Play interactive tour

Edit tour

Analysis Report https://covid19risk.biosci.gatech.edu/

Overview

General Information

Sample URL:	https://covid19risk.biosci.gatech.edu/
Analysis ID:	321184
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Allocates a big amount of memory (probably used for heap spraying)

Classification

Startup

System is w10x64

iexplore.exe (PID: 2600 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 6032 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2600 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: iexplore.exe

Memory has grown: Private usage: 0MB later: 201MB

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x9ccff3d8,0x01d6bf91</date><accdate>0x9ccff3d8,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x9ccff3d8,0x01d6bf91</date><accdate>0x9ccff3d8,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9cd4b890,0x01d6bf91</date><accdate>0x9cd4b890,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9cd4b890,0x01d6bf91</date><accdate>0x9cd4b890,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x9cd71af4,0x01d6bf91</date><accdate>0x9cd71af4,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x9cd71af4,0x01d6bf91</date><accdate>0x9cd71af4,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: covid19risk.biosci.gatech.edu

Source: matomo[1].js.2.dr	String found in binary or memory: http://bestiejs.github.io/json3
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: http://covid19risk.biosci.gatech.edu/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: http://datainterfaces.org/projects/covid19eventi/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: http://ecotheory.biology.gatech.edu/
Source: dat96BD.tmp.2.dr	String found in binary or memory: http://fontawesome.io
Source: dat96BD.tmp.2.dr	String found in binary or memory: http://fontawesome.io/license/
Source: dat96BD.tmp.2.dr	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: http://friendlycities.gatech.edu/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: http://jordan.biology.gatech.edu/page/
Source: matomo[1].js.2.dr	String found in binary or memory: http://kit.mit-license.org
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: http://sjbeckett.github.io/
Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://abc7news.com/covid-19-map-interactive-coronavirus-risk-calculator-cdc-guidelines-for/6355615
Source: js[1].js.2.dr	String found in binary or memory: https://ade.googlesyndication.com/ddm/activity
Source: js[1].js.2.dr	String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: analytics[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://aroonchan.de
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://blogs.scientificamerican.com/observations/online-covid-19-dashboard-calculates-how-risky-reo
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://cnecovid.isciii.es/covid19/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://coronavirus.data.gov.uk
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://cos.gatech.edu/news/georgia-tech-researchers-release-county-level-calculator-estimate-risk-c
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://covid19ireland-geohive.hub.arcgis.com/
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.bi
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatecRoot
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr, ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-1
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-2M
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-2du/favicon.ico
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-3
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-4
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-4du/favicon.ico
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-5
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr, ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-6
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-6du/favicon.ico
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-7270-1getting-sick/prevention.htmlAvailable%20data%20indi
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-7270-2
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-7270-2getting-sick/prevention.htmlAvailable%20data%20indi
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/$
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/5_50.html
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/?
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-19
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-1Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-2Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-3Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-4Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-5Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-6Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-7270-1gett
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-7270-2gett
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/ab-6041-6Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-ronavirus/2019-ncov/hcp/duration
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-ronavirus/2019-ncov/prevent-gett
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/ab-6041-6
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/ab-6041-6du/favicon.ico
Source: imagestore.dat.2.dr, ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/favicon.ico~
Source: imagestore.dat.2.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/favicon.ico~&
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/n
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/og.png
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/tutorial.png
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://covidtracking.com/api/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://crosscut.com/2020/03/slow-coronavirus-events-250-plus-people-are-banned-why-250
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://dailymemphian.com/article/15338/shelby-county-coronavirus-cases-grow-by-306
Source: matomo[1].js.2.dr	String found in binary or memory: https://developer.piwik.org/api-reference/tracking-javascript
Source: matomo[1].js.2.dr	String found in binary or memory: https://developer.piwik.org/guides/tracking-javascript-guide#multiple-piwik-trackers
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://doi.org/10.1038/s41562-020-01000-9
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://ecotheory.biosci.gatech.edu/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://eventosycovid19.es
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://figshare.com/articles/COVID-19_Event_Risk_Assessment_Planner/11965533
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://github.com/appliedbinf/covid19-event-risk-planner
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://github.com/jsweitz/covid-19-event-risk-planner
Source: js[1].js.2.dr	String found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: matomo[1].js.2.dr	String found in binary or memory: https://github.com/matomo-org/matomo/blob/master/js/piwik.js
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://github.com/nytimes/covid-19-data
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://github.com/openZH/covid_19
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://github.com/pcm-dpc/COVID-19/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://gvwire.com/2020/08/06/if-100-people-go-to-a-party-in-fresno-county-its-99-someone-has-covid-
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://knight-hennessy.stanford.edu/program/scholars/2019/mallory-harris
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://kutv.com/news/local/how-likely-are-you-to-get-covid-19-this-new-map-will-tell-you
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://onemocneni-aktualne.mzcr.cz/covid-19
Source: js[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: js[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/
Source: matomo[1].js.2.dr	String found in binary or memory: https://piwik.org
Source: matomo[1].js.2.dr	String found in binary or memory: https://piwik.org/free-software/bsd/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://rstudio.com/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://scholar.google.com/citations?user=-LBmdhYAAAAJ&hl=en
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://scholar.google.com/citations?user=tygOpuIAAAAJ&hl=en
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://seolhalee.github.io/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://slate.com/technology/2020/05/coronavirus-reopening-math.html
Source: analytics[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://twitter.com/joshuasweitz/status/1237556232304508928?s=20
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://twitter.com/malar0ne
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.abil.ihrc.com/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.ajc.com/blog/get-schooled/scientists-the-math-show-how-large-events-like-march-madness-c
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.atlantamagazine.com/news-culture-articles/coronavirus-cancels-atlanta/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.bloomberg.com/news/newsletters/2020-08-12/maplab-an-actionable-map-of-covid-risk
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.boston.com/news/coronavirus/2020/08/03/interactive-tool-to-determine-your-covid-19-dange
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.bostonglobe.com/2020/11/10/nation/youre-not-doomed-zoom-how-have-safer-thanksgiving-duri
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.cdc.gov/co
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/hcp/duration-isolation.html
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/hcp/duration-isolation.html#:%7E:text=Available%20data%20i
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/prevent-getting-sick/prevention.html
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/prevent-getting-sick/prevention.htmlAvailable%20data%20ind
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.census.gov/data/tables/time-series/demo/popest/2010s-state-total.html
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.data.gouv.fr/fr/datasets/donnees-relatives-aux-resultats-des-tests-virologiques-covid-19
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.data.gv.at/covid-19/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.fox5atlanta.com/news/here-are-three-new-ways-to-tell-whether-were-beating-covid-19
Source: js[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: js[1].js.2.dr	String found in binary or memory: https://www.google.com
Source: js[1].js.2.dr	String found in binary or memory: https://www.google.com/travel/flights/click/conversion/
Source: js[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-45174995-12
Source: js[1].js.2.dr	String found in binary or memory: https://www.googletraveladservices.com/travel/clk/pagead/conversion/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.healthline.com/health-news/covid19-tracker-assesses-risk-public-gatherings
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.kare11.com/article/news/health/coronavirus/georgia-tech-covid-19-risk-calculator-map-sho
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.latimes.com/science/story/2020-11-11/covid-19-risk-thanksgiving-2020-what-to-expect
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.masslive.com/coronavirus/2020/07/what-are-the-chances-someone-at-your-gathering-in-massa
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.nationalgeographic.com/science/2020/03/graphic-see-why-small-groups-are-safer-during-cov
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.nature.com/articles/d41591-020-00005-1
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.nature.com/articles/s41562-020-01000-9/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.nbcsandiego.com/news/local/new-tool-shows-risk-of-encountering-someone-with-covid-19/238
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.newsweek.com/trump-rally-tulsa-oklahoma-coronavirus-cases-covid-19-1511021
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.politico.com/newsletters/politico-nightly-coronavirus-special-edition/2020/07/23/the-pan
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.sfchronicle.com/bayarea/article/If-25-people-gather-in-SF-odds-are-34-that-at-15458554.p
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.sfgate.com/news/article/Interactive-map-tells-you-how-likely-it-is-15461395.php
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.sltrib.com/news/2020/08/02/answers-utahns-frequently/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.webmd.com/lung/news/20201109/whats-my-risk-of-covid
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.wired.com/story/thinking-about-a-holiday-gathering-look-at-this-map/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.wired.com/story/to-navigate-risk-in-a-pandemic-you-need-a-color-coded-chart/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.wired.com/story/whats-social-distancing-flattening-curve-covid-19-questions/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: classification engine

Classification label: clean0.win@3/56@7/2

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF5F91CC1A9FC0CE82.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2600 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2600 CREDAT:17410 /prefetch:2

