undefined" value="null" ltime="38831520" htime="30878880" /><item name="loglevel" value="WARN" ltime="51151520" htime="30878880" /><item name="wistia" value="{}" ltime="52311520" htime="30878880" /></root><root><item name="undefined" value="null" ltime="38831520" htime="30878880" /><item name="loglevel" value="WARN" ltime="51151520" htime="30878880" /><item name="wistia" value="{"accounts_loaded":{"wistia-production_478590":1617904379929},"medias_loaded":{"bwewksugpg":1617904379931}}" ltime="62231520" htime="30878880" /></root><root><item name="undefined" value="null" ltime="38831520" htime="30878880" /><item name="loglevel" value="WARN" ltime="72311520" htime="30878880" /><item

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\T8DRMTJ1\www.novobanco[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.469670487371862
Encrypted:	false
SSDEEP:	3:D90aKb:JFKb
MD5:	C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
SHA1:	35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
SHA-256:	B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
SHA-512:	6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
Malicious:	false
Reputation:	low
Preview:	<root></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{314A9691-9893-11EB-90E6-ECF4BB82F7E0}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	39512
Entropy (8bit):	1.9186929920755473
Encrypted:	false
SSDEEP:	192:rgZTZLl22WhztlomifFAom6omzMHomyomBvomMomDEomsfiAomjomjrAom7omRZD:rQ1gtXlIiioH6ZvU7E6PLvADJZ0raDN
MD5:	D1755B901C7AACA9D0DFFB87A7CC31FF
SHA1:	415F6499315741CFBE87D8A51348442B8BC3AECD
SHA-256:	DA957B4286CE6E88A3F5E2F6CEAE2C6A7DEF8700EA6A6E92A98D0EB1FF1E0664
SHA-512:	10DF579136FBD2271783D1CE022D7F6676D3BE46D4A975560C79CA85F776286ED2C0E0B187C87C1E6C938FCB7147CF046700F86FD337B07E0E72FA421BE4BF03
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{314A9693-9893-11EB-90E6-ECF4BB82F7E0}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	202688
Entropy (8bit):	2.7315351836708195
Encrypted:	false
SSDEEP:	384:rRtDXJMN7uo1m5Xu2XzNlmSUtvi2rZpdtI9ms9QRgTtnwW7yttgOMaHQXgsPBNs5:oJzvieOv1cGaHg0XcfX4D2y3kBZK
MD5:	0FF9D09A92F3ECCB2284B787917AA360
SHA1:	A560D028749D577C24730DD48ACD0D8B1BDDF8A7
SHA-256:	AAA10E3DFDBA6099E6FE762D2D5EEEA3F0FDD58C71FD7ED601473CE6C040381D
SHA-512:	C266EFC6F1A6413380E93031CEC235B1556CAF9F9A4F68ADCB03DE47C4523829A557E86CA41CAAB7649F067B95035F75EAD0456038368E7A672D2949284869BC
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{399EA2DF-9893-11EB-90E6-ECF4BB82F7E0}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5666455443167981
Encrypted:	false
SSDEEP:	48:IwcGcprAGwpaRG4pQmGrapbS9GQpKaG7HpR6TGIpG:rAZIQD6oBSHA1T+A
MD5:	0E6C5EC850BA7B1CF27ED5AD67C5D907
SHA1:	125F072A867B3C40C4E6C48F5DB6E607309FDDCD
SHA-256:	F49F4376FF3467C9DF6A65CCE055A74FCEA73ECC8DD95E3DDDC9A79330710170
SHA-512:	DDB7E352FECA0C01721F5FB8A556CABA27424CF4AEB41FDB0949F05BD8BE06B0485619A85B3512455883894FA4F65C787EF6C62E1602A119692C2EAC5F3F0107
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\po60zt0\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	10450
Entropy (8bit):	5.6344118508482905
Encrypted:	false
SSDEEP:	192:l9ibDPkgXxhtr2duihmxB2P/8BVuO9OQqu:l9ib1vt2WgHANOu
MD5:	2028C6BA9BF351A0454E284F58FCCE91
SHA1:	8DD1971B1E7A065F5CF9BD4C2913DCA5C2936FBF
SHA-256:	C24CC2185A5CD0643D82432CDAD4C71F0DA243AF5B69D17929558E249B424DB4
SHA-512:	CD59FE5C5762FA4D9D0F0D7986643E2CD1967F8DAE84F7F9205D7AD05FBCA7731EC09B163C0BB026C21BBD637A62CE0016F99E477996B0CA0E78EC700FBA37F0
Malicious:	false
Reputation:	low
Preview:	$.h.t.t.p.s.:././.w.w.w...n.o.v.o.b.a.n.c.o...p.t./.f.a.v.i.c.o.n...i.c.o.~.................h.......(....... ...............................@...J...\.......L..........T...................`..\|...........\...]..........._...........\......;...d..........<.......B...:.......G.......g..`...a...R..B.......H..D...K......j...l...g.._..................O...................W...Y...........P.......:...........;...........a...@...[...................<...=...............e...f.......F...........f.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\mms\4UMSFJRY\c156950155d22be03bd9a933e25cd03ca11e3e0d[1].dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ISO Media, MP4 Base Media v1 [IS0 14496-12:2003]
Category:	dropped
Size (bytes):	5636096
Entropy (8bit):	7.823013438827545
Encrypted:	false
SSDEEP:	98304:wCxOH/SR6+hbMRtF3UktD26wfbDI5/8tapojn/CpLiAqo2mFiths8oGi34J:yHaHhbMRtFrD26EICaq/KLiAEmFitnoG
MD5:	F6C62C958F687363B60F7EB337D5F736
SHA1:	DA99A1FE8E56C7FECC0A93206E45180581D88697
SHA-256:	4EDD84DE7E90EAE5E11A0910025C99B732BE639EAF7375BF5CEE0B35AE64A19F
SHA-512:	774C31320D31273AEE3E3F974D0AA2DE682BADD44C490D9B9C1111C7271356A42DE6E49AC23F225D0619351299FCECC65247B0C50F458C690C994EA9FEC89506
Malicious:	false
Reputation:	low
Preview:	... ftypisom....isomiso2avc1mp41....moov...lmvhd..................".................................................@..................................ftrak...\tkhd......................"c................................................@........h.....$edts....elst.........."c............mdia... mdhd..............0...:........Ahdlr........vide.............Mainconcept Video Media Handler....uminf....vmhd...............$dinf....dref............url .......5stbl....stsd............avc1...........................h.H...H...............................................;avcC.d......gd....@./.p.. @H..........x.l....h.8..........pasp............stts....................stss......./.......I...........!...i...........A...............a...........9...............Y...........1...y...........Q...........)...q...........I...........!...i...........A...............a..........`pctts..............................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\mms\4UMSFJRY\d5df9da78009bdf3c3975b196fef8584d58c897b[1].dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ISO Media, MP4 Base Media v1 [IS0 14496-12:2003]
Category:	dropped
Size (bytes):	1441792
Entropy (8bit):	7.406520855441245
Encrypted:	false
SSDEEP:	24576:tGZ856oMOIfz+GJz8uejYUzBdERaDF0+J7NvYV1cYNquaRWe7ZUD1ine:tyQMFysAuejYU9dt50QqVmEBaRdUDgne
MD5:	F929ABE74C41AF708E1B1290977163E1
SHA1:	AFD96DC2AFD220EBE4F29CF648B9B8F07E32B579
SHA-256:	1B47A65E4BF354AB38075C7D5C5A60ED9CDE2568545D7DAF02D7469DFBCDFCB7
SHA-512:	68EA5FE67BA1DB47518ABE65D52B774C080E1056013BE1D97E96EEC7B7B6597A5AA763C52ABFFC7871037F84F70CDBC051FA0385C19188DF224A6AF90DA377C1
Malicious:	false
Reputation:	low
Preview:	... ftypisom....isomiso2avc1mp41....moov...lmvhd..................".................................................@..................................trak...\tkhd......................"c................................................@..............$edts....elst.........."c............mdia... mdhd..............0...:........Ahdlr........vide.............Mainconcept Video Media Handler.....minf....vmhd...............$dinf....dref............url .......stbl....stsd............avc1.............................H...H...............................................;avcC.d......gd....@..~... @H..........x......h.8..........pasp............stts....................stss......./.......I...........!...i...........A...............a...........9...............Y...........1...y...........Q...........)...q...........I...........!...i...........A...............a.........._.ctts..............................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\02_2_bloco[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 410 x 278, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	98928
Entropy (8bit):	7.995639672303152
Encrypted:	true
SSDEEP:	3072:F5BzYYU0WV3oCUZuLpvJhNrbiHLu65n0aBEvpkC9H3:PBzYYU00qkGHqsBMX9H3
MD5:	57FABE01E89003A933B992E717EA614A
SHA1:	51273C34B12D026173B323ADF7F72FF03382D637
SHA-256:	2DB0BC20EC4E566B7D2CDB8159DF7647553BFC8AC3DE95491D82B993523A8715
SHA-512:	37D578E2C73DCBBE63F1E30FD4BDD2E983D01AD595150B64F99EB9FBC0AF83141783176C1ABE7D99DE091C917F8E324E23604E2A8CEAFED22DD8BB9D638F1F3A
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/SITE/cms.aspx?srv=207&stp=1&id=891013&fext=.png
Preview:	.PNG........IHDR............._tQ.....sRGB.......@.IDATx....\Wy&.............l.0.!...~L..l,..L....&d.$<&.!.I.Cx......@...e.,k.v.[.^..V{..}..k...nI.......s.=.....;G.X..0`a`.....bu..?.8...\|.....u.9.....~..X.-.X.X=...>Bd~.4._4....?....gv.L...,Bs.0o......a...a..LS..3.=+p...1.X...{`.p-..N.h.G..4z8.z.}.....~V.k....Y.......0`j.&..T/(L..QSY..J.....Eh.A.u...Z.@.}....B?..:}JQM..2.M.7.).%<Xs]~.X.f.qj.ha...@.}.^.;.Orn.A......:c..=>.....w.8.{nn..>...?.k...,.,......W..?.Zq.....{./c........G...{..7...!(.]..W..M...................S..e.....v........'m.s.c@....E..er.:2./.#...Y.g.h.!qdz.0[..Y..."..{i.$.&W#2.SW.I.S8... 6....A.FM.u.8.{...Q..5..M.....6..i..>..p6...=..).U.60 ..iZ..0..1...o.......3.Y?...m.<.......q..6%..n.......D..1b.^.H_...^....Z..4.............1.}.6 J.L..&......]Vf.....Y....*..W..,'...(\|...9Lo.M.$n.o...q<....X..Z..8..Li.#=.?`...qFv...C.T?..4..8.....G.'.........6....%:[{..........n....t......7'.....z.E.......q^.9.%>...d.....k ,..-9.Y......u`a...8..5.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\1280px-Flag_of_Brazil[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 1280 x 896, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	20697
Entropy (8bit):	7.951199110219313
Encrypted:	false
SSDEEP:	384:eOvSYkkeVgkD11Fp6ZXvq+xbTo2+4Rghjb6KHBrAMar7aH08+i5NrkLpJXi:xvHg11FORb8T6CBshMDkJi
MD5:	1FA510D42CFB1C8F95F3D9614347972C
SHA1:	DC753FB290E7A8969C5E524203A698A282928F8D
SHA-256:	072ED0680219EEEDBF5D09EE9F37EBB20E72F233F2EFB9DD0EB82EC4A82E49A2
SHA-512:	B5E58391CA99DC9F7350F9C1E0F7D17E18995A5CA20D13ACDEF5FC14634BDF7A04F0040A4F82E75946C91C566E5076239D43CB888E3CCC481C6F357BC7276111
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/uploads/2020/05/1280px-Flag_of_Brazil.png
Preview:	.PNG........IHDR.............RZ.'....PLTE..:..........(v..9..;.'v.............5.......w....7..."D../{f.#.....>x..2R.o.!^.%........8.....6.t..F...?.+....x.....B...f}.Da.........8...Fb .2...........3...Uo...PS.z..L.....4/./'.1......U.'..........7k..(I.....9.....-r......^w..2}..D.2K_~.;L.u......\iK.4nm......5:.,...$.2......".TMh..<.........9...............+.0..5..........................H.)4.......w...g.o...>g......4.b'.X......-M..,y.....@.k..I:.gHd.K]S..qE.p6U............?\....+.[....;i9P\..#s....mvCVeN..........?.Zt.........w}>.......;Y.Rl....s..BWWR.'7.-../M.(...........................2......2o_../.^Y..k..bz..........+qyAb.........7...>SY.0p..'..fpG.....A..+y..........)...........L.)$Af{......^kJRbPamI..5...FYU........P..#..\.......y............?.....g.....9XWrk.. .IDATx...oV...ql.G..#...lK...K.....T{.U.e*`(...ue...E2S$Fs........`!..C"%....jb....>.9...........~.................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\1[1].txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	71
Entropy (8bit):	4.950331408292407
Encrypted:	false
SSDEEP:	3:tVWHIFa1M0ClGuun2:jWHzdCIz2
MD5:	F92CC6B34996DC81A247979B7FD81A7A
SHA1:	A352C9C6A83256F4E7A5AEDB09AD602B9E2FBACA
SHA-256:	B0EE863D451D41201B8BD4FB1B22625F554D10D9D7B0FFC36A92C083C50DA747
SHA-512:	D577CC2FDD6D486D9E89C89A5416D8CD1C92A60464B5016B3EC78DC661194EEDA028DBDA5B099D275DB4852F6341FDFC80E3888675DC197DF6945D5418DFEA4B
Malicious:	false
Reputation:	low
IE Cache URL:	https://s1.byside.com/socket.io/1/?t=1617904400911
Preview:	XLqMrcwvoQOW9tVzh-hz:25:30:websocket,htmlfile,xhr-polling,jsonp-polling

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\586_close[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 21 x 21, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	473
Entropy (8bit):	6.962572857256078
Encrypted:	false
SSDEEP:	12:6v/7jEuuPebqlu8z3FPWu/+diqC2ITpXPOUh5nTeTh14PIYz9D:/Z8y3FPRNqC2+tbh5nTi1kIg1
MD5:	D2F2F571663319C9D770BE389F7C55C4
SHA1:	9D09CBBBA9A9CE17B834B8B355504C8D3BE65C85
SHA-256:	84B98B10991A39974FCF314A444282EB9AE558C8C25FB8DEA38C319428F3F0A4
SHA-512:	9210C3C3EA8BFB65D8A1CF05FBD81AC46D6A6A3D050B6379F175BDBEB6DCBC9AE6CC6C093AEE06634567D64092E14FC60BDCA1D5DEE0EE55E0DAE93AFBF95245
Malicious:	false
Reputation:	low
IE Cache URL:	https://webcare.byside.com/files/4C865F1BAB/placeholders/x/586_close.png
Preview:	.PNG........IHDR.....................sRGB........8eXIfMM........i............................................+.04...OIDAT8....m.0..`l.=......+'6hG..MG......&R.H........-'..$...g....DQ....=I.....ZY...m..a..u}.h.@?.y`p.9....8_.q.....l-l.....~"...;...[8.(......9#.....4../.3t......f?...I.g..n.o......."<).xA.N..i.'`[....V..,s..I[.].....+...._'j$.[n.........5@..........Z@.e.T.\|.w..@up!.FC.PxD.!.x.\.%.~.;.....&..,..+.....K\._dr.e.t5......t.?..O..5a.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\Categorize-1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 2880 x 1646, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	549208
Entropy (8bit):	7.97341480886308
Encrypted:	false
SSDEEP:	12288:LwKjafxHO/yO/HhM7goXpHKp1tAfBJT7/d7IuZNmAr:l8Yl27gI1Kp16PT7l5aAr
MD5:	E5D197DBFCB390BB3D042B615372D6B5
SHA1:	74BE9B4BD0B42681E38BD8887CE97531645482BB
SHA-256:	D3B50FB9FD739048EF1BC86DC13F1621E430A151A8EFE679C441E199F84AADE7
SHA-512:	15B712CB274E636AD8F1178724476019F9A8FBCD8A4AA765F95AE998F0BCB801E26DD9747940231858B51E6473375FE9C54095C86B05DEB98133EE2A455DD2D6
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/uploads/2021/02/Categorize-1.png
Preview:	.PNG........IHDR...@...n.......W.....PLTEGpL......................................................X.E...l.J-6B.........w.........................................................................................................................................................................................................BY.............?V.................................rss....x...............vy\|...}..jkk......Zbp................................................<R................~{v..........................ijr\|.....................................<@F..........................Nq............................s{..................w.W.....................V}.............y...........................Nh.az.l....a...Bv.]q...........N..`..}.....j........sq............HOX........tRNS........... .....$'...... .IDATx...Yr.H.@..\@.!....n....(....2.9;@.../...?........................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\DC_EMP_portugal_desktop[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, little-endian, direntries=0], baseline, precision 8, 1336x470, frames 3
Category:	downloaded
Size (bytes):	408207
Entropy (8bit):	7.978350363268953
Encrypted:	false
SSDEEP:	6144:m5H/hifVSyNBcesH8ygnjFjWdk0IcZesBwXTBnpr1TxnYd8PsquPUAPh/:rMeNnjFsN6VKd3TTPZ
MD5:	3B5653D0EB6CAFA7907D675990E937F4
SHA1:	20448629D670CE09712BF37EAA6459506AE914AC
SHA-256:	CCE6203987AE49A91FE27B84FBD4F9FF11FAD41E19795BE1AC7338F8BE698DAF
SHA-512:	A38AD53AEF8C99D2C454B32993852767748BC5291F8A704A4C51FACA7917BBA02538CCCCDA126DEC012A1312F499442B385319AB74387CDAD6BED67C3888619D
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/cms.aspx?srv=207&stp=1&id=1022358&fext=.jpg
Preview:	......Exif..II*.................Ducky......._......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164460, 2020/05/12-16:04:17 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:649b61c5-fecd-8247-8af9-0b3b33dacb6b" xmpMM:DocumentID="xmp.did:FFAB7D8A187F11EB8FB3B6633A31063D" xmpMM:InstanceID="xmp.iid:FFAB7D89187F11EB8FB3B6633A31063D" xmp:CreatorTool="Adobe Photoshop 21.1 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:993f6658-5731-ae4a-a73d-a0d009c5c87a" stRef:documentID="adobe:docid:photoshop:c9901736-f868-8249-9164-b1f3c64d450f"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\DC_conta100_mobile[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, little-endian, direntries=0], baseline, precision 8, 480x400, frames 3
Category:	downloaded
Size (bytes):	117660
Entropy (8bit):	7.973507789435257
Encrypted:	false
SSDEEP:	1536:neY0TmkbFxFUy/0UR6sDGJbT2ntt5wX/sT2CNIcmMvT288IGKS2tySuTGZAgAGOP:amkZhReTuveO2cIbM6XIb7t/SwA7xWez
MD5:	E81434DFE9DA26366B41252AE42D60F8
SHA1:	6D09CC70D09149D5192AEAA970C02FC1BC341B46
SHA-256:	23C1A6788BC9ECB5757D16CD0FFA53999B130CCBEA0EFCFC7A171159A2F1814F
SHA-512:	55CF2D4F2AAD9E1F29DD2FAE07C7BB9643519D65074A36347EB1B1CB2D3504B2834B8649A3A3C5F880F03AAED14B6D0207CB06C72B3B16194A6284650DF13512
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/cms.aspx?srv=207&stp=1&id=1022312&fext=.jpg
Preview:	......Exif..II*.................Ducky.......Z......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164460, 2020/05/12-16:04:17 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:ab4543ad-afea-1d4e-a593-72809a11712e" xmpMM:DocumentID="xmp.did:7F14F0D6179811EB89A3DC30A9EF6168" xmpMM:InstanceID="xmp.iid:7F14F0D5179811EB89A3DC30A9EF6168" xmp:CreatorTool="Adobe Photoshop 21.1 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:fd9b10b9-3353-f743-90f5-5703b87c5c8d" stRef:documentID="adobe:docid:photoshop:afa9cd25-2eee-c648-9809-362d33e27b3b"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\DC_desktop_SamsungGalaxy_Mar o[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, little-endian, direntries=0], baseline, precision 8, 1336x470, frames 3
Category:	dropped
Size (bytes):	169047
Entropy (8bit):	7.837961141709916
Encrypted:	false
SSDEEP:	3072:anrYcDqM5EKIPd5LZyjownFMl1II3ZfkHY+Wx47:anrY25ALZCdFMlGgAYVx47
MD5:	66DB7CA6345B3665D87C38262314C222
SHA1:	2C616F889091A19949227097C4157A598274D1AB
SHA-256:	70A63D819336343B3D94792EF4A4C3DD23BC8D2EE1B666A8790D8BBFC859FEA0
SHA-512:	113649B73DDBC5324AD0F50EAC8A428525E6B49CC1F1569B43F9587A528181616762A706606314F66CABC110784538B8BBEF8555406025B3667B28AC9A723C07
Malicious:	false
Reputation:	low
Preview:	......Exif..II*.................Ducky.......Z......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164648, 2021/01/12-15:52:29 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:649b61c5-fecd-8247-8af9-0b3b33dacb6b" xmpMM:DocumentID="xmp.did:5EF893FB8E2211EBA54681A8E541E51F" xmpMM:InstanceID="xmp.iid:5EF893FA8E2211EBA54681A8E541E51F" xmp:CreatorTool="Adobe Photoshop 21.1 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:fc9977c5-760d-1d4b-95be-a19b2911b921" stRef:documentID="adobe:docid:photoshop:64f980e0-f0f8-ba43-be57-1e9c60e54202"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\DC_mobile_SamsungGalaxy_Mar o[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, little-endian, direntries=0], baseline, precision 8, 480x400, frames 3
Category:	dropped
Size (bytes):	89190
Entropy (8bit):	7.918264592618536
Encrypted:	false
SSDEEP:	1536:Vj7VpMZb/XACsk966hgxP7Sbzsufn0jvXbPeKFccEAaefnX:p4l/XACsk4BhUzsw0TbPeKuL7eP
MD5:	BE86AF1FFEE98BF709526E966AF67360
SHA1:	141E98EEB1B1815F0F934E5C58221B3E452442C3
SHA-256:	BC58190973ACB07B34BB3A339FAD286D82C125DF0AA940B528D8967EAC931861
SHA-512:	944AF8B1954B5608259811B50AF87D2DC6216CA8C2375CAA48B9EA4519C3D4687031DF9246B7DD6B8F81759995BB7089F5CF30D455A10388670F8F4CAD0012DD
Malicious:	false
Reputation:	low
Preview:	......Exif..II*.................Ducky.......Z......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164648, 2021/01/12-15:52:29 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:ab4543ad-afea-1d4e-a593-72809a11712e" xmpMM:DocumentID="xmp.did:AAD01A4B8E2211EB90FCD45C17168E0B" xmpMM:InstanceID="xmp.iid:AAD01A4A8E2211EB90FCD45C17168E0B" xmp:CreatorTool="Adobe Photoshop 21.1 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:e6a31c41-f0e6-624c-8bd6-7f9f978e132e" stRef:documentID="adobe:docid:photoshop:9d329009-df54-6b46-80ec-093127847331"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\DC_spi_novo_desktop[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 1336 x 470, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	781056
Entropy (8bit):	7.997407027421287
Encrypted:	true
SSDEEP:	12288:AuL8SHsF+93/IgkwfJMlJmTYQPdPfJpBBMcfiteKZUCfhz9LJ6P2iWvjSG7N:ATolnkQkFEHJxkesLfhztS2/vjSGR
MD5:	A020DFB70321190CE21C2C53806469AE
SHA1:	18A68D7814B987E73AA7B7863AF4ED07D6F6E19B
SHA-256:	DE077101A9223F781FAB95231B39978170898E5D312423545577BDA4FFFEE416
SHA-512:	2E78CB75C95383E13DCEAECA6E57A7C8445C6F6B05B264FE16534EE3D43B11E7879B7B9F7B0865D27D3A4D8F92FC694BBB86294F65CC99B33716B556A73E6107
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/cms.aspx?srv=207&stp=1&id=1042682&fext=.png
Preview:	.PNG........IHDR...8..........qM....tEXtSoftware.Adobe ImageReadyq.e<...IDATx.\|.Y.nYv%........7.l.Lg......2......Q.(.....x..#x...x..D!..P.....v9..3.L;3...9....v..c.vsnX..q......k.9..S....W..]..q./...r.0K..'?..n[...:>{.X.....+.w..b./......n...]...?..?H.L%.:.i.....W.3...(JTl..u...I.......k.^..M...82...S..k..(..q..$..D.h...J??47..=x\|..g..&.....[m.....W.:..sZ+.../.0J.V.v.....~..K.k.......C~.,_..7\|...p.......q.N.6.p....}k.3.........mR.....`\..W....Z...K.<......%...`../...z^G.p.]x:<..p.V~#c2\| .Bi..b(y..%.....:\|..s..'#....O1a.uxW....m{...M....v.4\|.q..^.WsZ.)..m...x.&..r.......)..H.T~p.T...51%).lf9.n.5......_...97...-.~.Y7<......jZN..#-O..7..&..a5..rr].(.uv.:y...L9Y$...O$70.\....X..#Llx,.&...M..o.._q..E..)n...oKi.c.....i...g...y4....ou.(....$+.......$C..2.........I...0.m...Q.V...M.~Z..<X7l....}x.f.=.5y.....=..1t~.U.....dj..+s.w..K.......0..J..a......B...7.77..;_,.......72QV..I..x..x'.......2..q....>O6.......?>#...3..U..I..].4u.+....}.Eq..6...aP.A...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\DigitalMarketing_not-Selected[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	838
Entropy (8bit):	5.252349059133631
Encrypted:	false
SSDEEP:	24:2diO4LpgompsYkYAeaxM16oquomuaWnqu4CqloMI0K68YLNmyy:c34pgNvqmXWnqK6I9
MD5:	28A807F66CB23DDF3175D8051A014926
SHA1:	3B0EAB5C26FC4A705FB6D8A82412CF469AC70449
SHA-256:	6C0C0DE3B43AFD8C1B5D09F5177BDCC13A410598CA937B407F39B60701DDE104
SHA-512:	871CF431DD30627335B11389AB0168D95E45BC59E5F418E414F3BFD0EDB582FAE4FEAA9BD53BFDBA6992E9F9AC5160DD46B37FB916EF8C7BE9BD884498DDD2FE
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/uploads/2020/10/DigitalMarketing_not-Selected.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?> <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="20px" height="20px" viewBox="0 0 20 20" version="1.1"><title>DigitalMarketing_not Selected@1x</title><g id="DigitalMarketing_not-Selected" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"><g id="Group-5" transform="translate(1.000000, 1.000000)" stroke="#414042"><path d="M4.125,10.2399997 C4.125,9.07999988 5.25,8.5 7.5,8.5 C9.75,8.5 10.875,9.07999988 10.875,10.2399997 L10.875,10.5 L4.125,10.5 L4.125,10.2399997 Z" id="Rectangle" stroke-linejoin="round"></path><circle id="Oval" cx="7.5" cy="5" r="1.5"></circle><circle id="Oval" stroke-width="1.6" cx="7.5" cy="7.5" r="7.5"></circle><line x1="12.6796875" y1="13.0799993" x2="17" y2="17.5" id="Path-6" stroke-width="1.6"></line></g></g></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\Generic[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	5809
Entropy (8bit):	5.612694632151804
Encrypted:	false
SSDEEP:	96:VwQ/MBoOckN0IxL0qi2yLNdspYP3Iv+38xgKWJkZ0Xi8WaFqwyGQsh:VzQckN0Ix0q67wv+UVU2wyGQ2
MD5:	697EE72116EA1AD770CC67EB76D37043
SHA1:	AABD05F8612838640465258A6587D08BE62241B3
SHA-256:	F83022CB38E0EFAB9D68835E5F95210C50551CCBE886841BEDD4489DE9DDD813
SHA-512:	51507788BDD21ADCF04779232DC2054D7FB69323CC6AB8C364C1B9F13387F476E994F4FB3D521518810D4F7A0CB181DE3CAE2980ED5A06734C1081943E3BCE04
Malicious:	false
Reputation:	low
IE Cache URL:	https://webcare.byside.com/custom/widgetScripts/Window/Generic.js?rndc=1617904393360
Preview:	window.BysideGeneric=window.BysideGeneric\|\|{},BysideGeneric.Utils=BysideGeneric.Utils\|\|{},BysideGeneric.Utils.global=BysideGeneric.Utils.global\|\|{},BysideGeneric.Utils.animate=BysideGeneric.Utils.animate\|\|{},BysideGeneric.Utils.global={isvalid_pl_phonenumber:function(phone){var res,filter;return"48"==phone.substring(0,2)&&phone.length>9&&(phone=phone.substring(2,phone.length)),9==phone.length&&!!/^(?:1[2-8]\|2[2-69]\|3[2-49]\|4[1-68]\|5[0-9]\|6[0-35-9]\|[7-8][1-9]\|9[145])[0-9]{7}/.test(phone)},isvalid_id_phonenumber:function(phone){var res=phone.substring(0,2),res_fixo=phone.substring(0,1),filter;return"62"==res&&phone.length>9&&(phone=phone.substring(2,phone.length)),"0"==res_fixo&&phone.length>9&&(phone=phone.substring(1,phone.length)),!(phone.length<9\|\|phone.length>11)&&!!/^[0-9]{9,11}$/.test(phone)},isvalid_pt_phonenumber:function(phone){var res,filter;return"351"==phone.substring(0,3)&&phone.length>9&&(phone=phone.substring(3,phone.length)),9==phone.length&&!!/^9[1236][0-9]{7}$\|^2[3][1-

