Play interactive tour

Edit tour

Analysis Report Fennec Pharma.xlsx

Overview

General Information

Sample Name:	Fennec Pharma.xlsx
Analysis ID:	321368
MD5:	a2315b66552273d966bdc8570a6a7208
SHA1:	ad82640b54ce17f43e9df68ebfa700de48df5ef0
SHA256:	8c3a18ce48dbab7971870da260421c03483e279795768bfdeb0ee7dd6079ec2b
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected HtmlPhish_10

Phishing site detected (based on image similarity)

Phishing site detected (based on logo template match)

HTML body contains low number of good links

HTML title does not match URL

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Startup

System is w7x64

EXCEL.EXE (PID: 2376 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)

iexplore.exe (PID: 2552 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 4EB098135821348270F27157F7A84E65)

iexplore.exe (PID: 2856 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2552 CREDAT:275457 /prefetch:2 MD5: 8A590F790A98F3D77399BE457E01386A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\dfce06801e1a85d6d06f1fdd4475dacd[1].htm	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for URL or domain

Show sources

Source: https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish_10

Show sources

Source: Yara match	File source: 305090.3.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\dfce06801e1a85d6d06f1fdd4475dacd[1].htm, type: DROPPED

Phishing site detected (based on image similarity)

Show sources

Source: https://s3.amazonaws.com/simbla-static-2/2020/11/5faba665321d68001d4fc0e4/5faba6db73aef50019af7085/rC56cpX1uS2qJKOxJ-5Sb8u-.svg

Matcher: Found strong image similarity, brand: Microsoft

Jump to dropped file

Phishing site detected (based on logo template match)

Show sources

Source: https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html

Matcher: Template: microsoft matched

Source: https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html	HTTP Parser: Number of links: 0
Source: https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html	HTTP Parser: Number of links: 0

Source: https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html	HTTP Parser: Title: Log-In does not match URL
Source: https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html	HTTP Parser: Title: Log-In does not match URL

Source: https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html	HTTP Parser: No <meta name="author".. found
Source: https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html	HTTP Parser: No <meta name="author".. found
Source: https://workflowy.com/login/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	HTTP Parser: No <meta name="author".. found
Source: https://workflowy.com/login/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	HTTP Parser: No <meta name="author".. found
Source: https://workflowy.com/signup/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	HTTP Parser: No <meta name="author".. found
Source: https://workflowy.com/signup/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	HTTP Parser: No <meta name="author".. found

Source: https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html	HTTP Parser: No <meta name="copyright".. found
Source: https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html	HTTP Parser: No <meta name="copyright".. found
Source: https://workflowy.com/login/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	HTTP Parser: No <meta name="copyright".. found
Source: https://workflowy.com/login/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	HTTP Parser: No <meta name="copyright".. found
Source: https://workflowy.com/signup/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	HTTP Parser: No <meta name="copyright".. found
Source: https://workflowy.com/signup/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	HTTP Parser: No <meta name="copyright".. found

Source: Joe Sandbox View	IP Address: 74.125.140.154 74.125.140.154
Source: Joe Sandbox View	IP Address: 104.16.19.94 104.16.19.94

Source: Joe Sandbox View

JA3 fingerprint: 7dcce5b76c8b17472d024758970a406b

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7187B60E.png

Jump to behavior

Source: document_view.min[1].js.3.dr

String found in binary or memory: re glad you like WorkFlowy. Please share it with your friends!"),!c.d()&&o.createElement(o.Fragment,null,o.createElement("div",{className:Object(l.e)({marginBottom:"24px",lineHeight:"20px",fontSize:"13px"})},o.createElement("strong",null,"When a friend signs up through your Facebook post, we'll give you"," ",s===d?"both "+s+" more monthly items.":s+" more monthly items."+(d?" They'll get "+d+" more items too.":""))," ","You currently have ",i," WorkFlowy items per month.")),o.createElement(a.b,{buttonStyle:a.a.Primary,onClick:function(){var e=f+"&utm_campaign=friend_recommendation_prompt_10_days&utm_medium=facebook&utm_source=wf";window.open("https://www.facebook.com/sharer/sharer.php?u="+e,"Share WorkFlowy","height=640,width=558,left=50,top=50"),_gaq.push(["_trackPageview","/virtual/friend_recommendation_prompt/10_days/facebook_share_button_clicked"])}},"Share WorkFlowy on Facebook")))}},t}return d(t,e),t.prototype.componentWillUnount=function(){_gaq.push(["_trackPageview","/virtual/friend_recommendation_prompt/10_days/rating_dialog_closed/"])},t.prototype.render=function(){return o.createElement(o.Fragment,null,o.createElement(u.b,null,"What do you think of WorkFlowy?"),o.createElement("div",{className:Object(l.e)({marginTop:"24px",marginBottom:"24px"})},"Please click a star to rate WorkFlowy."),o.createElement(p,{onChange:this.onRatingChange}),o.createElement("div",{className:Object(l.e)({marginTop:"24px",marginBottom:"12px",fontSize:"13px",lineHeight:"20px"})},"You equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: workflowy.com

Source: E0F5C59F9FA661F6F4C50B87FEF3A15A.3.dr	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F8008506.3.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: document_view.min[1].js.3.dr	String found in binary or memory: http://getfirefox.com
Source: document_view.min[1].js.3.dr	String found in binary or memory: http://google.com/chrome
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: http://jquery.org/license
Source: popper.min[1].js.3.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: ga[1].js.3.dr	String found in binary or memory: http://www.google-analytics.com
Source: dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=378607
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=449857
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=470258
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://bugs.jquery.com/ticket/12359
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://bugs.jquery.com/ticket/13378
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=137337
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#common-serializing-idioms
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://drafts.csswg.org/cssom/#resolved-values
Source: free-fa-regular-400[1].eot.3.dr, free.min[1].css.3.dr	String found in binary or memory: https://fontawesome.com
Source: free.min[1].css.3.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: free-fa-regular-400[1].eot.3.dr, free-fa-solid-900[1].eot.3.dr	String found in binary or memory: https://fontawesome.comhttps://fontawesome.comFont
Source: dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Archivo
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v12/tss0ApVBdCYD5Q7hcxTE1ArZ0bbwiXo.woff)
Source: bootstrap.min[1].css.3.dr, bootstrap.min[1].js.3.dr	String found in binary or memory: https://getbootstrap.com)
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://github.com/eslint/eslint/issues/3229
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://github.com/eslint/eslint/issues/6125
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://github.com/jquery/jquery/pull/557)
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
Source: bootstrap.min[1].css.3.dr, bootstrap.min[1].js.3.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js.3.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#category-listed
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace
Source: {9612F055-2BD4-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	String found in binary or memory: https://jamif-cdn3d.us
Source: ~DF3768AA9CB305EF1C.TMP.2.dr	String found in binary or memory: https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://jquery.com/
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://jquery.org/license
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://jsperf.com/getall-vs-sizzle/2
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://jsperf.com/thor-indexof-vs-for/5
Source: dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://promisesaplus.com/#point-48
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://promisesaplus.com/#point-54
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://promisesaplus.com/#point-57
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://promisesaplus.com/#point-59
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://promisesaplus.com/#point-61
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://promisesaplus.com/#point-64
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://promisesaplus.com/#point-75
Source: dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	String found in binary or memory: https://s3.amazonaws.com/simbla-static-2/2020/11/5faba665321d68001d4fc0e4/5faba6db73aef50019af7085/Z
Source: dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	String found in binary or memory: https://s3.amazonaws.com/simbla-static-2/2020/11/5faba665321d68001d4fc0e4/5faba6db73aef50019af7085/r
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://sizzlejs.com/
Source: ga[1].js.3.dr	String found in binary or memory: https://ssl.google-analytics.com
Source: Tdcv9KOl0AuohEPI[1].htm0.3.dr	String found in binary or memory: https://ssl.google-analytics.com/ga.js
Source: ga[1].js.3.dr	String found in binary or memory: https://ssl.google-analytics.com/j/__utm.gif
Source: ga[1].js.3.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect?
Source: dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	String found in binary or memory: https://ukrainianpolicy.ru/Dee23ope11nov/next.php
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: jquery-3.3.1[1].js.3.dr	String found in binary or memory: https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a
Source: {9612F055-2BD4-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	String found in binary or memory: https://workflowy-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.htmlRoot
Source: {9612F055-2BD4-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	String found in binary or memory: https://workflowy.com/
Source: signup[1].htm0.3.dr, login[1].htm0.3.dr	String found in binary or memory: https://workflowy.com/accounts/password_reset/
Source: ~DF3768AA9CB305EF1C.TMP.2.dr	String found in binary or memory: https://workflowy.com/login/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI
Source: ~DF3768AA9CB305EF1C.TMP.2.dr	String found in binary or memory: https://workflowy.com/login/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI&Log
Source: imagestore.dat.3.dr	String found in binary or memory: https://workflowy.com/media/i/favicon.ico
Source: imagestore.dat.3.dr	String found in binary or memory: https://workflowy.com/media/i/favicon.ico~
Source: document_view.min[1].js.3.dr	String found in binary or memory: https://workflowy.com/referrals/
Source: {9612F055-2BD4-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	String found in binary or memory: https://workflowy.com/s/this-doRoot
Source: ~DF3768AA9CB305EF1C.TMP.2.dr, {9612F055-2BD4-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	String found in binary or memory: https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPI
Source: ~DF3768AA9CB305EF1C.TMP.2.dr	String found in binary or memory: https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPI#/7686a5f8c6e6
Source: {9612F055-2BD4-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	String found in binary or memory: https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPIRoot
Source: ~DF3768AA9CB305EF1C.TMP.2.dr	String found in binary or memory: https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPInThis
Source: ~DF3768AA9CB305EF1C.TMP.2.dr	String found in binary or memory: https://workflowy.com/signup/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI
Source: ga[1].js.3.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences?
Source: ga[1].js.3.dr	String found in binary or memory: https://www.google.com/analytics/web/inpage/pub/inpage.js?

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49202
Source: unknown	Network traffic detected: HTTP traffic on port 49187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49200
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49166
Source: unknown	Network traffic detected: HTTP traffic on port 49181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49187
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49184
Source: unknown	Network traffic detected: HTTP traffic on port 49202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49181
Source: unknown	Network traffic detected: HTTP traffic on port 49170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49199
Source: unknown	Network traffic detected: HTTP traffic on port 49182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49171
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49170
Source: unknown	Network traffic detected: HTTP traffic on port 49167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49171 -> 443

Source: classification engine

Classification label: mal64.phis.winXLSX@4/75@12/5

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\Desktop\~$Fennec Pharma.xlsx

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\CVRD123.tmp

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Source: unknown	Process created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2552 CREDAT:275457 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2552 CREDAT:275457 /prefetch:2