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Extra Window Memory Injection1	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Extra Window Memory Injection1	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://covid19risk.biosci.gatech.edu/	0%	Virustotal		Browse
https://covid19risk.biosci.gatech.edu/	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Link
matomo.chande.science	0%	Virustotal	Browse
d.basemaps.cartocdn.com	0%	Virustotal	Browse
c.basemaps.cartocdn.com	0%	Virustotal	Browse
b.basemaps.cartocdn.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://www.data.gv.at/covid-19/	0%	Avira URL Cloud	safe
https://seolhalee.github.io/	0%	Avira URL Cloud	safe
https://aroonchan.de	0%	Avira URL Cloud	safe
https://eventosycovid19.es	0%	Avira URL Cloud	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://gvwire.com/2020/08/06/if-100-people-go-to-a-party-in-fresno-county-its-99-someone-has-covid-	0%	Avira URL Cloud	safe
https://covid19risk.biosci.gatecRoot	0%	Avira URL Cloud	safe
https://www.abil.ihrc.com/	0%	Avira URL Cloud	safe
http://sjbeckett.github.io/	0%	Avira URL Cloud	safe
https://covid19risk.bi	0%	Avira URL Cloud	safe
https://covidtracking.com/api/	0%	Avira URL Cloud	safe
https://www.data.gouv.fr/fr/datasets/donnees-relatives-aux-resultats-des-tests-virologiques-covid-19	0%	Avira URL Cloud	safe
http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
matomo.chande.science	172.93.50.164	true	false	0%, Virustotal, Browse	unknown
bioappweitzweb.biosci.gatech.edu	130.207.66.12	true	false		high
covid19risk.biosci.gatech.edu	unknown	unknown	false		high
d.basemaps.cartocdn.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
c.basemaps.cartocdn.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
b.basemaps.cartocdn.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
a.basemaps.cartocdn.com	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Reputation
https://covid19risk.biosci.gatech.edu/#tab-6041-6	false	high
https://covid19risk.biosci.gatech.edu/#tab-6041-5	false	high
https://covid19risk.biosci.gatech.edu/	false	high
https://covid19risk.biosci.gatech.edu/#tab-6041-4	false	high
https://www.cdc.gov/coronavirus/2019-ncov/hcp/duration-isolation.html#:%7E:text=Available%20data%20indicate%20that%20persons,20%20days%20after%20symptom%20onset	false	high
https://covid19risk.biosci.gatech.edu/#tab-7270-2	false	high
https://covid19risk.biosci.gatech.edu/#tab-6041-3	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://fontawesome.io	dat96BD.tmp.2.dr	false		high
https://covid19risk.biosci.gatech.edu/ab-6041-6du/favicon.ico	~DFD87BB83FAD412A7E.TMP.1.dr	false		high
https://www.data.gv.at/covid-19/	UT6BD5TO.htm.2.dr	false	Avira URL Cloud: safe	unknown
https://developer.piwik.org/api-reference/tracking-javascript	matomo[1].js.2.dr	false		high
https://covid19risk.biosci.gatech.edu/#tab-7270-2	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://covid19risk.biosci.gatech.edu/og.png	UT6BD5TO.htm.2.dr	false		high
https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-2Root	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://piwik.org/free-software/bsd/	matomo[1].js.2.dr	false		high
https://covid19risk.biosci.gatech.edu/ab-6041-6	~DFD87BB83FAD412A7E.TMP.1.dr	false		high
https://covid19risk.biosci.gatech.edu/favicon.ico	imagestore.dat.2.dr, ~DFD87BB83FAD412A7E.TMP.1.dr	false		high
https://www.ajc.com/blog/get-schooled/scientists-the-math-show-how-large-events-like-march-madness-c	UT6BD5TO.htm.2.dr	false		high
https://www.kare11.com/article/news/health/coronavirus/georgia-tech-covid-19-risk-calculator-map-sho	UT6BD5TO.htm.2.dr	false		high
https://cos.gatech.edu/news/georgia-tech-researchers-release-county-level-calculator-estimate-risk-c	UT6BD5TO.htm.2.dr	false		high
https://covid19risk.biosci.gatech.edu/	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr, ~DFD87BB83FAD412A7E.TMP.1.dr	false		high
https://covid19risk.biosci.gatech.edu/tutorial.png	UT6BD5TO.htm.2.dr	false		high
https://crosscut.com/2020/03/slow-coronavirus-events-250-plus-people-are-banned-why-250	UT6BD5TO.htm.2.dr	false		high
http://ecotheory.biology.gatech.edu/	UT6BD5TO.htm.2.dr	false		high
https://covid19risk.biosci.gatech.edu/#tab-6041-4du/favicon.ico	~DFD87BB83FAD412A7E.TMP.1.dr	false		high
https://covid19risk.biosci.gatech.edu/XCOVID-Root	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://github.com/pcm-dpc/COVID-19/	UT6BD5TO.htm.2.dr	false		high
https://github.com/matomo-org/matomo/blob/master/js/piwik.js	matomo[1].js.2.dr	false		high
https://covid19risk.biosci.gatech.edu/#tab-7270-1getting-sick/prevention.htmlAvailable%20data%20indi	~DFD87BB83FAD412A7E.TMP.1.dr	false		high
https://github.com/krux/postscribe/blob/master/LICENSE.	js[1].js.2.dr	false		high
https://www.masslive.com/coronavirus/2020/07/what-are-the-chances-someone-at-your-gathering-in-massa	UT6BD5TO.htm.2.dr	false		high
https://covid19risk.biosci.gatech.edu/favicon.ico~	imagestore.dat.2.dr	false		high
https://stats.g.doubleclick.net/j/collect	analytics[1].js.2.dr	false		high
https://www.wired.com/story/to-navigate-risk-in-a-pandemic-you-need-a-color-coded-chart/	UT6BD5TO.htm.2.dr	false		high
http://www.reddit.com/	msapplication.xml4.1.dr	false		high
https://www.webmd.com/lung/news/20201109/whats-my-risk-of-covid	UT6BD5TO.htm.2.dr	false		high
https://www.sfgate.com/news/article/Interactive-map-tells-you-how-likely-it-is-15461395.php	UT6BD5TO.htm.2.dr	false		high
https://www.nationalgeographic.com/science/2020/03/graphic-see-why-small-groups-are-safer-during-cov	UT6BD5TO.htm.2.dr	false		high
https://www.wired.com/story/whats-social-distancing-flattening-curve-covid-19-questions/	UT6BD5TO.htm.2.dr	false		high
https://covid19risk.biosci.gatech.edu/XCOVID-	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-7270-1gett	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://seolhalee.github.io/	UT6BD5TO.htm.2.dr	false	Avira URL Cloud: safe	unknown
https://www.cdc.gov/coronavirus/2019-ncov/prevent-getting-sick/prevention.htmlAvailable%20data%20ind	~DFD87BB83FAD412A7E.TMP.1.dr	false		high
https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-6Root	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/Root	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://aroonchan.de	UT6BD5TO.htm.2.dr	false	Avira URL Cloud: safe	unknown
https://eventosycovid19.es	UT6BD5TO.htm.2.dr	false	Avira URL Cloud: safe	unknown
https://ecotheory.biosci.gatech.edu/	UT6BD5TO.htm.2.dr	false		high
https://www.cdc.gov/coronavirus/2019-ncov/prevent-getting-sick/prevention.html	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://blogs.scientificamerican.com/observations/online-covid-19-dashboard-calculates-how-risky-reo	UT6BD5TO.htm.2.dr	false		high
https://www.politico.com/newsletters/politico-nightly-coronavirus-special-edition/2020/07/23/the-pan	UT6BD5TO.htm.2.dr	false		high
https://www.google.%/ads/ga-audiences	analytics[1].js.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	low
https://www.nature.com/articles/s41562-020-01000-9/	UT6BD5TO.htm.2.dr	false		high
https://www.nature.com/articles/d41591-020-00005-1	UT6BD5TO.htm.2.dr	false		high
http://www.youtube.com/	msapplication.xml7.1.dr	false		high
https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-4Root	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://covid19risk.biosci.gatech.edu/#tab-6041-6du/favicon.ico	~DFD87BB83FAD412A7E.TMP.1.dr	false		high
https://slate.com/technology/2020/05/coronavirus-reopening-math.html	UT6BD5TO.htm.2.dr	false		high
https://gvwire.com/2020/08/06/if-100-people-go-to-a-party-in-fresno-county-its-99-someone-has-covid-	UT6BD5TO.htm.2.dr	false	Avira URL Cloud: safe	unknown
https://covid19risk.biosci.gatecRoot	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://covid19risk.biosci.gatech.edu/Root	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://www.healthline.com/health-news/covid19-tracker-assesses-risk-public-gatherings	UT6BD5TO.htm.2.dr	false		high
http://covid19risk.biosci.gatech.edu/	UT6BD5TO.htm.2.dr	false		high
https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-1Root	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
http://jordan.biology.gatech.edu/page/	UT6BD5TO.htm.2.dr	false		high
https://covid19risk.biosci.gatech.edu/$	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://www.abil.ihrc.com/	UT6BD5TO.htm.2.dr	false	Avira URL Cloud: safe	unknown
https://covid19risk.biosci.gatech.edu	UT6BD5TO.htm.2.dr	false		high
https://github.com/appliedbinf/covid19-event-risk-planner	UT6BD5TO.htm.2.dr	false		high
https://www.atlantamagazine.com/news-culture-articles/coronavirus-cancels-atlanta/	UT6BD5TO.htm.2.dr	false		high
https://www.bloomberg.com/news/newsletters/2020-08-12/maplab-an-actionable-map-of-covid-risk	UT6BD5TO.htm.2.dr	false		high
https://cnecovid.isciii.es/covid19/	UT6BD5TO.htm.2.dr	false		high
https://www.bostonglobe.com/2020/11/10/nation/youre-not-doomed-zoom-how-have-safer-thanksgiving-duri	UT6BD5TO.htm.2.dr	false		high
http://www.amazon.com/	msapplication.xml.1.dr	false		high
https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/ab-6041-6Root	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://github.com/jsweitz/covid-19-event-risk-planner	UT6BD5TO.htm.2.dr	false		high
http://www.twitter.com/	msapplication.xml5.1.dr	false		high
https://abc7news.com/covid-19-map-interactive-coronavirus-risk-calculator-cdc-guidelines-for/6355615	UT6BD5TO.htm.2.dr	false		high
https://covid19risk.biosci.gatech.edu/#tab-6041-2M	~DFD87BB83FAD412A7E.TMP.1.dr	false		high
https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-3Root	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://covid19risk.biosci.gatech.edu/favicon.ico~&	imagestore.dat.2.dr	false		high
http://sjbeckett.github.io/	UT6BD5TO.htm.2.dr	false	Avira URL Cloud: safe	unknown
https://www.fox5atlanta.com/news/here-are-three-new-ways-to-tell-whether-were-beating-covid-19	UT6BD5TO.htm.2.dr	false		high
https://covid19risk.biosci.gatech.edu/XCOVID-19	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://www.cdc.gov/coronavirus/2019-ncov/hcp/duration-isolation.html	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://covid19risk.biosci.gatech.edu/?	~DFD87BB83FAD412A7E.TMP.1.dr	false		high
https://covid19risk.bi	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://www.sltrib.com/news/2020/08/02/answers-utahns-frequently/	UT6BD5TO.htm.2.dr	false		high
https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-7270-2gett	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://covid19risk.biosci.gatech.edu/XCOVID-ronavirus/2019-ncov/hcp/duration	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://covidtracking.com/api/	UT6BD5TO.htm.2.dr	false	Avira URL Cloud: safe	unknown
https://www.data.gouv.fr/fr/datasets/donnees-relatives-aux-resultats-des-tests-virologiques-covid-19	UT6BD5TO.htm.2.dr	false	Avira URL Cloud: safe	unknown
https://twitter.com/malar0ne	UT6BD5TO.htm.2.dr	false		high
https://covid19risk.biosci.gatech.edu/XCOVID-ronavirus/2019-ncov/prevent-gett	{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
http://www.nytimes.com/	msapplication.xml3.1.dr	false		high
http://kit.mit-license.org	matomo[1].js.2.dr	false		high
https://onemocneni-aktualne.mzcr.cz/covid-19	UT6BD5TO.htm.2.dr	false		high
https://www.cdc.gov/coronavirus/2019-ncov/hcp/duration-isolation.html#:%7E:text=Available%20data%20i	~DFD87BB83FAD412A7E.TMP.1.dr	false		high
http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens	dat96BD.tmp.2.dr	false	Avira URL Cloud: safe	unknown
https://www.boston.com/news/coronavirus/2020/08/03/interactive-tool-to-determine-your-covid-19-dange	UT6BD5TO.htm.2.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.93.50.164	unknown	United States		54540	INCERO-HVVCUS	false
130.207.66.12	unknown	United States		2637	GEORGIA-TECHUS	false