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\GreenArrow[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1032
Entropy (8bit):	5.111298678728255
Encrypted:	false
SSDEEP:	24:2dAU9Lt2WRWlnEdeaxM24Wlk68n62HQ94WrY02qgA950ko:cjtt2RlnSlkHukd7AW
MD5:	2FBD428C5039C277B0FB86955CACA669
SHA1:	B89DD88DC65902D25B041BFB3BD2E3D81BBC6B58
SHA-256:	4186A543C0C7AF420B3C0EC473B053D8E7ACC4949CEC3E4178BEAD62ACAB7280
SHA-512:	9E76279245F4560E9A0AE259F59C5001E20622FCA65179A21E8EBB5A78D01D9C60995DE478D568498624DF27F5072E5028A9EA80860A24949B7322AE78433907
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/themes/onetrust/images/GreenArrow.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<svg width="8px" height="13px" viewBox="0 0 8 13" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. Generator: Sketch 63 (92445) - https://sketch.com -->. <title>Nav / Elements / Dropdown Arrow / Green</title>. <desc>Created with Sketch.</desc>. <g id="Symbols" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g id="Nav-/-Elements-/-Main-Nav-/-Text-Link" transform="translate(-66.000000, -9.000000)" stroke="#43782E" stroke-width="2">. <g id="Group-2" transform="translate(-4.000000, 5.000000)">. <g id="Nav-/-Elements-/-Dropdown-Arrow-/-Green" transform="translate(65.000000, 1.000000)">. <polyline id="Path_5159" transform="translate(8.867368, 9.550000) rotate(-90.000000) translate(-8.867368, -9.550000) " points="3.50736842 7.13421053 8.80136842 11.9657895 14.2273684 7.13421053"></polyline>. </g>. <

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\HighlightCultura[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 480 x 270, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	93461
Entropy (8bit):	7.989784636659674
Encrypted:	false
SSDEEP:	1536:/Lvxmrk25YM7LodNL+fzOKRaBdTVLCgWHiaZETVcc+B4bN2JoLCwp9frFz17i+zS:/Lv+F5YiyNLnKRaBhV+E7CfYjLCwHfrm
MD5:	D5F81053546FC69B5A201C704874977F
SHA1:	3650CEEA0A9A894EE9D62C3C3FE3ACB799572CBF
SHA-256:	C331FD8C4542AAC6523BF2F27585FBA2ABE42617C15B403C7349594402DB7A0C
SHA-512:	B7E8FF96BA5861920BC5C8A5477DBBF75487AE4F8A07CFAF16CA420CC3FE659129836E30054141AE9A8951ADDB25A5B38B7FEC376D86B346F208E52B150E275D
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/cms.aspx?srv=207&stp=1&id=874233&fext=.png
Preview:	.PNG........IHDR.............Q..g....sRGB.......@.IDATx....&.u.}..s...0.....<...tQ...%z%.MSK..-S....Z...o....Zkkm.!.$..fP^..E.(.".....kf0..=.3}N............o.._UV../...?_^.....t5..-.....:R...XN.45...q...../.u..G..I.I.v=.Ym..A.2<....U....GgS.p..T..LlP.....RT./......#..R5\R.yw.....8..U]...:.s...[.]...;.d"..WS.\|./......:..So...--(..}:...J.u.N.VT.............G..K.n~N...e\|&....q.........#...v=.mi^tsI......4G.B.TS.~mv&..f.:.....ib.+.....'6..}i}.h...M..5.!......g./..JZ.=..^..qpiK.<}.Tvo.......I...G.y.,......^6....=<\|....o...#....tvf@..Yh.._H.FvY.;.OX.Zy......7..c[S....A..s....l.K=..i..>..B.)..n.X..H....Y..q !.kD.;....O.F.J./u.S.....h.Q.<m....>..H`...wK.n......x>.T?....x6.G]..,.o.R+cj.6.[.\|6}...i.I.$.w.....#.p...D..[...v]..5 ...zcz...........L[d.....E....U..V....2.;5G....p....u.3?\|..I<AQAN.....(..a..^.Vu..D"..........6._DUy..2/S.....=j+N81q..Kr..O.GVo.4W.......l..o..1.rFI....^.]Z.))8...z..\|..X....i.{X...Qp...nr...<!qv)V....h.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\IIRLPOW4.htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	153
Entropy (8bit):	4.791659101378726
Encrypted:	false
SSDEEP:	3:8ROFKGQIeNi1Xbvx9M84JxeCAIuREg7F6nmqDISL+QEfROfpAWFq:AYSI0MXLxu2CAIuh7FULL+R5ug
MD5:	4D7C8D7B801D849526643FAFF96D23DD
SHA1:	10CBF65757B5795C4F5D009939C11382AC00601F
SHA-256:	7EE0EE92E12C312DD0A3D3719C3914853F2F1DCAD5E51E14D81E1DEAD31DFB51
SHA-512:	72B344E8D81CF086CBE2A7DF13C257C326120CADD8BBEBD735EFA1BEDE70043206C6631D45B3D76ADB21E8116A802AEE8F53DCBCBF96181AE149C509B077FA5E
Malicious:	false
Reputation:	low
Preview:	<head><title>Document Moved</title></head>.<body><h1>Object Moved</h1>This document may be found <a HREF="https://www.novobanco.pt/site/">here</a></body>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\MobileAppCompliance_icon[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	5485
Entropy (8bit):	4.434581655777785
Encrypted:	false
SSDEEP:	96:9bRINzNQTzjvNM6ynjnjonyyBMMn7DpZQUjdDDQxaR4AUyUwJtno08VvOmlJXF/4:BRI9e7r7DpZQUjdDDQsR1UyUwXno08V2
MD5:	EFF87ED3B54004C70A39D00B31CB78AA
SHA1:	06B89BB5EFF184AEF10EE5DC50907D10A227236F
SHA-256:	AD65E5B84649191B68D950E0233360FDE3B0B66FADBE15B13251B23FF9295A8F
SHA-512:	3A6722ED3B1520784053CD6E419E2E5EE7B3FF3DCE3665AF4591D5B7D6371B335BD8667C58CB038E8ED2B805E3E7FD2703E4FD34B75E87ED80F257C5A904EE33
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/uploads/2021/02/MobileAppCompliance_icon.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?> <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="35px" height="55px" viewBox="0 0 35 55" version="1.1"><title>MobilePhoneCheck-SVG-GreenBlack</title><g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"><g id="Cookie-Consent-1" transform="translate(-229.000000, -4686.000000)" fill="#FFFFFF"><g id="OT-releated-product" transform="translate(152.000000, 4481.000000)"><g id="Boxes" transform="translate(0.000000, 192.000000)"><g id="icon-/-referrals" transform="translate(54.000000, 0.000000)"><g id="MobilePhoneCheck-SVG-GreenBlack" transform="translate(23.000000, 13.000000)"><path d="M27.6941176,11.9705882 C6.6,11.9705882 6.6,11.9705882 6.6,11.9705882 C5.43529412,11.9705882 4.62647059,12.9088235 4.62647059,13.9441176 C4.62647059,35.0382353 4.62647059,35.0382353 4.62647059,35.0382353 C4.62647059,36.2029412 5.56470588,37.1088235 6.6,37.1088235 C27.6941176,37.1088235 27.6941176,37.1088235 27

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\NB[1].ttf Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	TrueType Font data, 21 tables, 1st "GDEF", 28 names, Macintosh, Copyright \251 2014 by Ana CunhaNBBold1.000;UKWN;NBNBVersion 1.000;PS 001.000;hotconv 1.0.70;mak
Category:	downloaded
Size (bytes):	230828
Entropy (8bit):	6.17325092578603
Encrypted:	false
SSDEEP:	3072:4shAkmzHcWEqVguFe32vH8CDOtFhhGh1RdGzvA+NGAFea7kiBjaEozulVat+tB21:DNWle3B1YpwzvA+nOiBjaEeuSt+/+dHp
MD5:	83F858AF631A3D4AE520B91837C130F7
SHA1:	FCB032ACC0AFE6F2C1A582D0167ABDAD4B6B435B
SHA-256:	FFCFE8EFBB870188684D3332BCEE9C63820F1AE9F2971E9A1F8DB4A424E6A8D8
SHA-512:	DDAC1E1414FD77F7B028C4C0517229FE34B6B5F7DC1A64F0CDF749261E52C1BFD655BC9366CED61C0501E8B1DD30944E0F9D5AF89DAF847854B6FC2BD6835788
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/images/chlandingpage19/NB.ttf
Preview:	...........PGDEF.f.W...0...<GPOS\|......l..{0GSUB............LTSH.4..........OS/2i.P.......`VDMXq.yF........cmapo7{...=....Rcvt ...7..I<....fpgm.Y.7..GT...sgasp....... ....glyf.,.'..IX...xhdmxFY.>...\|..+.head..Z....\...6hhea...Q.......$hmtxK.P$...8....kern............locaZ..V........maxp........... name.wA........ppost.e.s........prep.X....H....r.........z._.<..........<.......?\|...... ................... .....Y..... .........................\|...........................L.........X...K...X...^.2.#............................UKWN. ..... ........ .............. ...f.d.............................................\.....;...+...,...,......,...=.......<.....b.<.b.6.b.<.b.;.b.:.b.<.b.=.b.<.b.<.G.<.).-.).,.).,.).,...<.....!.<...<.!.<.!...!...!.1.!...!...!...o.....;...<.I.4.I.<.I.<.I.<.I.<.I...V.<...8...<...<...<...<.&..(.-.(.,.(.,.(.,.(.,.(.,.(.,.(.,.......<...<.(.,...;...<...<...<...(...(...(...(...(...................2...1...3...3...5...2...2...2...2.....8...8...8...8...8..................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\NB_Fintech-365_Highlight_v1[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, little-endian, direntries=0], baseline, precision 8, 640x360, frames 3
Category:	downloaded
Size (bytes):	77237
Entropy (8bit):	7.882062505818339
Encrypted:	false
SSDEEP:	1536:0M0bEYAqXvHZg35pWgDZP9eJOUZETYy9pno+I4iIWwCwsxI:GEseW0ZP9jTYy9hGyWwCwsm
MD5:	4438A0051E66AE55C5C1DE360C7662D8
SHA1:	A116C1BC9819D0FB7E4C754B7CBDB36EA6B4169B
SHA-256:	C6DB0621FEF6B02032DD9243036C1AE0D9D2E2DD8D5BA2F5492EF9EB2C1AB9C1
SHA-512:	83A2DDF71C0AF9EC1A7A5BC99D77DB9EF2CAC7018C3E396B726E646CEB1E87F30CBF7BD1F2215695BC35718F16A12560CB50AA48E8B8E5C2CFF25CD9F9332E4F
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/cms.aspx?srv=207&stp=1&id=1038446&fext=.Fintech-365
Preview:	......Exif..II*.................Ducky.......Z.....~http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="FC763D40183897ECF825895AAC9429D9" xmpMM:DocumentID="xmp.did:FDD42B0D74E911EBAC08E9302639EA3F" xmpMM:InstanceID="xmp.iid:FDD42B0C74E911EBAC08E9302639EA3F" xmp:CreatorTool="Adobe Photoshop 22.0 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:b06216d3-2c0c-0045-9fb2-28005d97bb64" stRef:documentID="adobe:docid:photoshop:538237de-4252-034f-a222-203b306481f9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..............................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\NB_GuiaFiscal_DC_DC_Desktop[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1336x470, frames 3
Category:	downloaded
Size (bytes):	386565
Entropy (8bit):	7.9549207356675975
Encrypted:	false
SSDEEP:	6144:6rSk4972n6UQuDgP2gziuDFN0sAmqjP1C4QHvK8gSZ4myQ/ra:6W/97267uDg+gziuDD3eb1C4D8gEyQTa
MD5:	60BDE3830DE0A2A0ED9BA792999AABC1
SHA1:	E6B973F972253A8935618DEB651785563D0A2F4C
SHA-256:	AA3FDA9D9468A808F109200E50BB9B949DE34588A95E895DF5B54D672B9AD1DB
SHA-512:	39BB8B387CF1D322C614DA4ABF61FFE0793D1E2B3BDF77CE861288687ABC146D65DC8F83CB2D4652365F266C15CE3589D4C71E37F4E328659564345E55BF0F45
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/cms.aspx?srv=207&stp=1&id=1045756&fext=.jpg
Preview:	......JFIF.....H.H.....,Photoshop 3.0.8BIM.........H.......H........http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164519, 2020/08/25-17:54:00 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpGImg="http://ns.adobe.com/xap/1.0/g/img/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:stMfs="http://ns.adobe.com/xap/1.0/sType/ManifestItem#". xmlns:illustrator="http://ns.adobe.com/illustrator/1.0/". xmlns:pdf="http://ns.adobe.com/pdf/1.3/". xmlns:pdfx="http://ns.adobe.com/pdfx/1.3/">.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\One-Trust-icon-performance-cookies-64x64[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	5443
Entropy (8bit):	7.864887104447101
Encrypted:	false
SSDEEP:	96:lYzpfQNMWxjuB4b5XRSGNeiBLqe80B6uJmPqhzMaGRS2ttF:e93Kg85XRSOeiBVKgmoMFF
MD5:	48F05BF805A3EF819795923FB8AD4B28
SHA1:	074B879C861368A244F39213F76166327572FC9A
SHA-256:	3DA1830ABE2DE1F400EF8F00C5DD11DBFC659C6677F6CC8A77BFE5416D8E0278
SHA-512:	BDB243452289B7E516C74C8CF747B86C6B0CA249139B91B4B12C569A083547603B2E801ADD0C5990136D8A2E2B1EBBFE51751EE08C5BEAFCF1579B5C9EA29F84
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/images/nbsi/cookies/One-Trust-icon-performance-cookies-64x64.png
Preview:	.PNG........IHDR...@...@......iq.....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:906917242C2E11E9A56DDA662F985C14" xmpMM:InstanceID="xmp.iid:906917232C2E11E9A56DDA662F985C14" xmp:CreatorTool="Adobe Photoshop CC 2019 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:65933C662C2611E9A56DDA662F985C14" stRef:documentID="xmp.did:65933C672C2611E9A56DDA662F985C14"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...\....IDATx..[.T.W..k.v(j.(.}UP..%...[bNt.g.3...I.gI.YzN&NL2...>..[z.$3=.....5.Qb..".."".@....R.TQ...W....R(...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\One-Trust-icon-publicidade-terceiros-64x64[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	6279
Entropy (8bit):	7.898149272153522
Encrypted:	false
SSDEEP:	96:lYzitNM+v79QZC8ZqqOw49b1gpNX2x7MnjBygTrEQINhIadbssJXdaWZwHFBoN9:eHEXnDvojEgTYQIN2ayWZAK
MD5:	69646862A1D4FE5E434FEE8E944B9C73
SHA1:	48E09169B705FF5D77A7EDA2DB51912DBF493DC5
SHA-256:	A7BF3C193827845C58A2AB0DE51FB02E905C69D66DEDBCF1457C4D0AAEBF31FD
SHA-512:	A5A502F73F313FCFDDF84777AC03A1832018830FEE1AEF3D0AF9A1CB5921DBED66C24F34B041AF36D14D65A0AF6DA8BB0FD1D967F32BD3AC0CA3085233652D9C
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/images/nbsi/cookies/One-Trust-icon-publicidade-terceiros-64x64.png
Preview:	.PNG........IHDR...@...@......iq.....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:5C5A06432C2E11E9A56DDA662F985C14" xmpMM:InstanceID="xmp.iid:5C5A06422C2E11E9A56DDA662F985C14" xmp:CreatorTool="Adobe Photoshop CC 2019 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:65933C622C2611E9A56DDA662F985C14" stRef:documentID="xmp.did:65933C632C2611E9A56DDA662F985C14"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>8.N.....IDATx..[.X\U.~..UQ.......-.I....:.k........;j.........z.8.....=.@.....b/.........*!...J;..R@.w.=.=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\SecurityRiskAudit_Selected[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1769
Entropy (8bit):	5.125276323285368
Encrypted:	false
SSDEEP:	24:2diO4Lpgomp86feaxMCbGbbZh9bKVyXQ24HsAxRIXxU4U9gdg88oul0tuTzDG7iK:c34pgNq60GVqQ2ksAxRitG8JHAG7i9g
MD5:	E92DE74A3CD4980A052E82B340FD50B0
SHA1:	4DAAFF987988957A209ACE0F3BC4B18EB71A4F76
SHA-256:	D66D4847CDCF469738FB1FC37577BCA72270D96711765601F4C01C9DA10AFFD8
SHA-512:	35435C23929534A51F3F16450694358A188C93E77779EFCA6A80AE0B21F9A884A4E63A891ED8563775C554DD119A41C452016528CD1335489372FAB578032028
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/uploads/2020/10/SecurityRiskAudit_Selected.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?> <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="20px" height="20px" viewBox="0 0 20 20" version="1.1"><title>SecurityRiskAudit_Selected@1x</title><g id="SecurityRiskAudit_Selected" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"><g id="Group-2-Copy" transform="translate(2.000000, 1.000000)"><g id="Breach-SVG-GreenBlack" transform="translate(0.144000, 0.008000)"><g id="Group" transform="translate(0.232368, -0.000470)" fill="#6CC04A" fill-rule="nonzero"><g id="Group-4"><path d="M6.95746465,13.9149293 C6.20020662,13.9149293 5.5944002,13.3091229 5.5944002,12.5518649 C5.5944002,11.7946068 6.20020662,11.1888004 6.95746465,11.1888004 C7.71472268,11.1888004 8.32052911,11.7946068 8.32052911,12.5518649 C8.32052911,13.3091229 7.71472268,13.9149293 6.95746465,13.9149293 Z" id="Path"></path><path d="M13.2427063,17.2847275 L0.672223002,17.2847275 L0.672223002,7.97045377 L13.2616378,7.97045377 L13.2616378,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\ab-testing-new-1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 2880 x 1646, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	135995
Entropy (8bit):	7.909602861408488
Encrypted:	false
SSDEEP:	3072:POAEY7SxyEUUlMrkxu6cJTD1uD0zFvWEskYHQhUDbW1IMVk+:SYuXUUlBxUAC9/sKIMV3
MD5:	98FDDA78F0F5175B3E2A70EA4A01B4A1
SHA1:	3FD6424EC06DB204A19F0DB4370926A934E20CEF
SHA-256:	AC57702BF584B079292FA46B45F0ECC47172D14D3F5EBCB1552E58C8C550BF4E
SHA-512:	B41FEBBB1F06BCA592F980824C7D4CEB10AF7DC21DB89A6EDA1A5BF6DBFAC69266D46BD9CE5A2073BBF3D370BA947D957A2F90650CC1C0645E263944E4AD2664
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/uploads/2021/02/ab-testing-new-1.png
Preview:	.PNG........IHDR...@...n.......W.....PLTEGpL............................................................666...q\|........AXW.=..}"C?...k.Il.J-6B...............w.........................Z,5A.........................................../ .........6t.+3?.....................N......................................*2=...............x.X....................................u}...............(1<....................kkk..............nnn.......=S......................sss.......vggg.BY................q........AW.....ppp\|\|\|.._..Y.....n......v....vvv...r{..?V.?Uwwwyyy...OXe.i......CZow.......g..(0;ajx...........O........;x.c..............2#.......E;.C[...f}.ir.;DPq.P...............<Y@...?HU[.I.}y..mh...B~........8+..e.........Fz..ZT\.........v....x.c\.G..........z.hk.q.....d2l...b........V..@... tRNS.............!.....%./.c.m.l.?m.w6... .IDATx....r.F...`.J......8.._O.G.#j..J(X8X...u.Uf.>........................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\background_Update[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 2882 x 992, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	328990
Entropy (8bit):	7.917571343873414
Encrypted:	false
SSDEEP:	6144:VTwJ6KRgxqZDBMcUO1FuCYeEiv6veHPgfI7kaDt1aauByw8RPVn/2:V0AYJUy9REiv62vgA7kaziqPVn+
MD5:	D619250A3DA4A7561EE8CB84D6C6CF28
SHA1:	976F06D3A476E7436EF2A495EEAD7769BFE441E9
SHA-256:	EB5AD985D7FC11DD485DF7AE59A59F9A8B17C244B70924B43A996BDF7E990966
SHA-512:	12C2AF1D8E5F27D9D5489F33A1D16455915D5C7B5F69EFC766E3EEBD9068C66FDB8B2BD4D5D6C0F451899F1DE5B80AC6CA4224050FD9D6D7FF8B02AE262CAADC
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/themes/onetrust/images/background_Update.png
Preview:	.PNG........IHDR...B..........I-....aiCCPkCGColorSpaceDisplayP3..(.c``RI,(.aa``..+).rwR...R`.......b.........>@%.0..\|...../..:%5.I.^..b....D.0......d ...S...J...S.l........).:...b.C..@.$...XMH.3.}..VH.H.......IB.OGbC...n....J..c..%...V..h........G`(.x.%..(....30.....s 8,... ..30......n...~...@.\;.b........'v.$.%.....)-....r...H....@=..i.F`yF.'...{...Vc``....w........w1P.....y..!e.5......8eXIfMM........i...........................B..................n...@.IDATx....v.J....+......\).z..M..MP.......B.Z...m.R......<.. @....;..N..n.w.........;..x{}......Q:..E*c0?.GF....s....._.....H.. @....... @.......\|D...3i.y.G{l..\!.....ws._#x...=qZ.u.^#O..P.... @.......8.....~./u.. @....... @....... @....... @....... @....... ...B..GP.... @......d.jL..$@....... @....... @....... @.....j...9y.. @....... @....... @....... P...p9..i...v...z.@..X......,......f~$.....c...y:..].].X.... @.......(....Q........L L....].>.z.v.9Z..I...hA..h\|.c\|7$v.....}'...._o...\.. @....... @....k.....n{.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\blank[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 100 x 100
Category:	downloaded
Size (bytes):	1214
Entropy (8bit):	6.925737607348584
Encrypted:	false
SSDEEP:	24:xal1hiyWwjx82lY2T3oVkK53yJ3VmA2LOsj8GY8a9AH:CuNn2kwJ3AAeOsYL8aAH
MD5:	FBDC4ED9A1E2EE4917A265306927BCF1
SHA1:	6D177725D8230DF0457E72004080F712E26FE624
SHA-256:	A78759EA185FD0FA42CA9BE1FC5BCA4D3167A2836DC6C85E479A19DBF57FE2C2
SHA-512:	E529A409048C78837F0D6A6EB77450070EEECC7915D81C45970915F3BBE92BFDAF9056580BB84C14B21C499D04A73945EECD0AD33C61942C5D28DAF06CC7C40D
Malicious:	false
Reputation:	low
IE Cache URL:	https://fast.wistia.com/assets/images/blank.gif
Preview:	GIF89ad.d..........!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Macintosh)" xmpMM:InstanceID="xmp.iid:B06C130C478A11E6B3E8D67655718D4D" xmpMM:DocumentID="xmp.did:B06C130D478A11E6B3E8D67655718D4D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:492A1D7F478811E6B3E8D67655718D4D" stRef:documentID="xmp.did:492A1D80478811E6B3E8D67655718D4D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..................................................................................................................................~}\|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONML