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Fennec Pharma.xlsx

Initial sample: OLE zip file path = xl/media/image1.png

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	System Information Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer1	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Fennec Pharma.xlsx	0%	Virustotal		Browse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
us-east-1.linodeobjects.com	0%	Virustotal		Browse
bam-cell.nr-data.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering
https://promisesaplus.com/#point-75	0%	URL Reputation	safe
https://promisesaplus.com/#point-75	0%	URL Reputation	safe
https://promisesaplus.com/#point-75	0%	URL Reputation	safe
https://promisesaplus.com/#point-75	0%	URL Reputation	safe
https://fontawesome.comhttps://fontawesome.comFont	0%	Avira URL Cloud	safe
https://ukrainianpolicy.ru/Dee23ope11nov/next.php	0%	Avira URL Cloud	safe
https://www.google.%/ads/ga-audiences?	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences?	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences?	0%	URL Reputation	safe
http://getfirefox.com	0%	Avira URL Cloud	safe
https://promisesaplus.com/#point-64	0%	URL Reputation	safe
https://promisesaplus.com/#point-64	0%	URL Reputation	safe
https://promisesaplus.com/#point-64	0%	URL Reputation	safe
https://promisesaplus.com/#point-61	0%	URL Reputation	safe
https://promisesaplus.com/#point-61	0%	URL Reputation	safe
https://promisesaplus.com/#point-61	0%	URL Reputation	safe
https://promisesaplus.com/#point-59	0%	URL Reputation	safe
https://promisesaplus.com/#point-59	0%	URL Reputation	safe
https://promisesaplus.com/#point-59	0%	URL Reputation	safe
https://promisesaplus.com/#point-57	0%	URL Reputation	safe
https://promisesaplus.com/#point-57	0%	URL Reputation	safe
https://promisesaplus.com/#point-57	0%	URL Reputation	safe
https://promisesaplus.com/#point-54	0%	URL Reputation	safe
https://promisesaplus.com/#point-54	0%	URL Reputation	safe
https://promisesaplus.com/#point-54	0%	URL Reputation	safe
https://workflowy-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.htmlRoot	0%	Avira URL Cloud	safe
https://getbootstrap.com)	0%	Avira URL Cloud	safe
https://promisesaplus.com/#point-48	0%	URL Reputation	safe
https://promisesaplus.com/#point-48	0%	URL Reputation	safe
https://promisesaplus.com/#point-48	0%	URL Reputation	safe
https://jamif-cdn3d.us	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
workflowy.com	54.84.56.113	true	false		high
us-east-1.linodeobjects.com	45.79.137.127	true	false	0%, Virustotal, Browse	unknown
s3.amazonaws.com	52.217.43.14	true	false		high
stats.l.doubleclick.net	74.125.140.154	true	false		high
cdnjs.cloudflare.com	104.16.19.94	true	false		high
ka-f.fontawesome.com	unknown	unknown	false		high
code.jquery.com	unknown	unknown	false		high
kit.fontawesome.com	unknown	unknown	false		high
js-agent.newrelic.com	unknown	unknown	false		high
maxcdn.bootstrapcdn.com	unknown	unknown	false		high
jamif-cdn3d.us-east-1.linodeobjects.com	unknown	unknown	false		unknown
bam-cell.nr-data.net	unknown	unknown	false	0%, Virustotal, Browse	unknown
stats.g.doubleclick.net	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPI#/7686a5f8c6e6	false		high
https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://workflowy.com/login/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	false		high
https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPI	false		high
https://workflowy.com/signup/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://workflowy.com/referrals/	document_view.min[1].js.3.dr	false		high
https://bugs.webkit.org/show_bug.cgi?id=136851	jquery-3.3.1[1].js.3.dr	false		high
http://jquery.org/license	jquery-3.3.1[1].js.3.dr	false		high
https://jsperf.com/thor-indexof-vs-for/5	jquery-3.3.1[1].js.3.dr	false		high
https://bugs.jquery.com/ticket/12359	jquery-3.3.1[1].js.3.dr	false		high
https://code.jquery.com/jquery-3.2.1.slim.min.js	dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	false		high
https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPIRoot	{9612F055-2BD4-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	false		high
https://workflowy.com/media/i/favicon.ico	imagestore.dat.3.dr	false		high
https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/	jquery-3.3.1[1].js.3.dr	false		high
https://html.spec.whatwg.org/#strip-and-collapse-whitespace	jquery-3.3.1[1].js.3.dr	false		high
https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPInThis	~DF3768AA9CB305EF1C.TMP.2.dr	false		high
https://workflowy.com/login/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	~DF3768AA9CB305EF1C.TMP.2.dr	false		high
https://promisesaplus.com/#point-75	jquery-3.3.1[1].js.3.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a	jquery-3.3.1[1].js.3.dr	false		high
https://fontawesome.comhttps://fontawesome.comFont	free-fa-regular-400[1].eot.3.dr, free-fa-solid-900[1].eot.3.dr	false	Avira URL Cloud: safe	unknown
https://drafts.csswg.org/cssom/#common-serializing-idioms	jquery-3.3.1[1].js.3.dr	false		high
https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled	jquery-3.3.1[1].js.3.dr	false		high
https://bugs.webkit.org/show_bug.cgi?id=29084	jquery-3.3.1[1].js.3.dr	false		high
https://fontawesome.com/license/free	free.min[1].css.3.dr	false		high
https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace	jquery-3.3.1[1].js.3.dr	false		high
https://workflowy.com/	{9612F055-2BD4-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	false		high
https://fontawesome.com	free-fa-regular-400[1].eot.3.dr, free.min[1].css.3.dr	false		high
https://github.com/eslint/eslint/issues/6125	jquery-3.3.1[1].js.3.dr	false		high
https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled	jquery-3.3.1[1].js.3.dr	false		high
https://ukrainianpolicy.ru/Dee23ope11nov/next.php	dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	false	Avira URL Cloud: safe	unknown
https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPI	~DF3768AA9CB305EF1C.TMP.2.dr, {9612F055-2BD4-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	false		high
https://www.google.%/ads/ga-audiences?	ga[1].js.3.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	low
https://github.com/jquery/jquery/pull/557)	jquery-3.3.1[1].js.3.dr	false		high
https://github.com/twbs/bootstrap/graphs/contributors)	bootstrap.min[1].js.3.dr	false		high
https://bugs.chromium.org/p/chromium/issues/detail?id=378607	jquery-3.3.1[1].js.3.dr	false		high
https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon	jquery-3.3.1[1].js.3.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=687787	jquery-3.3.1[1].js.3.dr	false		high
https://workflowy.com/login/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI&Log	~DF3768AA9CB305EF1C.TMP.2.dr	false		high
https://bugs.chromium.org/p/chromium/issues/detail?id=470258	jquery-3.3.1[1].js.3.dr	false		high
http://getfirefox.com	document_view.min[1].js.3.dr	false	Avira URL Cloud: safe	unknown
http://opensource.org/licenses/MIT).	popper.min[1].js.3.dr	false		high
https://bugs.jquery.com/ticket/13378	jquery-3.3.1[1].js.3.dr	false		high
https://kit.fontawesome.com/585b051251.js	dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	false		high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	false		high
https://workflowy.com/accounts/password_reset/	signup[1].htm0.3.dr, login[1].htm0.3.dr	false		high
https://promisesaplus.com/#point-64	jquery-3.3.1[1].js.3.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://promisesaplus.com/#point-61	jquery-3.3.1[1].js.3.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://drafts.csswg.org/cssom/#resolved-values	jquery-3.3.1[1].js.3.dr	false		high
https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPI#/7686a5f8c6e6	~DF3768AA9CB305EF1C.TMP.2.dr	false		high
https://bugs.chromium.org/p/chromium/issues/detail?id=589347	jquery-3.3.1[1].js.3.dr	false		high
https://s3.amazonaws.com/simbla-static-2/2020/11/5faba665321d68001d4fc0e4/5faba6db73aef50019af7085/Z	dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	false		high
https://code.jquery.com/jquery-3.1.1.min.js	dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	false		high
https://html.spec.whatwg.org/multipage/syntax.html#attributes-2	jquery-3.3.1[1].js.3.dr	false		high
https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html	~DF3768AA9CB305EF1C.TMP.2.dr	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://promisesaplus.com/#point-59	jquery-3.3.1[1].js.3.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://workflowy.com/signup/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI	~DF3768AA9CB305EF1C.TMP.2.dr	false		high
https://jsperf.com/getall-vs-sizzle/2	jquery-3.3.1[1].js.3.dr	false		high
https://promisesaplus.com/#point-57	jquery-3.3.1[1].js.3.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://github.com/eslint/eslint/issues/3229	jquery-3.3.1[1].js.3.dr	false		high
https://promisesaplus.com/#point-54	jquery-3.3.1[1].js.3.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://workflowy-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.htmlRoot	{9612F055-2BD4-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	false	Avira URL Cloud: safe	unknown
https://workflowy.com/s/this-doRoot	{9612F055-2BD4-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	false		high
https://code.jquery.com/jquery-3.3.1.js	dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	false		high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css	dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	false		high
https://html.spec.whatwg.org/multipage/forms.html#category-listed	jquery-3.3.1[1].js.3.dr	false		high
https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled	jquery-3.3.1[1].js.3.dr	false		high
https://developer.mozilla.org/en-US/docs/CSS/display	jquery-3.3.1[1].js.3.dr	false		high
https://jquery.org/license	jquery-3.3.1[1].js.3.dr	false		high
https://s3.amazonaws.com/simbla-static-2/2020/11/5faba665321d68001d4fc0e4/5faba6db73aef50019af7085/r	dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	false		high
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	dfce06801e1a85d6d06f1fdd4475dacd[1].htm.3.dr	false		high
https://jquery.com/	jquery-3.3.1[1].js.3.dr	false		high
https://stats.g.doubleclick.net/j/collect?	ga[1].js.3.dr	false		high
https://getbootstrap.com)	bootstrap.min[1].css.3.dr, bootstrap.min[1].js.3.dr	false	Avira URL Cloud: safe	low
https://bugs.webkit.org/show_bug.cgi?id=137337	jquery-3.3.1[1].js.3.dr	false		high
https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled	jquery-3.3.1[1].js.3.dr	false		high
https://github.com/twbs/bootstrap/blob/master/LICENSE)	bootstrap.min[1].css.3.dr, bootstrap.min[1].js.3.dr	false		high
https://workflowy.com/media/i/favicon.ico~	imagestore.dat.3.dr	false		high
https://promisesaplus.com/#point-48	jquery-3.3.1[1].js.3.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://jamif-cdn3d.us	{9612F055-2BD4-11EB-ADCF-ECF4BBB5915B}.dat.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/jquery/sizzle/pull/225	jquery-3.3.1[1].js.3.dr	false		high
https://sizzlejs.com/	jquery-3.3.1[1].js.3.dr	false		high
https://bugs.chromium.org/p/chromium/issues/detail?id=449857	jquery-3.3.1[1].js.3.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
54.84.56.113	unknown	United States	14618	AMAZON-AESUS	false
52.217.43.14	unknown	United States	16509	AMAZON-02US	false
74.125.140.154	unknown	United States	15169	GOOGLEUS	false
45.79.137.127	unknown	United States	63949	LINODE-APLinodeLLCUS	false
104.16.19.94	unknown	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	321368
Start date:	21.11.2020
Start time:	00:34:40
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 34s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	Fennec Pharma.xlsx
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.winXLSX@4/75@12/5
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .xlsx Found Word or Excel or PowerPoint or XPS Viewer Attach to Office via COM Browse link: https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPI Scroll down Close Viewer Browsing link: https://workflowy.com/signup?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI Browsing link: https://workflowy.com/login?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI Browsing link: https://workflowy.com/s/this-document-is-too/Tdcv9KOl0AuohEPI#/7686a5f8c6e6 Browsing link: https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html
Warnings:	Show All Exclude process from analysis (whitelisted): dllhost.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 88.221.62.148, 216.58.206.8, 13.107.5.80, 204.79.197.200, 13.107.21.200, 151.101.2.110, 151.101.66.110, 151.101.130.110, 151.101.194.110, 162.247.243.147, 162.247.243.146, 152.199.19.161, 192.35.177.64, 205.185.216.42, 205.185.216.10, 172.217.18.106, 209.197.3.24, 209.197.3.15, 104.18.22.52, 104.18.23.52, 172.64.202.28, 172.64.203.28 Excluded domains from analysis (whitelisted): cds.s5x3j6q5.hwcdn.net, ka-f.fontawesome.com.cdn.cloudflare.net, tls12.newrelic.com.cdn.cloudflare.net, api.bing.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, ssl-google-analytics.l.google.com, apps.identrust.com, au-bg-shim.trafficmanager.net, api-bing-com.e-0001.e-msedge.net, www.bing.com, kit.fontawesome.com.cdn.cloudflare.net, fonts.googleapis.com, dual-a-0001.a-msedge.net, ie9comview.vo.msecnd.net, ajax.googleapis.com, f4.shared.global.fastly.net, ctldl.windowsupdate.com, r20swj13mr.microsoft.com, cds.d2s7q6s2.hwcdn.net, ssl.google-analytics.com, e-0001.e-msedge.net, a-0001.a-afdentry.net.trafficmanager.net, go.microsoft.com.edgekey.net, apps.digsigtrust.com, cds.j3z9t3p6.hwcdn.net, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
74.125.140.154	http://www.openair.com	Get hash	malicious	Browse
	http://reporter.phishmetraining.co.uk/24e453/4630e9ea-a48b-4895-a43e-b63730e122ce/?test=1	Get hash	malicious	Browse
	https://microsoftoffice365online.typeform.com/to/xdXVf9Ct	Get hash	malicious	Browse
	https://www.canva.com/design/DAEJ8KLYNag/QtkcZ9ERBF8gvmK5sR_W_A/view?utm_content=DAEJ8KLYNag&utm_campaign=designshare&utm_medium=link&utm_source=homepage_design_menu	Get hash	malicious	Browse
	http://friendstamilmp3.in/	Get hash	malicious	Browse
	https://www.canva.com/design/DAEJRw-Cekg/yqHz7lRXkcf0H9s6UXEU-Q/view?utm_content=DAEJRw-Cekg&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton	Get hash	malicious	Browse
	https://www.canva.com/design/DAEJRw-Cekg/yqHz7lRXkcf0H9s6UXEU-Q/view?utm_content=DAEJRw-Cekg&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton	Get hash	malicious	Browse
	http://hollywoodmeasurements.com	Get hash	malicious	Browse
	https://www.canva.com/design/DAEJKbafGCE/fHPnxhih9GgyFXoG9r1tew/view?utm_content=DAEJKbafGCE&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton	Get hash	malicious	Browse
	https://help-deskserv.000webhostapp.com/	Get hash	malicious	Browse
	https://www.joesandbox.com	Get hash	malicious	Browse
	https://l.facebook.com/l.php?u=https%3A%2F%2Ftinyurl.com%2Fy3da9xbq%3Ffbclid%3DIwAR11jNtpFJqmHsfB6MuN4oB-gl7-RlVZqSgYIbmZW4ycJwtQ-tC85PzgLO4&h=AT1i9PU8X_itDVqe5yg4Afn5zFPp0KVwni5sQg-Oc5Yor7a-8EWrOl11b-y21X_Oi92_H_jMhPiEjm3aKUnMEib9p96Fuptgd9vraABiOS8AO8X86OxcPZyET7VlHYnKBg&__tn__=H-R&c[0]=AT26jLdBW-b9efDmUD2-IVQDmvnfjC8zMcJVpGrmXtfU07ZmaRqvjC3hcq86tiO8rGqmY2DrakboCaPRMLQtsl2m1yZfExawqplv_zZwazNNYlc2wsoaV6LvzXDEPrWYoMbJFnx7l8Qm7vznPPnkddWEuQ	Get hash	malicious	Browse
	https://link.zixcentral.com/u/978d75d5/3kJl2Df-6hG7clLXhnsoMg?u=https%3A%2F%2Flink.fishbowlcommunity.com%2Fhr%2F	Get hash	malicious	Browse
	https://info.virtualization-online.org/l/O0Hgqz--392KVPQgwkE7h30f1DAbuHUM4WGQhNI7XHU	Get hash	malicious	Browse
	http://communicatoremail.com/In/248026654/0/U_iN_NpFmSlm9AlJ1msNeMcX1KYFN_5UtYbjMi~Nnrg/	Get hash	malicious	Browse
	https://avecassurance.typeform.com/to/Mfo29tYj	Get hash	malicious	Browse
	https://redbooth.com/n/2db32188f3c9f025/icfluid-power-inc	Get hash	malicious	Browse
	4524754_tgp.docx	Get hash	malicious	Browse
	https://extraheberg.com/6747373696b6b656d614070656c6c612e636f6d	Get hash	malicious	Browse
	https://firebasestorage.googleapis.com/v0/b/mdhghfbfggdndgfdvnd.appspot.com/o/index1.html?alt=media&token=d97d4868-2770-48a4-b497-20b5cf4d5cc9&email=judy.fabre@nrgenergy.com&domain=judy.fabre@nrgenergy.com	Get hash	malicious	Browse
104.16.19.94	https://j.mp/38NwiZZ	Get hash	malicious	Browse	cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
	http://lokalny-biznes.eu/modules/mod_simplefileuploadv1.3/elements/reactivation/indextest.php?youll=enwht11p10sc0&picture=call&please=gave	Get hash	malicious	Browse	cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
	https://pinpoint-insights.com/interx/tracker?op=click&id=107b4.3e3b&url=https%3A%2F%2Fpinpoint-insights.com%2Finterx%2Funsubscribe%3Fid%3D107b4.3e3b%26type%3Dnormal&_hC=D7C07475	Get hash	malicious	Browse	cdnjs.cloudflare.com/ajax/libs/flickity/1.0.0/flickity.min.css
	https://pinpoint-insights.com/interx/tracker?op=click&id=107b4.3e3b&url=https%3A%2F%2Fpinpoint-insights.com%2Finterx%2Funsubscribe%3Fid%3D107b4.3e3b%26type%3Dnormal&_hC=D7C07475	Get hash	malicious	Browse	cdnjs.cloudflare.com/ajax/libs/flickity/1.0.0/flickity.min.css

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
s3.amazonaws.com	https://app.clio.com/link/AxWtfjmmzhja	Get hash	malicious	Browse	52.216.134.237
	http://WWW.ALYSSA-J-MILANO.COM	Get hash	malicious	Browse	52.216.130.21
	https://olhonabrasa.com.br/secure/zimbra/access/zimbra/index.php	Get hash	malicious	Browse	52.216.18.35
	https://s3.amazonaws.com/atlasox/uni/BAv1106876.msi	Get hash	malicious	Browse	54.231.40.66
	https://download.winzipdriverupdater.com/wzdu/wzdu53.exe	Get hash	malicious	Browse	52.217.106.206
	https://ref320.way.live/fx04	Get hash	malicious	Browse	52.217.81.190
	Report-doc.11.03.xlsb	Get hash	malicious	Browse	52.216.128.181
	https://www.google.com/url?q=https://talibllc--c.documentforce.com/sfc/dist/version/download/?oid%3D00D4W0000092RKF%26ids%3D0684W000007pR1HQAU%26d%3D%252Fa%252F4W000000Putz%252Fms_BmovqE_WXkJYztxhvReEhZJLVdobKujH1zudqg3s%26operationContext%3DDELIVERY%26viewId%3D05H4W000000luGyUAI%26dpt%3D&sa=D&ust=1604432432908000&usg=AOvVaw2LctXUh7R_FyT0gHvTDxLU	Get hash	malicious	Browse	52.217.103.70
	https://chddid13.way.live/1497640082	Get hash	malicious	Browse	52.216.249.150
	https://messageso.webs.com/	Get hash	malicious	Browse	52.216.207.197
	https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fgiax74ft.paperform.co&c=E,1,7dAYEuHk3tLJdHz2Puu5ILDve2KeA_xnSJD6Iz25ibMWZiYGCjK4ZZsRMEZHbxL9KuBmSo5sNLd8nUoW2p1QzAth5lWnvhF0Sc_rm9A_DlLU2AC5rXmR&typo=1	Get hash	malicious	Browse	52.216.99.149
stats.l.doubleclick.net	http://www.openair.com	Get hash	malicious	Browse	74.125.140.154
	https://largemail.r1.rpost.net/files/7xU97qcFgCvB3Uv1wDC4qvS2ZriLfublohKWA5V3/ln/en-us	Get hash	malicious	Browse	108.177.15.155
	http://s1022.t.en25.com/e/er?s=1022&lid=2184&elqTrackId=BEDFF87609C7D9DEAD041308DD8FFFB8&lb_email=bkirwer%40farbestfoods.com&elq=b095bd096fb54161953a2cf8316b5d13&elqaid=3115&elqat=1	Get hash	malicious	Browse	108.177.15.155
	http://global.krx.co.kr/board/GLB0205020100/bbs#view=649	Get hash	malicious	Browse	108.177.15.155
	https://www.canva.com/design/DAEN9RlD8Vk/acBvt6UoL-DafjXmQk38pA/view?utm_content=DAEN9RlD8Vk&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelink	Get hash	malicious	Browse	108.177.15.156
	http://WWW.ALYSSA-J-MILANO.COM	Get hash	malicious	Browse	108.177.15.156
	http://www.marcusevans.com	Get hash	malicious	Browse	108.177.15.154
	http://septterror.tripod.com/the911basics.html	Get hash	malicious	Browse	108.177.15.155
	https://tgcdevgroup-my.sharepoint.com/:b:/g/personal/jmoore_tgcgroup_net/EcgJdwLEdb9OriDBRaw9slAB4_8AMjn68ZCbL_ahHtwjIA?e=4%3a8pEDtO&at=9	Get hash	malicious	Browse	108.177.15.157
	http://45.95.168.116	Get hash	malicious	Browse	108.177.15.156
	https://www.canva.com/design/DAEN3YdYVHw/zaVHWoDx-9G9l20JXWSBtg/view?utm_content=DAEN3YdYVHw&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton	Get hash	malicious	Browse	108.177.15.155
	https://www.canva.com/design/DAENqED8UzU/0m_RcAQIILTwa79MyPG8KA/view?utm_content=DAENqED8UzU&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton	Get hash	malicious	Browse	108.177.119.155
	http://www.ericbess.com/ericblog/2008/03/03/wp-codebox/#examples	Get hash	malicious	Browse	108.177.119.154
	https://www.vedansha.com/doc/office/LatestLOGOOfficeEncoded/LatestLOGOOfficeEncoded/RedirectPage/marc.loney@navitas.com	Get hash	malicious	Browse	108.177.119.154
	https://olhonabrasa.com.br/secure/zimbra/access/zimbra/index.php	Get hash	malicious	Browse	108.177.15.154
	https://www.canva.com/design/DAEN4Gk1aAs/uErgK6sn3gPozGMXWtYgqA/view?utm_content=DAEN4Gk1aAs&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton	Get hash	malicious	Browse	108.177.15.157
	https://soprapaludo.it/	Get hash	malicious	Browse	108.177.15.157
	http://cricketventures.com	Get hash	malicious	Browse	108.177.15.157
	https://www.chm-endurance.com/	Get hash	malicious	Browse	108.177.15.156
	https://ngor.zlen.com.ua/Restore/Click here to restore message automatically.html	Get hash	malicious	Browse	108.177.15.156
cdnjs.cloudflare.com	https://elharless.github.io/stamapdevmo/tak.html?bbre=oadfis48sd	Get hash	malicious	Browse	104.16.18.94
	https://albanesebros.sendx.io/lp/shared-doc.html	Get hash	malicious	Browse	104.16.19.94
	https://xerox879784379923.azureedge.net??#ZGluYS5qb25nZWtyeWdAYWxhc2thYWlyLmNvbQ	Get hash	malicious	Browse	104.16.19.94
	https://faxfax.zizera.com/remittanceadvice	Get hash	malicious	Browse	104.16.18.94
	https://flyboyfurnishings.com/firstam/RD-FITT	Get hash	malicious	Browse	104.16.18.94
	http://ec.autohonda.it	Get hash	malicious	Browse	104.16.19.94
	https://mcmms.typeform.com/to/Vtnb9OBC	Get hash	malicious	Browse	104.16.19.94
	http://www.portal.office.com.s3-website.us-east-2.amazonaws.com#p.steinberger@wafra.com	Get hash	malicious	Browse	104.16.19.94
	https://storage.googleapis.com/storesll0f4bb6d9b7f964569155d2bb42628/a83416219a20d87f4dabde9f057f93b5.html#p.steinberger@wafra.com	Get hash	malicious	Browse	104.16.19.94
	https://largemail.r1.rpost.net/files/7xU97qcFgCvB3Uv1wDC4qvS2ZriLfublohKWA5V3/ln/en-us	Get hash	malicious	Browse	104.16.18.94
	https://eagleeyeproduce-my.sharepoint.com/:o:/p/mckrayp/EtopxtQDn3pOqhvY4g_gG3ABKX9ornSoGNhGOLlXyaU89Q?e=Ee0wW2	Get hash	malicious	Browse	104.16.19.94
	https://certified1.box.com/s/2ta9r7cyn5g09fblryd9xqqpnfxbjqej	Get hash	malicious	Browse	104.16.19.94
	http://s1022.t.en25.com/e/er?s=1022&lid=2184&elqTrackId=BEDFF87609C7D9DEAD041308DD8FFFB8&lb_email=bkirwer%40farbestfoods.com&elq=b095bd096fb54161953a2cf8316b5d13&elqaid=3115&elqat=1	Get hash	malicious	Browse	104.16.18.94
	https://trondiamond.co/OMMOM/OM9u8	Get hash	malicious	Browse	104.16.18.94
	https://go.pardot.com/e/395202/siness-insights-dashboard-html/bnmpz6/1446733421?h=AwLDfNsCVbkjEN13pzY-7AXMPolL_XMigGsJSppGaiM	Get hash	malicious	Browse	104.16.19.94
	https://app.box.com/s/gdf36roak3w2fc52cgfbxuq651p0zehy	Get hash	malicious	Browse	104.16.18.94
	http://septterror.tripod.com/the911basics.html	Get hash	malicious	Browse	104.16.19.94
	https://my.freshbooks.com/#/link/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzeXN0ZW1pZCI6OTQ3OTM1LCJ1c2VyaWQiOjYzNDYyNywidHlwZSI6Imludm9pY2UiLCJvYmplY3RpZCI6Mjg4MjQ0OSwiZXhwIjoxNjM3MjY5MTgxLCJsZXZlbCI6MH0.DGVcXxdiwtgxTUka4TzPi_o6GS8zH-kvvTnFJZxapLg?companyName=Amanda&invoiceNumber=00007767&ownerEmail=avigilante%40maxburst.com&type=primary	Get hash	malicious	Browse	104.16.18.94
	http://45.95.168.116	Get hash	malicious	Browse	104.16.19.94
	https://signup.kwikvpn.com/	Get hash	malicious	Browse	104.16.19.94