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	321184
Start date:	20.11.2020
Start time:	15:03:42
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 39s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://covid19risk.biosci.gatech.edu/
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@3/56@7/2
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://covid19risk.biosci.gatech.edu/#tab-6041-1 Browsing link: https://covid19risk.biosci.gatech.edu/#tab-6041-2 Browsing link: https://covid19risk.biosci.gatech.edu/#tab-6041-3 Browsing link: https://covid19risk.biosci.gatech.edu/#tab-6041-4 Browsing link: https://covid19risk.biosci.gatech.edu/#tab-6041-5 Browsing link: https://covid19risk.biosci.gatech.edu/#tab-6041-6 Browsing link: https://covid19risk.biosci.gatech.edu/ Browsing link: https://www.cdc.gov/coronavirus/2019-ncov/hcp/duration-isolation.html#:%7E:text=Available%20data%20indicate%20that%20persons,20%20days%20after%20symptom%20onset Browsing link: https://www.cdc.gov/coronavirus/2019-ncov/prevent-getting-sick/prevention.html Browsing link: https://covid19risk.biosci.gatech.edu/#tab-7270-1 Browsing link: https://covid19risk.biosci.gatech.edu/#tab-7270-2
Warnings:	Show All Exclude process from analysis (whitelisted): ielowutil.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 13.64.90.137, 52.255.188.83, 104.108.39.131, 172.217.23.168, 172.217.23.142, 151.101.2.132, 151.101.66.132, 151.101.130.132, 151.101.194.132, 51.132.208.181, 152.199.19.161, 23.210.248.85 Excluded domains from analysis (whitelisted): skypedataprdcolwus17.cloudapp.net, arc.msn.com.nsatc.net, fs.microsoft.com, www-google-analytics.l.google.com, j.sni.global.fastly.net, ie9comview.vo.msecnd.net, www-googletagmanager.l.google.com, e1723.g.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, umwatsonrouting.trafficmanager.net, skypedataprdcoleus17.cloudapp.net, go.microsoft.com, www.googletagmanager.com, go.microsoft.com.edgekey.net, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, www.google-analytics.com, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\8N33DYTK\covid19risk.biosci.gatech[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.469670487371862
Encrypted:	false
SSDEEP:	3:D90aKb:JFKb
MD5:	C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
SHA1:	35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
SHA-256:	B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
SHA-512:	6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
Malicious:	false
Reputation:	low
Preview:	<root></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BDD8802F-2B84-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8567094015039436
Encrypted:	false
SSDEEP:	48:IwvGcpraGwpLFG/ap8frGIpc4ooGvnZpv4uGorqp947Go4tpm41oGWNT947GW3TY:rlZCZh2f9W4oht45f48tM4E4x49f4p8X
MD5:	A418E6E3A6CBCCE1FEA485630AFC3E60
SHA1:	CF5C8DF067A7870FAE9B9E708556918EE690769A
SHA-256:	5BC9C4454AB8800F8DE13EFF6B7A16777D5E3043FC6E40BFCA700B2FE7CC1860
SHA-512:	F75DD321079A594C601212ED05914DBFB28C90C9D555B56D98EF081B49C591B49CF840869426754FF110B568BA9587B4A9A043646B9BDB8AD3C26D6A6B26A98E
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	188586
Entropy (8bit):	2.4803899189668845
Encrypted:	false
SSDEEP:	3072:11BqFv6XLnr7nbjRgrM4rMljXSoM5Mp3LJ00lboti:T
MD5:	5B0B9A53F1B33D690FD6A8E3DF9FD849
SHA1:	08FDB76279B4DC3DC5CFD7CF3FE20537688C017B
SHA-256:	09F392D17073BE5D2FA669C6490212E50E6F7FE3396B8D85A297F10DCFA37A89
SHA-512:	38AFC502792DD7888EFFB6AB85469637D0969C568AB1FA61705BFB637136B9BC69D741C784A6E49E9235EF28A5AECF8DC1A1D13ED62C7B93445EF0EA502BC727
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C40E5326-2B84-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5660562388982193
Encrypted:	false
SSDEEP:	48:IwNGcprIGwpaCG4pQWGrapbSArGQpKiG7HpR4sTGIpG:rTZQQy6YBSAFANT44A
MD5:	887E6685FC54116912A8E11E097BA6D7
SHA1:	6ED567EDB6E8C672949839FE28300F7537AEFDA0
SHA-256:	60AEE06D9D13054BA1536CFB2206C4CB4FB5583800B7613C997ECEB8E849159D
SHA-512:	4DE0F0CFB2E57F1896B88042C77C48FBA68657D6B7015208A4366131735F832225E916DD4BC573349E5C2C27750BCE2D149FC4D6E7DA19562302829EF015C9B4
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.1104782482937585
Encrypted:	false
SSDEEP:	12:TMHdNMNxOEgROWvRO7NnWimI002EtM3MHdNMNxOEgROWvRO7NnWimI00ObVbkEty:2d6NxOAHxSZHKd6NxOAHxSZ76b
MD5:	970650DBAEB73DC63C86EA7FF6636BBD
SHA1:	F7862A8884799D802EA13E2B67BC2B50B34C54A7
SHA-256:	BF293D85B63DA7C947C9F31D0EEC0EDFD5948EF7051F703AD6956C0CB16D29B6
SHA-512:	B8D678522ED13029BCCE427C958A5EF2E71080075F1FC0B89AAD2499F3B31946544521520FDC746D816F94520B05293DB623FAB47F459DC0AD85748659033B7D
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9cd4b890,0x01d6bf91</date><accdate>0x9cd4b890,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9cd4b890,0x01d6bf91</date><accdate>0x9cd4b890,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.113849833107896
Encrypted:	false
SSDEEP:	12:TMHdNMNxe2k+WX7NnWimI002EtM3MHdNMNxe2k+W8NnWimI00Obkak6EtMb:2d6Nxrz8xSZHKd6NxrzrSZ7Aa7b
MD5:	4DD870AFD7E8C8F61D88345A0652331C
SHA1:	7B9C7E447A10941E5F3B2315CF89F622053C098A
SHA-256:	27169479D838E778CE25834C4BB9696073084C09FD653715CC52A20E410004E2
SHA-512:	F274DBD325BDA1DD11BDFCB54C2AF6070D77937195B4E8E1A11E16B5F3740CD7FFCF0CBA2471F1EC2DE24FC6CEBE5F891A8CCDC008148BFBAA919E01F3B73DB9
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x9cc66a73,0x01d6bf91</date><accdate>0x9cc66a73,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x9cc66a73,0x01d6bf91</date><accdate>0x9cc8ccd8,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	662
Entropy (8bit):	5.127733346278906
Encrypted:	false
SSDEEP:	12:TMHdNMNxvLgROWvRO7NnWimI002EtM3MHdNMNxvLgROWvGoKNnWimI00ObmZEtMb:2d6NxvdHxSZHKd6Nxvd1o8SZ7mb
MD5:	33E43C2D4F62351FCD8E5B66F5F1CFFC
SHA1:	21550BF5B419938E53B7334F60F6F20C32B54ADF
SHA-256:	517A8CA2EF591878A27BFE2F3218864B00ECEBB24C4FEFB0E4CAB7801D7183DB
SHA-512:	D4C327F0A29364779583D303D53BA2ACEDBD3F652EC05ECC1538A9F199421FDF98473A309DBA04B64F3BDE0F6729647C8D8C66BFE85802A12F983EF8191150FE
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x9cd4b890,0x01d6bf91</date><accdate>0x9cd4b890,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x9cd4b890,0x01d6bf91</date><accdate>0x9cd71af4,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	647
Entropy (8bit):	5.1620636085569975
Encrypted:	false
SSDEEP:	12:TMHdNMNxigxvmNnWimI002EtM3MHdNMNxigxvmNnWimI00Obd5EtMb:2d6Nx8SZHKd6Nx8SZ7Jjb
MD5:	8A9BCA5BE3CA1BDEFCCFE17FEA124D48
SHA1:	EF7A2893F18B29A49287A92BD8F21E49936A8C12
SHA-256:	BFE5AF5AC0184214FC2D78E77AA0194602C78AD4CA91AB042D950CBA98035A33
SHA-512:	3AEC4F59914ACE198824FCB4B938101B102E2EDE3235B8AEE9E0CE09DABAEB6E0EED08DB8369F04EFA4227331D964314B3613C4709C1F211005E79DA315DEF08
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x9cd25642,0x01d6bf91</date><accdate>0x9cd25642,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x9cd25642,0x01d6bf91</date><accdate>0x9cd25642,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.126624369411661
Encrypted:	false
SSDEEP:	12:TMHdNMNxhGwgGoNvGoKNnWimI002EtM3MHdNMNxhGwgGoNvGoKNnWimI00Ob8K0z:2d6NxQWoUo8SZHKd6NxQWoUo8SZ7YKa/
MD5:	6FFC91198DD04C9DAA513131500AA235
SHA1:	B2F85F6D5A295A5D3BAA8E484E84F04BB54F616A
SHA-256:	344669A60BA8749267789CC3B122453911656316B51D106B1CEA8EED492AE001
SHA-512:	A9C1BC1CC65427A2E19BFFA72C5D74199498CD2D74553EAC30437D85393980BC2C301938878CF844CF0904B50CD84BFA34F502F9A9E0B90496106B4AD3148C15
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x9cd71af4,0x01d6bf91</date><accdate>0x9cd71af4,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x9cd71af4,0x01d6bf91</date><accdate>0x9cd71af4,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.146565683508796
Encrypted:	false
SSDEEP:	12:TMHdNMNx0ngxvmNnWimI002EtM3MHdNMNx0ngxvmNnWimI00ObxEtMb:2d6Nx07SZHKd6Nx07SZ7nb
MD5:	B50300219F4B1144A3F5437019B9103B
SHA1:	3B35B029FD8E0D05B437467794648E436F9A09DC
SHA-256:	67AB4E189866C0FD978E6690BF572DC6DBFB6E94906EA8A3A59B8F5EE853FACD
SHA-512:	E9FEA07FE05663CC477FBFBD9FC7B94314545872810C5DE41A0C2710585916383B5ECD9E8F0B2FBA92AC7E14E820E29BF4DD0C0C4295DDE19C17BB76610A0BD8
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x9cd25642,0x01d6bf91</date><accdate>0x9cd25642,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x9cd25642,0x01d6bf91</date><accdate>0x9cd25642,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.186015341658806
Encrypted:	false
SSDEEP:	12:TMHdNMNxxgxvmNnWimI002EtM3MHdNMNxxgxvmNnWimI00Ob6Kq5EtMb:2d6NxFSZHKd6NxFSZ7ob
MD5:	DA042BC6AB6813CE474A5C640BBDFA94
SHA1:	E37C268A7902833BD8695D0170294B944C2BB05B
SHA-256:	B1B68640B06D3FFA87F801514DE9F965070329CEEFF1927FC6CE573C1BE4BFCA
SHA-512:	E185D79F8E4D5F4268AEC4FAC4CC3D4AA29EA97206DDA2AC96304894A84C0E23B05149EB9F711F53B157EDF0DD84E3E156BD45CF745ACCE29C6B6B3FEE8D4879
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x9cd25642,0x01d6bf91</date><accdate>0x9cd25642,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x9cd25642,0x01d6bf91</date><accdate>0x9cd25642,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	659
Entropy (8bit):	5.096320052824326
Encrypted:	false
SSDEEP:	12:TMHdNMNxciJcrJxNnWimI002EtM3MHdNMNxciJcrJxNnWimI00ObVEtMb:2d6NxQSZHKd6NxQSZ7Db
MD5:	1A7153D22E0E3452ECEDF1509DDEF2F6
SHA1:	8460634EDC3CA8A4021FEFF949C89029F861899A
SHA-256:	79AA3D283E239A093969E4E00B59AFAA4D6269F2BF72248C385BF3F86D8CC9D6
SHA-512:	ED3C347E659A4DC0C86E773128E10FD17704BE3AB34AFC5306D4C34053222685E37451A6BB6EB48D2364CFC2B34605C61388CFACA9CD086CD99B3E66102869DD
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x9ccff3d8,0x01d6bf91</date><accdate>0x9ccff3d8,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x9ccff3d8,0x01d6bf91</date><accdate>0x9ccff3d8,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.084329729748474
Encrypted:	false
SSDEEP:	12:TMHdNMNxfniJcrJxNnWimI002EtM3MHdNMNxfniJcrJxNnWimI00Obe5EtMb:2d6NxlSZHKd6NxlSZ7ijb
MD5:	EBEEBD22883D96B248C84701B5ED9F15
SHA1:	2155D8D69809638F2F0D723F4764363F58C1E6A1
SHA-256:	B51907DE9164A2A334269409F394708EA38FD9D3F0A4899068E95652F9A882C5
SHA-512:	137483CEE23D5ED985B68A1F8D1B7E6915CAE1E7D5B708863490C2446CA901716B42F0E2BF2D82F9FD4A62541A8B478247461EBC173C5D6AF283C88FB92498EA
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x9ccff3d8,0x01d6bf91</date><accdate>0x9ccff3d8,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x9ccff3d8,0x01d6bf91</date><accdate>0x9ccff3d8,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	47478
Entropy (8bit):	4.732211477928116
Encrypted:	false
SSDEEP:	768:fyxuy0JGu1glWfOsqxuy0JGO1glWfOM6xuy0JGe1glWfOW:fyMYwOsqMYwOM6M4wOW
MD5:	D078119714D111AFCAB6717D8FAF91E8
SHA1:	ECE9A2313A8391DCCCFDD9282CD1B945862FFF2C
SHA-256:	FFD33564B785EC47715DCDFE631A81348AA5CAA7890331DA32F236FF703013F8
SHA-512:	2FEB9DBB788AC72CDC1239F03135FFF00CC02A0F56678B2C94097B28CC271AA183590C17AC002132AB363AA2BE71AB8293319BF4F152F7D4CFD9B4B8F5919417
Malicious:	false
Reputation:	low
Preview:	1.h.t.t.p.s.:././.c.o.v.i.d.1.9.r.i.s.k...b.i.o.s.c.i...g.a.t.e.c.h...e.d.u./.f.a.v.i.c.o.n...i.c.o.~............... .h.......(....... ..... ..................................................)................................................................,.............................................x.................................5...N....................................h.........2pd.+nb.,............................y...........~...s..................~~.c...q....................d...............j..............od.0mm.....Y...E...........P.....s.....................}qh.Sof.U...'..................).......p....................qj.$....of.>..................................D...\......#......................................UU..{{.>ub..mm..qg.Qng.Eqf.-...g.................................z....~~.]oh.'...w..........Hlf.(pg.o...M..................R...A...{w.>.........x.............jod.0.................7....................v...d...d..........jj..qc.$mg.*UU................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\5_50[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	3972531
Entropy (8bit):	5.897260446899459
Encrypted:	false
SSDEEP:	49152:fHLZ+dnWgoeyigwTxjpwzSFevRgd7+7yiKrNjBMAwDFqPDdRDOVZLf3uAMSY12vk:QPDdRDOVZLf3uAMSY12vO6t+5
MD5:	D5DF33D48580665F0FFB9AC949E9E798
SHA1:	694C5361A03F227894C8CDBB27D3080A0E8D53F8
SHA-256:	6CFDCFF2CAC0FE7BEE829AD1732644FDA1545E8046DC7B50F351CF4B98950AA5
SHA-512:	087A1067F1EC00F81EDC458E02BCCCC962706EA4C5BCDD90557D6B6FC5CFBF1E04F0EB88C8F64ABD009CF0827301BA11E9D04ED8890DE2CDAD98DC3263791CBF
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>.<html>.<head>.<meta charset="utf-8" />.<title>leaflet</title>.<script src="data:application/x-javascript;base64,KGZ1bmN0aW9uKCkgewogIC8vIElmIHdpbmRvdy5IVE1MV2lkZ2V0cyBpcyBhbHJlYWR5IGRlZmluZWQsIHRoZW4gdXNlIGl0OyBvdGhlcndpc2UgY3JlYXRlIGEKICAvLyBuZXcgb2JqZWN0LiBUaGlzIGFsbG93cyBwcmVjZWRpbmcgY29kZSB0byBzZXQgb3B0aW9ucyB0aGF0IGFmZmVjdCB0aGUKICAvLyBpbml0aWFsaXphdGlvbiBwcm9jZXNzICh0aG91Z2ggbm9uZSBjdXJyZW50bHkgZXhpc3QpLgogIHdpbmRvdy5IVE1MV2lkZ2V0cyA9IHdpbmRvdy5IVE1MV2lkZ2V0cyB8fCB7fTsKCiAgLy8gU2VlIGlmIHdlJ3JlIHJ1bm5pbmcgaW4gYSB2aWV3ZXIgcGFuZS4gSWYgbm90LCB3ZSdyZSBpbiBhIHdlYiBicm93c2VyLgogIHZhciB2aWV3ZXJNb2RlID0gd2luZG93LkhUTUxXaWRnZXRzLnZpZXdlck1vZGUgPQogICAgICAvXGJ2aWV3ZXJfcGFuZT0xXGIvLnRlc3Qod2luZG93LmxvY2F0aW9uKTsKCiAgLy8gU2VlIGlmIHdlJ3JlIHJ1bm5pbmcgaW4gU2hpbnkgbW9kZS4gSWYgbm90LCBpdCdzIGEgc3RhdGljIGRvY3VtZW50LgogIC8vIE5vdGUgdGhhdCBzdGF0aWMgd2lkZ2V0cyBjYW4gYXBwZWFyIGluIGJvdGggU2hpbnkgYW5kIHN0YXRpYyBtb2RlcywgYnV0CiAgLy8gb2J2aW91c2x5LCBTaGlueSB3aWRnZXRzIGNhbiBvbmx5IGFwcGVhciBpbiBT

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\6[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	103
Entropy (8bit):	4.486070225514895
Encrypted:	false
SSDEEP:	3:yionv//thPktklFDZolmjmx/Nl/FSzrm//V2+w/jp:6v/lhPktkTDZ4myzldS29w/jp
MD5:	C8EC1F81F88E62CF5E1ED4AB69A7806B
SHA1:	F0C70DE6BC12597BF3A58E5479E10DF3D15048AA
SHA-256:	AC71F70963C6BC771B87B03E52A50B57F5F85E63527B517E8D6B46B843775B1A
SHA-512:	9BCF8EE08A3B1CE51FECA71F786A9748C8C39354258E47F55DB2AFADC136C82C50E68FC7558B299AD8E8D353FDAAC9157173E8F19134485C6B1375CDFEB6C487
Malicious:	false
Reputation:	low
IE Cache URL:	https://d.basemaps.cartocdn.com/light_all/4/1/6.png
Preview:	.PNG........IHDR.............f.:%....PLTE....H.\....IDATh..........Om.7...........!....`......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\7[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	4765
Entropy (8bit):	7.889374031524629
Encrypted:	false
SSDEEP:	96:R75HUHxJB/XIDWf5n0bXHm073OhjEB9HYaK74VhUUTiF/1D:x0rBAD40bG073ONO1t8D
MD5:	B64E750EBA304D8B1FEC58F7215261C5
SHA1:	CAA949EA822B662B9F812A5EBA863CCAC6E71F0E
SHA-256:	2FE7D0B1033944C8E7F9B82941A7AAFDD651C11D69DE3D6B0D60D3B54484D23B
SHA-512:	27BA6FD067DAE80ABC0C669042C22B0DB749985E8827BC1610B37F0353BFCD44963BCBCCD3838D604810E65036CED54CF2434C935DDD1F3A522A3CA141D1DA58
Malicious:	false
Reputation:	low
IE Cache URL:	https://a.basemaps.cartocdn.com/light_all/4/5/7.png
Preview:	.PNG........IHDR.............k.XT....PLTE........................................................................................................................................................................x......IDATx..].w.....>...8(..2..Ay&....$(..@I....4.9...DA..!.n.o...n.o...n.o...n.o...n.o...n.o...n.o...n.o...n.o...n.o...n.o...n.o..X.[........ ..pFO@O...pFO.?O@...!h.[..}(...............A....E.).\|kO..0`.`.....@...M....9......y......T...H..h..S.X.Q........8...?_./@j..0...q...~. .Jb..........B...[.KD..Jm...7..U..x..............WJ...#^..i..u&.% ...._Yi..........n.o.".;8.V.\|..R..,n.eI`B@..j......@w.a{. ....@{.\|.a.`A.._'@v../.1.......!.......7....F....m........!`..Wl.P...P...........>......2.[F..Z0S.y.wR..........`G.a......{.............tsF....I.v..._...Y/...tR.z/.........nZ.f..a!.2...1#..:h.N0.y6@..io.y7.7z.x7.7z.x7.7z.x7.7z........P.[ ..`..A3..A.<.VpDo.y7.7z.x7.7z.x7.7z...M6:..0%......1..Nd./G...+k.,......~pen...;... ..u.X..L....-7..J.....>...[.0.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\7[2].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	7990
Entropy (8bit):	7.946000593095248
Encrypted:	false
SSDEEP:	192:liEqerwK59QGLnCdyT8IxlyOtNJIp8HxyZ9Hl1ZHec0dlMef:F3rwc9QlQXyWPJHxCHl2cNef
MD5:	95F64AA30B64F5C8DE27FE9D307701DC
SHA1:	8D45E81E12B49B418B35777EAD512974B1906A2A
SHA-256:	17E323B9C2A938A2EA51CAB7EA6B565EF4FC2781E9C15BF9F29820DE8288B060
SHA-512:	15A5B2D54864D45BFB16BF8BEE5EE4A4D4E4D2CFACFAA2F2EACF468575E05856B44120BF9A8D38869EFB13285731AE47C99FE99C79D67394ED807CB88A27F8B8
Malicious:	false
Reputation:	low
IE Cache URL:	https://d.basemaps.cartocdn.com/light_all/4/4/7.png
Preview:	.PNG........IHDR.............k.XT....PLTE..................................................................................................................................................................................................................................../....IDATx..]._..NAe....Ru...R...w.......<o..H7...}.7\D.....rr..!O_..#M.\|/..z7.=.. .P......'..... .\E.f..P.{.j.R`..?..@MM......C.2...Yw.9........b....8J.(..,..._Q.v...E.![.f..w...&...q.PRuU...o._.r...A..E...ZjJ.$.....T.....-..."%......>.$.Zl...+._.......p. C..`..?(e......-...6 if.R..............5x..c...9....a..i...c.p.).R.k ;@.AOp.(L.b..A)....~(..\...{.q.Hb.....B.7.8....8..Y...i..[...P. `..+9^...F8........PV......Q$!....I... (..b...(.tj........#..7...P7.:...D.ct...A......!...(..a..p....3....-.B8..@,.)...0=...B..c....R...&B.p>4.=.9~{f....(..k.P.}.<.O..?w/,....+G_.d.....FCY.Yj1.T..pb.'.2L..@m!".i!....4.5..Ia.(.Gpb.=.G....S =.2I..'N..m..X..\|.%.Fx.!.......!.h.3F..>...H...d...H+o",o.F..j% .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\J9KGT5IT.htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	43310
Entropy (8bit):	5.066092457050677
Encrypted:	false
SSDEEP:	768:rUQZB/AzDp0p5v3tsHjBNvUOsHEApaH8ZttAoJMoghqg3M8:rUQZB/AzDp0p5v3tejTvUDHEApaHutAL
MD5:	813C8C512DF0DB368336F0A4A0ABA3B0
SHA1:	55ED12D387C631399C2D6C2AFD9859CE67500901
SHA-256:	7C8E0652E24B6ECC4C2DE30A0B273684506B93A396F0E1D5165A517814B4D20F
SHA-512:	EBB8B560D348CEBF3C03248EE75F79C75C3E50E09155353B755AD01BB008ECA160F21FEB648686A4479A2160F5FAA44DC062342D8FCC59A6C39113A6661D88F9
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>.<html>.<head>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>. <script type="application/shiny-singletons">5d8980c8ca413e6bf3804114399e2217f61c505a</script>. <script type="application/html-dependencies">json2[2014.02.04];jquery[3.5.1];shiny[1.5.0];ionrangeslider[2.1.6];strftime[0.9.2];shinyWidgets[0.5.3.930];awesome-bootstrap[0.3.7];font-awesome[5.13.0];bttn[0.2.4];selectize[0.11.2];bootstrap[3.4.1]</script>.<script src="shared/json2-min.js"></script>.<script src="shared/jquery.min.js"></script>.<link href="shared/shiny.css" rel="stylesheet" />.<script src="shared/shiny.min.js"></script>.<link href="shared/ionrangeslider/css/ion.rangeSlider.css" rel="stylesheet" />.<link href="shared/ionrangeslider/css/ion.rangeSlider.skinShiny.css" rel="stylesheet" />.<script src="shared/ionrangeslider/js/ion.rangeSlider.min.js"></script>.<script src="shared/strftime/strftime-min.js"></script>.<link href="shinyWidgets/shinyWidgets.min.css" rel="stylesheet" />.<