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\btn_close[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1137
Entropy (8bit):	6.425203308825845
Encrypted:	false
SSDEEP:	24:71hnBWwjx82lY2T3eV6HkXyJ3Vo+EwGRn9SEpziI0Al9QL1vc:h1kNn2yMECJ3CVwsHWI9l9QLW
MD5:	0658386BF65829689314E0FC194BB539
SHA1:	D97FD57AF96E453C7D4042FF4D5BFB61C959CBEF
SHA-256:	AFAC0E5CE9C71CEF51AC41461C68FD85CD85C1B3828BA2023DE3DE591B0289F0
SHA-512:	789E4CD5182D77D0AD2645277E62895E7CD66C99B5B1D6057B0136496CDEF99821B886D84AB78A324C6DF30A8855AD51807DF7078CFC39B8390B9988C7D12C93
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/appImages/V7/btn_close.png
Preview:	.PNG........IHDR..............V%.....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Windows)" xmpMM:InstanceID="xmp.iid:E0A775C04A3611E4B93CA170522C1EE0" xmpMM:DocumentID="xmp.did:E0A775C14A3611E4B93CA170522C1EE0"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E0A775BE4A3611E4B93CA170522C1EE0" stRef:documentID="xmp.did:E0A775BF4A3611E4B93CA170522C1EE0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?> U......IDATx.b` ...+......L.~.`dd.PWV............12:4..]`.kd`.g...~SWW.>.@*........`K...p.8..i.;........#6I.l"..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\btn_close[2].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1137
Entropy (8bit):	6.425203308825845
Encrypted:	false
SSDEEP:	24:71hnBWwjx82lY2T3eV6HkXyJ3Vo+EwGRn9SEpziI0Al9QL1vc:h1kNn2yMECJ3CVwsHWI9l9QLW
MD5:	0658386BF65829689314E0FC194BB539
SHA1:	D97FD57AF96E453C7D4042FF4D5BFB61C959CBEF
SHA-256:	AFAC0E5CE9C71CEF51AC41461C68FD85CD85C1B3828BA2023DE3DE591B0289F0
SHA-512:	789E4CD5182D77D0AD2645277E62895E7CD66C99B5B1D6057B0136496CDEF99821B886D84AB78A324C6DF30A8855AD51807DF7078CFC39B8390B9988C7D12C93
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/SITE/appImages/V7/btn_close.png
Preview:	.PNG........IHDR..............V%.....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Windows)" xmpMM:InstanceID="xmp.iid:E0A775C04A3611E4B93CA170522C1EE0" xmpMM:DocumentID="xmp.did:E0A775C14A3611E4B93CA170522C1EE0"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E0A775BE4A3611E4B93CA170522C1EE0" stRef:documentID="xmp.did:E0A775BF4A3611E4B93CA170522C1EE0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?> U......IDATx.b` ...+......L.~.`dd.PWV............12:4..]`.kd`.g...~SWW.>.@*........`K...p.8..i.;........#6I.l"..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\btn_closeover[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1164
Entropy (8bit):	6.501533979978845
Encrypted:	false
SSDEEP:	24:71hnBWwjx82lY2T3eVQH+XyJ3Vu+ywGRXr3lsIrzhnjSj8q/:h1kNn2yieCJ3w/wKRsIrNnjm8W
MD5:	D2736B72AE526C33FBC15FAD74D2014E
SHA1:	26678D3562DC0E09AC4C136EC652EA53CC6F7E48
SHA-256:	05D86B1A610AEF28261D0909DF73C758E28FE2FAF83BC008224C5EE4896E8C40
SHA-512:	E59B053B6CE276727BD55B854460F23A8EB830B43C2B59F9B243E60829550B70D857EBAC565AFDE322F0291132E08C297DC4797E557849B8746DF202DBB6F9D8
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/appImages/V7/btn_closeover.png
Preview:	.PNG........IHDR..............V%.....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Windows)" xmpMM:InstanceID="xmp.iid:EB8AC8704A3611E4B137D69672FC1149" xmpMM:DocumentID="xmp.did:EB8AC8714A3611E4B137D69672FC1149"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EB8AC86E4A3611E4B137D69672FC1149" stRef:documentID="xmp.did:EB8AC86F4A3611E4B137D69672FC1149"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>?......IDATx.b` ...+.......FFF'...~.?}..>.I......'..x...&._..020.3..??)++..F..@..L....Y... l.a.L#....`.....9.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\bwewksugpg[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	5684
Entropy (8bit):	5.137329546109747
Encrypted:	false
SSDEEP:	96:+/YFx6xV4x6Px0eVPxcSA4Jvx3Fx1Orx0olHuxeRxg6pEHqpXH:Bx6xVZx0kxQCvx3Fx1ex0olOxeRxewXH
MD5:	803FBC5BB7961361C04205BAEC078984
SHA1:	D8B99EC1003BE32AC2BBAA196249DE8D2143C4A2
SHA-256:	CB8DB260B63D49F15089B33F963EB0C19152BF1E5A2B1D74F4363DF39E9CA262
SHA-512:	D7622BE4B98F4BADEDF4427462D011BF72CE701D39FD0062EBDB680A3AD01041B022E050557135775DFFF3A6446D6E72DB01C6A874227E318C5D2EF8B8EEF0A8
Malicious:	false
Reputation:	low
IE Cache URL:	https://fast.wistia.com/embed/medias/bwewksugpg.jsonp
Preview:	window['wistiajsonp-/embed/medias/bwewksugpg.jsonp'] = {"media":{"assets":[{"type":"original","slug":"original","display_name":"Original file","details":{},"width":1920,"height":1080,"size":181370714,"bitrate":10126,"public":true,"status":2,"progress":1.0,"metadata":{"served_by_media_api":1},"url":"https://embed-ssl.wistia.com/deliveries/a39b9d80168dc664490e1685842c6950.bin","created_at":1613149588},{"type":"iphone_video","slug":"mp4_h264_300k","display_name":"360p","details":{},"container":"mp4","codec":"h264","width":640,"height":360,"ext":"mp4","size":5379417,"bitrate":300,"public":true,"status":2,"progress":1.0,"metadata":{"max_bitrate":60827,"early_max_bitrate":60827,"average_bitrate":38443,"av_stream_metadata":"{\"Video\":{\"Codec ID\":\"avc1\"},\"Audio\":{\"Codec ID\":\"mp4a-40-2\"}}"},"url":"https://embed-ssl.wistia.com/deliveries/c156950155d22be03bd9a933e25cd03ca11e3e0d.bin","created_at":1613149588,"segment_duration":3,"opt_vbitrate":1200},{"type":"mp4_video","slug":"mp4_h264_

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\cartaoErr[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 205x130, frames 3
Category:	downloaded
Size (bytes):	2034
Entropy (8bit):	6.9133457398156315
Encrypted:	false
SSDEEP:	48:dXAVUnwMnVJUmTiy2rsbaVsbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb6QAIRBnpFo:dXtnRVJUGFkYa2bbbbbbbbbbbbbbbbbY
MD5:	658CACCB7BE8E1CA2A4CF2025D263605
SHA1:	CC3FACF5BD0EB39DA85059E7DA1CFAE8EFC317FF
SHA-256:	B161626DA6022DEB913789A60017BBE5CA7B32099A53BA551C07749DB2EEF420
SHA-512:	E79A0BB413A381B32C5CCD01D65F9ED8AABF44CAC625DB5E706509C5451F7FD0036FBB9D6A5562C81934E5EB9CD673BE19195090EE1BF529596F4C27CA77BE3F
Malicious:	false
Reputation:	low
IE Cache URL:	https://srv.novobanco.pt/site/errorhandling/NovoBanco/appImages/cartaoErr.jpg
Preview:	......JFIF.....H.H.....C.......................................................""""""""""...C................ ! !!! !!!!!!!!"""""""""""""""....................................................................................................." ....s.H....Ni.n.B.u.....1.\|.cF.....c..>j.J.h.:...z&...>..8'wR........,\...f...H.....$.....TL.E4OJ.[r.qy.....X......................................................................................................$@.............%........................0.12..4@ !............=y.b9.....7F....N....#i$.^5.=.K^?...gar.B5....r....n...q...!.2.Er...!..3....H;.....3M.....bJ...r.pp..N..."sk....S.5.....~..(...R[%K....}................................?.]...........................!1.... 02AQr."@P.........?..9p...t.s.pt.....@.p.H.(/......yB..........Wd...........-.M.{.@$.)...o..yB......X.....3.......lW...\...^s...v5.vh.QRc.w?._...+......................!10."2AQq..a. #P...........?..=...![&.;?....K...D,....c%+..b.V6.e[..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\cms[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	36486
Entropy (8bit):	5.415803688449093
Encrypted:	false
SSDEEP:	768:X2vVk0miXmC4PHyvm1CXu829c0vTJgYg/SnO9:jymC4PHyveUu8Svtg/x
MD5:	FF1E8EA7F52DE4239A07C0A1A5267E0C
SHA1:	8A040189CD5F49105350062CFCB92B603416EF14
SHA-256:	0B05A22FF04830EB7C98B7EF60199AAB756E30770FAEC76734D06146AA5D9D3C
SHA-512:	0DE3485AC1A3054918F9A8CE24CE37DEF7F07E48BBE93B07A6D8B286D30702EC450761EDBEA6F2245FF2D4DA6A60375AEA94A36CE1EE9C2EDA3920C542029EB2
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/cms.aspx?plg=D8C12C68-0D55-4D37-949A-53038EE8E069
Preview:	..<!DOCTYPE html>.. [if IE 8]><html class="no-js lt-ie10 lt-ie9"><![endif]-->.. [if IE 9]><html class="no-js lt-ie10"><![endif]-->.. [if gt IE 9]> ><html> <![endif]-->..<head>.. <script type="text/javascript" src="js/fo/v7/nb.preload.min.js?v=1736490233"></script>... CORE V7.0.21.0; CMS V7.0.317.0; SITEBES V7.0.750.0; GSA V7.0.158.0; V8; -->...<base href="//www.novobanco.pt/SITE/cms.aspx?plg=D8C12C68-0D55-4D37-949A-53038EE8E069" />...<meta charset="utf-8" />...<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />...<title>Servi.o Residentes no Estrangeiro</title>...<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />...<meta name="NB_pagetitle" content="Servi.o Residentes no Estrangeiro" />..<meta name="NB_GSA" content="ST_RE_SRE" />.......<link rel="icon" href="/favicon.ico" />...<link rel="shortcut icon" href="/favicon.ico" />...<link href='//fonts.googleapis.com/css?f

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\cms[2].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	36820
Entropy (8bit):	5.418158667665334
Encrypted:	false
SSDEEP:	384:XcCpRwshjVk0MVizjToTghXo53kJF7MkGxT1q3r63w53+37GFzXFotWzqLT3NLs8:XBXVk0miXCCnKT1nkBKT1mbgYQ/SnO9
MD5:	4822DA0BBA46C7DBDCF3D098A5E765E4
SHA1:	0F8ABF094FD9A661FA82AF2712BC7B410BDEEFB6
SHA-256:	001DF4769C37373B5660508D806D36062793B003896BBC2B063857497D03BC19
SHA-512:	EB714BA0BA5609907276C6AF537E7F2D093182FF05DE20FC7E45678398E13606AB84BF6C191A1E51CCFADF0A5686197104464B744072957B763469B4059C3ABE
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/cms.aspx?labelid=hcempresas
Preview:	..<!DOCTYPE html>.. [if IE 8]><html class="no-js lt-ie10 lt-ie9"><![endif]-->.. [if IE 9]><html class="no-js lt-ie10"><![endif]-->.. [if gt IE 9]> ><html> <![endif]-->..<head>.. <script type="text/javascript" src="js/fo/v7/nb.preload.min.js?v=1736490233"></script>... CORE V7.0.21.0; CMS V7.0.317.0; SITEBES V7.0.750.0; GSA V7.0.158.0; V8; -->...<base href="//www.novobanco.pt/site/cms.aspx?labelid=hcempresas" />...<meta charset="utf-8" />...<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />...<title>NOVO BANCO Empresas</title>...<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />...<meta name="NB_pagetitle" content="NOVO BANCO Empresas" />..<meta name="NB_GSA" content="ST_E_HOME" />..<meta name="NB_breadcrumb" content="HOME Empresas" />.......<link rel="icon" href="/favicon.ico" />...<link rel="shortcut icon" href="/favicon.ico" />...<link href='//fonts.googleapis.com/cs

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\cookie-consent[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	18247
Entropy (8bit):	5.105455102580246
Encrypted:	false
SSDEEP:	192:KoOekqVx9BYLDwfHPqU3siP/jw5rx1Eq4z4pbbI3t+YzTTmJoxCuzXcERnmvycGZ:/qU3sispo/dtD
MD5:	9542536D04DD173B3D155C3DC77498DD
SHA1:	C5E50F33ED7993A03B62D16626CDCF2B030B4E88
SHA-256:	161404CDB973A555C74BB480BDA9DFDB1B62A9916E1205C25673BC694FD49842
SHA-512:	99C84B9688BB142E322110231F5C82A1DBF7500C0F5EA4E7E0320335EA7AF4AA61BB8D3F5DFB6C35CF783D67F935E8F08EBB426391FC1ECB3CAFDA613BF12ABC
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/themes/onetrust/bundles/pages/cookie-consent.css
Preview:	@font-face{font-family:open sans;src:url(/wp-content/themes/onetrust/fonts/opensans-light.eot);src:url(/wp-content/themes/onetrust/fonts/opensans-light.eot?#iefix) format("embedded-opentype"),url(/wp-content/themes/onetrust/fonts/opensans-light.woff2) format("woff2"),url(/wp-content/themes/onetrust/fonts/opensans-light.woff) format("woff"),url(/wp-content/themes/onetrust/fonts/opensans-light.ttf) format("truetype"),url(/wp-content/themes/onetrust/fonts/opensans-light.svg#open_sans_lightregular) format("svg");font-display:block;font-weight:300;font-style:normal}@font-face{font-family:open sans;src:url(/wp-content/themes/onetrust/fonts/Open-Sans.eot);src:url(/wp-content/themes/onetrust/fonts/Open-Sans.eot?#iefix) format("embedded-opentype"),url(/wp-content/themes/onetrust/fonts/Open-Sans.woff) format("woff"),url(/wp-content/themes/onetrust/fonts/Open-Sans.ttf) format("truetype"),url(/wp-content/themes/onetrust/fonts/Open-Sans.svg#glyphicons_halflingsregular) format("svg");font-display:bl

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\cookie_compliance_icon[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	4373
Entropy (8bit):	4.657085383714875
Encrypted:	false
SSDEEP:	48:cCczKvHolxMGcyZphm6JXcMzwlyEvvPQgbXsEJ4UyvpiugwyjQp5cbCzkJfh2pxz:dAKQ7LcQ24zOyEmUyQVwyjQXYJfherqa
MD5:	AE4D852A202724F658E0F1020AF05D5C
SHA1:	D89FF890B0B95E4DB45D7FDA228F0BED86D9FC0E
SHA-256:	7A842EBF026606596542EAC926E3401CF00F7D9D0935521EA02B7BF6BF05160D
SHA-512:	958F122ED9BBD1A0952FB2B27162EEDFF05A12674F0C293981C05D90E7F70F14DB1D49A586E2C91EF1F4A298BD31294FCF3E8084153B7B8229BF1730AA59FD3B
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/themes/onetrust/images/cookie_compliance_icon.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<svg width="100px" height="100px" viewBox="0 0 100 100" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. <title>icon / product / cookie compliance</title>. <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g id="Cookie-Consent-1" transform="translate(-529.000000, -5462.000000)" stroke="#FFFFFF">. <g id="Stat-02" transform="translate(91.000000, 5249.000000)">. <g id="icon-/-product-/-cookie-compliance" transform="translate(438.000000, 213.000000)">. <circle id="Oval" stroke-width="3" fill="#6CC04A" cx="50" cy="50" r="48.5"></circle>. <g id="Cookie-SVG-GreenBlack" transform="translate(18.125000, 19.375000)" fill="#FFFFFF">. <path d="M32.1341633,59.2235681 C15.8521296,59.2235681 1.84287405,46.741803 1.84287405,30.0377197 C1.84287405,16.8522348 12.8341783,4.51862121 26.1727779,1