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
AMAZON-02US	https://albanesebros.sendx.io/lp/shared-doc.html	Get hash	malicious	Browse	13.224.93.76
	http://www.openair.com	Get hash	malicious	Browse	13.224.93.99
	https://faxfax.zizera.com/remittanceadvice	Get hash	malicious	Browse	34.255.187.247
	https://flyboyfurnishings.com/firstam/RD-FITT	Get hash	malicious	Browse	13.224.93.52
	http://webnavigator.co	Get hash	malicious	Browse	52.210.174.128
	https://mcmms.typeform.com/to/Vtnb9OBC	Get hash	malicious	Browse	13.224.93.121
	https://t.e.vailresorts.com/r/?id=hda0e43a,3501a2a,3501f68&VRI_v73=c2F1bWlsLnNoYWhAYXJtLmNvbQ==&cmpid=EML_SNOWALRT_OTHR_000_NW_00_00000_000000_000000_20200110_v01&p1=www.snow.com%40g-em.xyz	Get hash	malicious	Browse	52.12.33.145
	vOKMFxiCYt.exe	Get hash	malicious	Browse	3.138.72.189
	http://microsoftonlineofficeteam.weebly.com	Get hash	malicious	Browse	35.163.165.143
	ACH & WlRE REMlTTANCE ADVlCE.xlsx	Get hash	malicious	Browse	52.33.162.26
	ACH & WlRE REMlTTANCE ADVlCE.xlsx	Get hash	malicious	Browse	143.204.201.83
	http://www.portal.office.com.s3-website.us-east-2.amazonaws.com#p.steinberger@wafra.com	Get hash	malicious	Browse	52.219.102.33
	https://protect-us.mimecast.com/s/eKI8CjRMnyCnG2lvSW3aOv?domain=document-efw5.zizera.com	Get hash	malicious	Browse	143.204.201.92
	https://t.e.vailresorts.com	Get hash	malicious	Browse	35.164.67.102
	https://largemail.r1.rpost.net/files/7xU97qcFgCvB3Uv1wDC4qvS2ZriLfublohKWA5V3/ln/en-us	Get hash	malicious	Browse	52.58.5.168
	https://t.e.vailresorts.com/r/?id=hda0e43a,3501a2a,3501f68&VRI_v73=YnJlbmRhLmNvcGVsYW5kQHN0ZXViZW50cnVzdC5jb20=&cmpid=EML_SNOWALRT_OTHR_000_NW_00_00000_000000_000000_20200110_v01&p1=www.snow.com%40h-is.xyz	Get hash	malicious	Browse	35.164.67.102
	http://s1022.t.en25.com/e/er?s=1022&lid=2184&elqTrackId=BEDFF87609C7D9DEAD041308DD8FFFB8&lb_email=bkirwer%40farbestfoods.com&elq=b095bd096fb54161953a2cf8316b5d13&elqaid=3115&elqat=1	Get hash	malicious	Browse	13.224.100.124
	https://ubereats.app.link/cwmLFZfMz5?%243p=a_custom_354088&%24deeplink_path=promo%2Fapply%3FpromoCode%3DRECONFORT7&%24desktop_url=tracking.spectrumemp.com/el?aid=8feeb968-bdd0-11e8-b27f-22000be0a14e&rid=50048635&pid=285843&cid=513&dest=overlordscan.com/cmV0by5tZXR6bGVyQGlzb2x1dGlvbnMuY2g=%23#kkowfocjoyuynaip#	Get hash	malicious	Browse	13.224.93.92
	Purchase Order 40,7045$.exe	Get hash	malicious	Browse	13.226.173.80
	https://kimiyasanattools.com/outlook/latest-onedrive/microsoft.php	Get hash	malicious	Browse	18.202.27.117
LINODE-APLinodeLLCUS	https://t.e.vailresorts.com/r/?id=h1bac782d,59eb410,55e61f1&VRI_v73=96008558&cmpid=EML_OPENDAYS_RESO_000_OK_SR_REN1Y_000000_TG0001_20201118_V00_EX001_LOCA_ANN_00000_000	Get hash	malicious	Browse	45.79.189.238
	BYRkah8GsZ.exe	Get hash	malicious	Browse	178.79.134.144
	Quotation Request-RFQ#2020-11-19.exe	Get hash	malicious	Browse	139.162.21.249
	SWIFT_HSBC Bank.exe	Get hash	malicious	Browse	45.33.2.79
	http://customer.cartech.com/inventory_manufacturing.cfm	Get hash	malicious	Browse	96.126.117.62
	ShippingDoc.jar	Get hash	malicious	Browse	23.239.31.129
	baf6b9fcec491619b45c1dd7db56ad3d.exe	Get hash	malicious	Browse	104.200.21.25
	LQehPYZp3c.exe	Get hash	malicious	Browse	198.74.50.235
	45g7l63ZII.exe	Get hash	malicious	Browse	45.56.111.241
	35xLEdpG78.exe	Get hash	malicious	Browse	45.56.111.241
	GLN3AV6KhN.exe	Get hash	malicious	Browse	139.162.1.137
	2ocLlNcGe8.exe	Get hash	malicious	Browse	45.56.111.241
	XgDDVAxhZU.exe	Get hash	malicious	Browse	176.58.123.25
	p8LV1eVFyO.exe	Get hash	malicious	Browse	104.200.21.25
	6TQMq6JTWW.exe	Get hash	malicious	Browse	176.58.104.168
	feJbFA6woA.exe	Get hash	malicious	Browse	96.126.123.244
	hlDQ6vR2zn.exe	Get hash	malicious	Browse	45.56.127.13
	WeV32WScnY.exe	Get hash	malicious	Browse	139.162.1.137
	qkN4OZWFG6.exe	Get hash	malicious	Browse	45.33.30.74
	MicrosoftEmail-Reactivation.html	Get hash	malicious	Browse	45.33.24.119
AMAZON-AESUS	https://albanesebros.sendx.io/lp/shared-doc.html	Get hash	malicious	Browse	3.213.165.33
	http://www.openair.com	Get hash	malicious	Browse	34.202.206.65
	https://faxfax.zizera.com/remittanceadvice	Get hash	malicious	Browse	184.73.218.177
	http://webnavigator.co	Get hash	malicious	Browse	34.235.7.64
	https://mcmms.typeform.com/to/Vtnb9OBC	Get hash	malicious	Browse	34.200.62.85
	yQDGREHA9h.exe	Get hash	malicious	Browse	54.235.83.248
	mcsrXx9lfD.exe	Get hash	malicious	Browse	54.235.83.248
	SecuriteInfo.com.Trojan.PackedNET.461.20928.exe	Get hash	malicious	Browse	23.21.42.25
	Defender-update-kit-x86x64.exe	Get hash	malicious	Browse	54.225.153.147
	https://largemail.r1.rpost.net/files/7xU97qcFgCvB3Uv1wDC4qvS2ZriLfublohKWA5V3/ln/en-us	Get hash	malicious	Browse	54.225.66.103
	ORDER.exe	Get hash	malicious	Browse	54.235.142.93
	http://s1022.t.en25.com/e/er?s=1022&lid=2184&elqTrackId=BEDFF87609C7D9DEAD041308DD8FFFB8&lb_email=bkirwer%40farbestfoods.com&elq=b095bd096fb54161953a2cf8316b5d13&elqaid=3115&elqat=1	Get hash	malicious	Browse	52.1.99.77
	Bill # 2.xlsx	Get hash	malicious	Browse	23.21.42.25
	https://ubereats.app.link/cwmLFZfMz5?%243p=a_custom_354088&%24deeplink_path=promo%2Fapply%3FpromoCode%3DRECONFORT7&%24desktop_url=tracking.spectrumemp.com/el?aid=8feeb968-bdd0-11e8-b27f-22000be0a14e&rid=50048635&pid=285843&cid=513&dest=overlordscan.com/cmV0by5tZXR6bGVyQGlzb2x1dGlvbnMuY2g=%23#kkowfocjoyuynaip#	Get hash	malicious	Browse	35.170.181.205
	BANK ACCOUNT INFO!.exe	Get hash	malicious	Browse	107.22.223.163
	PO1.xlsx	Get hash	malicious	Browse	174.129.214.20
	https://rebrand.ly/zkp0y	Get hash	malicious	Browse	54.227.164.140
	AccountStatements.html	Get hash	malicious	Browse	18.209.113.162
	a7UZzCVWKO.exe	Get hash	malicious	Browse	54.204.14.42
	QKLQkaCe9M.exe	Get hash	malicious	Browse	50.19.252.36
GOOGLEUS	https://elharless.github.io/stamapdevmo/tak.html?bbre=oadfis48sd	Get hash	malicious	Browse	172.217.21.193
	http://www.openair.com	Get hash	malicious	Browse	172.217.16.194
	https://faxfax.zizera.com/remittanceadvice	Get hash	malicious	Browse	142.250.74.194
	http://ec.autohonda.it	Get hash	malicious	Browse	172.217.23.161
	ING.apk	Get hash	malicious	Browse	172.217.23.170
	bot.apk	Get hash	malicious	Browse	216.58.212.174
	ING_.apk	Get hash	malicious	Browse	216.58.212.174
	https://mcmms.typeform.com/to/Vtnb9OBC	Get hash	malicious	Browse	172.217.22.34
	NQQWym075C.exe	Get hash	malicious	Browse	34.102.136.180
	vOKMFxiCYt.exe	Get hash	malicious	Browse	34.102.136.180
	com.fdhgkjhrtjkjbx.model.apk	Get hash	malicious	Browse	216.58.212.163
	http://www.portal.office.com.s3-website.us-east-2.amazonaws.com#p.steinberger@wafra.com	Get hash	malicious	Browse	172.217.16.193
	https://storage.googleapis.com/storesll0f4bb6d9b7f964569155d2bb42628/a83416219a20d87f4dabde9f057f93b5.html#p.steinberger@wafra.com	Get hash	malicious	Browse	172.217.16.193
	https://docs.google.com/document/d/e/2PACX-1vS19QxlBmfgZPBsUyM3LjkhvVA-TJ0Z_P3J8f_cqg7VN4_zRcrthLeTjZzAubcBh9YWnC0ty3FtmofH/pub	Get hash	malicious	Browse	172.217.16.193
	https://sites.google.com/site/id500800931/googledrive/share/downloads/storage?FID=6937265496484	Get hash	malicious	Browse	172.217.16.193
	https://docs.google.com/document/d/e/2PACX-1vSF_0NxJ4W_JaHZNaHV7imTfN6FtP563leR3WEEVqre35gDV9YM55P9l-6Y-B1gmL7J7GW--QSF89LQ/pub	Get hash	malicious	Browse	172.217.16.193
	https://largemail.r1.rpost.net/files/7xU97qcFgCvB3Uv1wDC4qvS2ZriLfublohKWA5V3/ln/en-us	Get hash	malicious	Browse	172.217.23.161
	http://s1022.t.en25.com/e/er?s=1022&lid=2184&elqTrackId=BEDFF87609C7D9DEAD041308DD8FFFB8&lb_email=bkirwer%40farbestfoods.com&elq=b095bd096fb54161953a2cf8316b5d13&elqaid=3115&elqat=1	Get hash	malicious	Browse	172.217.21.195
	https://bit.ly/35MTO80	Get hash	malicious	Browse	172.217.23.161
	Order List.xlsx	Get hash	malicious	Browse	34.102.136.180