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\down[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	748
Entropy (8bit):	7.249606135668305
Encrypted:	false
SSDEEP:	12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
MD5:	C4F558C4C8B56858F15C09037CD6625A
SHA1:	EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
SHA-256:	39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
SHA-512:	D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?\|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	15406
Entropy (8bit):	4.7213015476915094
Encrypted:	false
SSDEEP:	192:F6GAFbVuOr0hX46/pjH4xBjl9w/81ggUDdp7gJl2EXfI9kBi3XB:F6BbVuy0JGrjr1gLp7WXw96i3X
MD5:	1A2B1B2A10E71FF8F86823637C5FABB2
SHA1:	14B3199CF7C5B7EED9D7C8B4F423828C024A8E82
SHA-256:	BF5110DC5C3BD526C3A427691D4A0028F5EF1EB52A609C405D3E14EA3236017B
SHA-512:	128C308F20F95519746CA0D62CEAA31FB883ECCB10BA3136A0D1FF2F2811279B18CAFC73C89C868A0DFF6B5C886A889A00535EB05D99DEACB3C441437E0358D1
Malicious:	false
Reputation:	low
Preview:	............ .h...6... .... .(.......00.... .h&......(....... ..... ..................................................)................................................................,.............................................x.................................5...N....................................h.........2pd.+nb.,............................y...........~...s..................~~.c...q....................d...............j..............od.0mm.....Y...E...........P.....s.....................}qh.Sof.U...'..................).......p....................qj.$....of.>..................................D...\......#......................................UU..{{.>ub..mm..qg.Qng.Eqf.-...g.................................z....~~.]oh.'...w..........Hlf.(pg.o...M..................R...A...{w.>.........x.............jod.0.................7....................v...d...d..........jj..qc.$mg.*UU..............................{...d...d..........ub.....\...z..........................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\matomo[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	70428
Entropy (8bit):	5.469443098202272
Encrypted:	false
SSDEEP:	1536:ks2uk/OvnnsqfxBGTFrGvGeC7nSZkBKf7XIuLs5Wsi4Vq:A/GnfkyEnSBV5Z
MD5:	434F3D0418B4425917954BF073F4D262
SHA1:	1119AD5F14FE6A7CE2CC7BDAEA72245D5E05C71A
SHA-256:	0995371A359A4A701D66F8B183DE6144DE9A042E5BAC84B6F920968F51567742
SHA-512:	673E25EF74DB8B3D976AAE050D86C5247CC2A08C0EBC067582BCC7CD85783BAE03ACD1F2EFEBF8C2367B9E580CB8A92DB200756BD3AAF79005748BC5F0C35F6F
Malicious:	false
Reputation:	low
IE Cache URL:	https://matomo.chande.science/matomo.js
Preview:	/!!. Piwik - free/libre analytics platform. . JavaScript tracking client. . @link https://piwik.org. * @source https://github.com/matomo-org/matomo/blob/master/js/piwik.js. * @license https://piwik.org/free-software/bsd/ BSD-3 Clause (also in js/LICENSE.txt). * @license magnet:?xt=urn:btih:c80d50af7d3db9be66a4d0a86db0286e4fd33292&dn=bsd-3-clause.txt BSD-3-Clause. /.;if(typeof window.JSON==="object"&&typeof window.JSON.stringify==="function"&&typeof window.JSON.parse==="function"){JSON_PIWIK=window.JSON}else{(function(){var a={};./!! JSON v3.3.2 \| http://bestiejs.github.io/json3 \| Copyright 2012-2014, Kit Cambridge \| http://kit.mit-license.org */.(function(){var c=typeof define==="function"&&define.amd;var e={"function":true,object:true};var h=e[typeof a]&&a&&!a.nodeType&&a;var i=e[typeof window]&&window\|\|this,b=h&&e[typeof module]&&module&&!module.nodeType&&typeof global=="object"&&global;if(b&&(b.global===b\|\|b.window===b\|\|b.self===b)){i=b}function j(ab,V){ab\|\|(ab=i.Object()

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\7[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 4-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	448
Entropy (8bit):	5.755756935085382
Encrypted:	false
SSDEEP:	6:6v/lhPktk2tQm9vfjhwugF/yDuC8UUxknk25H021X/i2Ba7nPc8wqbp:6v/7Nm9VbgF/LBUUxZ2Tpjsp
MD5:	DD20A33E46E382BA6F88440E01DDEF69
SHA1:	BA065756A1629154CA15BC42E3E87A8B9CE8669B
SHA-256:	EE2FB2562F8B1598FCC4340CC7F41AD50908C1DBD6CECC5C528894D359806F4F
SHA-512:	70879B66B8EB42CB42220ACF9F7DACB4D512D1614111AB4FFC7645D80E9592E05C550284A9C4C6C856503CAC828FFD6F8CA50C56F31C5E0FA1CEF2D2108F1732
Malicious:	false
Reputation:	low
IE Cache URL:	https://b.basemaps.cartocdn.com/light_all/4/2/7.png
Preview:	.PNG........IHDR..............\.U....PLTE.......................,.....`IDATx...1K.@...Z.t....c.......3iF.bs?.K,..P.. O......%./\|.............................................................................................................................t..l.9.WO..Y.m.........Y..b....r..q.@....kxl.n.....J....X6..W...r..st.=b=1.....K..Mz,...*=...T.L.Hc..eIc.ty3.lW..Ln&....K..lw...N.y.....$.....4..!..<\.1(9<.O.........P....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\7[2].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 4-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	343
Entropy (8bit):	6.714033225505666
Encrypted:	false
SSDEEP:	6:6v/lhPktk2VowR7Jg0mueJmYuN8wtYotnFPcjuV6dDSVVp:6v/7hq7JMuWSNhtYoTNmDC7
MD5:	CE05E96AF1DD023C8F1C34E821D7A8BF
SHA1:	F18F0883309BAD42B2D6DED922E5361BFD157D21
SHA-256:	E491D92024571CA57C8ADF23A743980D488BA4C2D9B65C1D0EA4FD074E0B87CD
SHA-512:	6672B9FF6DA39F50554441B25B406582EB65B4EF3EE3901672288D1E86FC57B42086B562113C3368E18AD95C5460BBCCBA20BAAA3CB0B2B8770223480085F1DD
Malicious:	false
Reputation:	low
IE Cache URL:	https://a.basemaps.cartocdn.com/light_all/4/1/7.png
Preview:	.PNG........IHDR..............\.U...$PLTE.....................................>f.....IDATx...1J.Q...3ha..6..,l.+I.w`.`.MX...`....-4!..sf6q-....x...i.f....<.p4....n..o.....`@..=...\5;U_..A.f_B3.......p..^...U....z..w.~}....M0.x.H......h..Z..>..un.z.._.{.k.......W....o.}.........................9I.....W..t...a..b7l...=....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\NewErrorPageTemplate[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	1612
Entropy (8bit):	4.869554560514657
Encrypted:	false
SSDEEP:	24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk
MD5:	DFEABDE84792228093A5A270352395B6
SHA1:	E41258C9576721025926326F76063C2305586F76
SHA-256:	77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
SHA-512:	E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
Malicious:	false
Reputation:	low
Preview:	.body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\analytics[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	47051
Entropy (8bit):	5.516264124030958
Encrypted:	false
SSDEEP:	768:ryOveCSBZfsnt5XqY/yPndFTkoWY3SoavqVy2rlebYUDTJC6g0stZm:ryJNDfs5hYdFTwY3SorSg0su
MD5:	53EE95B384D866E8692BB1AEF923B763
SHA1:	A82812B87B667D32A8E51514C578A5175EDD94B4
SHA-256:	E441C3E2771625BA05630AB464275136A82C99650EE2145CA5AA9853BEDEB01B
SHA-512:	C1F98A09A102BB1E87BFDF825A725B0E2CC1DBEDB613D1BD9E8FD9D8FD8B145104D5F4CACA44D96DB14AC20F2F51B4C653278BFC87556E7F00E48A5FA6231FAD
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google-analytics.com/analytics.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var l=this\|\|self,m=function(a,b){a=a.split(".");var c=l;a[0]in c\|\|"undefined"==typeof c.execScript\|\|c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var q=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},r=function(a){for(var b in a)if(a.hasOwnProperty(b))return!0;return!1};var t=/^(?:(?:https?\|mailto\|ftp):\|[^:/?#]*(?:[/?#]\|$))/i;var u=window,v=document,w=function(a,b){v.addEventListener?v.addEventListener(a,b,!1):v.attachEvent&&v.attachEvent("on"+a,b)};var x={},y=function(){x.TAGGING=x.TAGGING\|\|[];x.TAGGING[1]=!0};var z=/:[0-9]+$/,A=function(a,b,c){a=a.split("&");for(var d=0;d<a.length;d++){var e=a[d].split("=");if(decodeURIComponent(e[0]).replace(/\+/g," ")===b)return b=e.slice(1).join("="),c?b:decodeURIComponent(b).replace(/\+/g," ")}},D=function(a,b){b&&(b=String(b).toLowerCase());if("p