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\cropped-onetrust-theme-logo-1-150x150[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 150x150, frames 3
Category:	downloaded
Size (bytes):	2478
Entropy (8bit):	7.586212007752079
Encrypted:	false
SSDEEP:	48:e4kkNAa+32zk5SsFmBVGnO55l1AY8TN+h74ih1LWwemIzI4DdF:1y/YJYmBVuO9ODN+b1L+zPF
MD5:	C1B4E6DF75D3A25A668C077428F85258
SHA1:	58DD27E9AEE6AA7F4173E32CB8A4524F7DCD2C78
SHA-256:	B95A52355ED400894642757BD60B8202A402DDD48C74A2B4F59343B009BEA7BD
SHA-512:	C6B598EFE4DD714FD841EC26516A37A8D8DFE524BDF31A4FC92526876619E20772299B4DD9FE6A23FBC22EF179AA6FEFCD700941AB1BE93EC54EFA5080904C1B
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/uploads/2017/01/cropped-onetrust-theme-logo-1-150x150.jpg
Preview:	......JFIF.............C....................................................................C............................................................................"........................................N.............................."2BR..!5brs.....#6ASVau......Tcq...$1DQUd.....................................2........................."12..!#$3Ra...ABQq................?..@....................................................f...V.T...D..r\...SM'2.}.*Z.I...{)53...5`.....i....m.7M...ri.Tv,j.a.6.u.8..jBi.SS..k...>.E...mhVL.1d..kq....c..z..W).c..b\|&.Xi.x..U...O\|.W.....c..H..>\..i9U$k.f2...c0.Iz2..I....0R..cv.w.x.VnW\|v..3>Q5_.....6..!+B6k.:..!..t.&a....&\|.k...b..M}....'.?4>..W..3....3.._d..;.f\|.k...2O.~h9.W..Lf;.(...H......e..T..yr...9.2....N...q.2....`d.M`...`.K..v.-g.!y)O....>..F.j..E?T.1..R.........b'..u....\|....T..7...[`..p.V...&.m.5>usz%.....9..\|=y...D8.\|G..b..!...qU5..s...H.V.1....#...v.J}.>.....<~.!......&Z...v.(..1po..0..2..ti..V<r.$..6.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	378
Entropy (8bit):	5.231492910598722
Encrypted:	false
SSDEEP:	6:0IFFUds+56ZRWHTizlpddXzoBhNijFFUds+56ZN7izlpddXzGg8hNin:jFOdsO6ZRoT6pvmqFOdsO6ZN76pvGjY
MD5:	0F36A4019A7728E035C838F2CF8DB6EE
SHA1:	8A91EBC9475FBFD1CD6A4543F94D2614331B6A9B
SHA-256:	40CF32950E4FD54EDE16D458BECCAAB259AEBB343A9AF4D237BE81EBCA1254FE
SHA-512:	0D6F849F5121E73AD9F5A76527FB1CF7E2C5CC72E4F33164465EC30531BFB90E0F9A0564E72BFB8CA819848F7AF7E497C51F6F87831AF9434F062D79956938B7
Malicious:	false
Reputation:	low
Preview:	@font-face {. font-family: 'Arimo';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/arimo/v17/P5sfzZCDf9_T_3cV7NCUECyoxNk37cxcABrH.woff) format('woff');.}.@font-face {. font-family: 'Arimo';. font-style: normal;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/arimo/v17/P5sfzZCDf9_T_3cV7NCUECyoxNk3CstcABrH.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\de[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 18 x 12, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	250
Entropy (8bit):	6.2834011909103715
Encrypted:	false
SSDEEP:	6:6v/lhPFMkO54UcfNcD8ats4I2CV52IRTJ02gjp:6v/7tG8Ye4QzRl0DN
MD5:	9106B58CD67A757D34013AD61E826FCB
SHA1:	5F01F848404A402ED52A377B718236D444D3205B
SHA-256:	FB8ABF4975A70816D1ECB0E3DFF7ED44FF73201795790A55B4ABFB0D1B6D162F
SHA-512:	605549CF573DEC874744991CE95922A0F6E2859351582687336E2DD1A577529753A2AAFF3C33771A23D27645EECFADF752E9F00046C1617497F25AED014A0233
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/uploads/2020/08/de.png
Preview:	.PNG........IHDR..............pz....+tEXtCreation Time.wo 28 dec 2005 19:22:54 +0100.[......tIME.......t.f3....pHYs...........~.....gAMA......a....RIDATx..... .E.[....SGQS.Q.A.............m..p`.}.N.9.kYX.e..F.O.[.@.D.U3X...s...>#...U....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\facebook-gray[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	955
Entropy (8bit):	5.109480536566748
Encrypted:	false
SSDEEP:	24:2d2S8eLkEOeFeaxM2XI0SsFOt1ThnhTFpJT9l8ouM:cfLkk7EbtJP
MD5:	F45EFF0B01FFA07FED05812CB8E427AA
SHA1:	82E1A866632CE8885BC0BF3AE543138560C4AC63
SHA-256:	1D39FC356367DA198E19A2322F49506C0405EC3551CE2478978B74EE10F32916
SHA-512:	8001DFC51DAEA8E70C7EBA0A39888305334FC0F9BC2690A0017257B7861901D2F02876CF44CDC07E9A7C64AC3F20E3AC3EC25771A4CC641D6A5A9D2A5A2C2670
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/uploads/2019/06/facebook-gray.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<svg width="24px" height="24px" viewBox="0 0 24 24" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. Generator: Sketch 55.2 (78181) - https://sketchapp.com -->. <title>Group</title>. <desc>Created with Sketch.</desc>. <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g id="Group">. <circle id="Oval" fill="#FFFFFF" cx="12" cy="12" r="10"></circle>. <g id="facebook-gray" fill="#77797E" fill-rule="nonzero">. <path d="M12,0 C5.4,0 0,5.4 0,12 C0,18.6 5.4,24 12,24 C18.6,24 24,18.6 24,12 C24,5.4 18.6,0 12,0 Z M15.1,8 L14,8 C13.1,8 12.9,8.4 12.9,9 L12.9,10.4 L15,10.4 L14.7,12.5 L12.9,12.5 L12.9,18 L10.7,18 L10.7,12.5 L8.9,12.5 L8.9,10.4 L10.7,10.4 L10.7,8.8 C10.7,7 11.8,6 13.5,6 C14.3,6 15,6.1 15.1,6.1 L15.1,8 Z" id="Shape"></path>. </g>. </g>. </g>.</svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\facebook_desktop[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1124
Entropy (8bit):	6.357754333800046
Encrypted:	false
SSDEEP:	24:91hmYaWwjx82lY2T3XVUIIKKcjIJeLyJ3VUKI/KcUyIhbGo50sXP2ksNybx:jMYLNn2DeI/jMtJ3eKy9iweP2kV
MD5:	34C28E7804EA1A9C872B1392CC2AE89A
SHA1:	0A0E32D25227E34A7E174420847EC97D6555EF17
SHA-256:	C5DF2135D834CA5F88404164982EB9BB6601794A3A9F2B326ED8E6BEC0AEA5DD
SHA-512:	6708BA64573AAD873300E41C80E1638BFF2BDB963D28AE934E3A00159AF947C26AE6A3F5FB84C7C8AC0FB11C958F18B20DCB2DB4E5F1A85A234D6F3C4DA61D9D
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/images/nbsi/facebook_desktop.png
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmpMM:InstanceID="xmp.iid:BAD0D8F60B8611EA9D49F9D6D24141A2" xmpMM:DocumentID="xmp.did:BAD0D8F70B8611EA9D49F9D6D24141A2"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:BAD0D8F40B8611EA9D49F9D6D24141A2" stRef:documentID="xmp.did:BAD0D8F50B8611EA9D49F9D6D24141A2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...x....IDATx.b<z..gSS..7o.H2.....<...Kftww.Fo...4P....n&......u....gbbHMMe...b.....A...>.HOOgHNN..(.....(........

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\file[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 52 x 104, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	478
Entropy (8bit):	7.0223542085474495
Encrypted:	false
SSDEEP:	12:6v/7o+na9L0XviCkmMvpw0hptNZERoSI/GIxnz:lOa94Xv8HSXQz
MD5:	3609125C01238D5D7DE55A5844BD53F3
SHA1:	86EE0F44910DC2180F17C60D961197400A8180AE
SHA-256:	86C985DC7CDF829BF50A16D89849EFFE9CF29D377CBCA75989976FBCD048B7AF
SHA-512:	A9BA30CB654C4E19E69D43E1AB2109528C61363EF8EB0BB517D79D91E77E65F6F64320B5D698708CA8776B1A1F344F4E42B72D4789AB61C6D2BCDE4148BDE744
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/cms.aspx?srv=207&stp=1&id=676562&fext=.png
Preview:	.PNG........IHDR...4...h.......#U....PLTE........<....<..........<..<..I..J..K..K..............<..=..>..>..>..?..B..D..D..E..F..........................................A./....tRNS....U.................m....IDATX......0...,.u..........=/F..L.I..../]..0..L.#.9..\...H...bmj8......N.....l/~.H`)@..[...w.....5.jP..U..._.~..@2B.@....7b./........4.#.....}.je2.yw.L9.......2.!.7q.....,3...).@.K.J.....3...n.)Q..o/....".....br.y.2...,.y..2./.D...&...C.[....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\footer-info-computer[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1821
Entropy (8bit):	4.885137303551349
Encrypted:	false
SSDEEP:	48:cNsSHiks/poYKflpemerpGPfS7FqfdSd2FY/FJR:yi3/poYKflQvrpafSofYd
MD5:	70786FCE6DEF7DC4110091E59305E196
SHA1:	920948059263242FC10BB96EB2BF6CE0A34C59C4
SHA-256:	152C8B567CCA5BB767E54F99FA3EFA349E73963BA198148A159A3C7837731973
SHA-512:	B4C5858BBE5DFFC97064A94561CD433E466F8E4411FFACED4248C670A045DA3FC31756667A3DE1ABDD6D8BB7D95D45BA3AB1E83C8AC8707BD7B4B102C214CD8C
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/themes/onetrust/images/footer-info-computer.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<svg width="72px" height="62px" viewBox="0 0 72 62" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. Generator: Sketch 55.2 (78181) - https://sketchapp.com -->. <title>Shape</title>. <desc>Created with Sketch.</desc>. <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g id="noun_Computer_1923169" transform="translate(1.000000, 1.000000)" fill="#FFFFFF" fill-rule="nonzero" stroke="#FFFFFF" stroke-width="2">. <path d="M67.17285,0.84668 L2.83985,0.84668 C1.3745238,0.848135262 0.187005262,2.0356538 0.18555,3.50098 L0.18555,43.10645 C0.190457157,44.5682881 1.37800517,45.7501541 2.83985,45.74805 L29.33008,45.74805 L29.33008,57.15332 L24.63574,57.15332 C24.0834553,57.15332 23.63574,57.6010353 23.63574,58.15332 C23.63574,58.7056047 24.0834553,59.15332 24.63574,59.15332 L45.37012,59.15332 C45.9224047,59.15332 46.37012,58.7056047 46.37012,58.15332 C

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\footer-info-mail[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1017
Entropy (8bit):	5.934236277230484
Encrypted:	false
SSDEEP:	24:2d6goRG3LIEOeFeaxM3C4QdaZ89kWM2AmqbEFAMzAw:c6gKGbIkopQwZ89ZMJEyo
MD5:	EB88BDECA0BE56EA1B57035AD86CD519
SHA1:	1D2CC588869F60724B9169F38B15C209BEF3DB8A
SHA-256:	616D3AAFF1EBE651F64797A3E509499B5F94973CEC801F1775D361AE39911E50
SHA-512:	73949FC4BFB602E4F7F5CEAD74A47B491BD7D27A4954F7B8BD61E261B61266CA1BD15C8D55BD9E4D277F9C273ED48CB83E73A0BF93678961268E341234612A72
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/themes/onetrust/images/footer-info-mail.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<svg width="20px" height="14px" viewBox="0 0 20 14" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. Generator: Sketch 55.2 (78181) - https://sketchapp.com -->. <title>Bitmap</title>. <desc>Created with Sketch.</desc>. <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <image id="Bitmap" x="0" y="0" width="20" height="14" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAOCAYAAAAvxDzwAAAAAXNSR0IArs4c6QAAAS1JREFUOBG1kLFqwlAUhu+1EvABOpU6CNJNp3boYDJKwRcQx47tKujeqQ/g2rV0a1/A2iAODl0UbEMpXV3qJBYhfic0koYbmgge+Dj3/uc/J+dG+76/Ukot4RV2jRKNx1BRDPTAhVs4yDqRnia8wTOc5RjwDQ74IOIh+d/AZ0EPYwtOYSpNMlBprdfQ5ngDL/Il0ZOC+hE1Fz7ou4DF1ktxvL1w4F6EEVxF9fCMbsMEzkNNMvceBE+O6rLtF0INTjA8QEEMZA0djl1w8A1Fj0fw5LiI+Qeu0e9hwKAq+REsqFObk82B+c+T4y7qZXgCO16L3qkHT85HRdOZbd7RG6aaSZMny7/qw53JkFWTDWds4WRtTPLLwGDDX4PH8Mskcxp9Lxt+yj9M8/UUnvkG6cydqdwNIhsAAAAASUVORK5CYII="></image

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\header_gama[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, little-endian, direntries=0], baseline, precision 8, 1170x304, frames 3
Category:	downloaded
Size (bytes):	21020
Entropy (8bit):	3.4343715473545755
Encrypted:	false
SSDEEP:	96:A2V8DC19ggSmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmL:Kigl
MD5:	0C3554F8614232D5171787299A2D6C13
SHA1:	9B3FD727FD54ABF5F622D2E52CBBD3923EFAD2EF
SHA-256:	5E0A1C1F9FA3CFC6EB3794760EE5FB55097EBCB149BBA544BE23802B8E840501
SHA-512:	76A4EEC252041C81477D93EAB0C36F5C54BFBE4BCFA281DD1451104BE8813F87FA2846373C3C5227FB62F04267951C469D23979CAA9A57E9A0FC86099C3C2440
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/images/contas_2020/header_gama.jpg
Preview:	......Exif..II*.................Ducky.......Z.....,http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164460, 2020/05/12-16:04:17 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.2 (Windows)" xmpMM:InstanceID="xmp.iid:61A44E06FC1A11EA84F19732C21155A3" xmpMM:DocumentID="xmp.did:61A44E07FC1A11EA84F19732C21155A3"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:61A44E04FC1A11EA84F19732C21155A3" stRef:documentID="xmp.did:61A44E05FC1A11EA84F19732C21155A3"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\icon-call[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1759
Entropy (8bit):	3.983296706020486
Encrypted:	false
SSDEEP:	48:/dbiHS26m4GuIzqSLcKtT45QO5l57opjyKpcoQ+i:FOShnGg8cUc9l7oECy
MD5:	3DACCC043C49440604E1E97E885924C2
SHA1:	359B9E7074E359D23818032EA2682E6323093BD6
SHA-256:	744B4D4038BED4E506478E2F048BA1C7520563C15BF3390806971A9099DCF79B
SHA-512:	A00DF22F86E312782BAAAEE4989663160D4AF7173082CB2AE02D38840CC08BE0F113EF8A718AE06E6C534382D922D92E2A020D11A91DBAD46E8B735C5183C2B1
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/images/campanha_creditopessoal_2019/icons/icon-call.svg
Preview:	<svg width="51" height="51" viewBox="0 0 51 51" xmlns="http://www.w3.org/2000/svg"><path d="M40 28.428c-.016.198-.03.397-.047.595-.091.99-.576 1.762-1.328 2.378-.535.44-1.15.708-1.842.77-.222.02-.354.104-.445.32a11.21 11.21 0 0 1-2.385 3.565c-1.602 1.616-3.526 2.613-5.77 2.993-.83.14-1.665.165-2.504.119-.106-.006-.182.02-.248.101-.568.705-1.297.861-2.142.634-.607-.163-1.214-.325-1.767-.633a1.777 1.777 0 0 1-.868-2.01c.214-.844.89-1.397 1.743-1.394.272.001.551.047.813.122.483.14.957.313 1.433.476.341.117.61.338.809.632.147.215.33.291.587.293 3.452.032 6.028-1.527 7.906-4.356.2-.3.367-.623.547-.937.035-.061.056-.131.085-.196.039-.089.018-.145-.069-.2-.605-.384-1.057-.907-1.394-1.538-.228-.425-.302-.884-.307-1.353a225.638 225.638 0 0 1-.01-3.548c.006-1.275.59-2.24 1.622-2.953.098-.068.193-.142.298-.197.112-.059.132-.137.11-.255-.154-.838-.398-1.648-.792-2.406-1.279-2.461-3.252-4.074-5.967-4.645-3.992-.84-7.749.813-9.744 4.417-.49.885-.777 1.85-.942 2.85-.015.09.036.118.09.155.336.236.658.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\icon-file[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 52 x 52, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1130
Entropy (8bit):	6.455092632885682
Encrypted:	false
SSDEEP:	24:l1hmYaWwjx82lY2T3XVOT4K2ITayJ3VwTBKPTfGfyP/NHUexAf:LMYLNn2DcTwIThJ3CTeTfOyP/NY
MD5:	E27F12DD27E9C5918726A37F2E136BF4
SHA1:	B63F25EFB4EC0A12A88C645EDCE89695E16F2EB3
SHA-256:	5AC766B570884C78E9CE7EC14DE2093AADC2C32D2F890467ABC0AB1CF3F43357
SHA-512:	B635A59405A6EB0FF17EE15982CD213910A83B142803AE42D09546A53EF39F8486B57A8586D7D687B4D1E81B95457B8322DB51A04421BF6F2C85B90B69276675
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/cms.aspx?srv=207&stp=1&id=948001&fext=.png
Preview:	.PNG........IHDR...4...4......x......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmpMM:InstanceID="xmp.iid:B698931E047011EAA097DA0014BBFCCD" xmpMM:DocumentID="xmp.did:B698931F047011EAA097DA0014BBFCCD"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B698931C047011EAA097DA0014BBFCCD" stRef:documentID="xmp.did:B698931D047011EAA097DA0014BBFCCD"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..-.....IDATx..... .E.q...+...5a...,`g@.....@...4.)...K..9g5.&5.... ...+...\|.\|]..,...y......V.c.....u_P.[.&L.z

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\jquery-3.5.1.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	89475
Entropy (8bit):	5.289540431614111
Encrypted:	false
SSDEEP:	1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakV:AYh8eip3huuf6IidlrvakdtQ47GKl
MD5:	12B69D0AE6C6F0C42942AE6DA2896E84
SHA1:	D2CC8D43CE1C854B1172E42B1209502AD563DB83
SHA-256:	6150A35C0F486C46CADF0E230E2AA159C7C23ECFBB5611B64EE3F25FCBFF341F
SHA-512:	A55F55D56899AB440EF0CAE17B28D5CC8F5B9766D1E9BC1A8AC6B89376924B476C1AB0C325497EB5D44AF41F4EBF8EEA236D87A36902244B8A3ECA54994B8711
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/themes/onetrust/js/jquery-3.5.1.min.js?t=1617845395&ver=3.5.1
Preview:	/! jQuery v3.5.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"o

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\linkedin-gray[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1099
Entropy (8bit):	5.0508521399055955
Encrypted:	false
SSDEEP:	24:2d2S8eLkEOeFeaxM2XI0SeFOt1Th5ri8n8cQnB8ouM:cfLkk7OrrihJP
MD5:	7E21E016E0F66F13F2E79FDEFEF9AE8D
SHA1:	1DBFD06E9EE6577C70BEED7BCB31D25F5DA5EA34
SHA-256:	7BF55FB50DA6637925B994FE7978C502298D1CAC56DB43879FDD66751E55DD00
SHA-512:	3C6547B9B5611D2C003D9AEE4A568586059E40E0656B6302B3F480D81FA05E3434B8F903B62F4D685FABE9F47C1BA471EEE3E0CF44AF50C1B9A8CA4E77AC0572
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/uploads/2019/06/linkedin-gray.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<svg width="24px" height="24px" viewBox="0 0 24 24" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. Generator: Sketch 55.2 (78181) - https://sketchapp.com -->. <title>Group</title>. <desc>Created with Sketch.</desc>. <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g id="Group">. <circle id="Oval" fill="#FFFFFF" cx="12" cy="12" r="10"></circle>. <g id="linkedin-gray" fill="#77797E" fill-rule="nonzero">. <path d="M12,0 C5.4,0 0,5.4 0,12 C0,18.6 5.4,24 12,24 C18.6,24 24,18.6 24,12 C24,5.4 18.6,0 12,0 Z M8.7,18 L6.2,18 L6.2,10 L8.7,10 L8.7,18 Z M7.4,8.9 C6.6,8.9 6,8.2 6,7.5 C6,6.7 6.6,6 7.4,6 C8.2,6 8.8,6.6 8.8,7.4 C8.9,8.2 8.2,8.9 7.4,8.9 Z M18,18 L15.5,18 L15.5,14.1 C15.5,13.2 15.5,12 14.2,12 C12.9,12 12.7,13 12.7,14.1 L12.7,18.1 L10.2,18.1 L10.2,10.1 L12.6,10.1 L12.6,11.2 L12.6,11.2 C12.9,10.6 13.7,9.9 15,9.9 C

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\linkedin_desktop[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1302
Entropy (8bit):	6.769015250826818
Encrypted:	false
SSDEEP:	24:91hmYaWwjx82lY2T3XVHp6eLyJ3VfybG4xOmvyV1U3pJQc:jMYLNn2DLiJ3SHOmvcQ
MD5:	19AFFEFAB500F53F7847906890DEB186
SHA1:	8291758EBF8D1547F956B4F8A5CB6AA4EA58CA66
SHA-256:	E7189AA27CDDB660E2B81AAACA69379A466D7C7BED8F9C3AD4CF6919C2C01091
SHA-512:	47FF361F1B42F6BCA8FEEA4A7C167EF5E21EBE245086032E4B98111A9A9C9BE499A544967948C4DA70434AF89C2281A5257E5BCC78C68D13F564E5459DD333D9
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/images/nbsi/linkedin_desktop.png
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmpMM:InstanceID="xmp.iid:A8E8DFDB0B8611EAADA4E814A3073142" xmpMM:DocumentID="xmp.did:A8E8DFDC0B8611EAADA4E814A3073142"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A8E8DFD90B8611EAADA4E814A3073142" stRef:documentID="xmp.did:A8E8DFDA0B8611EAADA4E814A3073142"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>=.......IDATx..o.@......B...:.i@V".\.?....#..T.......@`......V......(Ll...!.g........7.L^UU..n./`.x<n...7.T*