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
7dcce5b76c8b17472d024758970a406b	ACH & WlRE REMlTTANCE ADVlCE.xlsx	Get hash	malicious	Browse	54.84.56.113 74.125.140.154 45.79.137.127 52.217.43.14 104.16.19.94
	PO 20-11-2020.pps	Get hash	malicious	Browse	54.84.56.113 74.125.140.154 45.79.137.127 52.217.43.14 104.16.19.94
	Avion Quotation Request.doc	Get hash	malicious	Browse	54.84.56.113 74.125.140.154 45.79.137.127 52.217.43.14 104.16.19.94
	https://www.lnepia.com.cn/app/4gnf/tiaoban.php	Get hash	malicious	Browse	54.84.56.113 74.125.140.154 45.79.137.127 52.217.43.14 104.16.19.94
	#U0648#U0631#U0634#U0629 #U0639#U0645#U0644 #U062a#U062f#U0631#U06cc#U0628#U06cc#U0629.doc	Get hash	malicious	Browse	54.84.56.113 74.125.140.154 45.79.137.127 52.217.43.14 104.16.19.94
	doc2227740.xls	Get hash	malicious	Browse	54.84.56.113 74.125.140.154 45.79.137.127 52.217.43.14 104.16.19.94
	POSH XANADU Order-SP-20093000-xlxs.xlsx	Get hash	malicious	Browse	54.84.56.113 74.125.140.154 45.79.137.127 52.217.43.14 104.16.19.94
	d11311145.xls	Get hash	malicious	Browse	54.84.56.113 74.125.140.154 45.79.137.127 52.217.43.14 104.16.19.94
	MV GRAN LOBO 008.xlsx	Get hash	malicious	Browse	54.84.56.113 74.125.140.154 45.79.137.127 52.217.43.14 104.16.19.94
	ACH WlRE PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	54.84.56.113 74.125.140.154 45.79.137.127 52.217.43.14 104.16.19.94
	ACH - WlRE PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	54.84.56.113 74.125.140.154 45.79.137.127 52.217.43.14 104.16.19.94
	ACHWlRE REMlTTANCE ADVlCE..xlsx	Get hash	malicious	Browse	54.84.56.113 74.125.140.154 45.79.137.127 52.217.43.14 104.16.19.94
	ACH WlRE REMlTTANCE PAYMENT.xlsx	Get hash	malicious	Browse	54.84.56.113 74.125.140.154 45.79.137.127 52.217.43.14 104.16.19.94
	ACH & WlRE REMlTTANCE.xlsx	Get hash	malicious	Browse	54.84.56.113 74.125.140.154 45.79.137.127 52.217.43.14 104.16.19.94
	ACH & WlRE REMlTTANCE.xlsx	Get hash	malicious	Browse	54.84.56.113 74.125.140.154 45.79.137.127 52.217.43.14 104.16.19.94
	ACH WIRE REMITTANCE COPY.xlsx	Get hash	malicious	Browse	54.84.56.113 74.125.140.154 45.79.137.127 52.217.43.14 104.16.19.94
	ACH WlRE REMITTANCE..xlsx	Get hash	malicious	Browse	54.84.56.113 74.125.140.154 45.79.137.127 52.217.43.14 104.16.19.94
	ACH WIRE REMITTANCE.xlsx	Get hash	malicious	Browse	54.84.56.113 74.125.140.154 45.79.137.127 52.217.43.14 104.16.19.94
	POSH XANADU Order-SP-20-V241e.xlsx	Get hash	malicious	Browse	54.84.56.113 74.125.140.154 45.79.137.127 52.217.43.14 104.16.19.94
	ACH WIRE REMITTANCE.xlsx	Get hash	malicious	Browse	54.84.56.113 74.125.140.154 45.79.137.127 52.217.43.14 104.16.19.94

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Microsoft Cabinet archive data, 58936 bytes, 1 file
Category:	dropped
Size (bytes):	117872
Entropy (8bit):	7.994797855729196
Encrypted:	true
SSDEEP:	1536:i/LAvEZrGclx0hoW6qCLdNz2p+/LAvEZrGclx0hoW6qCLdNz2pj:UcMqZVCp8pwcMqZVCp8pj
MD5:	DB381E85D86EA4484D20078E9EC667A6
SHA1:	4871FDAF0C2EEC8183FC3CE7710B18FD3C647CEA
SHA-256:	C3520E3A6EB43F6D416852C454414C5D7823A96FB9070BC30301ADDEBB334D4D
SHA-512:	D9E03A617D1D9505D3ADA3C41FC8A53504F4F1C44F92AF00869F2FE150D6677FD4450E85EB1E3D920D32BA01F190E7F14BF130F8CC69EB47D834CCE43CAA7650
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	MSCF....8.......,...................I........S........LQ.v .authroot.stl..0(/.5..CK..8T....c_.d...:.(.....].M$[v.4CH)-.%.QIR..$t)Kd...D.....3.n..u..............\|..=H4.U=...X..qn.+S..^J.....y.n.v.XC...3a.!.....]...c(...p..]..M.....4.....i...}C.@.[..#xUU..D..agaV..2.\|.g...Y..j.^..@.Q......n7R...`.../..s...f...+...c..9+[.\|0.'..2!.s....a........w.t:..L!.s....`.O>.`#..'.pfi7.U......s..^...wz.A.g.Y........g......:7{.O.......N........C..?....P0$.Y..?m....Z0.g3.>W0&.y](....].`>... ..R.qB..f.....y.cEB.V=.....hy}....t6b.q./~.p........60...eCS4.o......d..}.<,nh..;.....)....e..\|....Cxj...f.8.Z..&..G.......b.....OGQ.V..q..Y.............q...0..V.Tu?.Z..r...J...>R.ZsQ...dn.0.<...o.K....\|.....Q...'....X..C.....a;...Nq..x.b4..1,}.'.......z.N.N...Uf.q'.>}........o\.cD"0.'.Y.....SV..g...Y.....o.=.....k..u..s.kV?@....M...S.n^.:G.....U.e.v..>...q.'..$.)3..T...r.!.m.....6...r,IH.B <.ht..8.s..u[.N.dL.%...q....g..;T..l..5...\.....g...`...........A$:...........

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	1786
Entropy (8bit):	7.366016576663508
Encrypted:	false
SSDEEP:	48:3ntmD5QQD5XC5RqHHXmXvp++hntmD5QQD5XC5RqHHXmXvp++x:3AJ8RAXmXvcOAJ8RAXmXvcu
MD5:	6AEB4E76C6F68EFD7A48092E9F0F3492
SHA1:	823A035C0BDCC3DC09C881E788F7FACA53C6B458
SHA-256:	FE1B9A0EABF44FDBE4DDE97C3CC1209FAD2FBB2D2D7476FFBF64066BD9919A4F
SHA-512:	50D98FB4C9875B1AED0AEC06A9C934DB5010B6C5F54539E323EC14FD487E1D92D01652E4614DDF308AB2F1EDEA9E9CB1E23030C971255CC106016C6E7BBAF48C
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	0..y...H.........j0..f...1.0....H.........N0..J0..2.......D....'..09...@k0....H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0....H.............0..........P..W..be......,k0.[...}.@......3vI.?!I..N..>H.e...!.e..2....w..{........s.z..2..~..0....8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i.....)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0....H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..\|.Wv..(9..e...w.j..w.......)...55.1.0..y...H.........j0..f...1.0....H.........N0..J0..2.......D....'..09...@k0...*.H........0?1$0"..U....Dig

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	652
Entropy (8bit):	3.126853159384259
Encrypted:	false
SSDEEP:	12:2kPlE99SNxAhUegeTttkPlE99SNxAhUegeT2:2kPcUQU76ttkPcUQU762
MD5:	55217B0086C04EFCB86482A57860B6C5
SHA1:	BB073FF88E35F3A545C72C21F110BDF2507DC812
SHA-256:	E0122F3D215474123C0B29FC3BBAA3B4B2D4EDD4097BB916FFBA846086385229
SHA-512:	1688909B640846875AF4F9EA8842E8B21159BA6159A78162EF4D124463AF3E6BF65B3CFED772E137421DDAD7CC2BDEF1631C07029C28EC60197AA40B0C024251
Malicious:	false
Reputation:	low
Preview:	p...... ........m[.....(....................................................... ..........Y.......$...........8...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.6.9.5.5.9.e.2.a.0.d.6.1.:.0."...p...... ..........-....(....................................................... ..........Y.......$...........8...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.6.9.5.5.9.e.2.a.0.d.6.1.:.0."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	504
Entropy (8bit):	3.0413682343734383
Encrypted:	false
SSDEEP:	6:kK1kfliBAIdQZV7eAYLiWKTuQfliBAIdQZV7eAYLit:NSlidKOaxlidKOe
MD5:	ACF08B7F8857A98C76B3D939402C4105
SHA1:	E1B693BB48AF4D278E9A7A2740BE70504903A1A2
SHA-256:	924B17EEF411C8A5496BE49187F43FC5571A3D3606E0A31220997FFF432D59C0
SHA-512:	559FFE4A580DBBCBD1F52E05257602A6A391011B068A0937236B3A0FADF9FE957DC77A25D49C53965D449D40C092F1197A7BA620387119BA596C566B46BE818E
Malicious:	false
Reputation:	low
Preview:	p...... ....`.........(....................................................... ........u.........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.5.9.e.7.6.b.3.c.6.4.b.c.0."...p...... ....`..........(....................................................... ........u.........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.5.9.e.7.6.b.3.c.6.4.b.c.0."...

C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 4-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	237
Entropy (8bit):	6.1480026084285395
Encrypted:	false
SSDEEP:	6:6v/lhPIF6R/C+u1fXNg1XQ3yslRtNO+cKvAElRApGCp:6v/7b/C1fm1ZslRTvAElR47
MD5:	9FB559A691078558E77D6848202F6541
SHA1:	EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31
SHA-256:	6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
SHA-512:	0E08938568CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCFB74437DE520395234D0009D452FB96A8ECE236B
Malicious:	false
Reputation:	high, very likely benign file
Preview:	.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d...-PLTE......(..5..X..h...........................J4.I...IIDAT.[c`..&.(.....F....cX.(@.j.+@..K.(..2L....1.{.....c`]L9.&2.l...I..E.......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\MP98E46N\workflowy[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4281
Entropy (8bit):	5.059111787065238
Encrypted:	false
SSDEEP:	96:OAuAiOaMB/uiiOaMB/uiiOaMB/uiiOiMB/uiiOiMw/uiiOiMwiyE:O5JXXno8
MD5:	25DCC58829A10EDED0F5B66D797ED72D
SHA1:	B7F36CF18F9616295715F02612294D86393BFA58
SHA-256:	A671618AA29D31BB4E32CDCCFE21C7A20C5B1FB632C5582029A63A17F9FD657F
SHA-512:	4BEECFF22BFDEC51A13BCF5B36F5587BF5167124132DF445E387C84688894F216F3C5E7365244E8FA0A4F60231F55082042EFBE6680FCB8C9252553B645B209B
Malicious:	false
Reputation:	low
Preview:	<root></root><root><item name="mostRecentlyOpenedWindowId" value="1605947766752-0.36164659563807827" ltime="1527744864" htime="30851041" /></root><root><item name="mostRecentlyOpenedWindowId" value="1605947766752-0.36164659563807827" ltime="1527744864" htime="30851041" /><item name="userstorage.user_id" value="-1" ltime="1530234864" htime="30851041" /><item name="userstorage.format_version" value="3" ltime="1530234864" htime="30851041" /><item name="userstorage.appcache_id" value="2020-11-20 23:35:57.412449" ltime="1530394864" htime="30851041" /><item name="userstorage.settings" value="{"font_size":19}" ltime="1530464864" htime="30851041" /><item name="loadingBackground" value="#ffffff" ltime="1530594864" htime="30851041" /><item name="loadingForeground" value="#dce0e2" ltime="1530594864" htime="30851041" /></root><root><item name="mostRecentlyOpenedWindowId" value="1605947840564-0.7347137613786161" ltime="2264184864" htime="30851041" /><item name="userstorage.user_id" value=

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9612F053-2BD4-11EB-ADCF-ECF4BBB5915B}.dat Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	33368
Entropy (8bit):	1.8716076851935823
Encrypted:	false
SSDEEP:	96:MllKsKHpH9Jqaaz0QluS3ZGNOeQrrGNdDaUl1C3:MzKsKHpH9Jqaq0QB3QOhu5aUi3
MD5:	85FA6855AB623D9B9E1DE6CF913038C9
SHA1:	F020226CFB40E69692B8DB627C390E48B0D67EA5
SHA-256:	F8EAB58326A5AE0E9829260A8E1DF56CCB09ED979C544658997B9705C6DD9B36
SHA-512:	E8D0FEDF3B5E6A87CF20C8422307E2960AD2A99AB2F90D0D6F72882AA809DC65A40353D7F6CCF6C02730F6245D5D6DDED3F402B364771043401E943CDC2FA6E1
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9612F055-2BD4-11EB-ADCF-ECF4BBB5915B}.dat Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	77016
Entropy (8bit):	2.3561659955260827
Encrypted:	false
SSDEEP:	384:MfP15PiHWWbVRrH4Hry9YZkirR63oGAia4qwRrHc7tybJUvsqWWscbfK4sicfDO3:lzW7ZURqA8JyCffMrDPj8KA
MD5:	FF47694B95BF9343481FB88EDFF91302
SHA1:	0BD9C14962DE4EB0C5F8E7962DFE4C2B55F89C55
SHA-256:	FAEDFA7C31B9E03CD94FD20ABB6B211D65D7062462F5AEC21D22AF9F7720B992
SHA-512:	3D093497397EADF36B58EF95551980E3EFE73C1AE8EFE1D66A1AF6D2C516F5362FF62614DA43548CFAE25ACC43B8C8F1CCCC9F6E8EBAAA56C7157041ED39B60B
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ABFD1AF3-2BD4-11EB-ADCF-ECF4BBB5915B}.dat Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.565171009569542
Encrypted:	false
SSDEEP:	48:IvXGcpUoGwpNBG4pP1GrapgSjrGQpZa4G7HpCaUsTGIpG:MdKwbTJleSjF/w0h4A
MD5:	6DCAF46679F1D04E895024B42E1A4981
SHA1:	CCC8B9B884A96B0ABBA89DD33F9D09A2ACAA23E9
SHA-256:	78E776BF618D04F584D316B37272E8E307478C0C4E03DEEDEF0567202C0DF09E
SHA-512:	38E4F7D9E934BF06C8C902F9BCE663BEDBDCC1784CF5DB3E91510E8C877F36895062EF4823A2971821BA6DC234ACBD6F9D0D7B92E65F03EAE5D68DEEF7EC4D04
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\lr5drzg\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	370820
Entropy (8bit):	4.812016122475089
Encrypted:	false
SSDEEP:	1536:UD48rp0/IBXhIyuw/7rbkQblJ0AAtNPGItG:P8e/IBXjDAnuItG
MD5:	BC5085FD80D31DECAAD1B2E4D6130948
SHA1:	CF66FF5C2DC9917D0885C030FD8244962C753F95
SHA-256:	249EFB78AC57847995317893BDF4AE3F2A373037A66702F339CF3C1B68242AAB
SHA-512:	55EC37A85AFB4C20793193F6E8CB02EA54BF53677D132357A20421F188D945435B5D5D4D10C2E3048D7A2D4BBBEB8E79795FAB1275D6C3A1CEBBEB6135B41A23
Malicious:	false
Reputation:	low
Preview:	).h.t.t.p.s.:././.w.o.r.k.f.l.o.w.y...c.o.m./.m.e.d.i.a./.i./.f.a.v.i.c.o.n...i.c.o.> .............. .( ......(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\Tdcv9KOl0AuohEPI[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	15359
Entropy (8bit):	5.427936583639402
Encrypted:	false
SSDEEP:	384:doPdCvSS/yNrbLXTkc4SRzKeO0bT9GVYlTrcSUn0V0aOuPgl5YGm3TF9:doPNwcDPDbT/tQSUn/aOPmGm3Tv
MD5:	03269F4126D90C4C428AFE973D022124
SHA1:	0057211680BA85A0AD350BA6186C028A70BC6E43
SHA-256:	9CFDC3D608A2EDA61FA51663976F0EADC640D8C60AE1834997AA82C38D9D99FA
SHA-512:	5E2726CC3B2C4C05A1E16A61F07EA4BF41C394FD3D748F05335ACE930043D3B2A6EAF09586243A15A9410E4BB42FDC4D09FF68469BFE87D5B9EE0840E73D8B65
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>...<html>. <head>. <meta charset="utf-8">. <meta http-equiv="X-UA-Compatible" content="chrome=1"><script type="text/javascript">(window.NREUM\|\|(NREUM={})).loader_config={licenseKey:"eaeea54ab7",applicationID:"61695248"};window.NREUM\|\|(NREUM={}),__nr_require=function(e,t,n){function r(n){if(!t[n]){var i=t[n]={exports:{}};e[n][0].call(i.exports,function(t){var i=e[n][1][t];return r(i\|\|t)},i,i.exports)}return t[n].exports}if("function"==typeof __nr_require)return __nr_require;for(var i=0;i<n.length;i++)r(n[i]);return r}({1:[function(e,t,n){function r(){}function i(e,t,n){return function(){return o(e,[u.now()].concat(c(arguments)),t?null:this,n),t?void 0:this}}var o=e("handle"),a=e(6),c=e(7),f=e("ee").get("tracer"),u=e("loader"),s=NREUM;"undefined"==typeof window.newrelic&&(newrelic=s);var d=["setPageViewName","setCustomAttribute","setErrorHandler","finished","addToTrace","inlineHit","addRelease"],p="api-",l=p+"ixn-";a(d,function(e,t){s[t]=i(p+t,!0,"api")}),s.addPageA