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\down[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	748
Entropy (8bit):	7.249606135668305
Encrypted:	false
SSDEEP:	12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
MD5:	C4F558C4C8B56858F15C09037CD6625A
SHA1:	EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
SHA-256:	39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
SHA-512:	D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/down.png
Preview:	.PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?\|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\errorPageStrings[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	4720
Entropy (8bit):	5.164796203267696
Encrypted:	false
SSDEEP:	96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
MD5:	D65EC06F21C379C87040B83CC1ABAC6B
SHA1:	208D0A0BB775661758394BE7E4AFB18357E46C8B
SHA-256:	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
SHA-512:	8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/errorPageStrings.js
Preview:	.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\httpErrorPagesScripts[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	12105
Entropy (8bit):	5.451485481468043
Encrypted:	false
SSDEEP:	192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
MD5:	9234071287E637F85D721463C488704C
SHA1:	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
SHA-256:	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
SHA-512:	87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
Malicious:	false
Reputation:	low
Preview:	...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)\|ftp\|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\5[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	8808
Entropy (8bit):	7.924096431667515
Encrypted:	false
SSDEEP:	192:cKfM9zPYf6+Tn0aM5zLpw1vMkKRIU6YQU/35KJpyZ78GnpbvEtaWuszFNeD:XfaYS+Tn0fLpdkK568B8y18GpbnWusz4
MD5:	CBE5DCE9FF8B165B749589F69769B4D9
SHA1:	BC65680A47EA4C94D21FBF7AA802D82D7E610EAC
SHA-256:	321DE44375082B3669485CF0A8C6384D77569126DBBA2ACDC33CA8612679ED8E
SHA-512:	3235DC43358CDD169DAEBAAAC92EF0EB9171E3BA6B1A5170BC533A6418D2373E2CAFE0F0319F0568160F1DA56BD676B72686068637884FAF44B77982917B6C4A
Malicious:	false
Reputation:	low
IE Cache URL:	https://b.basemaps.cartocdn.com/light_all/4/4/5.png
Preview:	.PNG........IHDR.............k.XT....PLTE..........................................................................................................................................................g...!.IDATx..}.w.(.fHC..DS&R.O4%._%X....?.....M.......7.l....I.Xb8.$..t.JV\.I...G.M.Fk.......\|..:h%.m[.....1M7...e."......z..zG.@}.).i..m.....'..-.........&.Z.....#.-NF&.0...r.l.&....(...<V..fEz!...?..m....j.V5e.VK.o....+ ..l..F.<..K..........`....V..?.j...;.[..F..".j.....Y'.......hW..h...(.j.......h.H7..Uy@.E.2.a/.....\|?F..<....Q.j....h..q:...... ..I........D..5.j7....(F......W....[.+...../..^.4......a....I.zA.....8...Nw5i`.c..d.\...$rp.u......;..Nu.\|.}'.."@.\.7m..6.q.t...w../...W....A..8E.7.!.p.;....<k....CR.r..._v...;.xH..ZV.DR......~#...i..5..o....K...H.YRsE......e/..0..8... y...&...pd.....1.....J..cz.L)C.&..........3...RMh.. ......t.........o<.9.z...ps.pI..&...D.......<.....JJA).........."....a.....&$e.....-ew.e5...=....r."........D)L..r..6...7....50.X..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\5[2].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	7412
Entropy (8bit):	7.937397199852149
Encrypted:	false
SSDEEP:	192:dNhzfWFUQ6qH4UX5pgVWsVGJN0QLAs3Bq68:dX2UQ6g4sbEi0Q8OB8
MD5:	32BCC44EB25B400FC32C76FC33A3307B
SHA1:	7F87D1235E5F8467CDA4AC9B9D82CA702E8EBE51
SHA-256:	8D7AD0F153B314DCC2E8A24611C7D36272AB7A720AAD098CEC6D3ADA5BCCDA81
SHA-512:	7304B15068A933DF7A0F0BA08A953A57BAA33CB07B710D402362061D2E0D041A8D4E24A361B0400AB654CBB843FC00B060C0B6D0504598474335EB4B617ED890
Malicious:	false
Reputation:	low
IE Cache URL:	https://a.basemaps.cartocdn.com/light_all/4/3/5.png
Preview:	.PNG........IHDR.............k.XT....PLTE..................................................................................................................................................................<..}....IDATx..].{..f..N{h.ji.r.>..Z.E.B...].>,. ..M..>.t.....f..a...G......#.....AWK:.!. ;..E.7My....\|...?....S......%Sz.`.R.D@....`&.!...\.!_e......x....@.....T....r.^....q.........C..r.h;.p....4.w..Xl.......'...Q...D@Q.... .UH........,;8Z3.......z..!.UH.:..o.......AP.h..4.e......xYA'r.....S..x..%.NIc...k...y.....i;f.G.`.ZM.;.zFs....G..5.4i...iV5.F}.G........._...W..P...,mJ.h.D5.....?...@.0@..p.......{......$...(..E4L........r....[..u.8Ad...T.....%..:.S4n?..h....c..U....@@....P.!.Z...0.m.D~.D..Mn6...J.......l.G<r".").W@....O.. y/@........U!.........Y?............e...q...."..\|..(.+..7..e,.h.....8..Y.!.h." '._s].1OEr..@.7..>..T..$Z.+..l\|.@....!.%.O.C.N..c.Vv@.8...x....X.kQNU...2J..C...L5..#t..."t(....b{;..../V......3.%h.....F.......i9./...B._g3.Wk.i.D~

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\5[3].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	6334
Entropy (8bit):	7.863520129335304
Encrypted:	false
SSDEEP:	96:xAsUCVlCZDJpsFEM8MQnW1zRUYeVgNMaT3eFGF0nztRkbGzY4k8za:xzVMFcB83uzRVoKPT3elnQQDk6a
MD5:	3116FD58A19EB284546DAB18245582D5
SHA1:	96AB5E2B51DACB149054EC162DCF1AB6F6E63F02
SHA-256:	BE2315771C1D96FDC42E9A71B71C92401E898E1583B922C16C0C91B01917B298
SHA-512:	F26C1A1247C6897FD4581DBD6032D49DE8D05529E6983E60DA31CFBFE3495864F371A44832F3662953335A1D4FD69F08E61A2768616C03AA140B912EF4579B01
Malicious:	false
Reputation:	low
IE Cache URL:	https://d.basemaps.cartocdn.com/light_all/4/2/5.png
Preview:	.PNG........IHDR.............k.XT...~PLTE..............................................................................................................................0..+....IDATx..].w.:...V..m}...........<....qp.&1.F.....)...!.~....H.]yy.-L.g.K..%.C.M.?6.X....x.k.j....=>.O....C.w.j.&Mw...K......HM.C.4.WI.......y..&..;. .....N.$.r.L.A........1".....(....c./...M..W....G.....}.)...lq..RMy..F.PX.VE....P.6AX_'R...P......4...).mK.x&F.(e..B...."..p.E..ik._..wp...&.@<.>6..,H..t..9..lAl).....+..A.7..)...}4...<V.H-..n....$...1"1... ......A....wi%...tq.V4..<....5..P.........8.D..........cx....R....f.p.k....A.B.T....a.8.E.'vh.s...t..........g..)b...abq......@JX.={.Ps...5H....9..'...*.c......l%2.4.7....D=t?C....B.;K.F...Dh`.o(...3c..}<..@....T.4:..V..2...a`.F....4.w.\|M;...v..B.......f.M....R.A..Y~\|.A.E.......3..h..%.(F0.j.`.....!`...?.n. .V=...aa..e.. 0....2....\|....Y....r..}...:.:.....&.rv...........~....T..g6...o....."..w....-.`xT.....4+._p....`..>p......E2.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\5[4].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	4843
Entropy (8bit):	7.940159961795282
Encrypted:	false
SSDEEP:	96:z9mTXATgDsUipLbV6vqilTsob98KM3hWin48xJVRq8bLFObygP7:xmTX0MsUiSvqilIob3Es8xJVRdBU
MD5:	EDEE9E19D27BCBDB71CB3EE15B273028
SHA1:	0D97AE2247764B475F4A30EE4F095C18B637A6C7
SHA-256:	E8A645FA342AE8402D7922C2FC58AAA32D5993594DA2410F61E3D30C608B6B68
SHA-512:	2B09CBAFDC0CE56A6514B7D501A4811C0D4C303E5C1B6CA92301FB4E15E1B0890CF900DC7A316D100B8BB19EAFDCC8F7F8C8815A90A78751365063F230276A23
Malicious:	false
Reputation:	low
IE Cache URL:	https://c.basemaps.cartocdn.com/light_all/4/5/5.png
Preview:	.PNG........IHDR.............k.XT...uPLTE...........................................................................................................................1IDATx..]...(......m.3Z.....G\|...-(.v....ng.$.$.$8......Y.....ga......)j...0g.....6ASa..l...M.D.....&i......=.a.....5.M..l.4...(..r.F...h".a.~.8p=..}..S...N...N..K..O..c...8.<../..qC.;.D~.9+....w>J..0.&.e...@............8.Q...yEK.!B"...Jk.$.4..O....x.9....... ..EbDG.....K...um..W..z.?.sl..W...^..).......\|.D.G.I.zgyI.g:......,....6...A..\|...TH.8.'...G...m...\|\|...p.A3...\|..7r...5..).D+-.I.IVp*.........'..........@.,@.1.$..U.......0..o.y.z....#..e..w.F..`..WM-.....v..9-19.7.5.F.=.......W.ktl^....._o.....&...VMm.@.D.d.z<...N.w./>.6.].O.Z.C.....u..7Q^cc"...5..'H..1NP3......)..1....>..?.....F.........#.vX........h..'<FW@>B.........r>..}.i...sB...C....r&(.M.....A..._T...r.......M....a.`..@..e..=b.L:@xF.p...o.J....uE.'`~.q.8v.F.?(...+.0s..$I.J..I.B1.F.J.d<.....I.......}.[..m.I.#..%<...3...7.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\5_50[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	3972531
Entropy (8bit):	5.897260446899459
Encrypted:	false
SSDEEP:	49152:fHLZ+dnWgoeyigwTxjpwzSFevRgd7+7yiKrNjBMAwDFqPDdRDOVZLf3uAMSY12vk:QPDdRDOVZLf3uAMSY12vO6t+5
MD5:	D5DF33D48580665F0FFB9AC949E9E798
SHA1:	694C5361A03F227894C8CDBB27D3080A0E8D53F8
SHA-256:	6CFDCFF2CAC0FE7BEE829AD1732644FDA1545E8046DC7B50F351CF4B98950AA5
SHA-512:	087A1067F1EC00F81EDC458E02BCCCC962706EA4C5BCDD90557D6B6FC5CFBF1E04F0EB88C8F64ABD009CF0827301BA11E9D04ED8890DE2CDAD98DC3263791CBF
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>.<html>.<head>.<meta charset="utf-8" />.<title>leaflet</title>.<script src="data:application/x-javascript;base64,KGZ1bmN0aW9uKCkgewogIC8vIElmIHdpbmRvdy5IVE1MV2lkZ2V0cyBpcyBhbHJlYWR5IGRlZmluZWQsIHRoZW4gdXNlIGl0OyBvdGhlcndpc2UgY3JlYXRlIGEKICAvLyBuZXcgb2JqZWN0LiBUaGlzIGFsbG93cyBwcmVjZWRpbmcgY29kZSB0byBzZXQgb3B0aW9ucyB0aGF0IGFmZmVjdCB0aGUKICAvLyBpbml0aWFsaXphdGlvbiBwcm9jZXNzICh0aG91Z2ggbm9uZSBjdXJyZW50bHkgZXhpc3QpLgogIHdpbmRvdy5IVE1MV2lkZ2V0cyA9IHdpbmRvdy5IVE1MV2lkZ2V0cyB8fCB7fTsKCiAgLy8gU2VlIGlmIHdlJ3JlIHJ1bm5pbmcgaW4gYSB2aWV3ZXIgcGFuZS4gSWYgbm90LCB3ZSdyZSBpbiBhIHdlYiBicm93c2VyLgogIHZhciB2aWV3ZXJNb2RlID0gd2luZG93LkhUTUxXaWRnZXRzLnZpZXdlck1vZGUgPQogICAgICAvXGJ2aWV3ZXJfcGFuZT0xXGIvLnRlc3Qod2luZG93LmxvY2F0aW9uKTsKCiAgLy8gU2VlIGlmIHdlJ3JlIHJ1bm5pbmcgaW4gU2hpbnkgbW9kZS4gSWYgbm90LCBpdCdzIGEgc3RhdGljIGRvY3VtZW50LgogIC8vIE5vdGUgdGhhdCBzdGF0aWMgd2lkZ2V0cyBjYW4gYXBwZWFyIGluIGJvdGggU2hpbnkgYW5kIHN0YXRpYyBtb2RlcywgYnV0CiAgLy8gb2J2aW91c2x5LCBTaGlueSB3aWRnZXRzIGNhbiBvbmx5IGFwcGVhciBpbiBT

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\6[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	6662
Entropy (8bit):	7.914557939416909
Encrypted:	false
SSDEEP:	192:WiFi4qdqu9UTD+SQHU+HQsXh35Uz3b4agjjHLixfKuf9fDjA0:NFi4s9UT3n+FyzL4tvrixfKMRDF
MD5:	9E2C2C048DF9992AEE98689E00B5DD6F
SHA1:	C073F0593C2B4693E077103F54CC0752B99478D5
SHA-256:	53747D63EBFDCC181D91CD4AF911FDDEE7285F8A2644ED667DCF4117E07C3ED1
SHA-512:	120F02964058FF5D3269A9CD4D15C23203A32FCCD8B6694FD3FFEECE2C422B460247D727881A8FD7E2C35A3003D5D1B2EEF376A4A6A5B4D8EFEAAD50C02CEB64
Malicious:	false
Reputation:	low
IE Cache URL:	https://b.basemaps.cartocdn.com/light_all/4/3/6.png
Preview:	.PNG........IHDR.............k.XT....PLTE...............................................................................................................................................................................................................................@......IDATx..].{..v..-.\|.......1..$!`..K...}.......O.x.....hf$k...t.4.y..B=...WJ..*x.b.].u.....&........ p.....^..tc.p....^;.K.....?.....9..H...O.3.../.....t.X,...r.X,f.).2.././...L..J7..7.X...p.q.../".0'.../^...._N.{'u......a.A....?$..w...}.....D.u.8R....X.`...!`.......%s..^vKD...1D.....e.@h..;..r...0.p......7_.F..0z.8.......~..... !.......s.u.[3.}..B........?.......f.[..~..c..z.y.....:XaC.t.....8.v...~.,....<.>.K..v.y...7_o.;....R.............?..u.......Z../.z]..v\..j'a...k.....h'....v..t.vpP.Yp...S../.E.\|o.0.sIoR.P...4.lg>$^<A..^wM...D...08.......j. 4'FZ.o..5....1.....}..RV..ue.j .....C......!...z........t....bB...O~PNL.Q.j`C..l./..........zB........C."..QPA..4..c..Z.5w.HD.>.Se..i..g..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\6[2].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2482
Entropy (8bit):	7.750264008969156
Encrypted:	false
SSDEEP:	48:iDgqeMHlHN1nJznN01N7ZUOg5Du5EFa2LXsnfflQA2HAfsWVzGT9:iDbB5N1RnNguOgFTDsnfflVTrGT9
MD5:	8532E94D07EE477DC456300955F2115D
SHA1:	94BC8B7590384A277947E5E77ED4369A0E78B8D4
SHA-256:	7B9A4EC0EF332911A46F4C1B18704476004685A9062EEB4F47DD3FF560066AFB
SHA-512:	CCC015DE82F301D80133369912D0A4A26C334586CEE5E510EAC8BB1C49DF20FD37E8D56299D83CD345B9F40DB69DE57CC18CCDC3D9FB420E9DA87A1AE4E5D6C4
Malicious:	false
Reputation:	low
IE Cache URL:	https://a.basemaps.cartocdn.com/light_all/4/2/6.png
Preview:	.PNG........IHDR.............k.XT...fPLTE.......................................................................................................;......IDATx..m{.:..9....@..,u.....H..-............E._..t.I.....;.{...!.oD..........B.x..XL..([..).].X.@U... ...q.u.....r..[.@..[!...0.......\|.....bb.7........>i........a.{.Bd..........N..A.1>B..-.@......s...l....Z.K.......[.30..,.......j.pF..t..h&L.M....P.B7......./.......\.....v..........S......$.n...+...........0.`H.u......KB...i..WP....T.m.`....<..$.8#.G...Q.B.. ......"....\..X.J.pa.N.........ur.......E.,...@..O.&.[.@.D.N.........C[%f...........X.@...`.?7 ..@$F>.P.h....,.p... f<Iy....fM.6.h..A.\.,JV.e.s.X. h.Q/"@7.<.L....Pw..?......X. ....5.c...T....X.o..5.............jj@`=.^..=........{...(.O.....8....h..N.L!`=.%'.:A"...~Hd?.eYP%P..9J.&`?.e..).R.U]...P.c...iR..5....Z+.W.....sz.6..Z)....c-.[.......J.K..,..[Xr...]..E...&Z@#..4eE...N".......q....f..x;..V....3R"...x.\O.A.....d...y..C...-.e..kA..e.b.a.M....zb.v..v.R...z