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\location[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	164
Entropy (8bit):	4.55341170338059
Encrypted:	false
SSDEEP:	3:LUfGC48HptOE9HhE/fQ8I5CMnRMRU8x4URGQP22/9SM+nmyRHfHO:nCj4ElhEAjvRMmhUMQP2zjO
MD5:	A6B42B0E34A354029688094D2B66EB8A
SHA1:	400B86D37BB8C1F8EC364F98A780D981F1357E92
SHA-256:	6AC51762DD026703234ED9446F010135439C46DC525113BAF9D202F2CE199DBF
SHA-512:	A1096CAA2142AB0F7A1D0899BBBF468D1053D248B61EAD2D8B2F3D63B2CF37570202195D8CDCA0FFD49DEDB9C63588F8EFAF463EB07C640235AD0AF1D70BBBD5
Malicious:	false
Reputation:	low
IE Cache URL:	https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Preview:	jsonFeed({"country":"CH","state":"","stateName":"","zipcode":"","timezone":"Europe/Zurich","latitude":"47.14490","longitude":"8.15510","city":"","continent":"EU"});

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\mem5YaGs126MiZpBA-UN_r8OUuhv[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 18668, version 1.1
Category:	downloaded
Size (bytes):	18668
Entropy (8bit):	7.969106009002288
Encrypted:	false
SSDEEP:	384:Wv4QHZChiRh3lwLOf8cWN78NXpcr6gBUA9CD/q4cOPZmPO:WvwhNOkvvxC7qnc
MD5:	A7622F60C56DDD5301549A786B54E6E6
SHA1:	D55574524345932DB3968C675E1AEA08C68A456F
SHA-256:	6E8A28A0638C920E5B76177E5F03BA94FCDEDD3E3ECD347C333D82876B51C9C0
SHA-512:	1A842E5EDFFFFBAE353AD16545D9886E3E176755F22B86ECCC9B8B010FC79DB7194B7C5518CC190BF5B78B332C7D542B70A6A53B3BAF23366708DF348C2C2D49
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff
Preview:	wOFF......H.......n0........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`}...cmap...`.........X..cvt .......]........fpgm...t........~a..gasp...............#glyf... ..8...WP..M.head..@....6...6..F.hhea..A........$...chmtx..A8.........._{loca..CL........K.4&maxp..E.... ... ....name..E0........"c?Jpost..F........x.U..prep..G........:..]........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`fig.a`e``..j...(.../2.1..`b.ffcfeabbi``Pg``..b.. 0t.vfp`P...M...C.G/S....\|...=.6 .....m/....x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f\|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$K..$..`.g.e........ .......R.g......?......x.)d...........$...."....0.#.A@X..0......x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.\|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\mem8YaGs126MiZpBA-UFVZ0d[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 18100, version 1.1
Category:	downloaded
Size (bytes):	18100
Entropy (8bit):	7.962027637722169
Encrypted:	false
SSDEEP:	384:aHQHZuiZQFFIimUy1oml4hN2Vmw1Qa57YC74ObDDj08X0UJQiXc:1ZQT0UySml4bEmAP5EC7PbDH4U1M
MD5:	DE0869E324680C99EFA1250515B4B41C
SHA1:	8033A128504F11145EA791E481E3CF79DCD290E2
SHA-256:	81F0EC27796225EA29F9F1C7B74F083EDCD7BC97A09D5FC4E8D03C0134E62445
SHA-512:	CD616DB99B91C6CBF427969F715197D54287BAFA60C3B58B93FF7837C21A6AAC1A984451AEEB9E07FD5B1B0EC465FE020ACBE1BFF8320E1628E970DDF37B0F0E
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0d.woff
Preview:	wOFF......F.......i.........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`~]..cmap...`.........X..cvt .......Y.....M..fpgm...p........~a..gasp...............#glyf......6...S...]head..>....6...6..cphhea..>........$....hmtx..?...........[$loca..A4.........f..maxp..B.... ... ....name..C.........&:A.post..D........x.U..prep..E.........C...........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`f..8.....u..1...<.f...................A......5....1...A.._6..".-..L.....Ar,......3..(....x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f\|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$KY...e@.,.."..........?....%.g....Z.....(".o..Y..Bu342.e......0..........M=.....x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.\|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N.KG.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\memnYaGs126MiZpBA-UFUKW-U9hrIqU[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 17788, version 1.1
Category:	downloaded
Size (bytes):	17788
Entropy (8bit):	7.967181593577758
Encrypted:	false
SSDEEP:	384:Vp3UxvLq7eMDKdiXVYFbQk9YlD/XmhJGSiQ3L+CEW/9fE+QH:jgjq7ejOQMUeD/AGO6CB/98+QH
MD5:	92DA6F116D973BD334CF9B3AFDB29C4F
SHA1:	C7E59C92F4D8391276FB0A3A55528CF3965478E7
SHA-256:	49B6274BCCB5C6B31E20CEBB213D96197B522B1FB9C95B8649A0626EDB5BD9D8
SHA-512:	B3483F5137EAE074BDC95262B8C5D6049C4E7AF276F3EB1DDC3097ED3FBFB2C43110341B78E0B388E6B9B5D186168CD86DA324496CB08F909C60FEBFB3E207B9
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKW-U9hrIqU.woff
Preview:	wOFF......E\|......f.........................GDEF................GPOS................GSUB.......X...t...OS/2.......]...`....cmap...`.........X..cvt .......o........fpgm............s.ugasp...(...........#glyf...8..4...N.-.W.head..=0...6...6....hhea..=h..."...$....hmtx..=....8.....\|&.loca..?.........P..maxp..A.... ... ....name..A..........8Gtpost..B........x.I..prep..D`.......@..R.........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.%..@0...?.%.N.O:Zg..TjL...Bk..-.a ..5.j.F...`...^..3.V.P..P.4..c....[..]..9.... ..T(.q...x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f\|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$KY...e@.,..".9....x........3............e..=L.....`.Q..1.Q........uF.F[F}Fe........-.p....... ..x.TGw.F........)..)7.W..`.j.-...='_..sI...2...O>....[tt....TK]..\|...G..............^.m..=..x

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\memnYaGs126MiZpBA-UFUKWyV9hrIqU[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 17668, version 1.1
Category:	downloaded
Size (bytes):	17668
Entropy (8bit):	7.9576211916710635
Encrypted:	false
SSDEEP:	384:TQHZiJiLqdJVOpEbXHYV0cIeLg8hDHNbCqe+WQN:NWuV1X/eRHNbCqefQN
MD5:	793B1237017AEACD646FB80911425566
SHA1:	51E3023140BE407FD5FBFD27E0A5D2C30AE66F31
SHA-256:	5BB07410994C14D60F72CE3F6E19B172FCD7BC515F9BAEAF1F74C6CC2216E86A
SHA-512:	95C6644C1C1A2E369075D429E86736491451431C6046BA74545C0BF91C1CABEA1B1A4FCFD8FC5BB6A37269E4F80AF5B792BF80C968EC6A3B8B325F33EC66331D
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKWyV9hrIqU.woff
Preview:	wOFF......E.......c.........................GDEF................GPOS................GSUB.......X...t...OS/2.......]...`~...cmap...`.........X..cvt .......^.....M..fpgm...t........~a..gasp...............#glyf... ..4...Lv$.#.head..<....6...6./{.hhea..=...."...$....hmtx..=4...@....}.K.loca..?t..........maxp..A4... ... ....name..AT.........D9post..BD.......x.I..prep..D........$...J........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.%..@@.@.....T.2..Q.1dB...!.j@..}(../y..]...V....b.b.D#5/....(..v.p....'e.7.......@@?.9.....x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f\|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c.. .P...,..`....b`....C..D@$P..)._............a .p@.0.(.@.8. ..0....a8.............x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.\|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\memnYaGs126MiZpBA-UFUKXGUdhrIqU[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 17492, version 1.1
Category:	downloaded
Size (bytes):	17492
Entropy (8bit):	7.957749340429713
Encrypted:	false
SSDEEP:	384:bQHZhYs3a6PsVt9W9Z3owyC3bSZjyVO9Gz8W6EaJQgacXcK1cDVQgx:gq6PMK9Z3WCyc5z6lnXcYcxQU
MD5:	56E5756B696615D6164A625E1BCB1A9E
SHA1:	E2AEF56F577DBB78254066B73C2D0FBE30B40AE0
SHA-256:	BB87838929C15E1D0A05693C375323B95B6B4690FE207D3639E3A432C44AEF35
SHA-512:	BB998858AB9DF11375B0844EA008D31ABE4377826F6BE73C6F1DDE2E85C6F9A0404FADFDA9C081318F2F59614A22A1CF7F32376B25232887EDE8C7FBA323CB12
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKXGUdhrIqU.woff
Preview:	wOFF......DT......dD........................GDEF................GPOS................GSUB.......X...t...OS/2.......]...`.7.rcmap...`.........X..cvt .......^........fpgm...t........~a..gasp................glyf......4 ..M4.]2.head..<<...6...6..zghhea..<t..."...$.{.@hmtx..<....,.....V9Vloca..>..........rimaxp..@.... ... ....name..@.........,.G.post..A........x.I..prep..CT........x..%........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`f........:....Q.B3_dHcb```.fgc.`abbi``P..x......:.;302(...&.O.....)B..q>H.%.u..R``..<......x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f\|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$KY...e@.,A.".m....x........3........[.o....=.d...u.a......S....G..3.b..h...."...x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.\|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\modernizr-2.8.3-custom[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	8586
Entropy (8bit):	5.298078807036363
Encrypted:	false
SSDEEP:	192:ja3nG40pKQob1dHYPeIny64LDDhWwpy8b7z:ja3G40pKQoZRY5y6aHh1pz
MD5:	2FBDCCC0D3D47AE822CFE51BF5255125
SHA1:	7B37629FCE558B5DC7DFCDFB3D3B9FA65C98199B
SHA-256:	7250799BAB2C52852E45FED15635BACBF280CC30DD9483A2797490B81D27BB89
SHA-512:	0069FC00E1841D0DCDF5EA34227BD7C5F83C2BD1C00CB8E02A298250246B913DC7207B310E8DDC8B95D2F8B2262B9854C9BE8C56DFE52C64E19E3C9488E5C650
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/js/libs/modernizr-2.8.3-custom.js?v=1736490233
Preview:	/* Modernizr 2.8.3 (Custom Build) \| MIT & BSD. * Build: http://modernizr.com/download/#-touch-shiv-cssclasses-teststyles-prefixes-load. */.;window.Modernizr=function(a,b,c){function w(a){j.cssText=a}function x(a,b){return w(m.join(a+";")+(b\|\|""))}function y(a,b){return typeof a===b}function z(a,b){return!!~(""+a).indexOf(b)}function A(a,b,d){for(var e in a){var f=b[a[e]];if(f!==c)return d===!1?a[e]:y(f,"function")?f.bind(d\|\|b):f}return!1}var d="2.8.3",e={},f=!0,g=b.documentElement,h="modernizr",i=b.createElement(h),j=i.style,k,l={}.toString,m=" -webkit- -moz- -o- -ms- ".split(" "),n={},o={},p={},q=[],r=q.slice,s,t=function(a,c,d,e){var f,i,j,k,l=b.createElement("div"),m=b.body,n=m\|\|b.createElement("body");if(parseInt(d,10))while(d--)j=b.createElement("div"),j.id=e?e[d]:h+(d+1),l.appendChild(j);return f=["",'<style id="s',h,'">',a,"</style>"].join(""),l.id=h,(m?l:n).innerHTML+=f,n.appendChild(l),m\|\|(n.style.background="",n.style.overflow="hidden",k=g.style.overflow,g.style.overflo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\movieclip-0.7.1.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	3815
Entropy (8bit):	5.239977600111839
Encrypted:	false
SSDEEP:	48:g+EpSQqbuaPRI2aYPH2zanpE7/pf6UKuIpLGbvEvDCGqaYGbZYiEf5Bo0jGb8:xpIWPWzapgojGcDW9fEO
MD5:	23FBC772507B3F2C422E45048C7D772C
SHA1:	28FAF604A7730FEA184104043811F3F068B9926A
SHA-256:	315EE9628117C9AFBAFAADB6C084AF4B05442D8D8C5573D341F529310055EE0A
SHA-512:	779DDCDAD149161CA24182081AA9E2B40768A9E6FB2856C4A13443DE2F0796099ADAF1F764D97D1A3E9C40F409E1EC1ECE2CD3F94174F6F8566914710DB310E3
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/SITE/js/libs/movieclip-0.7.1.min.js?v=1736490233
Preview:	/!. @license EaselJS.* Visit http://createjs.com/ for documentation, updates and examples... Copyright (c) 2011-2013 gskinner.com, inc... Distributed under the terms of the MIT license..* http://www.opensource.org/licenses/mit-license.html.. This notice shall be included in all copies or substantial portions of the Software..*/.this.createjs=this.createjs\|\|{},function(){"use strict";var a=function(a,b,c,d){this.initialize(a,b,c,d)},b=a.prototype=new createjs.Container;a.INDEPENDENT="independent",a.SINGLE_FRAME="single",a.SYNCHED="synched",b.mode,b.startPosition=0,b.loop=!0,b.currentFrame=0,b.timeline=null,b.paused=!1,b.actionsEnabled=!0,b.autoReset=!0,b.frameBounds=null,b._synchOffset=0,b._prevPos=-1,b._prevPosition=0,b._managed,b.Container_initialize=b.initialize,b.initialize=function(b,c,d,e){this.mode=b\|\|a.INDEPENDENT,this.startPosition=c\|\|0,this.loop=d;var f={paused:!0,position:c,useTicks:!0};this.Container_initialize(),this.timeline=new createjs.Timeline(null,e,f),this._ma

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\nb.campaign.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	1352
Entropy (8bit):	5.098182832456735
Encrypted:	false
SSDEEP:	24:Oq8UzooeQR8Uz3obbjrf/PQkqJWUzhIcmRlUzbsjvchddavkA8BTqI7TGUYchKNA:z8UheQR8UkTbPQhEU9hmRlUXsjUhmvkv
MD5:	6F8FC7A1F08161BF6D214AE42F51389B
SHA1:	250AFB72F67965147509ED827DC43CBD7FA98E81
SHA-256:	CBE25A931B71E6AB264586881EA0183A0C3C105ECFC336E5634E5C5CFA2E9634
SHA-512:	ECE93DFD38F2C904CAC57964CEE056EB7163D1799FDA0C51D2FA7A635A0A3E5DEBF9B6493787CDFC1CD2391C222BD7C6422D734D44BA3CB6D6DE9FFED186BB46
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/SITE/js/fo/v7/nb.campaign.min.js?v=1736490233
Preview:	nbstorage={get:function(n){if(!n)throw"key not supplied";if(window.localStorage)try{return localStorage.getItem(n)}catch(t){}},getWithExpires:function(n){if(!n)throw"key not supplied";if(window.localStorage)try{return(value=JSON.parse(localStorage.getItem(n)),value&&new Date(value.expires)>new Date)?value.data:(localStorage.removeItem(n),null)}catch(t){}},set:function(n,t){if(!n)throw"key not supplied";if(window.localStorage)try{localStorage.setItem(n,t)}catch(i){}},setWithExpires:function(n,t,i){if(!n)throw"key not supplied";if(window.localStorage)try{var r=new Date;r.setMinutes(r.getMinutes()+i);localStorage.setItem(n,JSON.stringify({data:t,expires:r}))}catch(u){}},remove:function(n){if(!n)throw"key not supplied";window.localStorage&&localStorage.removeItem(n)},clear:function(){window.localStorage&&localStorage.clear()}};nbcampaign={redirect:function(n){if(n&&n.id){jQuery("body").hide();var i=n.id,r="campaign_cookie_"+i,u=v7labelId,t=nbstorage.getWithExpires(r),f="/site/cms.aspx?labe

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\nb.stats-ext.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with very long lines
Category:	downloaded
Size (bytes):	371
Entropy (8bit):	5.058676686534354
Encrypted:	false
SSDEEP:	6:XML4p/eqaT65VJUTmrT4V9zfjL+R5BG1KHJR3JdFB+Q0ZWqTtqRBVLyZ1mipLY:cL4p/jY65ATe2fO7M1KHfpQqNjipLY
MD5:	C94B440CA02181E36828E5A50E05927D
SHA1:	DFF55DBD288EEEDB5C1C1469EB18A4F1222B5BC0
SHA-256:	8095230654242BE588422C4DF81C609D76FDD736A9FD7C36A36B2EB80F03F576
SHA-512:	17138A00106871DEB6AFA1BB416A91816A1817BDD52516892EF1EB37BACFDB2C39D20CDD34AC8CED288ABD72BFBF377E86CE6906FC02314125526CE17284DCA8
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/js/fo/v7/nb.stats-ext.min.js
Preview:	.window.nbstatsext=window.nbstatsext\|\|{send:function(n){var i=function(){try{return window.parent.location.href}catch(n){}},t=$.extend({url:"https://www.novobanco.pt/site/Stats/GenericHandler.ashx",type:"POST",xhrFields:{withCredentials:!0}},n);t.data&&(t.data.op="navext",t.data.parent=t.data.parent\|\|i());$.ajax(t)}};.//# sourceMappingURL=nb.stats-ext.prd.min.js.map.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\otFlat[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	12847
Entropy (8bit):	5.378720310141186
Encrypted:	false
SSDEEP:	384:E5cgywp14jbK3e85csXf+oH6iAHyP1MJAR:Enp14S
MD5:	8352C117A751ACC46F7AB179C088D425
SHA1:	1F702763B6A77ED7129D726CC676FB2E7849360C
SHA-256:	FB44400A61EDDA0B628AD2FF62CB5D299FAB4E7A18D586AE7D70481C6C9550B2
SHA-512:	079D711759D43801F6C4E627EC4B5594D3AD2B4FA1BFD48FF9AE3D327561370FC0353D68C1AA95BCD0A76677D262F91EB9B0303DCF22649737D41EA9BC43ACC1
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn.cookielaw.org/scripttemplates/6.9.0/assets/otFlat.json
Preview:	. {. "name": "otFlat",. "html": "PGRpdiBpZD0ib25ldHJ1c3QtYmFubmVyLXNkayIgY2xhc3M9Im90RmxhdCIgcm9sZT0iZGlhbG9nIiBhcmlhLWxhYmVsbGVkYnk9Im9uZXRydXN0LXBvbGljeS10aXRsZSIgYXJpYS1kZXNjcmliZWRieT0ib25ldHJ1c3QtcG9saWN5LXRleHQiPjxkaXYgY2xhc3M9Im90LXNkay1jb250YWluZXIiPjxkaXYgY2xhc3M9Im90LXNkay1yb3ciPjxkaXYgaWQ9Im9uZXRydXN0LWdyb3VwLWNvbnRhaW5lciIgY2xhc3M9Im90LXNkay1laWdodCBvdC1zZGstY29sdW1ucyI+PGRpdiBjbGFzcz0iYmFubmVyX2xvZ28iPjwvZGl2PjxkaXYgaWQ9Im9uZXRydXN0LXBvbGljeSI+PGgzIGlkPSJvbmV0cnVzdC1wb2xpY3ktdGl0bGUiPlRoaXMgc2l0ZSB1c2VzIGNvb2tpZXM8L2gzPjwhLS0gTW9iaWxlIENsb3NlIEJ1dHRvbiAtLT48ZGl2IGlkPSJvbmV0cnVzdC1jbG9zZS1idG4tY29udGFpbmVyLW1vYmlsZSIgY2xhc3M9Im90LWhpZGUtbGFyZ2UiPjxidXR0b24gY2xhc3M9Im9uZXRydXN0LWNsb3NlLWJ0bi1oYW5kbGVyIG9uZXRydXN0LWNsb3NlLWJ0bi11aSBiYW5uZXItY2xvc2UtYnV0dG9uIG90LW1vYmlsZSBvdC1jbG9zZS1pY29uIiBhcmlhLWxhYmVsPSJDbG9zZSBCYW5uZXIiIHRhYmluZGV4PSIwIj48L2J1dHRvbj48L2Rpdj48IS0tIE1vYmlsZSBDbG9zZSBCdXR0b24gRU5ELS0+PHAgaWQ9Im9uZXRydXN0LXBvbGljeS10ZX

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\otPcPanel[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	47624
Entropy (8bit):	5.540302472444616
Encrypted:	false
SSDEEP:	384:sWXmlYVRiILiLBhPlSXD7uFL1R241wFxpagpt7bRApQZ//UxICTG/IMOrv5ZKibN:s7+VTcBnIpaolzZLX/IzP9F
MD5:	3BB05D11B071A56CDEDE0A6E993DC56E
SHA1:	37B0F453D2093E903369C7ED10693D05BE9D60D6
SHA-256:	A55C183EF2E80DF9347793097A3B2E5B43EA4BBDE0F758EBB75D979DE9C52A6B
SHA-512:	F883E08EA26D671303F68C45533E95DF83E5BE4AB414EEDB3227AE05821AED56EF2AEADE3F0623DB7F1B965C1C4837CB6A85791AAD196B3D7D95A3EDE62761F5
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn.cookielaw.org/scripttemplates/6.9.0/assets/v2/otPcPanel.json
Preview:	. {. "name": "otPcPanel",. "html": "PGRpdiBpZD0ib25ldHJ1c3QtcGMtc2RrIiBjbGFzcz0ib3RQY1BhbmVsIG90LWhpZGUgb3QtZmFkZS1pbiIgcm9sZT0iZGlhbG9nIiBhcmlhLWxhYmVsbGVkYnk9Im90LXBjLXRpdGxlIiBhcmlhLW1vZGFsPSJ0cnVlIj48IS0tIFBDIEhlYWRlciAtLT48ZGl2IGNsYXNzPSJvdC1wYy1oZWFkZXIiPjxkaXYgY2xhc3M9Im90LXBjLWxvZ28iIHJvbGU9ImltZyIgYXJpYS1sYWJlbD0iQ29tcGFueSBMb2dvIj48L2Rpdj48YnV0dG9uIGlkPSJjbG9zZS1wYy1idG4taGFuZGxlciIgY2xhc3M9Im90LWNsb3NlLWljb24iIGFyaWEtbGFiZWw9IkNsb3NlIj48L2J1dHRvbj48L2Rpdj48ZGl2IGlkPSJvdC1wYy1jb250ZW50IiBjbGFzcz0ib3QtcGMtc2Nyb2xsYmFyIj48aDMgaWQ9Im90LXBjLXRpdGxlIj5Zb3VyIFByaXZhY3k8L2gzPjxkaXYgaWQ9Im90LXBjLWRlc2MiPjwvZGl2PjxidXR0b24gaWQ9ImFjY2VwdC1yZWNvbW1lbmRlZC1idG4taGFuZGxlciI+QWNjZXB0IEFsbDwvYnV0dG9uPjxzZWN0aW9uIGNsYXNzPSJvdC1zZGstcm93IG90LWNhdC1ncnAiPjxoMyBpZD0ib3QtY2F0ZWdvcnktdGl0bGUiPk1hbmFnZSBDb29raWUgUHJlZmVyZW5jZXM8L2gzPjxkaXYgY2xhc3M9Im90LXBsaS1oZHIiPjxzcGFuIGNsYXNzPSJvdC1saS10aXRsZSI+Q29uc2VudDwvc3Bhbj4gPHNwYW4gY2xhc3M9Im90LWxpLXRpdGxlIj5MZWdpdC4gSW50ZXJ