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	223
Entropy (8bit):	5.142612311542767
Encrypted:	false
SSDEEP:	6:0IFFDK+Q+56ZRWHMqh7izlpdRSRk68k3tg9EFNin:jFI+QO6ZRoMqt6p3Tk9g9CY
MD5:	72C5D331F2135E52DA2A95F7854049A3
SHA1:	572F349BB65758D377CCBAE434350507341ACD7B
SHA-256:	C3A12D7E8F6B2B1F5E4CD0C9938DFC79532AEF90802B424EE910093F156586DA
SHA-512:	9EA12CC277C9858524083FEBBE1A3E61FDECE5268F63B14C9FFAFE29396C7CCDB3B07BE10E829936BCCD8F3B9E39DCFA6BC4316F189E4CEA914F1D06916DB66B
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.googleapis.com/css?family=Archivo+Narrow&display=swap
Preview:	@font-face {. font-family: 'Archivo Narrow';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/archivonarrow/v12/tss0ApVBdCYD5Q7hcxTE1ArZ0bbwiXo.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\eaeea54ab7[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.31817604175005
Encrypted:	false
SSDEEP:	3:U3KTDWuvMiqVkMWVrfUh:HnNukMWVr8h
MD5:	79F2D634CE67570918939DF10A075576
SHA1:	BA47B7DACB11250F9B1B3974B34954B188E3ECAD
SHA-256:	D10C94B6CDB747904BAEE9070F003BB45849DA46F8100B1320F286C21CBCAAA1
SHA-512:	155FAB1EC68F300DDCB948D024995539C721A2AB0FD89C220F0EFFA68C3863507CBEF806F087F5C84EAB38D4C53DA94BC893894E8FC9DED388DACFE3244E182E
Malicious:	false
Preview:	NREUM.setToken({'stn':1,'err':1,'ins':1,'cap':0,'spa':1})

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\eaeea54ab7[2].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.31817604175005
Encrypted:	false
SSDEEP:	3:U3KTDWuvMiqVkMWVrfUh:HnNukMWVr8h
MD5:	79F2D634CE67570918939DF10A075576
SHA1:	BA47B7DACB11250F9B1B3974B34954B188E3ECAD
SHA-256:	D10C94B6CDB747904BAEE9070F003BB45849DA46F8100B1320F286C21CBCAAA1
SHA-512:	155FAB1EC68F300DDCB948D024995539C721A2AB0FD89C220F0EFFA68C3863507CBEF806F087F5C84EAB38D4C53DA94BC893894E8FC9DED388DACFE3244E182E
Malicious:	false
Preview:	NREUM.setToken({'stn':1,'err':1,'ins':1,'cap':0,'spa':1})

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\favicon[1].ico Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 4-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	237
Entropy (8bit):	6.1480026084285395
Encrypted:	false
SSDEEP:	6:6v/lhPIF6R/C+u1fXNg1XQ3yslRtNO+cKvAElRApGCp:6v/7b/C1fm1ZslRTvAElR47
MD5:	9FB559A691078558E77D6848202F6541
SHA1:	EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31
SHA-256:	6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
SHA-512:	0E08938568CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCFB74437DE520395234D0009D452FB96A8ECE236B
Malicious:	false
IE Cache URL:	http://www.bing.com/favicon.ico
Preview:	.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d...-PLTE......(..5..X..h...........................J4.I...IIDAT.[c`..&.(.....F....cX.(@.j.+@..K.(..2L....1.{.....c`]L9.&2.l...I..E.......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\login[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	169
Entropy (8bit):	4.534640683711167
Encrypted:	false
SSDEEP:	3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLPbCXqwcWWGu:q43tISl6kXiMIWSU6XlI5LPJpfGu
MD5:	7B4F513528A3D65397F0E7F6DEF7AD4A
SHA1:	5DA8E55D7F30D9530BDEFB6FD670C273FF9DDD66
SHA-256:	5075788CBBDF48D111B4882949D3E50856C81CA87630A85D7C8DD1E600CDC691
SHA-512:	1EAAE52797DDC5ECC686D6351BFB152DB1276C644E33DAFE9ACA9B81EE9AA75D29FA04A12A64B3B281E0163C318E9832861D9553C67A984D3958E90EF57FE59C
Malicious:	false
Preview:	<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx/1.19.4</center>..</body>..</html>..

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\rC56cpX1uS2qJKOxJ-5Sb8u-[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
IE Cache URL:	https://s3.amazonaws.com/simbla-static-2/2020/11/5faba665321d68001d4fc0e4/5faba6db73aef50019af7085/rC56cpX1uS2qJKOxJ-5Sb8u-.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\signup[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	169
Entropy (8bit):	4.534640683711167
Encrypted:	false
SSDEEP:	3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLPbCXqwcWWGu:q43tISl6kXiMIWSU6XlI5LPJpfGu
MD5:	7B4F513528A3D65397F0E7F6DEF7AD4A
SHA1:	5DA8E55D7F30D9530BDEFB6FD670C273FF9DDD66
SHA-256:	5075788CBBDF48D111B4882949D3E50856C81CA87630A85D7C8DD1E600CDC691
SHA-512:	1EAAE52797DDC5ECC686D6351BFB152DB1276C644E33DAFE9ACA9B81EE9AA75D29FA04A12A64B3B281E0163C318E9832861D9553C67A984D3958E90EF57FE59C
Malicious:	false
Preview:	<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx/1.19.4</center>..</body>..</html>..

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\Tdcv9KOl0AuohEPI[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	15359
Entropy (8bit):	5.428164943834832
Encrypted:	false
SSDEEP:	384:doPdCvSS/yNrbLXTkc4SRzKeO0bT9GVYlTrcfUn0E0aOuPgl5YGm3TF9:doPNwcDPDbT/tQfUn2aOPmGm3Tv
MD5:	5647C1EA961BA66835CED2B1F335B331
SHA1:	6829634742D868F0034A7ED5E0DC5BD8F8F77F14
SHA-256:	38FB7C96F662BF69604AB465DB140B27F66B1CA55C9520D2F4158E4A19A02734
SHA-512:	C27E8F59D4B232E8EE677AB6CBF8F0E9BB93C0734741AE4FFD2A2F8243EC933EB92913F9BB8407FBDCD42D52613F778E7A3B16A7B54FFCF273BC37C3CC06B28F
Malicious:	false
Preview:	<!DOCTYPE html>...<html>. <head>. <meta charset="utf-8">. <meta http-equiv="X-UA-Compatible" content="chrome=1"><script type="text/javascript">(window.NREUM\|\|(NREUM={})).loader_config={licenseKey:"eaeea54ab7",applicationID:"61695248"};window.NREUM\|\|(NREUM={}),__nr_require=function(e,t,n){function r(n){if(!t[n]){var i=t[n]={exports:{}};e[n][0].call(i.exports,function(t){var i=e[n][1][t];return r(i\|\|t)},i,i.exports)}return t[n].exports}if("function"==typeof __nr_require)return __nr_require;for(var i=0;i<n.length;i++)r(n[i]);return r}({1:[function(e,t,n){function r(){}function i(e,t,n){return function(){return o(e,[u.now()].concat(c(arguments)),t?null:this,n),t?void 0:this}}var o=e("handle"),a=e(6),c=e(7),f=e("ee").get("tracer"),u=e("loader"),s=NREUM;"undefined"==typeof window.newrelic&&(newrelic=s);var d=["setPageViewName","setCustomAttribute","setErrorHandler","finished","addToTrace","inlineHit","addRelease"],p="api-",l=p+"ixn-";a(d,function(e,t){s[t]=i(p+t,!0,"api")}),s.addPageA

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\ZJH_2F3Xi0SopxxCuN7EKeDY[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, baseline, precision 8, 1920x1080, frames 3
Category:	downloaded
Size (bytes):	17453
Entropy (8bit):	3.890509953257612
Encrypted:	false
SSDEEP:	192:P7FRTHQpmA3ZkXOL25cYty7l6UWUjMJBSab/vR+yzP:P/cpmgkF5+JWUjMp40P
MD5:	7916A894EBDE7D29C2CC29B267F1299F
SHA1:	78345CA08F9E2C3C2CC9B318950791B349211296
SHA-256:	D8F5AB3E00202FD3B45BE1ACD95D677B137064001E171BC79B06826D98F1E1D3
SHA-512:	2180ABE47FBF76E2E0608AB3A4659C1B7AB027004298D81960DC575CC2E912ECCA8C131C6413EBBF46D2AAA90E392EB00E37AED7A79CDC0AC71BA78D828A84C7
Malicious:	false
IE Cache URL:	https://s3.amazonaws.com/simbla-static-2/2020/11/5faba665321d68001d4fc0e4/5faba6db73aef50019af7085/ZJH_2F3Xi0SopxxCuN7EKeDY.jpg
Preview:	.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\dfce06801e1a85d6d06f1fdd4475dacd[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	11724
Entropy (8bit):	5.142570243800562
Encrypted:	false
SSDEEP:	192:fCVFt3uv8AIW93kXLHkwBcAfSdIYjf0yChCTfbOtfC9QdHn:KXW42I9QTfbO49U
MD5:	50A0037A600BA8C10F993DB1F075AF0C
SHA1:	6CF8EC58F39CC2D77BC7CE84FED0C669E84D9E21
SHA-256:	3660F800D33EA3E7A1835B48188AA5F50ADBE40E1E833246159699673AEBAAAD
SHA-512:	5559E835A704742995271877247EB5AADD20E33C13A1332C7F68245E5C2D2B1B7712A1F1F0EFF2F70B4C63ECC3EB588C3CD4DD9A264D2B688FBBB19D43D6EA1F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\dfce06801e1a85d6d06f1fdd4475dacd[1].htm, Author: Joe Security
IE Cache URL:	https://jamif-cdn3d.us-east-1.linodeobjects.com/dfce06801e1a85d6d06f1fdd4475dacd.html
Preview:	..<!doctype html>..<html lang="en">..<head>.. <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>.. <script src="https://code.jquery.com/jquery-3.1.1.min.js"></script>.. <script src="https://code.jquery.com/jquery-3.3.1.js" integrity="sha256-2Kok7MbOyxpgUVvAk/HJ2jigOSYS2auK4Pfzbm7uH60=" crossorigin="anonymous"></script>.. Required meta tags -->.. <meta charset="utf-8">.. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.... Bootstrap CSS -->.. <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">.. <link href="https://fonts.googleapis.com/css?family=Archivo+Narrow&display=swap" rel="stylesheet">.. <script src="https://kit.fontawesome.com/585b051251.js" crossorigin="anonymous"></script>.. <title>Log-In</title>.. <link href="css/hover.c

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\eaeea54ab7[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.459147917027245
Encrypted:	false
SSDEEP:	3:CUXJ/lH:Dl
MD5:	BC32ED98D624ACB4008F986349A20D26
SHA1:	2D3DF8C11D2168CE2C27E0937421D11D85016361
SHA-256:	0C9CF152A0AD00D4F102C93C613C104914BE5517AC8F8E0831727F8BFBE8B300
SHA-512:	71ACC6DA78D5D5BF0EEA30E2EE0AC5C992B00EFEC959077DFE0AB769F1DBBD9AF12D5C5C155046283D5416BEB606A9EF323FB410E903768B1569B69F37075B4E
Malicious:	false
Preview:	GIF89a.......,..........

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\free-v4-shims.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	26701
Entropy (8bit):	4.829785000026929
Encrypted:	false
SSDEEP:	192:bP6hT1bIl4w0QUmQ10PwKLaAu5CwWavpHo4O6wgLPbJVR8XD7mycP:Ohal4w0QK+PwK05eavpmgPPeXD7mycP
MD5:	2E4C3DA4EAE1C876A281D6CA5A7A5B4C
SHA1:	92AD084AAB53B7AA8C761CD66BDFB1F79B9CAED7
SHA-256:	CFFF9EA502195A7B96FE38DECA9188A59B758DEEECC2CD4E78AEA7D911E638C6
SHA-512:	F324F308649F47E3C25BF021C1776A4326750D04D9392B7F200331E806514B69E7579FB23D7B2107A3B30CB96926554C0DE13F45FD1397BDAE89938DD52A7EBF
Malicious:	false
IE Cache URL:	https://ka-f.fontawesome.com/releases/v5.15.1/css/free-v4-shims.min.css
Preview:	/!. Font Awesome Free 5.15.1 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.fa.fa-glass:before{content:"\f000"}.fa.fa-meetup{font-family:"Font Awesome 5 Brands";font-weight:400}.fa.fa-star-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-star-o:before{content:"\f005"}.fa.fa-close:before,.fa.fa-remove:before{content:"\f00d"}.fa.fa-gear:before{content:"\f013"}.fa.fa-trash-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-trash-o:before{content:"\f2ed"}.fa.fa-file-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-file-o:before{content:"\f15b"}.fa.fa-clock-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-clock-o:before{content:"\f017"}.fa.fa-arrow-circle-o-down{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-arrow-circle-o-down:before{content:"\f358"}.fa.fa-arrow-circle-o-up{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-arro

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\free.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	60351
Entropy (8bit):	4.728636008010348
Encrypted:	false
SSDEEP:	768:OUh31IPiyXNq4YxBowbgJlkwF//zMQyYJYX9Bft6VSz8:OU0PxXE4YXJgndFTfy9lt5Q
MD5:	319D424BA89A84BBD230A3B5F7024193
SHA1:	1AE1807CDED8F2E41D2541BCCA8E0D7077FBA6F4
SHA-256:	4F02BD6F018D6F08C37C39F2D114101BEAC342C2C065046635E5ED0C42853590
SHA-512:	A68CAB17CCD1C4DDEAD9124B75CF0CF0C12C4E914902AECE79DCC4C42167B58B565467F20F72C48DFA85490F1895F89F074C85E825D548AD12410741A3302E54
Malicious:	false
IE Cache URL:	https://ka-f.fontawesome.com/releases/v5.15.1/css/free.min.css
Preview:	/!. Font Awesome Free 5.15.1 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pul

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\login[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	7301
Entropy (8bit):	5.357066025426497
Encrypted:	false
SSDEEP:	96:Awj4cNN8Afppuu5EVJSWhGUUkIkKyOd0JbAWAbEbaxx33GNNqkUka6WqyZ4bEm9d:ADu5S5YUudwkNL33GXbgqNt
MD5:	5462057035E108135972ABB914FB85A8
SHA1:	580BDFA18401421EC757AA11F6138BE4DE233D6B
SHA-256:	357F8DC902E87B5F314CBCC917B670FE608B3284BE46ED5AD083A64D9126FF99
SHA-512:	E8429B1EA465EAE47132E08149EA7976176A63CF1A72E55918DC8A6C107B3EC270B838902492DF8E78640DC96BF434CC943AEDE9D5E78CE88DA28D4400661734
Malicious:	false
IE Cache URL:	https://workflowy.com/login/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI
Preview:	<!doctype html><html><head><title>Log in to WorkFlowy</title><meta http-equiv="X-UA-Compatible" content="chrome=1"/><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,700,800" rel="stylesheet" type="text/css"/><meta name="ahrefs-site-verification" content="1e02598fc87129fdd8624212a90901b5a29fe287c590c9740af3c21f34784f42"/><link rel="shortcut icon" type="image/x-icon" href="/media/i/favicon.ico"/><link rel="apple-touch-icon" href="/media/i/icon-57x57.png"/><link rel="apple-touch-icon" sizes="72x72" href="/media/i/icon-72x72.png"/><link rel="apple-touch-icon" sizes="114x114" href="/media/i/icon-114x114.png"/><link rel="apple-touch-startup-image" sizes="768x1004" href="/media/i/workflowy-startup-image-ipad.png"/><link rel="apple-touch-startup-image" href="/media/i/workflowy-startup-image.png"/><meta name="apple-mobile-web-app-status-bar-style" content="black"/><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0"/><met