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\6[3].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	103
Entropy (8bit):	4.486070225514895
Encrypted:	false
SSDEEP:	3:yionv//thPktklFDZolmjmx/Nl/FSzrm//V2+w/jp:6v/lhPktkTDZ4myzldS29w/jp
MD5:	C8EC1F81F88E62CF5E1ED4AB69A7806B
SHA1:	F0C70DE6BC12597BF3A58E5479E10DF3D15048AA
SHA-256:	AC71F70963C6BC771B87B03E52A50B57F5F85E63527B517E8D6B46B843775B1A
SHA-512:	9BCF8EE08A3B1CE51FECA71F786A9748C8C39354258E47F55DB2AFADC136C82C50E68FC7558B299AD8E8D353FDAAC9157173E8F19134485C6B1375CDFEB6C487
Malicious:	false
Reputation:	low
IE Cache URL:	https://d.basemaps.cartocdn.com/light_all/4/5/6.png
Preview:	.PNG........IHDR.............f.:%....PLTE....H.\....IDATh..........Om.7...........!....`......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\6[4].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	6294
Entropy (8bit):	7.932732885200471
Encrypted:	false
SSDEEP:	96:qpmICkrBfZrXUBA2XAO8PSQIvQPPjD51ZmZGYyXpi9Tm8saF2nsBtNT:emX6ZoPFIPpmYYMABm8tF2nsBtJ
MD5:	FCD49E070E0F673538B857B03F1530AB
SHA1:	10B3704A87A0559A2134931F514C4C319E1E75B9
SHA-256:	14AF5797249EA620BCAB92D84D1BE119B9840D89DD6D10589802BA11ED4D0402
SHA-512:	884259D1FE443BF59FEC405F9E62D6E91CF6DD2530A6781A20FAB795D1F050CCABD56F15E2B39088FDB7E88528E8F6F2371492718E57EC2BDEDEE35E70EED522
Malicious:	false
Reputation:	low
IE Cache URL:	https://c.basemaps.cartocdn.com/light_all/4/4/6.png
Preview:	.PNG........IHDR.............k.XT....PLTE................................................................................................................................................................................,......IDATx..]mc.:...{...-J).....Z..@....&.E^... ..\|h..5.3...d2B\|D........u\|D.C'h.^...?b.\M.l..."..b.j.`$..g...q.@..B@.\|/B...G.l.....U.oG@.6....v6......sI....W.._9\|y...8>..?=.&....P..o.....y.....\|.8qk...;......-..gZ.}..o..4..v1v.v...d.B.<.A..X\.>.Y.q..c^/...`.._v.!L..x.....)...x...K..O~s.CK.Lj......9}.;..-.89U..p......F.....8?f...&.....\|..ZMf..L~....[}...........F..Sa_...%......W..T..O8.v.L..8.".....};.&.F..".K....../..pz+....w...L.n$.0..L.M..EW.........~.}p;t....9-.....X-Woe..C..M../.}.W9.W.x.Dq..w...E..."^p.y.;"?~M..+../...;..p.}..5.<.-...........z#$.4KO...../..3)....t.\<.7z.\|.Pi.3.[.........S..../.<.8>S.8{....N.gd...../&.h...)E.?.w.V.z..9.....J.\U.`.iV...(.F....h.G(E..<1.O...=$J...x..i..u=Nb...1p.n..H@TS...L.1..bN.Mt.I>h.@.;0_...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	15406
Entropy (8bit):	4.7213015476915094
Encrypted:	false
SSDEEP:	192:F6GAFbVuOr0hX46/pjH4xBjl9w/81ggUDdp7gJl2EXfI9kBi3XB:F6BbVuy0JGrjr1gLp7WXw96i3X
MD5:	1A2B1B2A10E71FF8F86823637C5FABB2
SHA1:	14B3199CF7C5B7EED9D7C8B4F423828C024A8E82
SHA-256:	BF5110DC5C3BD526C3A427691D4A0028F5EF1EB52A609C405D3E14EA3236017B
SHA-512:	128C308F20F95519746CA0D62CEAA31FB883ECCB10BA3136A0D1FF2F2811279B18CAFC73C89C868A0DFF6B5C886A889A00535EB05D99DEACB3C441437E0358D1
Malicious:	false
Reputation:	low
Preview:	............ .h...6... .... .(.......00.... .h&......(....... ..... ..................................................)................................................................,.............................................x.................................5...N....................................h.........2pd.+nb.,............................y...........~...s..................~~.c...q....................d...............j..............od.0mm.....Y...E...........P.....s.....................}qh.Sof.U...'..................).......p....................qj.$....of.>..................................D...\......#......................................UU..{{.>ub..mm..qg.Qng.Eqf.-...g.................................z....~~.]oh.'...w..........Hlf.(pg.o...M..................R...A...{w.>.........x.............jod.0.................7....................v...d...d..........jj..qc.$mg.*UU..............................{...d...d..........ub.....\...z..........................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\5[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 1-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	103
Entropy (8bit):	4.486070225514895
Encrypted:	false
SSDEEP:	3:yionv//thPktklFDZolmjmx/Nl/FSzrm//V2+w/jp:6v/lhPktkTDZ4myzldS29w/jp
MD5:	C8EC1F81F88E62CF5E1ED4AB69A7806B
SHA1:	F0C70DE6BC12597BF3A58E5479E10DF3D15048AA
SHA-256:	AC71F70963C6BC771B87B03E52A50B57F5F85E63527B517E8D6B46B843775B1A
SHA-512:	9BCF8EE08A3B1CE51FECA71F786A9748C8C39354258E47F55DB2AFADC136C82C50E68FC7558B299AD8E8D353FDAAC9157173E8F19134485C6B1375CDFEB6C487
Malicious:	false
Reputation:	low
IE Cache URL:	https://c.basemaps.cartocdn.com/light_all/4/1/5.png
Preview:	.PNG........IHDR.............f.:%....PLTE....H.\....IDATh..........Om.7...........!....`......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\7[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2074
Entropy (8bit):	7.572692734406219
Encrypted:	false
SSDEEP:	48:xPxM1LIC85qdEBAwvi3Sm1jEoDuoDuoDuoDuoDuoDuoDuoDuoDuoDuoDuoDuoDud:xPxMFP6Zlvi3ZA2u2u2u2u2u2u2u2u2a
MD5:	3C43D288578FA26FEF894F325BF09E1C
SHA1:	C5183FE9EA6DBB7DDE8BE5E89092B6C456CE361A
SHA-256:	FC07ACA3AC30BF00E438BF86099B83094DA322DEA426193152C61E268997416F
SHA-512:	5F9F134F3514E912EAD84C3FA99A3D95B256413D2AA110BBD2CD66B3B6A7B05EBBA636EF3869510E0BE5875F400995C5E68BCA539C6CA19E9D88664544E899AD
Malicious:	false
Reputation:	low
IE Cache URL:	https://c.basemaps.cartocdn.com/light_all/4/3/7.png
Preview:	.PNG........IHDR.............k.XT...cPLTE........................................................................................................rIDATx...b.:.E....+5......r.TD j....?u.igg..&.).V..T.Q..7.6...]).R.&.....S5.8..j.......e.pW..)./..^.8......Sy,..J..u..,....`..S4......Y^...B...r...F.B..U ..qHL\.L.. ..j.1Z@..y.X..........}..hE. B.(#..n.4....v..............i+....;.MR...ugE- .e'....e.....T...9eV.C.#. &1P....W..G......)....q.f .k....}}.(zB..P...l...(j...2..P....<........0...4.orUn=K1."Z.E.p....P..,.h6F.....G.d(.#..._..#4q.Pts.!X...k.. .>X.............~P...................\t".....:..3.B.l.M%.# ..O....8vS........n:.....l.......g.Q@V.<L.....W...>R.eB......<w.[.W.N1?....$..C..%"...U..V Eo....x..997.h]....Pe........1....@.L..g....:..:u.........P..H....oD....4....q...k...N...(........1...G...{....r\ ..v....S....G.)..c...7...^.....&.O.o/r......nU].GF..u.f..?>(.\..A.....X.#.#.<..N..:....Y..X.R..PC..g.N.HG(-...)l...@.#.#.R_a.*.R@&F9C9..'#`.S...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\J8TWWBAX.htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	43310
Entropy (8bit):	5.065623926173822
Encrypted:	false
SSDEEP:	768:rUQZB/AzDp0p5v3msOjcNOnOsHEApaHVZttAoJMogh3g3V8:rUQZB/AzDp0p5v3mjjUOnDHEApaHptAT
MD5:	5B6427D26205709DB2939EEEEE50C457
SHA1:	AA268CFDFB9925F51D8097704F7D2AFD20618F5E
SHA-256:	E6287A98AD1AEA9D8847E089DD7EF3D66EADDC8764E95B522AA7263364E93794
SHA-512:	FA6358AF3B98117DF97AE873591464DBD27E809CF6AD9AA9ECA5E2E404C5F3D408832DAAC62B809E5FD115AD99251962AB4DC1D0CDA05AD7508155507096D9AF
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>.<html>.<head>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>. <script type="application/shiny-singletons">5d8980c8ca413e6bf3804114399e2217f61c505a</script>. <script type="application/html-dependencies">json2[2014.02.04];jquery[3.5.1];shiny[1.5.0];ionrangeslider[2.1.6];strftime[0.9.2];shinyWidgets[0.5.3.930];awesome-bootstrap[0.3.7];font-awesome[5.13.0];bttn[0.2.4];selectize[0.11.2];bootstrap[3.4.1]</script>.<script src="shared/json2-min.js"></script>.<script src="shared/jquery.min.js"></script>.<link href="shared/shiny.css" rel="stylesheet" />.<script src="shared/shiny.min.js"></script>.<link href="shared/ionrangeslider/css/ion.rangeSlider.css" rel="stylesheet" />.<link href="shared/ionrangeslider/css/ion.rangeSlider.skinShiny.css" rel="stylesheet" />.<script src="shared/ionrangeslider/js/ion.rangeSlider.min.js"></script>.<script src="shared/strftime/strftime-min.js"></script>.<link href="shinyWidgets/shinyWidgets.min.css" rel="stylesheet" />.<

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\NewErrorPageTemplate[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1612
Entropy (8bit):	4.869554560514657
Encrypted:	false
SSDEEP:	24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk
MD5:	DFEABDE84792228093A5A270352395B6
SHA1:	E41258C9576721025926326F76063C2305586F76
SHA-256:	77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
SHA-512:	E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/NewErrorPageTemplate.css
Preview:	.body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\UT6BD5TO.htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	43310
Entropy (8bit):	5.065869344055927
Encrypted:	false
SSDEEP:	768:rUQZB/AzDp0p5v37sNjbNpeOsHEApaHuZttAoJMoghcg3S8:rUQZB/AzDp0p5v37YjxpeDHEApaH4tAL
MD5:	684487952F5FEFB6084275573FF4A9BC
SHA1:	F723E07F5AAE7D42DA67E9D487251D61D171ED15
SHA-256:	1A5CDE91F7D441CF9FC34D1540E0114ECF1DF4535BE12B55779E687B9C683253
SHA-512:	F002AB9693F876E92D7A63007FF61F1B3F3D07C8A98772C4FB5E85D0F70B38967465D4A5BBEFB1D4E4DF6920D83BD8BAE1144F68DD48C4455AB0AFF433D3E792
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>.<html>.<head>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>. <script type="application/shiny-singletons">5d8980c8ca413e6bf3804114399e2217f61c505a</script>. <script type="application/html-dependencies">json2[2014.02.04];jquery[3.5.1];shiny[1.5.0];ionrangeslider[2.1.6];strftime[0.9.2];shinyWidgets[0.5.3.930];awesome-bootstrap[0.3.7];font-awesome[5.13.0];bttn[0.2.4];selectize[0.11.2];bootstrap[3.4.1]</script>.<script src="shared/json2-min.js"></script>.<script src="shared/jquery.min.js"></script>.<link href="shared/shiny.css" rel="stylesheet" />.<script src="shared/shiny.min.js"></script>.<link href="shared/ionrangeslider/css/ion.rangeSlider.css" rel="stylesheet" />.<link href="shared/ionrangeslider/css/ion.rangeSlider.skinShiny.css" rel="stylesheet" />.<script src="shared/ionrangeslider/js/ion.rangeSlider.min.js"></script>.<script src="shared/strftime/strftime-min.js"></script>.<link href="shinyWidgets/shinyWidgets.min.css" rel="stylesheet" />.<