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\produto_1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 409 x 152, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	16000
Entropy (8bit):	7.969592585997007
Encrypted:	false
SSDEEP:	384:OpNhKslshDYpvsicSbrS6UGWIFQ4m0/LeDFJa/674cS4Lc:OpNhpUspvOSvoICEDwHa/674F
MD5:	74EED8F14972164A7E26E1E6831C7572
SHA1:	83AE43ADE9471631AA4749341E3785530515BC3A
SHA-256:	E25C50E15392800B2F308DE3222E5B77F881E9FE96EB58B3919784415D2B6E4B
SHA-512:	5963C2A9578A915E2305B8AB5D3C9CCDC0302629A474AE4DC7B2A83B68F9A085A339EE4A72E337D3B73C3221AAA8362D1BD6CFE79F2BEAD6AD4BF06EA8B72673
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/SITE/cms.aspx?srv=207&stp=1&id=891014&fext=.png
Preview:	.PNG........IHDR.............6.......sRGB.......>:IDATx..}..$iY..G^UY...w.L.}....#^ (...>...(r)r....."."......z . .".0..3.=}w.}......gEVdVfUeUeu...5....D......V.M.)..."..(.M@.n.:."..(..."`.P...A.P...E.i.(.4.Z.X.P...E@IF..E@.P....!.$.4hu`E@.P...%.}...E@.P.....L....E@.P..d..P...E@.h..J2M.V.V...E@.P..w@.P...E.i.(.4.Z.X.P...E@IF..E@.P....!.$.4hu`E@.P...%.}...E@.P.....L....E@.P..d..P...E@.h..J2M.V.V...E@.P..w@.P...E.i.(.4.Z.X.P...E@IF..E@.P....!.$.4hu`E@.P...%.}...E@.P.....L....E@.P..d..P...E@.h..n.F...E@.h... ...>(O....p.....Yl..`\:.=.LF..5.X"....!N.U.ccb.t.\^l..U:~.w...]..v.aJ2;..........en. N<!./v...Y$... ....3.R...b<%...+.. ..;.."H.\|....J2u....".u.(M.Eq0..U3\|1....8......E...........X.x$...a8.4..".$S....(.[.....h....R.>..T)fY..[c..E_k..AD.......:.j.d.V.i.\../.u.[.>.B..E`.#P.<.?qJ&........y.....a(...qmIu.$ag.E....8Rt..ttI..g.........J2.c.G(....@.$.9..\...!.`r.5...9iI....X.P..;f...Ku. ....J25pS....nR.....@...W..WM.V.......+.x..gU.J.....:...3mK.PT.@.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\produto_2[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 409 x 152, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	33777
Entropy (8bit):	7.987237223856129
Encrypted:	false
SSDEEP:	768:qxqIIu9ih/adXnmntoUC29G1lNfmUXUg1oSCssagsVTw:qx+sih/MmnXzM17lD7CPaRw
MD5:	63E3B766974ECCC2C91BF169AF87899C
SHA1:	2ECB7ACCE093368F67A2FFBBFA294FB321222F91
SHA-256:	B78C6A34B75E1C40A89B53A4936C64B8329E602E1869A60F149566251442164E
SHA-512:	F3ED8931C4D57C70F598D0198EE0F28D54513F1A69BD102C8650DE9585E16EF91AE8912EC8A95EE4F19A65614D5A120EAFA4C5981BF48E9EC09808EE6F7F2812
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/SITE/cms.aspx?srv=207&stp=1&id=891015&fext=.png
Preview:	.PNG........IHDR.............6.......sRGB.......@.IDATx...\|d.]......s.8y.f.8`....5^l..kX....<..-....a..^.......6<.Y.4..{.=.=..sK...T9...KW...R...:G.R.p.9.......qT)b...........6P...m.&..........,...1/..........Q.....4l(`(`(`(`@...........F..2.FZ.....................l....l.iM.........d.;`(`(`(`(.m.0 .m.5...........1.........Q.....4l(`(`(`(`@...........F..2.FZ.....mE.r...n.......}...j..l......U7o@.VQ..k(`(.s...MJ......L..2.0.....w/..R5..-y..dn..M.....;M.j)..]...............T.F]v+....[Au......R@W./.........[Au......S.Q6..':.....T7}.....0..R1....y.;.2...SC.C.....2....(......0....w1.pa.d....}o....l..........ra.[3M.K..2.R..3.0...).$cr...g@..tj(`(.......JrZ...Nvk.....P.P.P.P.n.@.........u@./.nqt..[o.../#..v....P.P`.(P.8%..._iQ...x.......y.N..0.L.D2U.....@...x.+"..q..R...L.,U.[.{^$...rS.;...!..........lL...Rz.o.4z..Uq8]"..8..q......../"..{7n..)..u.M..\l(`(p;R.....8*....,{E.}...R.~A..CR...k.2;.......M.....;N...#.X.8.]....5t.1T..O..U.!....0 ..$6......:.(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\produto_7[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 409 x 152, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	21684
Entropy (8bit):	7.979346286376915
Encrypted:	false
SSDEEP:	384:Nc9c2UQbI2HL/BDMVLRCrurBabZDfKtgJRvwlWdL8FwAog9S7on9jl8MNNsaHF+m:e9ndbr5Dm9CirgYtsB7uCWGo9mumaKR8
MD5:	AFE2869F050B8EAF6CED795D75919021
SHA1:	6C1431CC1EFBD42892581A418C24E3E1EBFE0C83
SHA-256:	481C2688CEE034D132A3B89B40A625C4CD6CC5CB60484FEA1D85065C7A25DD01
SHA-512:	CB35FB52772297004DD18C7F65F653B32183A4E62DFCB36E121467BB770790E937525633A19D8F6D77FDE3EF9095BBC31204DD39ACBE2AA720783B973EE5DB5E
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/SITE/cms.aspx?srv=207&stp=1&id=891020&fext=.png
Preview:	.PNG........IHDR.............6.......sRGB.......@.IDATx....d.Y..G.%3r....{ou....d..4. F.......c...u..00c.x...........[..f.@B..Pk.VK.nuuu.Y.....7..N,.....kUf.9..q....E....=.:.\|..x.<.....> ..>}.....G.#..p.x..?...G.#...7.<.....c..G.#...$.......G.#.o.x..7h}.....G.#.I...<.....G`...$.o...=.....G.....x.<......!.If...{.<.....'.....x.<...}C...A.;..x.<...O2.7....x.<....'.}..w....x.<..d.o.#....x....O2.....#....x.<...G.#........d..Z.G.#....x.....G.#...7.<.....c..G.#...$.......G.#.o.x..7h}.....G.#.I...<...;.@\.Y.#.......8.....O2.....#...".....]...o...[..v...$s..-?V...D ..+,56n..g........G.#............*W^...?........;1...}B.k2.....#..XC.r...>.A.....z.fK...V...[X.[..5[.._.h~.}.6..%..........O2...#...Z.....v.G.....s.+%KD5..f.o.z...m.....a.>o....M..O6>. .(j......O2..;.#...:..b.jh&.6..o.D..~....O...\|.R...!...H.....5[D.q....].60hu...?....f.1.r8..>...=.Qz....K..I.K6.5...Y..~...\\.e..U.b.{.wG6.D.N.Y.^..V...X.........R..e..f...l.G.];.o.x.<.......#p......~........_.hf.J.{.,.g.Y

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\produto_8[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 409 x 153, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	35306
Entropy (8bit):	7.9884194813627944
Encrypted:	false
SSDEEP:	768:f/5ea+oYH97Y9Qwbe9TbkM15+KLEHL2STdWYL51ouXYntxGvdmoOm5SccL:f/5mXd09fbeRTLYySBW0158tQvRsci
MD5:	164B9DF72B0E4A5589AAB57399A283B1
SHA1:	DB1EEC23775550BBC67F5B508D8112F4E65926AC
SHA-256:	2DD56950FF9871370419ADF16FD604E4E3F660ABFAC36E432BF6693C16F70BBF
SHA-512:	121AD02D74D2875A67892E7460B8C6D9691348E98F7C2BA6696F129A422C989E856D689D0FCDD2E7071C77B5CD77A6859708C002D354A12E67BB859957263F90
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/SITE/cms.aspx?srv=207&stp=1&id=891021&fext=.png
Preview:	.PNG........IHDR...............Gz....sRGB.......@.IDATx....d.U..+....vfgvg6'..IHH.A.2. .?..K....6......16........I.. ..jQ^.6...I..r...w_..W.U.f.wg.......s..6........>.\|......0.?.....>.\|.........E.!.C.....]..Odv....>.\|....!....;.C..............h..}....!.C.'2.w.......>.v..>..5......!.C...Od......>.\|....\|".k....!.C............>.\|....5..Df.@...C.......>...>.\|....!.k.............>.\|"...\|....!.C`. ...]..?.....>.\|..D......!.C....A.'2..Z.`..>.\|.........!.C.....]..Odv....>.\|....!....;.C..............h../U...L......J..C.m..\!g...V.n.&.h...s.Z59..V...9S..{tQu..B.<t.F.....0PYn6.......?Q.6.]Hi..Ge.aw!ky....3.M.....T...>e......m....C.mV)...w...q...n.......:.i.Q.~....g.>.{m.....}v1...?i~...C.8S-._\|..H.>......+...>...F...{.r.~A....._z.N#B.A.'2[....2...=......+.......s..........2K ../.?c>~.......jn.{..J.f...'..?y.<......\|.\|.....2..h...G.O>d>.r.\|j...E]..............~.....\|.q.R...3...h._..\|.......{;...s.......m.`......2.).3.u.A............]^..Q..3..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\resources-v2[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	6291
Entropy (8bit):	5.006928664765704
Encrypted:	false
SSDEEP:	96:spodiuLRPsJAqvJrx5DJcZ27G9aJJakBGlN7jIKw4rxJB/GQLl+:77LR0JPrr1ckKk3HUN7O4rxJBC
MD5:	762341350D3EFE7A2926CABF43FFFECF
SHA1:	8A8F7913863626A9E9C8C74F4B94B6BF1872ADE2
SHA-256:	7BD4B9C9276663F158DAB07F4FEA2D53452E2DE6A776EADB58FE1A63F5040620
SHA-512:	2B711E08809D8E0090D5E0B5A15601F4BA2AC6F022D54E67690975260E049D3023B3E690A6F809CAA6EB8099815237E8FF36B670938D80B2BC50CE5F666F7158
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/themes/onetrust/bundles/ot-components/resources-v2.css?t=1617849062
Preview:	.resources-v2 h2{margin:0}.resources-v2 p{margin-top:15px}.resources-v2 p:first-of-type{margin-top:0}.resources-v2 a{color:#6cc04a}.section.resources-v2{max-width:100%}.resources-v2 .white-bg,.white.resources-v2{background-color:#fff}.gray.resources-v2,.resources-v2 .gray-bg{background-color:#f8f8f9}.dark.resources-v2,.resources-v2 .dark-bg{background-color:#414042}.dark.resources-v2 h2,.dark.resources-v2 h4,.dark.resources-v2 p,.resources-v2 .dark-bg h2,.resources-v2 .dark-bg h4,.resources-v2 .dark-bg p{color:#fff}.dark.resources-v2 .card .image,.resources-v2 .dark-bg .card .image{background:#fff}.resources-v2 .arrows a.btn-primary,.resources-v2 .arrows a.btn-secondary{background:0 0;border:none;color:#414042;display:-ms-flexbox;display:flex;font-size:15px;font-weight:600;border-radius:5px;min-width:100%;padding:0;text-align:left}.resources-v2 .arrows a.btn-primary img,.resources-v2 .arrows a.btn-secondary img{margin-left:8px;transition:.5s}.resources-v2 .arrows a.btn-primary:hover,.r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\right_angle_arrow_green[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1310
Entropy (8bit):	4.807130545846053
Encrypted:	false
SSDEEP:	24:2dAU9LHzOeFeaxM2806OHIM73eMc4Wlk68f4Wrw02IlglIombkA:cjtH31RSlkHDEdns
MD5:	7808CBF0D1D56F98065E3A564D65B7D2
SHA1:	37FEA7159B4606387D225C01D0C9BB6DA98ABA17
SHA-256:	C0C9FDD196DEA76792C5A4805CD5666553B111BCC3DD6DD0571FEB16E44CCFC1
SHA-512:	C5A080FEFA3D70B3BE7C7E8E4186A37BE8F864FC72D2471609BD233B740143F31041C5B2E244B61301E8506098B5739D3A17BFF3F661696D9AB8259A27F7B6DA
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/themes/onetrust/images/right_angle_arrow_green.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<svg width="8px" height="13px" viewBox="0 0 8 13" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. <title>E3521CAA-A8D8-47B3-9B14-5736F66B3949</title>. <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g id="Cookie-Consent-1" transform="translate(-704.000000, -5018.000000)" stroke="#6CC04A" stroke-width="2">. <g id="OT-releated-product" transform="translate(152.000000, 4481.000000)">. <g id="Boxes" transform="translate(0.000000, 192.000000)">. <g id="Policy" transform="translate(392.000000, 0.000000)">. <g id="Nav-/-Elements-/-Main-Nav-/-Text-Link" transform="translate(55.000000, 341.000000)">. <g id="Nav-/-Elements-/-Dropdown-Arrow-/-Green" transform="translate(106.000000, 5.000000)">. <polyline id="Path_5159" transform="translate(2.41

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\search-filter.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	37477
Entropy (8bit):	4.943554866560445
Encrypted:	false
SSDEEP:	384:hd3Da6EbL0/TfXx0HtpItWr0jqcdEJuvDhm61vd54L:7su54L
MD5:	24CDD4F8C69EA55CDCD2ABFFE80E9E02
SHA1:	466C29F4634FBD8267991DD1B17DC2F274215637
SHA-256:	BBDEE6A5CEE7911FFED204B01E8798FF1AB500D754E0DB2AE6BE306C3567A37B
SHA-512:	84734E0930DCCCA75E10FD522391F562F9FA3E1F6FE879AE86662E9AD7587EDDEA5709D70A204F4F1E59FDAA4AADA181B8C8A60BC12CB0AC63C81B845F20C2C8
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/plugins/search-filter-pro/public/assets/css/search-filter.min.css?ver=2.5.0
Preview:	/!.Chosen, a Select Box Enhancer for jQuery and Prototype.by Patrick Filler for Harvest, http://getharvest.com..Version 1.8.7.Full source at https://github.com/harvesthq/chosen.Copyright (c) 2011-2018 Harvest http://getharvest.com..MIT License, https://github.com/harvesthq/chosen/blob/master/LICENSE.md.This file is generated by `grunt build`, do not edit it by hand../.chosen-container{position:relative;display:inline-block;vertical-align:middle;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.chosen-container *{-webkit-box-sizing:border-box;box-sizing:border-box}.chosen-container .chosen-drop{position:absolute;top:100%;z-index:1010;width:100%;border:1px solid #aaa;border-top:0;background:#fff;-webkit-box-shadow:0 4px 5px rgba(0,0,0,.15);box-shadow:0 4px 5px rgba(0,0,0,.15);clip:rect(0,0,0,0);-webkit-clip-path:inset(100% 100%);clip-path:inset(100% 100%)}.chosen-container.chosen-with-drop .chosen-drop{clip:auto;-webkit-clip-path:none;clip-path:none}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\set_tuid[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	43
Entropy (8bit):	3.16293190511019
Encrypted:	false
SSDEEP:	3:CUmExltxlHh/:Jb/
MD5:	FC94FB0C3ED8A8F909DBC7630A0987FF
SHA1:	56D45F8A17F5078A20AF9962C992CA4678450765
SHA-256:	2DFE28CBDB83F01C940DE6A88AB86200154FD772D568035AC568664E52068363
SHA-512:	C87BF81FD70CF6434CA3A6C05AD6E9BD3F1D96F77DDDAD8D45EE043B126B2CB07A5CF23B4137B9D8462CD8A9ADF2B463AB6DE2B38C93DB72D2D511CA60E3B57E
Malicious:	false
Reputation:	low
IE Cache URL:	https://webcare.byside.com/BWA4C865F1BAB/set_tuid.php?webcare_id=4C865F1BAB&bwch=&lang=pt&tuid=clp948fu0p3re98zwcrvmr5d9ti2tb1gg8pnt6ycvuf9r6sexg&cklt=730&rnd=2449
Preview:	GIF89a.............!.......,...........D..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\solutions-menu[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	5613
Entropy (8bit):	5.126044693780031
Encrypted:	false
SSDEEP:	96:1epKN+UM5OC1EL6OutXUgyVqKBZNBnB4Xi:1ek+N5O4EL6OuteVqatnL
MD5:	ECDDBA408D669850001FB383626C6067
SHA1:	84971384687F42D7A76C21A8CE45352780D00BD3
SHA-256:	164445A8BE32F387C229679D9C90797E4557CAA7B71CF9D34D65836AFEE817C6
SHA-512:	8D4DEE288A71B880994391730833238A2739165450DBCE14F49FD23FC53C8796D06060E40EC02044A5476F8098E81BC2993512757A6A31004F560D8475BA072A
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/themes/onetrust/css/solutions-menu.css
Preview:	@charset "UTF-8";header{border-bottom:1px solid #e5e5e5;box-shadow:0 0 0;top:0;transition:all .5s ease}.admin-bar header{transition:all .5s ease}@media(min-width:992px){header.slideup{top:-60px;overflow:hidden}.admin-bar header.slideup{top:-28px;overflow:hidden}}@media(min-width:992px){}#tertiaryMenu-placement{height:60px;position:relative;width:100%}#tertiaryMenu{background:#f8f8f8;width:100%;height:auto;top:60px;z-index:600;border-top:#e5e6e6;font-weight:600;font-family:open sans;position:static;padding:0;transition:top .5s ease}#tertiaryMenu.sticky{position:fixed;top:0;z-index:788;border-bottom:1px solid #e5e5e5}#tertiaryMenu.sticky.slideDown{top:60px}.admin-bar.scroll #tertiaryMenu.sticky{position:fixed;top:0;z-index:888;border-bottom:1px solid #e5e5e5;transition:top .5s ease}.scroll #tertiaryMenu.sticky.slideDown{top:60px}@media(min-width:600px){.admin-bar #tertiaryMenu.sticky{top:46px}.admin-bar.scroll #tertiaryMenu.sticky{top:46px}}@media(min-width:783px){.admin-bar #tertiaryMen

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\spacer[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	42
Entropy (8bit):	3.156764083306798
Encrypted:	false
SSDEEP:	3:CUXPQEsJWlen:1QEsJ9
MD5:	BAE3474EF15712706E514D9C40C3D1D5
SHA1:	B93948C072D6FD3DD9A2720CD837784A9C9CA337
SHA-256:	5B27CB8A843DA7B4F70F68D669798596541491654185DF0BD45867D951A31947
SHA-512:	0C0652CD1D848D3AF5836B664505520F0122C672103489453079DF1DB9EECDC290E3EC8A4A1BD8E45C051696A89E9B1AE173904EE6EE2D9E86A774B631BFD2A2
Malicious:	false
Reputation:	low
IE Cache URL:	https://srv.novobanco.pt/site/errorhandling/NovoBanco/appImages/spacer.gif
Preview:	GIF89a.............!.......,........@..L.;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\tpi_languageselector[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 16 x 16
Category:	downloaded
Size (bytes):	311
Entropy (8bit):	5.937432715456594
Encrypted:	false
SSDEEP:	6:NO0cggR0s5a9+76dFtkvKd0XfKA2c3UGlREpe:pgR1/76oK+f6GMe
MD5:	47CBAD3B9E3067BF7C9F4B4F564DEACE
SHA1:	BDCCE9209065E116B5FABF3B0ABCCEBCD073FE89
SHA-256:	43D14BA953BFB9AA1DB85BF1495B7CD825717EB55D142F964F53135C9E6018CC
SHA-512:	F62E30A5CD3DC90228BDB875F7E8993CEFA5A2A86048692A70EB01CF7F23BB89CCB45871F4423A6E523BCA137FDAFA57DDB0CED7861B0FAD8032D082C74AC79B
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/aspx/templatesv4/include/tpi_languageselector.aspx?flaglangid=1
Preview:	GIF89a.........B.&..f...........Cy...<.;.h2........,..\..........\Q.V"..........f.......D.:.L....u)....8#.r..5%.........._..u1...._J..<.>.S$=.O........................................................!.......,..........T@.p.H..G...T..Hg.jT...J.J...H.....%G.../.........b.h.*#... .w......\NTU..R.)...TA.;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\tpi_languageselector[2].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 16 x 16
Category:	downloaded
Size (bytes):	385
Entropy (8bit):	7.106619833973824
Encrypted:	false
SSDEEP:	6:NOZde56twrIrlZ5LCxZsTi/0uQb4RLRpB3mdSuV+2qKhE7B3RoHORf6n:6estTJChRznphmdS8+/KkB3arn
MD5:	1216C5411ED07E13D85A3A9896A781F2
SHA1:	669BD7F9968DFC55C819F3FC0392D0914A73B498
SHA-256:	9DA094DC258A55923101FD020EB421EE5A6084157DE10B60F814D4D45D79B963
SHA-512:	514B2D0082A913DEB27B1E2EB0A1048BE331117BD245D0CC3ACDB153DF2EB92A392DB98B3C078B3B21B912B447D351F4DD8E5BD85AEF3F82635EB4ADBEADCCFA
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/aspx/templatesv4/include/tpi_languageselector.aspx?flaglangid=2
Preview:	GIF89a.........f......k}..6G...4.............;H..t...GZ....s....FX..&~./A..p....?....s{.........i6K....u..q\|.IZ......<I.....f..........u..j.............w...........HZ.HX...p..j...M[..0A........!.....?.,..................Eb5..B..wL.+..0..pv.V...q6/..q&y.......D,.... R<.)..:.......P..P*....&..#......&........................B..z\|~......kmoqsuw,\^`b.dfh.QSUJ+XZPDFH.MO.A.;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\twitter-gray[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1322
Entropy (8bit):	4.907518116768277
Encrypted:	false
SSDEEP:	24:2d2S8eLkEOeFeaxM2XI0SrFOt1ThQKNkhMh031gC+FJG/GGf6JmKebIqYpcFdK8W:cfLkk7Z2KNk2h41b+C/GGSJmXVEJP
MD5:	4E90A361BF0586971E932E0D0237173A
SHA1:	2DF7B65143DAF24956E9AB41DF4417402013B373
SHA-256:	702B17270690E3D0F74F802808823F29886E2460403729D9290DDA8B4911AEBA
SHA-512:	A4A84A28A8CBE9642B4CF91F495957A1A990EEBCA56BDFD5DB0258BA327F0AB43DD5A19662FF65DB1F2516CD4947040DE0D1CA1AD929755C56756E9F67C60FBC
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/uploads/2019/06/twitter-gray.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<svg width="24px" height="24px" viewBox="0 0 24 24" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. Generator: Sketch 55.2 (78181) - https://sketchapp.com -->. <title>Group</title>. <desc>Created with Sketch.</desc>. <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g id="Group">. <circle id="Oval" fill="#FFFFFF" cx="12" cy="12" r="10"></circle>. <g id="twitter-gray" fill="#77797E" fill-rule="nonzero">. <path d="M12,0 C5.4,0 0,5.4 0,12 C0,18.6 5.4,24 12,24 C18.6,24 24,18.6 24,12 C24,5.4 18.6,0 12,0 Z M16.8,9.6 C16.8,9.7 16.8,9.8 16.8,9.9 C16.8,13.2 14.3,16.9 9.8,16.9 C8.4,16.9 7.1,16.5 6,15.8 C6.2,15.8 6.4,15.8 6.6,15.8 C7.8,15.8 8.8,15.4 9.7,14.7 C8.6,14.7 7.7,14 7.4,13 C7.6,13 7.7,13 7.9,13 C8.1,13 8.3,13 8.5,12.9 C7.4,12.7 6.5,11.7 6.5,10.5 C6.5,10.5 6.5,10.5 6.5,10.5 C6.8,10.7 7.2,10.8 7.6,10.8 C6.9,10.4 6.5