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\logo-bullet-lines-blue[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	589
Entropy (8bit):	4.972593672152842
Encrypted:	false
SSDEEP:	12:trZ9/MKuCoYUddWAbkLbcJfC4PbHTZL+xKC4nPHvoLrMltEulatEmZCtE+:tV9/MKuNT4sCGbHTZbC0oXw5WhAP
MD5:	7C6542F8D09ED039CEAD9A46BA912E53
SHA1:	45BECA1B83D4B72F79D1A10C6210ACDFF355C23B
SHA-256:	1255B7A53BEFBB4A3C4031F9582FE1936B8D124DE5B8B693B03358CB3E492071
SHA-512:	3900389574C26E5EAE008CC91F369C5346FC5C0501D9B773AFFF4FAFEC9F690A257B795742AB80980F025E645B5DC581AC1B26E42ECA6E51400C84EEBDC018F5
Malicious:	false
IE Cache URL:	https://workflowy.com/media/i/logo-bullet-lines-blue.svg
Preview:	<svg width="579" height="580" viewBox="0 0 579 580" fill="none" xmlns="http://www.w3.org/2000/svg">.<path d="M116 35H531C557.51 35 579 56.4903 579 83V83C579 109.51 557.51 131 531 131H116V35Z" fill="#B2CADB"/>.<path d="M218 242H531C557.51 242 579 263.49 579 290V290C579 316.51 557.51 338 531 338H218V242Z" fill="#B2CADB"/>.<path d="M116 449H531C557.51 449 579 470.49 579 497V497C579 523.51 557.51 545 531 545H116V449Z" fill="#B2CADB"/>.<circle cx="83" cy="83" r="83" fill="#47525B"/>.<circle cx="235" cy="290" r="83" fill="#47525B"/>.<circle cx="83" cy="497" r="83" fill="#47525B"/>.</svg>.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\print[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1316
Entropy (8bit):	4.5361774193775695
Encrypted:	false
SSDEEP:	24:Ev7iax0Ra6+G0EBxLCKrqwjtRiRRl/H+VEgTKwubs:Ev7ia6sG0E/CIJI56qo
MD5:	7471DC37D85CB2B6BAAC70B6A9312DB4
SHA1:	D4775C3D288899890AA0874D3F9AC33843680119
SHA-256:	858EBBB77D7504548FED0FB9088D90B774945E88B0464D42A44C4829A84B972D
SHA-512:	062806344E9E5904BF3A0DBAB95E4272C0D84DD654DD29BDCC95BC5FDBED6436B4D8C079425C94282FCDE57801D3B5B16820EA010A829624191A2CC4D771FC98
Malicious:	false
IE Cache URL:	https://workflowy.com/media/css/print.css
Preview:	.leftBar {. display: none;.}..body {. padding-left: 0 !important;.}...page {. border: none !important;.. /* Add space at top of page so there is some margin. /. margin-top: 0 !important;. margin-bottom: 0 !important;.. min-height: 10px !important;. box-shadow: none !important;.. / Style the page width and margins so that they adjust dynamically. depending on width used for printing (and turn off the. transform that is normally used for this). We need to use pure. CSS for positioning the page when printing (rather than the JS. that adjusts things on 'resize' events normally) because we. don't know what the print width will be. */. width: auto !important;. max-width: 700px !important;. margin-left: auto !important;. margin-right: auto !important;. left: 0 !important;.. transform: none !important;. -webkit-transform: none !important;. -moz-transform: none !important;. -ms-transform: none !important;.}...mainTreeRoot {. min-height: 0px !im

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\reset[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	928
Entropy (8bit):	4.754464678335133
Encrypted:	false
SSDEEP:	24:LFc0a1DMd2Uhsq1wJjtqQqvAQbCFD+FW9N3/s:xLzhsJVtf/F3X0
MD5:	11B989919D8B8857A3700B00F4E8F184
SHA1:	0D909DA6DE2B0157D07D0FCB721221F5D49688C0
SHA-256:	20B1C4B5D2BE0EED0ABB524023534E08D98D34D82C01D60CEB40D9B387EB8AC5
SHA-512:	BA320F903E0EDEF9E65861F931F4711E8556723560EAD36D46935BB126BAF4CEFDC08A14A1F5AA9F517AD5EF79CE67213391B0BA1ABC46A9F34F841A3BADC2A7
Malicious:	false
IE Cache URL:	https://workflowy.com/media/css/reset.css
Preview:	html, body, div, span, applet, object, iframe,.h1, h2, h3, h4, h5, h6, p, blockquote, pre,.a, abbr, acronym, address, big, cite, code,.del, dfn, em, font, img, ins, kbd, q, s, samp,.small, strike, strong, sub, sup, tt, var,.b, u, i, center,.dl, dt, dd, ol, ul, li,.fieldset, form, label, legend,.table, caption, tbody, tfoot, thead, tr, th, td {.margin: 0;.padding: 0;.border: 0;.outline: 0;.font-size: 100%;.vertical-align: baseline;.background: transparent;.}.body {.line-height: 1;.}.ol, ul {.list-style: none;.}.blockquote, q {.quotes: none;.}.blockquote:before, blockquote:after,.q:before, q:after {.content: '';.content: none;.}../* remember to define focus styles! /.:focus {.outline: 0;.}../ remember to highlight inserts somehow! /.ins {.text-decoration: none;.}.del {.text-decoration: line-through;.}../ tables still need 'cellspacing="0"' in the markup */.table {.border-collapse: collapse;.border-spacing: 0;.}..

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\urlblockindex[1].bin Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	data
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	1.6216407621868583
Encrypted:	false
SSDEEP:	3:PF/l:
MD5:	FA518E3DFAE8CA3A0E495460FD60C791
SHA1:	E4F30E49120657D37267C0162FD4A08934800C69
SHA-256:	775853600060162C4B4E5F883F9FD5A278E61C471B3EE1826396B6D129499AA7
SHA-512:	D21667F3FB081D39B579178E74E9BB1B6E9A97F2659029C165729A58F1787DC0ADADD980CD026C7A601D416665A81AC13A69E49A6A2FE2FDD0967938AA645C07
Malicious:	false
IE Cache URL:	https://r20swj13mr.microsoft.com/ieblocklist/v1/urlblockindex.bin
Preview:	.p.J2...........

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\e42577a28f6c3e306a7f[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	6932
Entropy (8bit):	5.314316385992555
Encrypted:	false
SSDEEP:	192:q76Udb4Zz7Gf3XmkhlmClBRQ/IaAjL5d5P1n1:g60SGfrhplBRQ/IhjL5T
MD5:	AD5D37EB59C3360ECE2973696A3520D4
SHA1:	74E94926731088E2CCD62DD065CDB1B7316FF1AA
SHA-256:	1463EEA0C3698C8760F805F7720FC1A8195AF56227DF0D22CCEB1955C2858646
SHA-512:	BAE6B49423CA1AB5EB8120E63B1ACE31DB57CE5C830749A3F86FF219733B8B90F2E2C1D54D616B4FB9B8DA6699499FFBFBD978F0EE13EA20E94A017B39CC9856
Malicious:	false
IE Cache URL:	https://workflowy.com/media/js/e42577a28f6c3e306a7f.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[8],{921:function(e,t,n){"use strict";var a=n(0),r=n(3),i=function(){return(i=Object.assign\|\|function(e){for(var t,n=1,a=arguments.length;n<a;n++)for(var r in t=arguments[n])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e}).apply(this,arguments)};function o(e){return JSON.stringify(e).replace(/\u2028/g,"\\u2028").replace(/\u2029/g,"\\u2029").replace(/<\//g,"<\\/")}var l=a.memo(function(e){var t=e.title,n=e.description,l=e.style,c=e.children,s=e.context;return a.useEffect(function(){document.title=t},[t]),Object(r.g)("html",{margin:0,padding:0,height:"100%"}),Object(r.g)("body",i({margin:0,padding:0,height:"100%"},l)),Object(r.g)("#page",{height:"100%"}),s.pageOnly?c:a.createElement("html",null,a.createElement("head",null,a.createElement("title",null,t),n&&a.createElement("meta",{name:"description",content:n}),a.createElement("meta",{httpEquiv:"X-UA-Compatible",content:"chrome=1"}),a.createElement("link",{href:"https://

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\eaeea54ab7[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.459147917027245
Encrypted:	false
SSDEEP:	3:CUXJ/lH:Dl
MD5:	BC32ED98D624ACB4008F986349A20D26
SHA1:	2D3DF8C11D2168CE2C27E0937421D11D85016361
SHA-256:	0C9CF152A0AD00D4F102C93C613C104914BE5517AC8F8E0831727F8BFBE8B300
SHA-512:	71ACC6DA78D5D5BF0EEA30E2EE0AC5C992B00EFEC959077DFE0AB769F1DBBD9AF12D5C5C155046283D5416BEB606A9EF323FB410E903768B1569B69F37075B4E
Malicious:	false
Preview:	GIF89a.......,..........

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 6 icons, 256x256, 32 bits/pixel, 128x128, 32 bits/pixel
Category:	downloaded
Size (bytes):	370070
Entropy (8bit):	4.80845072778125
Encrypted:	false
SSDEEP:	1536:ZD48rp0/IBXhIyuy/7rbkQblJ0AA/NPwITv:28e/IBXjxA1IITv
MD5:	F411E7E8A5B13EB1DE3974675C0D8CFC
SHA1:	86E1C2A83787FF51333BA6CF512A7C125DE16429
SHA-256:	D183C18DB92DD74B44320182C14B12A627B9F0A836776A7E0C263BE8D2792995
SHA-512:	2B5371D4A7539CD1F142B62BCA89CC806A6A7CE98851BC8AAA103BFD2CF2862F1680A513E0AB65783B88DCA84525B251DFC026172D553F76796D7F4A16C74268
Malicious:	false
IE Cache URL:	https://workflowy.com/media/i/favicon.ico
Preview:	............ .( ..f......... .(.... ..@@.... .(B...(..00.... ..%...j.. .... ............... .h.......(............. ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\free-fa-regular-400[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Font Awesome 5 Free Regular family
Category:	downloaded
Size (bytes):	34350
Entropy (8bit):	6.320570887190345
Encrypted:	false
SSDEEP:	384:HbFILSQt3owpXUazLuDULbNVTH/oOkKQB3I+89AyI6WcRwkRcQUta:HbeLSe3yy6DOP/oDB29uc5RcQUA
MD5:	991B587DBEE2E132C9542FB1280F1372
SHA1:	660DA8C03735C9DFFB26205AAD19EA6B1916268A
SHA-256:	44F6500D0D5D7F3F8422B9790EAA47DF4E1D812C90239602E53429376B96D1DF
SHA-512:	A9AF4B58640B47D1EF7B6E2126BA6908AF9A4027D3961E3889732E433B9CED8E49F0BB17E54FEA602FFC46E93206DBA088EFC9CC41940477C3DCC3687D0C9B0D
Malicious:	false
IE Cache URL:	https://ka-f.fontawesome.com/releases/v5.15.1/webfonts/free-fa-regular-400.eot?
Preview:	..................................LP.............................................6.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .R.e.g.u.l.a.r.....R.e.g.u.l.a.r...L.3.3.1...5.2.1. .(.F.o.n.t. .A.w.e.s.o.m.e. .v.e.r.s.i.o.n.:. .5...1.5...1.)...6.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .R.e.g.u.l.a.r................PFFTM.,..........GDEF.*..........OS/2A.S....X...`cmap...........gasp............glyf\|.7.... ..n.head...........6hhea.5.........$hmtx...t.......Tloca.e........6maxp.......8... name8.8"..w....[post.iA...}..........K.`.._.<...........w......z.................................................................................@.................L.f...G.L.f....................................PfEd...............T.........:..... ...................@...........................@...............@...................@.......@...@.......@...@...................................`...............................@...................@....................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\free-fa-solid-900[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Font Awesome 5 Free Solid family
Category:	downloaded
Size (bytes):	204814
Entropy (8bit):	6.34341654497633
Encrypted:	false
SSDEEP:	6144:5t+zd6McnODzpN2BDXTIRSwRKSK3NC5xMG:GELnODze58Rjg+55
MD5:	D3B45D588F61AB38CB31CBA544B4373C
SHA1:	627D2C71A5FFC7E5F17DA0897EE1B73CD30D255F
SHA-256:	366C63E48A15576AA55ED76DB0EBCCA8BCE15F6EFC881BD0AC75982FF1233699
SHA-512:	6D178A6671E6C1E4148770A4FD6351FD237628A48748047006B350E3FBD2BDFD0257BD908BAA26606D3326FE2F7D1E80B505E533716D9EFE8490A6EEC99D83BC
Malicious:	false
IE Cache URL:	https://ka-f.fontawesome.com/releases/v5.15.1/webfonts/free-fa-solid-900.eot?
Preview:	. ................................LP........................O..O..................2.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .S.o.l.i.d.....S.o.l.i.d...L.3.3.1...5.2.1. .(.F.o.n.t. .A.w.e.s.o.m.e. .v.e.r.s.i.o.n.:. .5...1.5...1.)...2.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .S.o.l.i.d................PFFTM.,..........GDEF.*..........OS/23.V`...X...`cmap.j.4...h....gasp............glyfh.....-....dhead.,.........6hhea.C.-.......$hmtx.Q..........loca.......8....maxp.N.`...8... name!.-....P...+post..Fa...\|..1......K.`O..O_.<...........x......z...............................................................]. ...............@.................L.f...G.L.f....................................PfEd...............T.........:..... ...................................@.......@. .........................@...........@...................................................................................@...........................`.......................@.......@.......@...................................@....

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\jquery-3.3.1[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	271751
Entropy (8bit):	5.0685414131801165
Encrypted:	false
SSDEEP:	6144:+tah6/K+TCtlMhTze/RZcYmDizK8dB7alFys/WL/umH4N0IPfKu5AA11vrIY:9pZcYmDcHwFygmY1PfjAA1Br3
MD5:	6A07DA9FAE934BAF3F749E876BBFDD96
SHA1:	46A436EBA01C79ACDB225757ED80BF54BAD6416B
SHA-256:	D8AA24ECC6CECB1A60515BC093F1C9DA38A0392612D9AB8AE0F7F36E6EEE1FAD
SHA-512:	E525248B09A6FB4022244682892E67BBF64A3E875EB889DB43B0A24AB4A75077B5D5D26943CA382750D4FEBC3883193F3BE581A4660065B6FC7B5EC20C4A044B
Malicious:	false
IE Cache URL:	https://code.jquery.com/jquery-3.3.1.js
Preview:	/!. jQuery JavaScript Library v3.3.1. * https://jquery.com/. . Includes Sizzle.js. * https://sizzlejs.com/. . Copyright JS Foundation and other contributors. * Released under the MIT license. * https://jquery.org/license. . Date: 2018-01-20T17:24Z. */.( function( global, factory ) {..."use strict";...if ( typeof module === "object" && typeof module.exports === "object" ) {....// For CommonJS and CommonJS-like environments where a proper `window`...// is present, execute the factory and get jQuery....// For environments that do not have a `window` with a `document`...// (such as Node.js), expose a factory as module.exports....// This accentuates the need for the creation of a real `window`....// e.g. var jQuery = require("jquery")(window);...// See ticket #14549 for more info....module.exports = global.document ?....factory( global, true ) :....function( w ) {.....if ( !w.document ) {......throw new Error( "jQuery requires a window with a document" );.....}.....return factor

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\nr-1184.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	27995
Entropy (8bit):	5.315806784478887
Encrypted:	false
SSDEEP:	384:yZevj5JLnX8Rfz4cNc4esZt2mwUyAH77jx+zaTgEgi2bikgHIvxYocboatVFKFJb:yZUrW13Zt2A7pFFIpYo8ltqWE5
MD5:	3D7F312BE60D08A2568E311E4762F3AF
SHA1:	EDC028ACC27FB8DC6E2106A071A03AE7F93DC3B4
SHA-256:	780861F2AB29C0144055244696561FB0306C8CB3CB7F548F9105C763B0E91F77
SHA-512:	01507CB531465D496E475994A901D2E54E654810BDADE13BEB0480E9CA75FC92B0E4A5689646CC17FC2B10F93F00C1B000CD5B7C9B024F4A7A60F97905C1658B
Malicious:	false
IE Cache URL:	https://js-agent.newrelic.com/nr-1184.min.js
Preview:	!function(n,e,t){function r(t,i){if(!e[t]){if(!n[t]){var a="function"==typeof __nr_require&&__nr_require;if(!i&&a)return a(t,!0);if(o)return o(t,!0);throw new Error("Cannot find module '"+t+"'")}var u=e[t]={exports:{}};n[t][0].call(u.exports,function(e){var o=n[t][1][e];return r(o\|\|e)},u,u.exports)}return e[t].exports}for(var o="function"==typeof __nr_require&&__nr_require,i=0;i<t.length;i++)r(t[i]);return r}({1:[function(n,e,t){e.exports=function(n,e){return"addEventListener"in window?window.addEventListener(n,e,!1):"attachEvent"in window?window.attachEvent("on"+n,e):void 0}},{}],2:[function(n,e,t){function r(n,e,t,r,i){l[n]\|\|(l[n]={});var a=l[n][e];return a\|\|(a=l[n][e]={params:t\|\|{}},i&&(a.custom=i)),a.metrics=o(r,a.metrics),a}function o(n,e){return e\|\|(e={count:0}),e.count+=1,f(n,function(n,t){e[n]=i(t,e[n])}),e}function i(n,e){return e?(e&&!e.c&&(e={t:e.t,min:e.t,max:e.t,sos:e.te.t,c:1}),e.c+=1,e.t+=n,e.sos+=nn,n>e.max&&(e.max=n),n<e.min&&(e.min=n),e):{t:n}}function a(n,e){return