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\dnserror[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	2997
Entropy (8bit):	4.4885437940628465
Encrypted:	false
SSDEEP:	48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra
MD5:	2DC61EB461DA1436F5D22BCE51425660
SHA1:	E1B79BCAB0F073868079D807FAEC669596DC46C1
SHA-256:	ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
SHA-512:	A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can’t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can’t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\dnserror[2] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2997
Entropy (8bit):	4.4885437940628465
Encrypted:	false
SSDEEP:	48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra
MD5:	2DC61EB461DA1436F5D22BCE51425660
SHA1:	E1B79BCAB0F073868079D807FAEC669596DC46C1
SHA-256:	ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
SHA-512:	A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/dnserror.htm?ErrorStatus=0x800C0005&DNSError=1460
Preview:	.<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can’t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can’t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\errorPageStrings[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	4720
Entropy (8bit):	5.164796203267696
Encrypted:	false
SSDEEP:	96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
MD5:	D65EC06F21C379C87040B83CC1ABAC6B
SHA1:	208D0A0BB775661758394BE7E4AFB18357E46C8B
SHA-256:	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
SHA-512:	8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
Malicious:	false
Reputation:	low
Preview:	.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	15406
Entropy (8bit):	4.7213015476915094
Encrypted:	false
SSDEEP:	192:F6GAFbVuOr0hX46/pjH4xBjl9w/81ggUDdp7gJl2EXfI9kBi3XB:F6BbVuy0JGrjr1gLp7WXw96i3X
MD5:	1A2B1B2A10E71FF8F86823637C5FABB2
SHA1:	14B3199CF7C5B7EED9D7C8B4F423828C024A8E82
SHA-256:	BF5110DC5C3BD526C3A427691D4A0028F5EF1EB52A609C405D3E14EA3236017B
SHA-512:	128C308F20F95519746CA0D62CEAA31FB883ECCB10BA3136A0D1FF2F2811279B18CAFC73C89C868A0DFF6B5C886A889A00535EB05D99DEACB3C441437E0358D1
Malicious:	false
Reputation:	low
Preview:	............ .h...6... .... .(.......00.... .h&......(....... ..... ..................................................)................................................................,.............................................x.................................5...N....................................h.........2pd.+nb.,............................y...........~...s..................~~.c...q....................d...............j..............od.0mm.....Y...E...........P.....s.....................}qh.Sof.U...'..................).......p....................qj.$....of.>..................................D...\......#......................................UU..{{.>ub..mm..qg.Qng.Eqf.-...g.................................z....~~.]oh.'...w..........Hlf.(pg.o...M..................R...A...{w.>.........x.............jod.0.................7....................v...d...d..........jj..qc.$mg.*UU..............................{...d...d..........ub.....\...z..........................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\httpErrorPagesScripts[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	12105
Entropy (8bit):	5.451485481468043
Encrypted:	false
SSDEEP:	192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
MD5:	9234071287E637F85D721463C488704C
SHA1:	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
SHA-256:	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
SHA-512:	87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/httpErrorPagesScripts.js
Preview:	...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)\|ftp\|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\js[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	98179
Entropy (8bit):	5.515311222750762
Encrypted:	false
SSDEEP:	1536:JzcJX1bKwn8hWk0mA6wRV2RnjrY6/3+6NK8vTvJxx/JKj1P9GSKPNAGh6Z66F2ek:JzcJX1bt8hWk0R6BjrHZvl/A3kH
MD5:	47B9E15B3916750C526DBC0B01F1481A
SHA1:	461CA764C000D7BA56F2C03D08506C7E58234A31
SHA-256:	33825B26BE1CC3A5B642CB9950B2359D709745B35A6D7ACC9E7B55BA940538DD
SHA-512:	90FDCC108E886EC80AF6B3CB0F1869AF2A4A172C6445E487B79F56C72CC5ED2F55039CDADCC7907A16B489F9CFFBB03DA85B3AAC4ED452976E51FC8BCE738C1A
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.googletagmanager.com/gtag/js?id=UA-45174995-12
Preview:	.// Copyright 2012 Google Inc. All rights reserved..(function(){..var data = {."resource": {. "version":"1",. . "macros":[{. "function":"__e". },{. "function":"__cid". }],. "tags":[{. "function":"__rep",. "once_per_event":true,. "vtp_containerId":["macro",1],. "tag_id":1. }],. "predicates":[{. "function":"_eq",. "arg0":["macro",0],. "arg1":"gtm.js". }],. "rules":[. [["if",0],["add",0]]].},."runtime":[].....};./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var aa,ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ca="function"==typeof Object.create?Object.create:function(a){var b=function(){};b.prototype=a;return new b},da;if("function"==typeof Object.setPrototypeOf)da=Object.setPrototypeOf;else{var ea;a:{var fa={rg:!0},ia={};try{ia.__proto__=fa;ea=ia.rg;break a}catch(a){}ea=!1}da=ea?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new Typ

C:\Users\user\AppData\Local\Temp\dat3A8F.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), FontAwesome family
Category:	modified
Size (bytes):	165742
Entropy (8bit):	6.705073372195656
Encrypted:	false
SSDEEP:	3072:qbhEnD+IzsU9z9QJ6/P3Xe2iEiEPGFCMW1JVJG6wVTDsk6BmG6S1yKshojskO+b2:qenD+IzsU9z9QJ6/PO2FiEP2C/DVJG6I
MD5:	674F50D287A8C48DC19BA404D20FE713
SHA1:	D980C2CE873DC43AF460D4D572D441304499F400
SHA-256:	7BFCAB6DB99D5CFBF1705CA0536DDC78585432CC5FA41BBD7AD0F009033B2979
SHA-512:	C160D3D77E67EFF986043461693B2A831E1175F579490D7F0B411005EA81BD4F5850FF534F6721B727C002973F3F9027EA960FAC4317D37DB1D4CB53EC9D343A
Malicious:	false
Reputation:	low
Preview:	n.................................LP........................Yx.....................F.o.n.t.A.w.e.s.o.m.e.....R.e.g.u.l.a.r...$.V.e.r.s.i.o.n. .4...7...0. .2.0.1.6.....F.o.n.t.A.w.e.s.o.m.e................PFFTMk.G.........GDEF.......p... OS/2.2z@...X...`cmap..:.........gasp.......h....glyf...M......L.head...-.......6hhea...........$hmtxEy..........loca...\........maxp.,.....8... name....gh....post......k....u.........xY_.<..........3.2.....3.2.................................................................'...............@.........i.........3.......3...s................................pyrs.@. ........................... .....p.....U.............................................]...............................................y...n.......................................2.......................................@...................................................................................................................................................z..............................

C:\Users\user\AppData\Local\Temp\dat96BD.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), FontAwesome family
Category:	dropped
Size (bytes):	165742
Entropy (8bit):	6.705073372195656
Encrypted:	false
SSDEEP:	3072:qbhEnD+IzsU9z9QJ6/P3Xe2iEiEPGFCMW1JVJG6wVTDsk6BmG6S1yKshojskO+b2:qenD+IzsU9z9QJ6/PO2FiEP2C/DVJG6I
MD5:	674F50D287A8C48DC19BA404D20FE713
SHA1:	D980C2CE873DC43AF460D4D572D441304499F400
SHA-256:	7BFCAB6DB99D5CFBF1705CA0536DDC78585432CC5FA41BBD7AD0F009033B2979
SHA-512:	C160D3D77E67EFF986043461693B2A831E1175F579490D7F0B411005EA81BD4F5850FF534F6721B727C002973F3F9027EA960FAC4317D37DB1D4CB53EC9D343A
Malicious:	false
Reputation:	low
Preview:	n.................................LP........................Yx.....................F.o.n.t.A.w.e.s.o.m.e.....R.e.g.u.l.a.r...$.V.e.r.s.i.o.n. .4...7...0. .2.0.1.6.....F.o.n.t.A.w.e.s.o.m.e................PFFTMk.G.........GDEF.......p... OS/2.2z@...X...`cmap..:.........gasp.......h....glyf...M......L.head...-.......6hhea...........$hmtxEy..........loca...\........maxp.,.....8... name....gh....post......k....u.........xY_.<..........3.2.....3.2.................................................................'...............@.........i.........3.......3...s................................pyrs.@. ........................... .....p.....U.............................................]...............................................y...n.......................................2.......................................@...................................................................................................................................................z..............................

C:\Users\user\AppData\Local\Temp\~DF4BE3F9F4AEA229CF.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.34696137848428893
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAggdxL1:kBqoxxJhHWSVSEab71
MD5:	38181FDFEEDB21DD9CAC5B1E3AD1A76B
SHA1:	D58A293CA2ACB7962407D08CC6F59147605D1F15
SHA-256:	8BA71C41943D74CAE8D4473F210CC31ABE9A14223A1B87824FB27B68B24A5ADA
SHA-512:	61DE904ADB73568E5FFB739D4DEA110C05326AEFCD0C6ECB71CFA2BB9B9959F719CE9097EBA42D7A4DB73BB6AA359772E313B4E6D132B895593DE3A881447691
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF5F91CC1A9FC0CE82.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.478442706748523
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lojF9lop9lWYkXoT:kBqoIysYkXoT
MD5:	7AE6223AF1D4AA23501D42717F4D6AEE
SHA1:	19FFD31594E88483994B6A92BBCDA93689310DC3
SHA-256:	7A9B4BF02B439FBEF10932F56ADF46126DA589C7B274756338CE02ABE914BFA2
SHA-512:	C1DE07D917E88222A4DB07DAEE4FD327BFAC4BE7B0104917279C8361C6C5D6A45F6D89CD1F0F09B1E2B7A52D183895276399A7A7AB4EFDC1B24772A4EA5B5E9D
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFD87BB83FAD412A7E.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	155209
Entropy (8bit):	1.3543109601719876
Encrypted:	false
SSDEEP:	384:kBqoxKAuqR+DdvmtBGpQ/UXGrA/5HrPAXHyrus2mGrl0WwIoGJwbRvppt4V+JOVQ:cGfhtE1hnbjy1Bjp1p3LJTP
MD5:	94F596CB1DB92F568DD3286AF652971A
SHA1:	DF87D8F0C82234CC0C1674FAE8BBECD330EF1C24
SHA-256:	90866272CE3361FBE7E0678E66B1B8C31E700DDBF5AC9391596176F2ED95AC20
SHA-512:	BE0BF35B431178FEAFC0DEBAA6546902A6B937EC5A56408B75FAC5F04C02EC5DDCD8DADC278CB31494D3E257D445E75946C08098CAE8301C971BDE86D54E9D54
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\HU3ZWV9Z5JLQJQUXSG7Y.temp Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	3440
Entropy (8bit):	3.1923296509695
Encrypted:	false
SSDEEP:	48:ldiIPrI2C9GrIoTAsASFJdiIPrI2h683GrIoTAczH:bPrk9SzAJgPrF3SzAG
MD5:	D5E8AE99358C43F1DF5259F2A6CC93B3
SHA1:	74567FC4E0E24647BD5B5CC4925B392466D3E099
SHA-256:	C37050FD3637D7B7888D6BAED2FBFDC3C7C393F712533C8325139D684B726605
SHA-512:	7CC91201FF2B41C65533D4BA7CEE12A18ECFBA95BBD9F298175164D7FB443561B1E63AD40944E49332CB2E8B9A9EF8F6A1B63C7E81BF0E4BA9DA70F839F5A8AA
Malicious:	false
Reputation:	low
Preview:	...................................FL..................F.@.. .....@.>...N.........?.c................................P.O. .:i.....+00.../C:\.....................1.....>Q=w..PROGRA~1..t......L.>Qnx....E...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1......L.J..INTERN~1..T......L.tQ................................i.n.t.e.r.n.e.t. .e.x.p.l.o.r.e.r.....f.2......L.9 .iexplore.exe..J......L.JtQ.......R..........x.............i.e.x.p.l.o.r.e...e.x.e.......^...............-.......]...........l{.......C:\Program Files\internet explorer\iexplore.exe....-.p.r.i.v.a.t.e...C.:.\.W.i.n.d.o.w.s.\.S.Y.S.T.E.M.3.2.\.I.E.F.R.A.M.E...d.l.l.........%SystemRoot%\SYSTEM32\IEFRAME.dll...................................................................................................................................................................................................................................%.S.y.s.t.e.m.R.o.o.t.%.\.S.Y.S.T.E.M.3.2.\.I