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\usert_agent[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	165324
Entropy (8bit):	5.381719184591927
Encrypted:	false
SSDEEP:	3072:DiuGskkIOkKhHQ40mZAK0Q86M3rpg1rRlkY5eF9qvfyusxdKvbDqGHqN8okxYXSz:OuGskkIOkSQNmT86HRLxzoNSYUnz
MD5:	B4E00CA12F29E56AE3268C8CACBA7D8C
SHA1:	B49E2DFBB7B5AC9833E5575EC27FFCC23D5FC170
SHA-256:	FEABA32B748E0162C9E66D58C7BDE72465B7E1C4DA1806429ED8CA6B0BD09458
SHA-512:	A1BE507DA86D38ED2477143F87EF4F17634751E3E8393AE2CE2023DAB81B0AEAE472BC0EAF58FEAF21643F7A6DE341442EDC7C9B0EEB68A72513C231A743EE0C
Malicious:	false
Reputation:	low
IE Cache URL:	https://webcare.byside.com/BWA4C865F1BAB/usert_agent.php?webcare_id=4C865F1BAB&bwch=&lang=pt&bwit=A&fid=&tuid=clp948fu0p3re98zwcrvmr5d9ti2tb1gg8pnt6ycvuf9r6sexg&suid=null&puid=8vpjwkit62w3he1t7lg4mt6rg6l0y84931893kj6xcmetoc1pp&referrer=&page=https%3A%2F%2Fwww.novobanco.pt%2Fsite%2Fcms.aspx%3Flabelid%3D360&bwpt=NOVO%20BANCO%20360%C2%BA&bres=1280x906&res=1280x1024&pnsi=0::0&cklt=730&v=v20210219a&partial=initial&rndc=1617904389843
Preview:	window.bysideWebcare_currentrevision='1617871990';bysideWebcare_append_html("<span class='bwc-prescript-fix' style='display:none'>.<\/span><div id='webcarePopup_8719907597' style='display:none;position:absolute;visibility:hidden;margin:0;border:0;padding:0;cursor:default;z-index:951'><script>(function(){var ss1 = document.createElement(\"style\");var def = \"#webcareslotcontainer_23154 {display:block; position:relative; border:0px none; margin:0px; padding:0px;}#webcareslotcontainer_23154 > .webcareslot1 { top:0px; left:0px; margin:0px; padding:0px;}\";ss1.setAttribute(\"type\", \"text\/css\");var hh1 = document.getElementsByTagName(\"head\")[0];hh1.appendChild(ss1);if (ss1.styleSheet) {ss1.styleSheet.cssText = def;} else {var tt1 = document.createTextNode(def);ss1.appendChild(tt1);}})();<\/script>\n<div id=\"webcareslotcontainer_23154\" style=\"\">\n\t<div class=\"webcareslot1\"> <link rel=\"stylesheet\" href='https:\/\/webcare.byside.com\/BWA4C865F1BAB\/sur

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\usert_agent[2].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	165324
Entropy (8bit):	5.389141459371621
Encrypted:	false
SSDEEP:	3072:NiuGskkIOkKhHQ40mZAK0Q86M3rpg1rRlkY5eF9qvfyusxdKvbDqGHqN8okIYbSz:cuGskkIOkSQNmT86HRLxzoNTYonz
MD5:	2835EDC4BB737A62A9EC1139320E7C20
SHA1:	CFEAD11E9AD8E53F720B73C252FC84C2896C2F4E
SHA-256:	48F142CDA8DB7EDFF4315E33B776BB8C4E7AB6CCA830F31E0A5AD31BC90110B5
SHA-512:	07DC1F210D442EF289003E7B2FE75A3A5CDB62E9151F771766B5539372EB874DC2DFAEDA7851EE47A8E154AFCDD841298104AD1215F35DAE7A04D40E67D773FB
Malicious:	false
Reputation:	low
IE Cache URL:	https://webcare.byside.com/BWA4C865F1BAB/usert_agent.php?webcare_id=4C865F1BAB&bwch=&lang=pt&bwit=A&fid=&tuid=clp948fu0p3re98zwcrvmr5d9ti2tb1gg8pnt6ycvuf9r6sexg&suid=null&puid=vxk1h5rwe9gmlaw4tnty57vi2i9icu4pmeqk18p5k6wrrrt76t&referrer=&page=https%3A%2F%2Fwww.novobanco.pt%2Fsite%2Fcms.aspx%3Flabelid%3Dinstitucional&bwpt=NOVO%20BANCO%20INSTITUCIONAL&bres=1280x906&res=1280x1024&pnsi=0::0&cklt=730&v=v20210219a&partial=initial&rndc=1617904399199
Preview:	window.bysideWebcare_currentrevision='1617872000';bysideWebcare_append_html("<span class='bwc-prescript-fix' style='display:none'>.<\/span><div id='webcarePopup_8720001256' style='display:none;position:absolute;visibility:hidden;margin:0;border:0;padding:0;cursor:default;z-index:951'><script>(function(){var ss1 = document.createElement(\"style\");var def = \"#webcareslotcontainer_23154 {display:block; position:relative; border:0px none; margin:0px; padding:0px;}#webcareslotcontainer_23154 > .webcareslot1 { top:0px; left:0px; margin:0px; padding:0px;}\";ss1.setAttribute(\"type\", \"text\/css\");var hh1 = document.getElementsByTagName(\"head\")[0];hh1.appendChild(ss1);if (ss1.styleSheet) {ss1.styleSheet.cssText = def;} else {var tt1 = document.createTextNode(def);ss1.appendChild(tt1);}})();<\/script>\n<div id=\"webcareslotcontainer_23154\" style=\"\">\n\t<div class=\"webcareslot1\"> <link rel=\"stylesheet\" href='https:\/\/webcare.byside.com\/BWA4C865F1BAB\/sur

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\value-prop-v1[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	4400
Entropy (8bit):	5.009782260810308
Encrypted:	false
SSDEEP:	48:tmJbl/2MPkBJtbCPdlZN8x9DN/A407oKSawjDQOtk8oL3mPyXT4cW:tmJblzPSJtbs6x9DN/A40sC6iT4z
MD5:	5262B3323C71C7A0C530C007C7B180EF
SHA1:	7A38550B8BCD304DA170C26918EA881D917FE156
SHA-256:	6C8114485986BF1D99C1456D92554E12A13077AFA1112817B4EBDDEAE97D262F
SHA-512:	4C8C5308F7A2DA03056D66AD3A601B1F78D68A35309966B778320B5C2348BB2970BA735B9BA43EE50DF485303C8FD72D13DC392195CC3F5447270F855E77F848
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/themes/onetrust/bundles/ot-components/value-prop-v1.css?t=1617849062
Preview:	.value-prop-v1 h2{margin:0}.value-prop-v1 p{margin-top:15px}.value-prop-v1 p:first-of-type{margin-top:0}.value-prop-v1 a{color:#6cc04a}.section.value-prop-v1{max-width:100%}.value-prop-v1 .white-bg,.white.value-prop-v1{background-color:#fff}.gray.value-prop-v1,.value-prop-v1 .gray-bg{background-color:#f8f8f9}.dark.value-prop-v1,.value-prop-v1 .dark-bg{background-color:#414042}.dark.value-prop-v1 h2,.dark.value-prop-v1 h4,.dark.value-prop-v1 p,.value-prop-v1 .dark-bg h2,.value-prop-v1 .dark-bg h4,.value-prop-v1 .dark-bg p{color:#fff}.dark.value-prop-v1 .card .image,.value-prop-v1 .dark-bg .card .image{background:#fff}.value-prop-v1 .arrows a.btn-primary,.value-prop-v1 .arrows a.btn-secondary{background:0 0;border:none;color:#414042;display:-ms-flexbox;display:flex;font-size:15px;font-weight:600;border-radius:5px;min-width:100%;padding:0;text-align:left}.value-prop-v1 .arrows a.btn-primary img,.value-prop-v1 .arrows a.btn-secondary img{margin-left:8px;transition:.5s}.value-prop-v1 .arrow

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\widget[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	51666
Entropy (8bit):	5.3164921644508345
Encrypted:	false
SSDEEP:	768:9UmjdSkTLVosn3BC7U0OhTJrfv0TRO7pwmdgaf:9pTWsn3BC76yRlm
MD5:	13BF1A08BC213846DC1E669A3FF482C3
SHA1:	94CFB7E0E61338C934C200EBBF878E0B4890B84E
SHA-256:	3A36B4A5C8BF275803929DC79328951D097F28A71BBFC20020A5D476BFF24029
SHA-512:	E25A24B3D22F991B2BD98783E2724040E1CE4482A349AEDD7F4CB51DEC04AE17DF2C4232954901B9267C8F60461FB127F213949AAC17761B3B6C83280832D106
Malicious:	false
Reputation:	low
IE Cache URL:	https://webcare.byside.com/BWA4C865F1BAB/widget.php?webcare_id=4C865F1BAB&bwch=&lang=pt&bwit=A&fid=&tuid=clp948fu0p3re98zwcrvmr5d9ti2tb1gg8pnt6ycvuf9r6sexg&suid=null&puid=fyia22mxcpa8j9nxwznu4v5iaawuf27uu575s8s7trbdk09p5k&referrer=&page=https%3A%2F%2Fwww.novobanco.pt%2Fsite%2Fcms.aspx%3Fplg%3DD8C12C68-0D55-4D37-949A-53038EE8E069&bwpt=Servi%C3%A7o%20Residentes%20no%20Estrange&bres=1280x906&res=1280x1024&pnsi=0::0&cklt=730&v=v20210219a&won=1&label=RE&dest_div=bysideWebcare_widget_1&rndc=1617904393161
Preview:	bysideWebcare_append_html("<script>(function(){var ss1 = document.createElement(\"style\");var def = \"#webcareslotcontainer_22470 {display:block; position:relative; border:0px none; margin:0px; padding:0px;}#webcareslotcontainer_22470 > .webcareslot1 { top:0px; left:0px; margin:0px; padding:0px;}\";ss1.setAttribute(\"type\", \"text\/css\");var hh1 = document.getElementsByTagName(\"head\")[0];hh1.appendChild(ss1);if (ss1.styleSheet) {ss1.styleSheet.cssText = def;} else {var tt1 = document.createTextNode(def);ss1.appendChild(tt1);}})();<\/script>\n<div id=\"webcareslotcontainer_22470\" style=\"\">\n\t<div class=\"webcareslot1\"><script>\n var wb_validate_if_usertagent_is_load_retry = 0;\n\n function wb_validate_if_usertagent_is_load(action) {\n if (wb_validate_if_usertagent_is_load_retry > 100) {\n return;\n }\n if (typeof window.bysideWebcare_currentrevision !== 'undefined' && window.bysideWebcare_currentrevision == '') {\n

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\widget[2].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	60
Entropy (8bit):	4.389898095464287
Encrypted:	false
SSDEEP:	3:sVec5IJNLnnMVeKLHz/:a50N4zz/
MD5:	EF459A81D56C3915C7282915551DB3AA
SHA1:	E1097F3AD65BDFA75D4046312FD24D4F4D586109
SHA-256:	6E128BEE3EC1FA00F4D881723B052B660055D36FF191528979B6271E9C4C49D5
SHA-512:	EE7F853102DCFD41B0598631CC4CC8FC671519B78F084A2EBC82A9F31DD49F9DCB314794E7CFDBE9931FFB7FA5E82EF8006D9AFA07946A9DDA164AF5F5AB15FD
Malicious:	false
Reputation:	low
IE Cache URL:	https://webcare.byside.com/BWA4C865F1BAB/widget.php?webcare_id=4C865F1BAB&bwch=&lang=pt&bwit=A&fid=&tuid=clp948fu0p3re98zwcrvmr5d9ti2tb1gg8pnt6ycvuf9r6sexg&suid=null&puid=fyia22mxcpa8j9nxwznu4v5iaawuf27uu575s8s7trbdk09p5k&referrer=&page=https%3A%2F%2Fwww.novobanco.pt%2Fsite%2Fcms.aspx%3Fplg%3DD8C12C68-0D55-4D37-949A-53038EE8E069&bwpt=Servi%C3%A7o%20Residentes%20no%20Estrange&bres=1280x906&res=1280x1024&pnsi=0::0&cklt=730&v=v20210219a&won=2&label=besclicktocall&dest_div=bysideWebcare_widget_2&rndc=1617904393169
Preview:	bysideWebcare_append_html("", "bysideWebcare_widget_2", "");

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\widget[3].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	60
Entropy (8bit):	4.389898095464287
Encrypted:	false
SSDEEP:	3:sVec5IJNLnnMVeKIT:a50N4IT
MD5:	E291531B412DFF10D91B1888875BC41B
SHA1:	9B61F741840BC48D2E9A47595879D9BF64BD4742
SHA-256:	D97BC4135B6574A25D555078442AF23D003EF7DB182B116A4B5FCF5CA42D7C24
SHA-512:	60311416D0D0FAD5867B0C39114D86D6699F5F41F559F3A7C2CAC6E7FD1B7C2E01E9633F8F40012A57D4A7FB7A56586CBDD1766470EABFDA0A28BE592EC85BF0
Malicious:	false
Reputation:	low
IE Cache URL:	https://webcare.byside.com/BWA4C865F1BAB/widget.php?webcare_id=4C865F1BAB&bwch=&lang=pt&bwit=A&fid=&tuid=clp948fu0p3re98zwcrvmr5d9ti2tb1gg8pnt6ycvuf9r6sexg&suid=null&puid=jitk84hb6ly4xju2tlx7njxqk579uhka794eifpnvq7v4oi97v&referrer=&page=https%3A%2F%2Fwww.novobanco.pt%2Fsite%2Fcms.aspx%3Flabelid%3Dhcempresas&bwpt=NOVO%20BANCO%20Empresas&bres=1280x906&res=1280x1024&pnsi=0::0&cklt=730&v=v20210219a&won=1&label=besclicktocall&dest_div=bysideWebcare_widget_1&rndc=1617904395672
Preview:	bysideWebcare_append_html("", "bysideWebcare_widget_1", "");

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\1[1].txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	71
Entropy (8bit):	4.925890035144384
Encrypted:	false
SSDEEP:	3:F5zvdrtN5fK1M0ClGuun2:Tzvp/5fKdCIz2
MD5:	50E8598D33D1BF6EECD962A68541D877
SHA1:	D4BAFCF7289BF4B99B18AA8E51D7A20928A217CD
SHA-256:	17E22B9EA5F60696D72B82DB841D3EF638E9F2F0FD4CFD54DF101B3090E3BD73
SHA-512:	4D0FBED7FAED09D5AEBF255825B68B1D0251B73C4452E7EE8158823F2B228924FE90411657808B3BC45C67F6D6BF2DE9C48EF37B69D7193282676FB2052228BA
Malicious:	false
Reputation:	low
IE Cache URL:	https://s1.byside.com/socket.io/1/?t=1617904392793
Preview:	PN6Kv-O3dJ8NUXX-h-hi:25:30:websocket,htmlfile,xhr-polling,jsonp-polling

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\1[2].txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	71
Entropy (8bit):	4.98363461923044
Encrypted:	false
SSDEEP:	3:AJs2eNHfWY1M0ClGuun2:AJ2/WYdCIz2
MD5:	7B2319F56EF0EDE0B6D661CCF7D048DF
SHA1:	E9A8454D88B2C545F21257C9C21731B7F5095B32
SHA-256:	F36E0204F31A580322C0072E3A368033C342E5FB1A348B55B8B661789F202E5F
SHA-512:	C09E81C1D488ECB9DFB731EE884D22A51E471464EEBB70733C735817A5ED43D0C283CA39DD5F37B190246EBE72A4A5E3DB6E638C4943BF168B42A3E3792AEAC0
Malicious:	false
Reputation:	low
IE Cache URL:	https://s1.byside.com/socket.io/1/?t=1617904398961
Preview:	50GOLDPk8I1YA2PHh-hr:25:30:websocket,htmlfile,xhr-polling,jsonp-polling

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\1[3].txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	71
Entropy (8bit):	4.893993380123394
Encrypted:	false
SSDEEP:	3:gSwK+IsFY1M0ClGuun2:gSL+rFYdCIz2
MD5:	3CA02DFD40E2B4E270B41531F01B6A7F
SHA1:	12A82C39A2EA0D0870CACDC56621D87781704A12
SHA-256:	989156DE1125617FD4566CDD3D75A4DB429AD8E5167929F4906D699E1C1A5C80
SHA-512:	054746C8B96F9C97250BE1F8C2C4F0B7058E89F4C9014F5D033738FF2B89CD857BC83CA2A82E29712E0B2DE20ADE35A50739F2C7C185418FEEF9D77AFDB8CB00
Malicious:	false
Reputation:	low
IE Cache URL:	https://s1.byside.com/socket.io/1/?t=1617904408557
Preview:	w6pSFU4It6sx_9Lph-iH:25:30:websocket,htmlfile,xhr-polling,jsonp-polling

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\20201015_NB_BFA_Highlight[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, little-endian, direntries=0], baseline, precision 8, 640x360, frames 3
Category:	downloaded
Size (bytes):	115441
Entropy (8bit):	7.958705950171336
Encrypted:	false
SSDEEP:	3072:AjGOVSCK1+TIJJNGGZYKpBtAa01mKYzhKGOus/16Z57pI:4AC+RYSU1HUiusIpI
MD5:	4A0A31DD12209E97E72D367F361B9606
SHA1:	2AB1463F4BDBE4402CEFA8265B21C59591AF39B2
SHA-256:	E1732BD8FEFC75C811C974728C2F1C491DBC8E77BA4152A260708521A0DAB716
SHA-512:	00AFA84678C0AC4B7062E1091F3BA0B3918320097F9B1EFF94F8A4DDEADCF09354A312442E75BAD80344191B54E1BF6030696076C75CB700E5DBA9AC07A84D88
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.novobanco.pt/site/cms.aspx?srv=207&stp=1&id=1038162&fext=.NBnetwork+
Preview:	......Exif..II*.................Ducky.......Z.....~http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164488, 2020/07/10-22:06:53 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="FC763D40183897ECF825895AAC9429D9" xmpMM:DocumentID="xmp.did:CDC0B1916D5311EB8E35D2C8CBD4899E" xmpMM:InstanceID="xmp.iid:CDC0B1906D5311EB8E35D2C8CBD4899E" xmp:CreatorTool="Adobe Photoshop 22.0 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:aa9e1f24-e3e8-2c43-9315-3d51cfbdedce" stRef:documentID="adobe:docid:photoshop:538237de-4252-034f-a222-203b306481f9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..............................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\Akamai_green[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	6159
Entropy (8bit):	4.268690467259366
Encrypted:	false
SSDEEP:	192:RKf8symNU7kyqX9J9m57U1J9GDwqpl1uurhki:RKYmN8kyqX9J9m5I1JcLxuu
MD5:	584D24E5AAAE31FEDFCE380A3A70729B
SHA1:	616F19B5095DE197C43946531E014103639BDE39
SHA-256:	6AE7EAFAA95B1329E2C719A3060ADC9EFB0FA805D8CD4560C37550DB28DA210B
SHA-512:	1B6B1B8332ADC4B58A1B79A118BCB2860E8B01353EB61B6018BD6C5F5B7E5049A8A303EC86AB52C205F9BBE954D45B364F48D99C29FAF9F0DBE20CD4DCE45877
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/uploads/2021/02/Akamai_green.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?> <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="82px" height="34px" viewBox="0 0 82 34" version="1.1"><title>oracle_hover</title><defs><linearGradient x1="100%" y1="58.297345%" x2="-7.83676304%" y2="41.702655%" id="linearGradient-1"><stop stop-color="#71C94D" offset="0%"></stop><stop stop-color="#0FA843" offset="100%"></stop></linearGradient></defs><g id="oracle_hover" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"><path d="M16.8,9.1219782e-05 C17.672,9.1219782e-05 17.8566667,0.449516328 17.1426667,0.661516328 C10.011625,2.7238191 5.096252,9.24361335 5.076,16.6668497 C5.09211308,24.0075315 9.90725258,30.4740941 16.9353333,32.5935163 L16.9353333,32.5935163 C17.7246667,32.8315163 17.672,33.3336081 16.8,33.3336081 C7.56112155,33.3637794 0.0433533137,25.905676 -4.97379915e-14,16.6668497 C0.0433533137,7.42802337 7.56112155,-0.0300800455 16.8,9.1219782e-05 Z M72.1866667,20.1848411 C75.3553333,20.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\Akamai_white[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	5926
Entropy (8bit):	4.141558059174474
Encrypted:	false
SSDEEP:	96:95CFMFSBsym6WBU8KlayqX9J9t/zaiA5786K9G2MCvJ9GkmRluqpBzwyivnuryDL:nf8symNU7kyqX9J9m57U1J9GDwqpl1ut
MD5:	A89B5A6647B7A699F15425F7B5E7F71C
SHA1:	1429C44FBA81082E2D3291CDAD1A29BA583D9707
SHA-256:	4690943DE20FD88C77DDA328571190FAC34B3E3418EA95CF4CB7534D3D16D869
SHA-512:	0E1D00CA7697B6F4588B449187A09947CCE2CCB5CB931BACA7D77E89C75846BE80AE11EBAE238BF1DC2ADDD5398189426C8756ED57A92206AAAB8EB615402045
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/uploads/2021/02/Akamai_white.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?> <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="82px" height="34px" viewBox="0 0 82 34" version="1.1"><title>oracle_default</title><g id="oracle_default" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"><path d="M16.8,9.1219782e-05 C17.672,9.1219782e-05 17.8566667,0.449516328 17.1426667,0.661516328 C10.011625,2.7238191 5.096252,9.24361335 5.076,16.6668497 C5.09211308,24.0075315 9.90725258,30.4740941 16.9353333,32.5935163 L16.9353333,32.5935163 C17.7246667,32.8315163 17.672,33.3336081 16.8,33.3336081 C7.56112155,33.3637794 0.0433533137,25.905676 -4.97379915e-14,16.6668497 C0.0433533137,7.42802337 7.56112155,-0.0300800455 16.8,9.1219782e-05 Z M72.1866667,20.1848411 C75.3553333,20.1848411 76.5973333,20.580183 75.91,23.8288497 L75.91,23.8288497 L74.6433333,29.7188497 L71.5533333,29.7188497 L72.002,28.3475163 L71.8953333,28.3475163 C71.3913333,29.6408497 69.942,29.8528497 68.858,29.8528497 C66.691