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\popper.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	19188
Entropy (8bit):	5.212814407014048
Encrypted:	false
SSDEEP:	384:+CbuG4xGNoDic2UjKPafxwC5b/4xQviOJU7QzxzivDdE3pcGdjkd/9jt3B+Kb964:zb4xGmiJfaf7gxQvVU7eziv+cSjknZ3f
MD5:	70D3FDA195602FE8B75E0097EED74DDE
SHA1:	C3B977AA4B8DFB69D651E07015031D385DED964B
SHA-256:	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
SHA-512:	51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14
Malicious:	false
IE Cache URL:	https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Preview:	/. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. /(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode\|\|e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto\|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\site.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with LF, NEL line terminators
Category:	downloaded
Size (bytes):	344855
Entropy (8bit):	5.299148755710273
Encrypted:	false
SSDEEP:	6144:AxSzp/o/iitbtNUaeRjLSuE4kIOFAweV0AAF:Ak1ottxNUNjLStrfeV07
MD5:	D06B9C7BBDB584E891AF7470C540373F
SHA1:	9E09177E303D5EC1876E1183842BFE60D4BCBC17
SHA-256:	1D96DED3CBB2E05D247CA03185BA021F790DBE8AABDD03DF56BBC27AB84BD7D6
SHA-512:	C53D4C04BA93098544DC3C9EDA61CA61D72153F3B871E36786F5961CBB6E6BB8FB567D215D8B04B487825535E4313A313DDB4F0D38CCFB6E7EFB45DE5900C96E
Malicious:	false
IE Cache URL:	https://workflowy.com/media/js/site.min.js
Preview:	!function(e){function t(t){for(var n,o,i=t[0],a=t[1],u=0,c=[];u<i.length;u++)o=i[u],r[o]&&c.push(r[o][0]),r[o]=0;for(n in a)Object.prototype.hasOwnProperty.call(a,n)&&(e[n]=a[n]);for(l&&l(t);c.length;)c.shift()()}var n={},r={17:0};function o(t){if(n[t])return n[t].exports;var r=n[t]={i:t,l:!1,exports:{}};return e[t].call(r.exports,r,r.exports,o),r.l=!0,r.exports}o.e=function(e){var t=[],n=r[e];if(0!==n)if(n)t.push(n[2]);else{var i=new Promise(function(t,o){n=r[e]=[t,o]});t.push(n[2]=i);var a,u=document.createElement("script");u.charset="utf-8",u.timeout=120,o.nc&&u.setAttribute("nonce",o.nc),u.src=function(e){return o.p+""+{0:"6f0b670eddaac85c5e4a",1:"8503ebe23bbb553931eb",2:"691a58eec3574cfa110c",3:"b27f856295365a42f064",4:"8c28c7d27117534a86a4",5:"1524dae43e7dbf404f3f",6:"65247b01f18ac82607ac",7:"9ca9fbac43f0e272661a",8:"e42577a28f6c3e306a7f",9:"5ba570c48ff05a4b5218",10:"7fb5d00134d0d26577a6",11:"adf9fc155506e2fa3fbf",12:"f216138f9312c91eee7d",13:"018fa7a115dcad40b512"}[e]+".js"}(e);

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\6f0b670eddaac85c5e4a[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	48788
Entropy (8bit):	5.359595203167086
Encrypted:	false
SSDEEP:	384:NA+C8e79Ye4hXZFCaWhz4EYrquM5FX4PV2YER6tTDf4z+l2PtmAucSOrxFqw66MG:74B4hWaOGrMhaTza/k6BG+7r
MD5:	8AFD3E7AEF0EF52C3EC7F4647F443AE4
SHA1:	21B6CC97A07DE5C5E62A5A0BEE624DE2B8033A23
SHA-256:	FA8372A7BFB9536773A97EF134BD77AAA88295B10382F5885C70C639C51EB5B3
SHA-512:	07131B6D036AD0475B406DD79747589A461AAA9C16477C3209E20E0333270A320F23E0EF6BF18D4899F2854569F95966C8F2FC9AD5CB57B08DE27B7AD2FBEBE2
Malicious:	false
IE Cache URL:	https://workflowy.com/media/js/6f0b670eddaac85c5e4a.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[0],{10:function(e,r,t){"use strict";t.d(r,"c",function(){return g}),t.d(r,"d",function(){return h}),t.d(r,"e",function(){return y}),t.d(r,"b",function(){return v}),t.d(r,"a",function(){return x}),t.d(r,"f",function(){return w});var n,o=t(0),a=t(9),i=t(2),u=function(){return(u=Object.assign\|\|function(e){for(var r,t=1,n=arguments.length;t<n;t++)for(var o in r=arguments[t])Object.prototype.hasOwnProperty.call(r,o)&&(e[o]=r[o]);return e}).apply(this,arguments)},c={gray1:a.g,gray2:a.f,gray3:a.n,gray4:a.k,gray5:a.l,gray6:a.m,gray7:a.b,gray8:a.s,sharing:a.r,accent:a.a,overlay:a.s},l={gray1:"#ffffff",gray2:"#d9dbdb",gray3:"#9ea1a2",gray4:"#7c7f81",gray5:"#5c6062",gray6:"#42484b",gray7:"#353c3f",gray8:"#2a3135",sharing:"#367",accent:"#367",overlay:"#2a3135"},s=function(e){return void 0===e&&(e=c),u(u({},e),{arrowColor:e.gray2,background:e.gray8,backgroundImage:null,backgroundImageSet:null,bulletColor:e.gray2,bulletHalo:e.gray5,bulletHaloHover

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\adf9fc155506e2fa3fbf[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	6865
Entropy (8bit):	5.310715814564055
Encrypted:	false
SSDEEP:	192:276Udb4Zz7Gf3XmkhlmClBRQ/IaAeLKKd5ceK:M60SGfrhplBRQ/IheLKKQ
MD5:	B0CCC823DF717416D5EAA426AAC6BA86
SHA1:	6984D4F8B021EC07E4EEB338F9F6F8431C6C18EB
SHA-256:	53BDF5DAE2A46EE74470051D7AF9FB93BEAF8659D193322D4916EB758FE87294
SHA-512:	49298181F084D342B04993DB1D59A443933D153C6B2D378E2AF4B95769785CC13053E2213473800EF8F0AD0E240E98DBE93DAB1805272BEEAC8E0A1D90AD93B8
Malicious:	false
IE Cache URL:	https://workflowy.com/media/js/adf9fc155506e2fa3fbf.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[11],{921:function(e,t,n){"use strict";var a=n(0),r=n(3),i=function(){return(i=Object.assign\|\|function(e){for(var t,n=1,a=arguments.length;n<a;n++)for(var r in t=arguments[n])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e}).apply(this,arguments)};function o(e){return JSON.stringify(e).replace(/\u2028/g,"\\u2028").replace(/\u2029/g,"\\u2029").replace(/<\//g,"<\\/")}var l=a.memo(function(e){var t=e.title,n=e.description,l=e.style,c=e.children,s=e.context;return a.useEffect(function(){document.title=t},[t]),Object(r.g)("html",{margin:0,padding:0,height:"100%"}),Object(r.g)("body",i({margin:0,padding:0,height:"100%"},l)),Object(r.g)("#page",{height:"100%"}),s.pageOnly?c:a.createElement("html",null,a.createElement("head",null,a.createElement("title",null,t),n&&a.createElement("meta",{name:"description",content:n}),a.createElement("meta",{httpEquiv:"X-UA-Compatible",content:"chrome=1"}),a.createElement("link",{href:"https:/

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\bootstrap.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	144877
Entropy (8bit):	5.049937202697915
Encrypted:	false
SSDEEP:	1536:GcoqwrUPyDHU7c7TcDEBi82NcuSELL4d/+oENM6HN26Q:VoPgPard2oENM6HN26Q
MD5:	450FC463B8B1A349DF717056FBB3E078
SHA1:	895125A4522A3B10EE7ADA06EE6503587CBF95C5
SHA-256:	2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
SHA-512:	93BF1ED5F6D8B34F53413A86EFD4A925D578C97ABC757EA871F3F46F340745E4126C48219D2E8040713605B64A9ECF7AD986AA8102F5EA5ECF9228801D962F5D
Malicious:	false
IE Cache URL:	https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Preview:	/!. Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors. * Copyright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). /:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace},::after,::before{box-sizing:border-box}html{font-family:sans

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\bootstrap.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	48944
Entropy (8bit):	5.272507874206726
Encrypted:	false
SSDEEP:	768:9VG5R15WbHVKZrycEHSYro34CrSLB6WU/6DqBf4l1B:9VIRuo53XiwWTvl1B
MD5:	14D449EB8876FA55E1EF3C2CC52B0C17
SHA1:	A9545831803B1359CFEED47E3B4D6BAE68E40E99
SHA-256:	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
SHA-512:	00D9069B9BD29AD0DAA0503F341D67549CCE28E888E1AFFD1A2A45B64A4C1BC460D81CFC4751857F991F2F4FB3D2572FD97FCA651BA0C2B0255530209B182F22
Malicious:	false
IE Cache URL:	https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Preview:	/!. Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function r(){return(r=Object.assign\|\|function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&e.hasOwnProperty("default")?e.default:e,n=n&&n.hasOwnProp

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\document_view.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with NEL line terminators
Category:	downloaded
Size (bytes):	2273519
Entropy (8bit):	5.559905400521439
Encrypted:	false
SSDEEP:	49152:SNx768bLt7j4KWF38OHZ4tkGSNiiul1ElI:StA6iBI
MD5:	4178D793497614CBF5B74C0C8979754F
SHA1:	700184FFA5B57AF2316B37DF357E02BA2346352B
SHA-256:	AA3D1A96BF8F4EED52C33D311D1CEDE1A735C7595E567BF81E9397480B7E4D48
SHA-512:	C18F6431A04794ACC19209530CDF60AF5E6CE77115D5BC9A65C83B243F1FA5530D06431CDC8652DF4D7A1EC27D7F76DF4E0B6F6139E01EA75ED746B6655653D1
Malicious:	false
IE Cache URL:	https://workflowy.com/media/js/document_view.min.js?v=610982d
Preview:	!function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(r,o,function(t){return e[t]}.bind(null,o));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="/media/js/",n(n.s=885)}([function(e,t,n){"use strict";e.exports=n(438)},function(e,t,n){"use strict";

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\ga[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	46274
Entropy (8bit):	5.48786904450865
Encrypted:	false
SSDEEP:	768:aqNVrKn0VGhn+K7U1r2p/Y60fyy3/g3OMZht1z1prkfw1+9NZ5VA:RHrLVGhnpIwp/Y7cnz1RkLL5m
MD5:	E9372F0EBBCF71F851E3D321EF2A8E5A
SHA1:	2C7D19D1AF7D97085C977D1B69DCB8B84483D87C
SHA-256:	1259EA99BD76596239BFD3102C679EB0A5052578DC526B0452F4D42F8BCDD45F
SHA-512:	C3A1C74AC968FC2FA366D9C25442162773DB9AF1289ADFB165FC71E7750A7E62BD22F424F241730F3C2427AFFF8A540C214B3B97219A360A231D4875E6DDEE6F
Malicious:	false
IE Cache URL:	https://ssl.google-analytics.com/ga.js
Preview:	(function(){var E;var g=window,n=document,p=function(a){var b=g._gaUserPrefs;if(b&&b.ioo&&b.ioo()\|\|a&&!0===g["ga-disable-"+a])return!0;try{var c=g.external;if(c&&c._gaUserPrefs&&"oo"==c._gaUserPrefs)return!0}catch(f){}a=[];b=n.cookie.split(";");c=/^\sAMP_TOKEN=\s(.?)\s$/;for(var d=0;d<b.length;d++){var e=b[d].match(c);e&&a.push(e[1])}for(b=0;b<a.length;b++)if("$OPT_OUT"==decodeURIComponent(a[b]))return!0;return!1};var q=function(a){return encodeURIComponent?encodeURIComponent(a).replace(/$/g,"%28").replace(/$/g,"%29"):a},r=/^(www\.)?google(\.com?)?(\.[a-z]{2})?$/,u=/(^\|\.)doubleclick\.net$/i;function Aa(a,b){switch(b){case 0:return""+a;case 1:return 1a;case 2:return!!a;case 3:return 1E3a}return a}function Ba(a){return"function"==typeof a}function Ca(a){return void 0!=a&&-1<(a.constructor+"").indexOf("String")}function F(a,b){return void 0==a\|\|"-"==a&&!b\|\|""==a}function Da(a){if(!a\|\|""==a)return"";for(;a&&-1<" \n\r\t".indexOf(a.charAt(0));)a=a.substring(1);for(;a&&-1<" \n\r\t".i

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\jquery-3.1.1.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
IE Cache URL:	https://code.jquery.com/jquery-3.1.1.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\jquery-3.2.1.slim.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	69597
Entropy (8bit):	5.369216080582935
Encrypted:	false
SSDEEP:	1536:qNhEyjjTikEJO4edXXe9J578go6MWX2xkjVe4c4j2ll2Ac7pK3F71QDU8CuT:Exc2yjq4j2uYnQDU8CuT
MD5:	5F48FC77CAC90C4778FA24EC9C57F37D
SHA1:	9E89D1515BC4C371B86F4CB1002FD8E377C1829F
SHA-256:	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
SHA-512:	CAB8C4AFA1D8E3A8B7856EE29AE92566D44CEEAD70C8D533F2C98A976D77D0E1D314719B5C6A473789D8C6B21EBB4B89A6B0EC2E1C9C618FB1437EBC77D3A269
Malicious:	false
IE Cache URL:	https://code.jquery.com/jquery-3.2.1.slim.min.js
Preview:	/! jQuery v3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-event/ajax,-effects,-effects/Tween,-effects/animatedSelector \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_e

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\jquery.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
IE Cache URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\signup[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	7312
Entropy (8bit):	5.357545787870613
Encrypted:	false
SSDEEP:	96:jwj4cNN8AfppuL5EVJSWhGUUkIkKyOd0JbAWAbEbaxx33GNNqkUka6WqyZXOREmi:jDL5S5YUudwkNL33GXbgevDPO
MD5:	8A0730731A4463EAF1E9C6057B1CE100
SHA1:	C654D4BC0F4FE542744603F4478A6EDAE4A4ED3E
SHA-256:	38DFDE1431EE46C01C9F41C1DF70DBEE7415BBE0C0C83787F2736330DEB59F48
SHA-512:	1E4B55AD170093209A66BC73A53BAC3A780761C02D35BA42E9A31B8FE3F97F7E201B07DB92C944E46A7181C06A4EC96CE2946FD8828A7A15D719F389AF18A883
Malicious:	false
IE Cache URL:	https://workflowy.com/signup/?next=/s/this-document-is-too/Tdcv9KOl0AuohEPI
Preview:	<!doctype html><html><head><title>Sign up for WorkFlowy</title><meta http-equiv="X-UA-Compatible" content="chrome=1"/><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,700,800" rel="stylesheet" type="text/css"/><meta name="ahrefs-site-verification" content="1e02598fc87129fdd8624212a90901b5a29fe287c590c9740af3c21f34784f42"/><link rel="shortcut icon" type="image/x-icon" href="/media/i/favicon.ico"/><link rel="apple-touch-icon" href="/media/i/icon-57x57.png"/><link rel="apple-touch-icon" sizes="72x72" href="/media/i/icon-72x72.png"/><link rel="apple-touch-icon" sizes="114x114" href="/media/i/icon-114x114.png"/><link rel="apple-touch-startup-image" sizes="768x1004" href="/media/i/workflowy-startup-image-ipad.png"/><link rel="apple-touch-startup-image" href="/media/i/workflowy-startup-image.png"/><meta name="apple-mobile-web-app-status-bar-style" content="black"/><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0"/><m

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7187B60E.png Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	PNG image data, 1420 x 1525, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	73822
Entropy (8bit):	7.804116579593595
Encrypted:	false
SSDEEP:	1536:YwbNcsRF6RFBn2Sc9IQDwsQiaFghujpHC:bNcc6RFBxQDzQaujpi
MD5:	4DD10B6F17BC84B07109F3DDE525362E
SHA1:	D0FB1D7E063D58D71DBFDEE083AE6F181D96DB3E
SHA-256:	D98B1F1E9A3B3703D9B1AF00D0D6DA248E13861F821AC347DC01AF67699B8E6B
SHA-512:	A317327433E0202CD79C9A63C5033EAE738BBF5498AFFFE54658F328389DA548F1DF4275758CEBA12F8CD490BDE9544ABB12DECCDC9BC4DD84BA1C9C3368EBF1
Malicious:	false
Preview:	.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........+......IDATx^....\.Y .+.H....M...&....\.a.a..K..NXr..s. @...@l..8.fk...k6..z..-Y..5...}.z..._.9.tt..UG].....{.t.........:g.........3_..xw.3..0..)....T+..oMl....;..0;.)....vW..W..T..J'...E........K&.,)..Dul(..0;.).....z]...M.]Zz..t..Q.......UY{ku....+..Uv?.L..=....@^u.`e.''.......r...EaJ:.`.(R...g...(m.{b....7.V]....]..R:.`.(R......._.X.V(B.X..."..0..)...S...oL>..T...rai...-.\|.Y.H.................:z"].`6)R......w-..\.+..Mt/)=..t..Y.H...LT.....UV/.V(&..k.Vv.K...e.....\|W=.....j...G.m....U..J...e......6r.....k..*..Mt-......P.$.,S.......p...f.8.m.k.....tQ..H....W.r...N.Y.}.G.Mt/..y:].`.)R....T.....G...r......G..f."...<.Uv>^].d..QS.HZ.kqi.=...t...H....;....]...V(B.X...b.ZM...}......R=........f[y.....:.sB.....G.C.K.>>.]..V].h......t5.9.H.........{&..B..D...._H...+......P)....Ks...m.e......."...<.T.....KJ+....VY....zlW...\Q....._e...............>9Q.MW..+....p....+w/+.Z.+F