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 20, 2020 15:04:31.070825100 CET	49721	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.070835114 CET	49722	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.193135023 CET	443	49721	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.193152905 CET	443	49722	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.193358898 CET	49721	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.193408966 CET	49722	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.200566053 CET	49722	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.200918913 CET	49721	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.323441029 CET	443	49722	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.323491096 CET	443	49721	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.327445030 CET	443	49722	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.327488899 CET	443	49722	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.327526093 CET	443	49722	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.327581882 CET	49722	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.327625036 CET	49722	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.330317020 CET	443	49721	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.330360889 CET	443	49721	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.330398083 CET	443	49721	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.330447912 CET	49721	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.330501080 CET	49721	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.365461111 CET	49721	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.365468025 CET	49722	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.371452093 CET	49721	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.488544941 CET	443	49722	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.488584042 CET	443	49721	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.488758087 CET	49722	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.489866018 CET	49721	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.532634020 CET	443	49721	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.571907997 CET	443	49721	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.571945906 CET	443	49721	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.571975946 CET	443	49721	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.572007895 CET	443	49721	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.572036982 CET	443	49721	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.572046995 CET	49721	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.572065115 CET	443	49721	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.572083950 CET	49721	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.572089911 CET	49721	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.572094917 CET	49721	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.572094917 CET	443	49721	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.572099924 CET	49721	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.572118044 CET	49721	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.572124958 CET	443	49721	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.572150946 CET	49721	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.572186947 CET	49721	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.612152100 CET	443	49721	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.612190962 CET	443	49721	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.612363100 CET	49721	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.663238049 CET	49721	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.664222002 CET	49722	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.666946888 CET	49724	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.668135881 CET	49725	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.669292927 CET	49726	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.670125961 CET	49727	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.785223961 CET	443	49721	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.789252996 CET	443	49724	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.789448023 CET	49724	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.790565968 CET	443	49725	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.790668011 CET	49725	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.791104078 CET	443	49721	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.791138887 CET	443	49721	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.791188002 CET	49721	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.791214943 CET	49721	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.791826963 CET	49724	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.791870117 CET	443	49726	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.791984081 CET	49726	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.792306900 CET	443	49727	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.792387962 CET	49727	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.792525053 CET	49725	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.793730021 CET	49721	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.794104099 CET	49726	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.794605970 CET	49727	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.798211098 CET	443	49722	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.798257113 CET	443	49722	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.798316002 CET	443	49722	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.798343897 CET	49722	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.798372030 CET	443	49722	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.798388004 CET	49722	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.798393011 CET	49722	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.798435926 CET	443	49722	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.798469067 CET	49722	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.798496008 CET	443	49722	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.798500061 CET	49722	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.798537970 CET	443	49722	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.798557043 CET	49722	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.798587084 CET	443	49722	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.798598051 CET	49722	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.798636913 CET	443	49722	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.798644066 CET	49722	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.798683882 CET	443	49722	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.798701048 CET	49722	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.798743010 CET	49722	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.914529085 CET	443	49724	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.915080070 CET	443	49724	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.915250063 CET	49724	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.915477991 CET	443	49725	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.915956020 CET	443	49725	130.207.66.12	192.168.2.3
Nov 20, 2020 15:04:31.916085005 CET	49725	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.916668892 CET	49724	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.917078018 CET	49725	443	192.168.2.3	130.207.66.12
Nov 20, 2020 15:04:31.917083979 CET	443	49726	130.207.66.12	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 20, 2020 15:04:25.109172106 CET	53195	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:04:25.136383057 CET	53	53195	8.8.8.8	192.168.2.3
Nov 20, 2020 15:04:26.153644085 CET	50141	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:04:26.189681053 CET	53	50141	8.8.8.8	192.168.2.3
Nov 20, 2020 15:04:27.316087961 CET	53023	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:04:27.343477964 CET	53	53023	8.8.8.8	192.168.2.3
Nov 20, 2020 15:04:28.643157959 CET	49563	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:04:28.670386076 CET	53	49563	8.8.8.8	192.168.2.3
Nov 20, 2020 15:04:29.330499887 CET	51352	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:04:29.357677937 CET	53	51352	8.8.8.8	192.168.2.3
Nov 20, 2020 15:04:30.047804117 CET	59349	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:04:30.085230112 CET	53	59349	8.8.8.8	192.168.2.3
Nov 20, 2020 15:04:30.252405882 CET	57084	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:04:30.288147926 CET	53	57084	8.8.8.8	192.168.2.3
Nov 20, 2020 15:04:31.022103071 CET	58823	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:04:31.057595968 CET	53	58823	8.8.8.8	192.168.2.3
Nov 20, 2020 15:04:31.394139051 CET	57568	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:04:31.421521902 CET	53	57568	8.8.8.8	192.168.2.3
Nov 20, 2020 15:04:31.685931921 CET	50540	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:04:31.723938942 CET	53	50540	8.8.8.8	192.168.2.3
Nov 20, 2020 15:04:32.169037104 CET	54366	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:04:32.196165085 CET	53	54366	8.8.8.8	192.168.2.3
Nov 20, 2020 15:04:32.619823933 CET	53034	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:04:32.660114050 CET	57762	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:04:32.672794104 CET	53	53034	8.8.8.8	192.168.2.3
Nov 20, 2020 15:04:32.704045057 CET	53	57762	8.8.8.8	192.168.2.3
Nov 20, 2020 15:04:34.621284008 CET	55435	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:04:34.648674011 CET	53	55435	8.8.8.8	192.168.2.3
Nov 20, 2020 15:04:35.893982887 CET	50713	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:04:35.920949936 CET	53	50713	8.8.8.8	192.168.2.3
Nov 20, 2020 15:04:38.505042076 CET	56132	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:04:38.521344900 CET	58987	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:04:38.527452946 CET	56579	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:04:38.544055939 CET	53	56132	8.8.8.8	192.168.2.3
Nov 20, 2020 15:04:38.552392960 CET	60633	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:04:38.557177067 CET	53	58987	8.8.8.8	192.168.2.3
Nov 20, 2020 15:04:38.566034079 CET	53	56579	8.8.8.8	192.168.2.3
Nov 20, 2020 15:04:38.605371952 CET	53	60633	8.8.8.8	192.168.2.3
Nov 20, 2020 15:04:54.131222010 CET	61292	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:04:54.158432007 CET	53	61292	8.8.8.8	192.168.2.3
Nov 20, 2020 15:04:54.539666891 CET	63619	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:04:54.575375080 CET	53	63619	8.8.8.8	192.168.2.3
Nov 20, 2020 15:05:00.225145102 CET	64938	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:05:00.260746956 CET	53	64938	8.8.8.8	192.168.2.3
Nov 20, 2020 15:05:00.699840069 CET	61946	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:05:00.727197886 CET	53	61946	8.8.8.8	192.168.2.3
Nov 20, 2020 15:05:01.214375019 CET	64938	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:05:01.242639065 CET	53	64938	8.8.8.8	192.168.2.3
Nov 20, 2020 15:05:01.326284885 CET	64910	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:05:01.363462925 CET	53	64910	8.8.8.8	192.168.2.3
Nov 20, 2020 15:05:01.695337057 CET	61946	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:05:01.731007099 CET	53	61946	8.8.8.8	192.168.2.3
Nov 20, 2020 15:05:02.222820997 CET	64938	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:05:02.250097036 CET	53	64938	8.8.8.8	192.168.2.3
Nov 20, 2020 15:05:02.708503008 CET	61946	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:05:02.735739946 CET	53	61946	8.8.8.8	192.168.2.3
Nov 20, 2020 15:05:04.232146978 CET	64938	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:05:04.259243011 CET	53	64938	8.8.8.8	192.168.2.3
Nov 20, 2020 15:05:04.752935886 CET	61946	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:05:04.788614035 CET	53	61946	8.8.8.8	192.168.2.3
Nov 20, 2020 15:05:08.478997946 CET	64938	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:05:08.506079912 CET	53	64938	8.8.8.8	192.168.2.3
Nov 20, 2020 15:05:08.759495974 CET	61946	53	192.168.2.3	8.8.8.8
Nov 20, 2020 15:05:08.786576986 CET	53	61946	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Nov 20, 2020 15:04:31.022103071 CET	192.168.2.3	8.8.8.8	0x4963	Standard query (0)	covid19risk.biosci.gatech.edu	A (IP address)	IN (0x0001)
Nov 20, 2020 15:04:32.619823933 CET	192.168.2.3	8.8.8.8	0xa24f	Standard query (0)	matomo.chande.science	A (IP address)	IN (0x0001)
Nov 20, 2020 15:04:38.505042076 CET	192.168.2.3	8.8.8.8	0x76bd	Standard query (0)	a.basemaps.cartocdn.com	A (IP address)	IN (0x0001)
Nov 20, 2020 15:04:38.521344900 CET	192.168.2.3	8.8.8.8	0x36f6	Standard query (0)	b.basemaps.cartocdn.com	A (IP address)	IN (0x0001)
Nov 20, 2020 15:04:38.527452946 CET	192.168.2.3	8.8.8.8	0xc3f3	Standard query (0)	c.basemaps.cartocdn.com	A (IP address)	IN (0x0001)
Nov 20, 2020 15:04:38.552392960 CET	192.168.2.3	8.8.8.8	0x5064	Standard query (0)	d.basemaps.cartocdn.com	A (IP address)	IN (0x0001)
Nov 20, 2020 15:04:54.539666891 CET	192.168.2.3	8.8.8.8	0x4048	Standard query (0)	covid19risk.biosci.gatech.edu	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Nov 20, 2020 15:04:31.057595968 CET	8.8.8.8	192.168.2.3	0x4963	No error (0)	covid19risk.biosci.gatech.edu	bioappweitzweb.biosci.gatech.edu		CNAME (Canonical name)	IN (0x0001)
Nov 20, 2020 15:04:31.057595968 CET	8.8.8.8	192.168.2.3	0x4963	No error (0)	bioappweitzweb.biosci.gatech.edu		130.207.66.12	A (IP address)	IN (0x0001)
Nov 20, 2020 15:04:31.057595968 CET	8.8.8.8	192.168.2.3	0x4963	No error (0)	bioappweitzweb.biosci.gatech.edu		130.207.66.18	A (IP address)	IN (0x0001)
Nov 20, 2020 15:04:32.672794104 CET	8.8.8.8	192.168.2.3	0xa24f	No error (0)	matomo.chande.science		172.93.50.164	A (IP address)	IN (0x0001)
Nov 20, 2020 15:04:38.544055939 CET	8.8.8.8	192.168.2.3	0x76bd	No error (0)	a.basemaps.cartocdn.com	basemaps.cartocdn.com		CNAME (Canonical name)	IN (0x0001)
Nov 20, 2020 15:04:38.544055939 CET	8.8.8.8	192.168.2.3	0x76bd	No error (0)	basemaps.cartocdn.com	j.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)
Nov 20, 2020 15:04:38.557177067 CET	8.8.8.8	192.168.2.3	0x36f6	No error (0)	b.basemaps.cartocdn.com	basemaps.cartocdn.com		CNAME (Canonical name)	IN (0x0001)
Nov 20, 2020 15:04:38.557177067 CET	8.8.8.8	192.168.2.3	0x36f6	No error (0)	basemaps.cartocdn.com	j.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)
Nov 20, 2020 15:04:38.566034079 CET	8.8.8.8	192.168.2.3	0xc3f3	No error (0)	c.basemaps.cartocdn.com	basemaps.cartocdn.com		CNAME (Canonical name)	IN (0x0001)
Nov 20, 2020 15:04:38.566034079 CET	8.8.8.8	192.168.2.3	0xc3f3	No error (0)	basemaps.cartocdn.com	j.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)
Nov 20, 2020 15:04:38.605371952 CET	8.8.8.8	192.168.2.3	0x5064	No error (0)	d.basemaps.cartocdn.com	basemaps.cartocdn.com		CNAME (Canonical name)	IN (0x0001)
Nov 20, 2020 15:04:38.605371952 CET	8.8.8.8	192.168.2.3	0x5064	No error (0)	basemaps.cartocdn.com	j.sni.global.fastly.net		CNAME (Canonical name)	IN (0x0001)
Nov 20, 2020 15:04:54.575375080 CET	8.8.8.8	192.168.2.3	0x4048	No error (0)	covid19risk.biosci.gatech.edu	bioappweitzweb.biosci.gatech.edu		CNAME (Canonical name)	IN (0x0001)
Nov 20, 2020 15:04:54.575375080 CET	8.8.8.8	192.168.2.3	0x4048	No error (0)	bioappweitzweb.biosci.gatech.edu		130.207.66.12	A (IP address)	IN (0x0001)
Nov 20, 2020 15:04:54.575375080 CET	8.8.8.8	192.168.2.3	0x4048	No error (0)	bioappweitzweb.biosci.gatech.edu		130.207.66.18	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Nov 20, 2020 15:04:31.327526093 CET	130.207.66.12	443	192.168.2.3	49722	CN=covid19risk.biosci.gatech.edu, OU=Georgia Tech College of Sciences, O=Georgia Institute of Technology, STREET=225 NORTH AVE NW, L=Atlanta, ST=Georgia, OID.2.5.4.17=30332, C=US CN=InCommon RSA Server CA, OU=InCommon, O=Internet2, L=Ann Arbor, ST=MI, C=US	CN=InCommon RSA Server CA, OU=InCommon, O=Internet2, L=Ann Arbor, ST=MI, C=US CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Tue May 05 02:00:00 CEST 2020 Mon Oct 06 02:00:00 CEST 2014	Fri May 06 01:59:59 CEST 2022 Sun Oct 06 01:59:59 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 20, 2020 15:04:31.327526093 CET	130.207.66.12	443	192.168.2.3	49722	CN=InCommon RSA Server CA, OU=InCommon, O=Internet2, L=Ann Arbor, ST=MI, C=US	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Mon Oct 06 02:00:00 CEST 2014	Sun Oct 06 01:59:59 CEST 2024		9e10692f1b7f78228b2d4e424db3a98c
Nov 20, 2020 15:04:31.330398083 CET	130.207.66.12	443	192.168.2.3	49721	CN=covid19risk.biosci.gatech.edu, OU=Georgia Tech College of Sciences, O=Georgia Institute of Technology, STREET=225 NORTH AVE NW, L=Atlanta, ST=Georgia, OID.2.5.4.17=30332, C=US CN=InCommon RSA Server CA, OU=InCommon, O=Internet2, L=Ann Arbor, ST=MI, C=US	CN=InCommon RSA Server CA, OU=InCommon, O=Internet2, L=Ann Arbor, ST=MI, C=US CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Tue May 05 02:00:00 CEST 2020 Mon Oct 06 02:00:00 CEST 2014	Fri May 06 01:59:59 CEST 2022 Sun Oct 06 01:59:59 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 20, 2020 15:04:31.330398083 CET	130.207.66.12	443	192.168.2.3	49721	CN=InCommon RSA Server CA, OU=InCommon, O=Internet2, L=Ann Arbor, ST=MI, C=US	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Mon Oct 06 02:00:00 CEST 2014	Sun Oct 06 01:59:59 CEST 2024		9e10692f1b7f78228b2d4e424db3a98c
Nov 20, 2020 15:04:32.989218950 CET	172.93.50.164	443	192.168.2.3	49731	CN=matomo.chande.science CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Fri Nov 06 15:08:08 CET 2020 Thu Mar 17 17:40:46 CET 2016	Thu Feb 04 15:08:08 CET 2021 Wed Mar 17 17:40:46 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 20, 2020 15:04:32.989218950 CET	172.93.50.164	443	192.168.2.3	49731	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Mar 17 17:40:46 CET 2016	Wed Mar 17 17:40:46 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Nov 20, 2020 15:04:32.989881992 CET	172.93.50.164	443	192.168.2.3	49732	CN=matomo.chande.science CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Fri Nov 06 15:08:08 CET 2020 Thu Mar 17 17:40:46 CET 2016	Thu Feb 04 15:08:08 CET 2021 Wed Mar 17 17:40:46 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 20, 2020 15:04:32.989881992 CET	172.93.50.164	443	192.168.2.3	49732	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Mar 17 17:40:46 CET 2016	Wed Mar 17 17:40:46 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Nov 20, 2020 15:04:54.828469992 CET	130.207.66.12	443	192.168.2.3	49755	CN=covid19risk.biosci.gatech.edu, OU=Georgia Tech College of Sciences, O=Georgia Institute of Technology, STREET=225 NORTH AVE NW, L=Atlanta, ST=Georgia, OID.2.5.4.17=30332, C=US CN=InCommon RSA Server CA, OU=InCommon, O=Internet2, L=Ann Arbor, ST=MI, C=US	CN=InCommon RSA Server CA, OU=InCommon, O=Internet2, L=Ann Arbor, ST=MI, C=US CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Tue May 05 02:00:00 CEST 2020 Mon Oct 06 02:00:00 CEST 2014	Fri May 06 01:59:59 CEST 2022 Sun Oct 06 01:59:59 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Nov 20, 2020 15:04:54.828469992 CET	130.207.66.12	443	192.168.2.3	49755	CN=InCommon RSA Server CA, OU=InCommon, O=Internet2, L=Ann Arbor, ST=MI, C=US	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Mon Oct 06 02:00:00 CEST 2014	Sun Oct 06 01:59:59 CEST 2024		37f463bf4616ecd445d4a1937da06e19

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 2600 Parent PID: 792

General

Start time:	15:04:29
Start date:	20/11/2020
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff76f530000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: iexplore.exe PID: 6032 Parent PID: 2600

General

Start time:	15:04:29
Start date:	20/11/2020
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2600 CREDAT:17410 /prefetch:2
Imagebase:	0xa30000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://covid19risk.biosci.gatech.edu/

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Software Vulnerabilities:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 2600 Parent PID: 792

General

Analysis Process: iexplore.exe PID: 6032 Parent PID: 2600

General

Disassembly