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\Auto-blocking-1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 2880 x 1646, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	554848
Entropy (8bit):	7.983056508154252
Encrypted:	false
SSDEEP:	12288:Y922soyRpqsLvVldlHkzXInE9X5P0ee9re2sz:YeoyRtLrdy4nEQL9S
MD5:	28A4EE520DA9CF2B2311583CF0F5BB0F
SHA1:	78FEF4724C4A6BA72AAAA8D1FF32EF71A77655D5
SHA-256:	33D0E39B594B018A15B56A005BF3D3B8A7C94F9E20A99C9303DB6E0DB0DE6FBE
SHA-512:	981F007E95C02A8C2C4EDFAEAD12EB1F5B3080CBC5F6F3E613251F68E3F397D6295B879B76A47E226E2D84886B7E9A4E31AAF1932CFE9FB5A8E013F10FF5A1E2
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/uploads/2021/02/Auto-blocking-1.png
Preview:	.PNG........IHDR...@...n.......W.....PLTEGpL.........................................................t.VAk,b.D.O.V.@l.J-6Befg...cdebcdw..def......dc^......acd`abeb^..._`aegh......ghi......]^_...XYZ...dgg...cdf...ddd...............ggh............[\]ijkZ[\............hgc......ge_VWX...b`\TUV............efe...lnn....AX...`^Y......cee...BBB...QRRFFE788<=>............afhIJJMOO.........dgk...233.....................haW...SOF............efc-./XUP...6t..........bcf\ZU.......=Reb[......mje..._g[?=8......sss......()*......afb......Zbp............6v.sx}........djo{yv.....................\|.a..jox.........9q...........aXJ...10)......?J:dq......weL...\|..VbR...........xnc..............s.....#$$..........xt.....z...............Cm..pZw..j\|.Yt...}_x..W.....a...........s.S.........r....w...e....tRNS..............$'-..6.;.M.]Ln... .IDATx....r.H.....#l..T.j...g;.;...@....>..Lk..[-.....................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\Bertelsmann_default[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 390 x 44, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	5678
Entropy (8bit):	7.4262358576960565
Encrypted:	false
SSDEEP:	96:4YetD5v8zUz7DS4ZCcVE70X4aqLZaUfX/pNzakMsUWomKRbNhfjbBO4JNrZms3:4YeJJ8zyPCcY0XidaUfPDakMyU/fxO4f
MD5:	4218BE08C3069F72140DAE0A60A57AF5
SHA1:	D5C3E7CB22D68AF4FCC6C0E6C93AE2A5EEF48FF1
SHA-256:	99F010A10AD2CDFC2410A07A699341D37BC4B64A0E41EBDA907112167BB51FF2
SHA-512:	031E6952C90CC19EC0DDBCF2D84609CF3F83ADB083B93FE09918252B7A82BBEBC0EF08238D3A4DAC26BACEEF3556BBC27D8AF5C96307938EDD3D463BCD23D225
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/uploads/2021/02/Bertelsmann_default.png
Preview:	.PNG........IHDR.......,.....V.......PLTEGpL.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................e..<....tRNS..>8.......;"......_.P.....p.W.Y.I............h...u...o...H....?9.......$.........{=.......-..#+.4'..(i,!.G.C.......ZF..<.O%./... .5:7a.*...6.nx.&...0.2c3KTb}....mD`w....r.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\Consent-Receipts-1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 2880 x 1646, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	456309
Entropy (8bit):	7.974922064514809
Encrypted:	false
SSDEEP:	12288:2PdYG/q9ZA7/Ife68zGAFF2X6DI4dzzgBXYcnqZZqA:jGOO7JRzGAF26HzkYcIZqA
MD5:	0E617F1E5E8E69E8D69580163754ACA3
SHA1:	A3D319EBF05C6A36096CDE214D5C5E884810A9F0
SHA-256:	5F60DA7B8378D902A6C1C487939BBB33F3B939A7940519818F6DEDDC8F210298
SHA-512:	998C85D80FFDC794BA4997173B499E27F9E363AB4E5B441C4F73BDA00257F5FAA109ACFC25FD970DA1E9CCE9D1BAE4DFEB1D3B492293952EAE358A5032C3AB91
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/uploads/2021/02/Consent-Receipts-1.png
Preview:	.PNG........IHDR...@...n.......W.....PLTEGpL.............................................i.H...+4?l.J-6B.............gjw.................N..U..............Bg.............................hj...................gj.......fl..........O......................gl..................Bg.......6t...........gi.eh.........V.....5S.M..............Ch.qrs.jp.jl................tywxy..........V..............lmn...\|}}.......................`...sx.qr.~.....ggg....noX...y{R...._...Z.....Gi.....oy...m.....Zbp.....f.M.ov.................c.z............................i......}.cgnwQh......^....~....z.........ku.Qt.v}.k..........Y..}tjV..............y.._m.._...FTv.............}.\|.........y..;T.....\|..........v..........Vr..c.........r.Qj.........w......s..K......az.\AHR.Vy.p.G.....tRNS.. .........($/6.<....,.. .IDATx...]..8...P.....U......f:M..d...$8g.m...._..........................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\CookieIcon[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	4460
Entropy (8bit):	4.597801313226035
Encrypted:	false
SSDEEP:	96:mz0vDlJVGwWRfVyxrYH/9o/1NH/S00vustLzFe/:pLGwEVc1H+HLzo/
MD5:	F0130AA198141A2A163888AF9E758F65
SHA1:	28A8D195F208A651125D05F980868CB71F067546
SHA-256:	5D503D12D771A50BAABFC9286B567AFF76EC8F49B176E9990FCD6160B4DC35F8
SHA-512:	C4ED44D4B848E0A01FA0ADF28CC3E88AD03A6BC3744A56B3031E8F123B8C3EF7C66C18A895359277871F79891D040613097BDC921BD4BA9B9851BFE38C37D98A
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/themes/onetrust/images/CookieIcon.svg
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<svg width="45px" height="44px" viewBox="0 0 45 44" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">. <title>Cookie-SVG-GreenBlack</title>. <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">. <g id="Cookie-Consent-1" transform="translate(-90.000000, -648.000000)">. <g id="Side-Nav" transform="translate(0.000000, 635.000000)">. <g id="Cookie-SVG-GreenBlack" transform="translate(90.000000, 13.000000)">. <path d="M22.4627161,41.6194019 C11.0811003,41.6194019 1.28822263,32.8478331 1.28822263,21.1090275 C1.28822263,11.8429192 8.97146441,3.17546406 18.2955341,1.09319254 C18.087175,6.012559 23.8170502,10.6456131 30.1459579,8.12085891 C31.6044715,10.8017835 34.2350052,12.2593735 37.5427059,12.2593735 C38.6886809,12.2593735 39.8086111,12.0511464 40.9545861,11.5566069 C42.4130998,14.3416451 43.8455686,18.037677 43.8455686,21.1090

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\CookieList[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 2880 x 1646, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	529955
Entropy (8bit):	7.98124095496514
Encrypted:	false
SSDEEP:	12288:uJp6U26WKuze1fUEGDaPMouo8LpvofI5207K1OzCxHYu:uJo6WxcfUEnmogp4cxe1+CH3
MD5:	069B519406C94DF1D03DA4DE8D96F713
SHA1:	BA562BB7CE9016C3C0EC2559B41663AC738A8A7F
SHA-256:	07764897541503A9540C6F338E6C710D115B24FCD2FC56C9AED7C40E89B7F5F0
SHA-512:	4866CC505159EA57DB1C3FA17AFB433568B2DF1839DAE34A2EE3B40C9CE030707D0663DCB193C41F906B353544BE820F015C55D8D777427B9852EA904A11A5E1
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.onetrust.com/wp-content/uploads/2021/02/CookieList.png
Preview:	.PNG........IHDR...@...n.......W.....PLTEGpL..........................................\|.ZBLUT.D...l.J-6B......w...............................Z.............................................................................................hij...................................W.............................................~.[..................................BY.>U.............................y\|}...........Y......oppwvt..................................................~.X.............Zbp......\|.^.......pu\|...c.......................t.................r..........w..........{.X.._.........................~.`...............dn\|....................{x.............................bcckz.......}....s.Qqk`......y..6t.........qq.......u.......~...x....Vr.e.V9o.]..Kw.M..L...t......tRNS.............%....+Pi... .IDATx...Qv.H...F#.&m..y.m.*..I......(....-...s-~.........................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 8, 2021 10:52:35.273880959 CEST	49708	80	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.274082899 CEST	49709	80	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.333158016 CEST	80	49708	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.333301067 CEST	80	49709	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.333312988 CEST	49708	80	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.333396912 CEST	49709	80	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.334485054 CEST	49708	80	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.393785000 CEST	80	49708	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.394303083 CEST	80	49708	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.394426107 CEST	49708	80	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.400574923 CEST	49710	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.461692095 CEST	443	49710	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.461843967 CEST	49710	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.468841076 CEST	49710	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.529959917 CEST	443	49710	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.531409979 CEST	443	49710	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.531433105 CEST	443	49710	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.531524897 CEST	49710	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.531558990 CEST	49710	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.531574011 CEST	443	49710	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.531627893 CEST	49710	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.592329025 CEST	443	49710	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.592473984 CEST	49710	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.635879993 CEST	49710	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.644220114 CEST	49710	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.696547985 CEST	443	49710	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.697310925 CEST	443	49710	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.697458029 CEST	49710	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.705180883 CEST	443	49710	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.757791042 CEST	443	49710	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.757913113 CEST	49710	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.823688030 CEST	49712	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.825099945 CEST	49713	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.884275913 CEST	443	49713	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.884464025 CEST	49713	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.884779930 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.884852886 CEST	49712	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.885590076 CEST	49713	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.886593103 CEST	49712	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.944694042 CEST	443	49713	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.946418047 CEST	443	49713	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.946433067 CEST	443	49713	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.946444988 CEST	443	49713	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.946521997 CEST	49713	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.946580887 CEST	49713	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.947628975 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.949306965 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.949326038 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.949337006 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:35.949470043 CEST	49712	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:35.949501991 CEST	49712	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:36.010394096 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.010555983 CEST	49712	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:36.018867970 CEST	49712	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:36.020034075 CEST	49712	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:36.080779076 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.081438065 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.081727982 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.081821918 CEST	49712	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:36.142235041 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.142323971 CEST	49712	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:36.146853924 CEST	49712	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:36.207215071 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.207808018 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.207837105 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.207853079 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.207870007 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.207885981 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.207902908 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.207931042 CEST	49712	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:36.207971096 CEST	49712	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:36.208200932 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.208830118 CEST	49712	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:36.269076109 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.269099951 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.269112110 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.269129038 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.269149065 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.269171953 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.269195080 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.269212008 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.269238949 CEST	49712	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:36.269279957 CEST	49712	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:36.329504967 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.329606056 CEST	49712	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:36.372360945 CEST	49712	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:36.396826982 CEST	49714	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:36.397622108 CEST	49715	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:36.398411989 CEST	49716	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:36.399452925 CEST	49717	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:36.432691097 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.433374882 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.433417082 CEST	443	49712	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.433595896 CEST	49712	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:36.433650017 CEST	49712	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:36.448883057 CEST	49718	443	192.168.2.7	104.16.148.64
Apr 8, 2021 10:52:36.450026035 CEST	49719	443	192.168.2.7	104.16.148.64
Apr 8, 2021 10:52:36.456547976 CEST	443	49714	194.145.121.90	192.168.2.7
Apr 8, 2021 10:52:36.456662893 CEST	49714	443	192.168.2.7	194.145.121.90
Apr 8, 2021 10:52:36.457820892 CEST	443	49716	194.145.121.90	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Apr 8, 2021 10:52:35.234334946 CEST	192.168.2.7	8.8.8.8	0xa286	Standard query (0)	novobanco.pt	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:35.769921064 CEST	192.168.2.7	8.8.8.8	0xb914	Standard query (0)	www.novobanco.pt	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:36.406563997 CEST	192.168.2.7	8.8.8.8	0xc0b5	Standard query (0)	cdn.cookielaw.org	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:36.456949949 CEST	192.168.2.7	8.8.8.8	0x2574	Standard query (0)	grmtech.net	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:36.736418009 CEST	192.168.2.7	8.8.8.8	0x14ff	Standard query (0)	webcare.byside.com	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:38.771828890 CEST	192.168.2.7	8.8.8.8	0x3aa6	Standard query (0)	s1.byside.com	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:40.044111967 CEST	192.168.2.7	8.8.8.8	0xf3c0	Standard query (0)	srv.novobanco.pt	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:53.165240049 CEST	192.168.2.7	8.8.8.8	0x3e5d	Standard query (0)	www.novobanco.pt	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:55.163683891 CEST	192.168.2.7	8.8.8.8	0xe52	Standard query (0)	onetrust.com	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:56.403525114 CEST	192.168.2.7	8.8.8.8	0x5a1e	Standard query (0)	www.onetrust.com	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:56.825397015 CEST	192.168.2.7	8.8.8.8	0xda30	Standard query (0)	fast.wistia.com	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:57.431449890 CEST	192.168.2.7	8.8.8.8	0x7ffa	Standard query (0)	onetrust-dev.web.onetrust.dev	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:57.588552952 CEST	192.168.2.7	8.8.8.8	0xe33c	Standard query (0)	onetrust.cloudflareaccess.com	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:59.090158939 CEST	192.168.2.7	8.8.8.8	0xeb33	Standard query (0)	snap.licdn.com	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:59.320395947 CEST	192.168.2.7	8.8.8.8	0x5317	Standard query (0)	px.ads.linkedin.com	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:59.641316891 CEST	192.168.2.7	8.8.8.8	0xac5a	Standard query (0)	geolocation.onetrust.com	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:59.854517937 CEST	192.168.2.7	8.8.8.8	0xe2bd	Standard query (0)	www.linkedin.com	A (IP address)	IN (0x0001)
Apr 8, 2021 10:53:01.586577892 CEST	192.168.2.7	8.8.8.8	0xcfb8	Standard query (0)	embed-fastly.wistia.com	A (IP address)	IN (0x0001)
Apr 8, 2021 10:53:03.214097977 CEST	192.168.2.7	8.8.8.8	0xdc9	Standard query (0)	distillery.wistia.com	A (IP address)	IN (0x0001)
Apr 8, 2021 10:53:03.301395893 CEST	192.168.2.7	8.8.8.8	0xdf0a	Standard query (0)	fg8vvsvnieiv3ej16jby.litix.io	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Apr 8, 2021 10:52:35.247293949 CEST	8.8.8.8	192.168.2.7	0xa286	No error (0)	novobanco.pt		194.145.121.90	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:35.821247101 CEST	8.8.8.8	192.168.2.7	0xb914	No error (0)	www.novobanco.pt		194.145.121.90	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:36.443135023 CEST	8.8.8.8	192.168.2.7	0xc0b5	No error (0)	cdn.cookielaw.org		104.16.148.64	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:36.443135023 CEST	8.8.8.8	192.168.2.7	0xc0b5	No error (0)	cdn.cookielaw.org		104.16.149.64	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:36.498228073 CEST	8.8.8.8	192.168.2.7	0x2574	No error (0)	grmtech.net		93.190.67.182	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:36.764075994 CEST	8.8.8.8	192.168.2.7	0x14ff	No error (0)	webcare.byside.com		62.28.184.69	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:38.798394918 CEST	8.8.8.8	192.168.2.7	0x3aa6	No error (0)	s1.byside.com		62.28.184.75	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:38.798394918 CEST	8.8.8.8	192.168.2.7	0x3aa6	No error (0)	s1.byside.com		62.28.184.71	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:38.798394918 CEST	8.8.8.8	192.168.2.7	0x3aa6	No error (0)	s1.byside.com		62.28.184.76	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:38.798394918 CEST	8.8.8.8	192.168.2.7	0x3aa6	No error (0)	s1.byside.com		62.28.184.74	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:40.095350027 CEST	8.8.8.8	192.168.2.7	0xf3c0	No error (0)	srv.novobanco.pt		194.145.121.101	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:53.178579092 CEST	8.8.8.8	192.168.2.7	0x3e5d	No error (0)	www.novobanco.pt		194.145.121.90	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:55.185059071 CEST	8.8.8.8	192.168.2.7	0xe52	No error (0)	onetrust.com		104.20.184.68	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:55.185059071 CEST	8.8.8.8	192.168.2.7	0xe52	No error (0)	onetrust.com		104.20.185.68	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:56.425228119 CEST	8.8.8.8	192.168.2.7	0x5a1e	No error (0)	www.onetrust.com		104.20.185.68	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:56.425228119 CEST	8.8.8.8	192.168.2.7	0x5a1e	No error (0)	www.onetrust.com		104.20.184.68	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:56.838711977 CEST	8.8.8.8	192.168.2.7	0xda30	No error (0)	fast.wistia.com	dualstack.f4.shared.global.fastly.net		CNAME (Canonical name)	IN (0x0001)
Apr 8, 2021 10:52:57.490252018 CEST	8.8.8.8	192.168.2.7	0x7ffa	No error (0)	onetrust-dev.web.onetrust.dev		104.18.1.153	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:57.490252018 CEST	8.8.8.8	192.168.2.7	0x7ffa	No error (0)	onetrust-dev.web.onetrust.dev		104.18.0.153	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:57.612171888 CEST	8.8.8.8	192.168.2.7	0xe33c	No error (0)	onetrust.cloudflareaccess.com		104.19.194.29	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:57.612171888 CEST	8.8.8.8	192.168.2.7	0xe33c	No error (0)	onetrust.cloudflareaccess.com		104.19.195.29	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:59.108297110 CEST	8.8.8.8	192.168.2.7	0xeb33	No error (0)	snap.licdn.com	wildcard.licdn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Apr 8, 2021 10:52:59.350298882 CEST	8.8.8.8	192.168.2.7	0x5317	No error (0)	px.ads.linkedin.com	mix.linkedin.com		CNAME (Canonical name)	IN (0x0001)
Apr 8, 2021 10:52:59.350298882 CEST	8.8.8.8	192.168.2.7	0x5317	No error (0)	mix.linkedin.com	glb-na.mix.linkedin.com		CNAME (Canonical name)	IN (0x0001)
Apr 8, 2021 10:52:59.350298882 CEST	8.8.8.8	192.168.2.7	0x5317	No error (0)	glb-na.mix.linkedin.com	pop-eda6.mix.linkedin.com		CNAME (Canonical name)	IN (0x0001)
Apr 8, 2021 10:52:59.350298882 CEST	8.8.8.8	192.168.2.7	0x5317	No error (0)	pop-eda6.mix.linkedin.com		108.174.11.69	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:59.661093950 CEST	8.8.8.8	192.168.2.7	0xac5a	No error (0)	geolocation.onetrust.com		104.20.184.68	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:59.661093950 CEST	8.8.8.8	192.168.2.7	0xac5a	No error (0)	geolocation.onetrust.com		104.20.185.68	A (IP address)	IN (0x0001)
Apr 8, 2021 10:52:59.867039919 CEST	8.8.8.8	192.168.2.7	0xe2bd	No error (0)	www.linkedin.com	www-linkedin-com.l-0005.l-msedge.net		CNAME (Canonical name)	IN (0x0001)
Apr 8, 2021 10:53:01.599783897 CEST	8.8.8.8	192.168.2.7	0xcfb8	No error (0)	embed-fastly.wistia.com	d.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)
Apr 8, 2021 10:53:03.227483988 CEST	8.8.8.8	192.168.2.7	0xdc9	No error (0)	distillery.wistia.com	prod-east-stats-tap-alb-627711272.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)
Apr 8, 2021 10:53:03.227483988 CEST	8.8.8.8	192.168.2.7	0xdc9	No error (0)	prod-east-stats-tap-alb-627711272.us-east-1.elb.amazonaws.com		52.207.146.247	A (IP address)	IN (0x0001)
Apr 8, 2021 10:53:03.227483988 CEST	8.8.8.8	192.168.2.7	0xdc9	No error (0)	prod-east-stats-tap-alb-627711272.us-east-1.elb.amazonaws.com		52.72.135.5	A (IP address)	IN (0x0001)
Apr 8, 2021 10:53:03.315443039 CEST	8.8.8.8	192.168.2.7	0xdf0a	No error (0)	fg8vvsvnieiv3ej16jby.litix.io	a4d6c1c8368a911ea98860aeb4e6dc37-182063218.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)
Apr 8, 2021 10:53:03.315443039 CEST	8.8.8.8	192.168.2.7	0xdf0a	No error (0)	a4d6c1c8368a911ea98860aeb4e6dc37-182063218.us-east-1.elb.amazonaws.com		52.0.129.236	A (IP address)	IN (0x0001)
Apr 8, 2021 10:53:03.315443039 CEST	8.8.8.8	192.168.2.7	0xdf0a	No error (0)	a4d6c1c8368a911ea98860aeb4e6dc37-182063218.us-east-1.elb.amazonaws.com		52.5.78.18	A (IP address)	IN (0x0001)
Apr 8, 2021 10:53:03.315443039 CEST	8.8.8.8	192.168.2.7	0xdf0a	No error (0)	a4d6c1c8368a911ea98860aeb4e6dc37-182063218.us-east-1.elb.amazonaws.com		34.198.102.54	A (IP address)	IN (0x0001)
Apr 8, 2021 10:53:03.315443039 CEST	8.8.8.8	192.168.2.7	0xdf0a	No error (0)	a4d6c1c8368a911ea98860aeb4e6dc37-182063218.us-east-1.elb.amazonaws.com		34.230.166.132	A (IP address)	IN (0x0001)
Apr 8, 2021 10:53:03.315443039 CEST	8.8.8.8	192.168.2.7	0xdf0a	No error (0)	a4d6c1c8368a911ea98860aeb4e6dc37-182063218.us-east-1.elb.amazonaws.com		3.210.75.230	A (IP address)	IN (0x0001)
Apr 8, 2021 10:53:03.315443039 CEST	8.8.8.8	192.168.2.7	0xdf0a	No error (0)	a4d6c1c8368a911ea98860aeb4e6dc37-182063218.us-east-1.elb.amazonaws.com		34.236.95.28	A (IP address)	IN (0x0001)
Apr 8, 2021 10:53:12.709254980 CEST	8.8.8.8	192.168.2.7	0x910c	No error (0)	prda.aadg.msidentity.com	www.tm.a.prd.aadg.akadns.net		CNAME (Canonical name)	IN (0x0001)

HTTP Request Dependency Graph

novobanco.pt

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 6024 Parent PID: 792

General

Start time:	10:52:32
Start date:	08/04/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff7656e0000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: iexplore.exe PID: 5920 Parent PID: 6024

General

Start time:	10:52:33
Start date:	08/04/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6024 CREDAT:17410 /prefetch:2
Imagebase:	0x1040000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report http://novobanco.pt/

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 6024 Parent PID: 792

General

Analysis Process: iexplore.exe PID: 5920 Parent PID: 6024

General

Disassembly