C:\Users\user\AppData\Local\Temp\Cab66CD.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Microsoft Cabinet archive data, 58936 bytes, 1 file
Category:	dropped
Size (bytes):	58936
Entropy (8bit):	7.994797855729196
Encrypted:	true
SSDEEP:	768:A2CCXehkvodpN73AJjDzh85ApA37vK5clxQh+aLE/sSkoWYrgEHqCinmXdBDz2mi:i/LAvEZrGclx0hoW6qCLdNz2pj
MD5:	E4F1E21910443409E81E5B55DC8DE774
SHA1:	EC0885660BD216D0CDD5E6762B2F595376995BD0
SHA-256:	CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5
SHA-512:	2253849FADBCDF2B10B78A8B41C54E16DB7BB300AAA1A5A151EDA2A7AA64D5250AED908C3B46AFE7262E66D957B255F6D57B6A6BB9E4F9324F2C22E9BF088246
Malicious:	false
Preview:	MSCF....8.......,...................I........S........LQ.v .authroot.stl..0(/.5..CK..8T....c_.d...:.(.....].M$[v.4CH)-.%.QIR..$t)Kd...D.....3.n..u..............\|..=H4.U=...X..qn.+S..^J.....y.n.v.XC...3a.!.....]...c(...p..]..M.....4.....i...}C.@.[..#xUU..D..agaV..2.\|.g...Y..j.^..@.Q......n7R...`.../..s...f...+...c..9+[.\|0.'..2!.s....a........w.t:..L!.s....`.O>.`#..'.pfi7.U......s..^...wz.A.g.Y........g......:7{.O.......N........C..?....P0$.Y..?m....Z0.g3.>W0&.y](....].`>... ..R.qB..f.....y.cEB.V=.....hy}....t6b.q./~.p........60...eCS4.o......d..}.<,nh..;.....)....e..\|....Cxj...f.8.Z..&..G.......b.....OGQ.V..q..Y.............q...0..V.Tu?.Z..r...J...>R.ZsQ...dn.0.<...o.K....\|.....Q...'....X..C.....a;...Nq..x.b4..1,}.'.......z.N.N...Uf.q'.>}........o\.cD"0.'.Y.....SV..g...Y.....o.=.....k..u..s.kV?@....M...S.n^.:G.....U.e.v..>...q.'..$.)3..T...r.!.m.....6...r,IH.B <.ht..8.s..u[.N.dL.%...q....g..;T..l..5...\.....g...`...........A$:...........

C:\Users\user\AppData\Local\Temp\Cab671D.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Microsoft Cabinet archive data, 58936 bytes, 1 file
Category:	dropped
Size (bytes):	58936
Entropy (8bit):	7.994797855729196
Encrypted:	true
SSDEEP:	768:A2CCXehkvodpN73AJjDzh85ApA37vK5clxQh+aLE/sSkoWYrgEHqCinmXdBDz2mi:i/LAvEZrGclx0hoW6qCLdNz2pj
MD5:	E4F1E21910443409E81E5B55DC8DE774
SHA1:	EC0885660BD216D0CDD5E6762B2F595376995BD0
SHA-256:	CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5
SHA-512:	2253849FADBCDF2B10B78A8B41C54E16DB7BB300AAA1A5A151EDA2A7AA64D5250AED908C3B46AFE7262E66D957B255F6D57B6A6BB9E4F9324F2C22E9BF088246
Malicious:	false
Preview:	MSCF....8.......,...................I........S........LQ.v .authroot.stl..0(/.5..CK..8T....c_.d...:.(.....].M$[v.4CH)-.%.QIR..$t)Kd...D.....3.n..u..............\|..=H4.U=...X..qn.+S..^J.....y.n.v.XC...3a.!.....]...c(...p..]..M.....4.....i...}C.@.[..#xUU..D..agaV..2.\|.g...Y..j.^..@.Q......n7R...`.../..s...f...+...c..9+[.\|0.'..2!.s....a........w.t:..L!.s....`.O>.`#..'.pfi7.U......s..^...wz.A.g.Y........g......:7{.O.......N........C..?....P0$.Y..?m....Z0.g3.>W0&.y](....].`>... ..R.qB..f.....y.cEB.V=.....hy}....t6b.q./~.p........60...eCS4.o......d..}.<,nh..;.....)....e..\|....Cxj...f.8.Z..&..G.......b.....OGQ.V..q..Y.............q...0..V.Tu?.Z..r...J...>R.ZsQ...dn.0.<...o.K....\|.....Q...'....X..C.....a;...Nq..x.b4..1,}.'.......z.N.N...Uf.q'.>}........o\.cD"0.'.Y.....SV..g...Y.....o.=.....k..u..s.kV?@....M...S.n^.:G.....U.e.v..>...q.'..$.)3..T...r.!.m.....6...r,IH.B <.ht..8.s..u[.N.dL.%...q....g..;T..l..5...\.....g...`...........A$:...........

C:\Users\user\AppData\Local\Temp\Tar66CE.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	152533
Entropy (8bit):	6.31602258454967
Encrypted:	false
SSDEEP:	1536:SIPLlYy2pRSjgCyrYBb5HQop4Ydm6CWku2PtIz0jD1rfJs42t6WP:S4LIpRScCy+fdmcku2PagwQA
MD5:	D0682A3C344DFC62FB18D5A539F81F61
SHA1:	09D3E9B899785DA377DF2518C6175D70CCF9DA33
SHA-256:	4788F7F15DE8063BB3B2547AF1BD9CDBD0596359550E53EC98E532B2ADB5EC5A
SHA-512:	0E884D65C738879C7038C8FB592F53DD515E630AEACC9D9E5F9013606364F092ACF7D832E1A8DAC86A1F0B0E906B2302EE3A840A503654F2B39A65B2FEA04EC3
Malicious:	false
Preview:	0..S....H.........S.0..S....1.0...`.H.e......0..C...+.....7.....C.0..C.0...+.....7.............201012214904Z0...+......0..C.0.......`...@.,..0..0.r1...0...+.....7..~1......D...0...+.....7..i1...0...+.....7<..0 ..+.....7...1.......@N...%.=.,..0$..+.....7...1......`@V'..%..*..S.Y.00..+.....7..b1". .].L4.>..X...E.W..'..........-@w0Z..+.....7...1L.JM.i.c.r.o.s.o.f.t. .R.o.o.t. .C.e.r.t.i.f.i.c.a.t.e. .A.u.t.h.o.r.i.t.y...0..,...........[./..uIv..%1...0...+.....7..h1.....6.M...0...+.....7..~1...........0...+.....7...1...0...+.......0 ..+.....7...1...O..V.........b0$..+.....7...1...>.)....s,.=$.~R.'..00..+.....7..b1". [x.....[....3x:_....7.2...Gy.cS.0D..+.....7...16.4V.e.r.i.S.i.g.n. .T.i.m.e. .S.t.a.m.p.i.n.g. .C.A...0......4...R....2.7.. ...1..0...+.....7..h1......o&...0...+.....7..i1...0...+.....7<..0 ..+.....7...1...lo...^....[...J@0$..+.....7...1...J\u".F....9.N...`...00..+.....7..b1". ...@.....G..d..m..$.....X...}0B..+.....7...14.2M.i.c.r.o.s.o.f.t. .R.o.o.t. .A.u.t.h.o

C:\Users\user\AppData\Local\Temp\Tar671E.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	152533
Entropy (8bit):	6.31602258454967
Encrypted:	false
SSDEEP:	1536:SIPLlYy2pRSjgCyrYBb5HQop4Ydm6CWku2PtIz0jD1rfJs42t6WP:S4LIpRScCy+fdmcku2PagwQA
MD5:	D0682A3C344DFC62FB18D5A539F81F61
SHA1:	09D3E9B899785DA377DF2518C6175D70CCF9DA33
SHA-256:	4788F7F15DE8063BB3B2547AF1BD9CDBD0596359550E53EC98E532B2ADB5EC5A
SHA-512:	0E884D65C738879C7038C8FB592F53DD515E630AEACC9D9E5F9013606364F092ACF7D832E1A8DAC86A1F0B0E906B2302EE3A840A503654F2B39A65B2FEA04EC3
Malicious:	false
Preview:	0..S....H.........S.0..S....1.0...`.H.e......0..C...+.....7.....C.0..C.0...+.....7.............201012214904Z0...+......0..C.0.......`...@.,..0..0.r1...0...+.....7..~1......D...0...+.....7..i1...0...+.....7<..0 ..+.....7...1.......@N...%.=.,..0$..+.....7...1......`@V'..%..*..S.Y.00..+.....7..b1". .].L4.>..X...E.W..'..........-@w0Z..+.....7...1L.JM.i.c.r.o.s.o.f.t. .R.o.o.t. .C.e.r.t.i.f.i.c.a.t.e. .A.u.t.h.o.r.i.t.y...0..,...........[./..uIv..%1...0...+.....7..h1.....6.M...0...+.....7..~1...........0...+.....7...1...0...+.......0 ..+.....7...1...O..V.........b0$..+.....7...1...>.)....s,.=$.~R.'..00..+.....7..b1". [x.....[....3x:_....7.2...Gy.cS.0D..+.....7...16.4V.e.r.i.S.i.g.n. .T.i.m.e. .S.t.a.m.p.i.n.g. .C.A...0......4...R....2.7.. ...1..0...+.....7..h1......o&...0...+.....7..i1...0...+.....7<..0 ..+.....7...1...lo...^....[...J@0$..+.....7...1...J\u".F....9.N...`...00..+.....7..b1". ...@.....G..d..m..$.....X...}0B..+.....7...14.2M.i.c.r.o.s.o.f.t. .R.o.o.t. .A.u.t.h.o

C:\Users\user\AppData\Local\Temp\~DF091722ACA51A2E65.TMP Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13077
Entropy (8bit):	1.4459833454123374
Encrypted:	false
SSDEEP:	48:LydvGqvvG5NqIN6GzNsO4XOTxXTCTXTwzXzo:LydZv+EIDneT9
MD5:	9D5F741399BE727DA88584F633E2164A
SHA1:	01FB3CBC5D84AB6C63130597C53A0738CBD1A473
SHA-256:	006FEDE0BF0E1D7C6C8007F364BDDE915567AED191A6C58F5303D2234C0CB659
SHA-512:	253E62B935FF229B1E7D97E802316E993D37395EB998CCA5B3002C659312F937C6E52EBD7E1AB7F1F3EF09E059AC9F2FFB92282486E8104B0EEB5FF1FC99F18F
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................X.................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................X......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF3768AA9CB305EF1C.TMP Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	75283
Entropy (8bit):	1.8322911377856625
Encrypted:	false
SSDEEP:	384:Ly6kvJ9gVIO6q1UJZcgmonrH4bH4RbQPLdAEM2ybJHPh0cPheZAecA:RWNrW3ykr
MD5:	8C73D6C9FF1EB001AAE6FC5A6661DD42
SHA1:	ECD3CF431653F93691A23EF85C4D287A38CF6139
SHA-256:	1CF31115D1827B3E0116DB7BB545395850E50C57280B139BA56BA3C632ADB383
SHA-512:	384361B960812BC5A378AD9EAD8FF3786A655411EE460DC282950BD27EF8CAF850B595C6AA9B27712DA958C7E0F7AF5EEC2C93E11CF244ADEA78DAADC315F3D1
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... .......................................P..X.................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................X......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFB1D5C56FF7851F42.TMP Download File
Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	1.4849365886624315
Encrypted:	false
SSDEEP:	192:Lyd2yyRyv22yyRj4Q2yyRBwBR2yyR1vJ2yyRBlh2yyR:Lyd3syv23sj4Q3sBwBR3s1vJ3sBlh3s
MD5:	160088BF8418AF706022501FA273FA15
SHA1:	5101825FCBA9B270013D0471418371D68609772D
SHA-256:	ED19D9439DDFFC00374D6BBE89928F0C65802178F8D3A3E1B233366864EA4CA2
SHA-512:	16769BB55F06E9E44846F39C9E526C228E81FE28B4ED60AB16A0FE76215FDCC7DC04A4C74C7232109B9743AADAC0714F406A18320310D4AB7E1D1FCAB75325B6
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ...................................................................>.......................................>...................................... .......................................@...............................................................................\|.......................................}.......................................}......................................p}......................................P}......................................0~......................................P~.............................................................................................................&....... ...............................%....................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\1WK6T6E9.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	635
Entropy (8bit):	4.721722038317194
Encrypted:	false
SSDEEP:	12:QQz8LcN1uiMvNHCgo9TVPgdL5M0Nb+o9TVtVQ3nqMcNN0iRiv+OV9TV/4l8m49TQ:QvsCo7C5FxVb/Riv+oI4hOTBm7CD
MD5:	EFF963BDA7ACABDB1F54767C03AC0C82
SHA1:	E435479266CBD5B00F1181C10B573EDD449E34C7
SHA-256:	BD28B3753685E9D9B5291F569649E1B837F40E557F1D647A08F1F6B03DB1C5E4
SHA-512:	A586B9E99532B59ECE6C0D0AC07DDD828282D53C523EC96DEE8806943BF8E84453DDDE775852DF3D8003BFD86F5F7A3A31B521DBCCEB50A3BEE0890A1B98AB34
Malicious:	false
Preview:	sessionid.870f8q0nwnf4p0q0ka4d2s9940v0mtak.workflowy.com/.9729.967350912.30887578.2256688253.30851041..__utma.218586911.716604285.1605947765.1605947765.1605947765.1.workflowy.com/.1600.1285059968.30997892.1531097857.30851041..__utmb.218586911.2.10.1605947765.workflowy.com/.1600.2347575680.30851045.1531097857.30851041..__utmz.218586911.1605947765.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none).workflowy.com/.1600.393106816.30887754.1531272860.30851041..__utmt.1.workflowy.com/.1600.3202477568.30851042.1506777794.30851041..__utmv.218586911.\|1=Cohort=2020-11-20=1.workflowy.com/.1600.1285059968.30997892.1531272860.30851041..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\3UUPYR02.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	635
Entropy (8bit):	4.711146881349422
Encrypted:	false
SSDEEP:	12:QQz8LcN1tbpvNHCgo9TVPgdL5M0Nb+o9TVtVQ3nqMcNN0iRiv+OV9TV/4Q8m49Th:QvszPo7C5FxVb/Riv+oj4hOTBm7CK
MD5:	046A53D8418B40D4226836CDEC656DA5
SHA1:	65E856468D6ADE25E1DB0F65CFBFD15E8B2DB6D4
SHA-256:	4F30E1A703A6B749A30C01666B875222EF50B49A96A75AE11D540B14615612F3
SHA-512:	1D12C6B22DA65A76731BE8EF96A057761B903154A2D3F3EDA8D1E557FDA769212D13464652FE737C62B2C4FBE35F2E39FD1F030586EC321832BBB14C13F17443
Malicious:	false
Preview:	sessionid.870f8q0nwnf4p0q0ka4d2s9940v0mtak.workflowy.com/.9729.207350912.30887578.1501917689.30851041..__utma.218586911.716604285.1605947765.1605947765.1605947765.1.workflowy.com/.1600.1285059968.30997892.1531097857.30851041..__utmb.218586911.2.10.1605947765.workflowy.com/.1600.2347575680.30851045.1531097857.30851041..__utmz.218586911.1605947765.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none).workflowy.com/.1600.393106816.30887754.1531047856.30851041..__utmt.1.workflowy.com/.1600.3202477568.30851042.1506777794.30851041..__utmv.218586911.\|1=Cohort=2020-11-20=1.workflowy.com/.1600.1285059968.30997892.1531047856.30851041..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\B8LOWNP4.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	636
Entropy (8bit):	4.737984523981209
Encrypted:	false
SSDEEP:	12:QQz8LcN1uiMvNHCgo9TVt+tXIw0Nb+o9TVXPcNN0iRiv+OV9TV54HTgsm49TVNct:QvsCoxAKERiv+oSTgT4hOTBmxLs
MD5:	5FECC73F5B864DE779F94D9C68E96671
SHA1:	D57EDFEA0BAB8ECAA2D5094B49E6026999F12019
SHA-256:	0A643C88E1BB9B39140DB2260978627B67B7779646645F9C5DBC20258D0D1936
SHA-512:	5C22D696F30C1249CABEAB1C3852AB0CFEBF99E2EC84D98145269D0FE9C7AF93F2DF9B23B6AE734571976DFDE7893CC7F16D455A9DE524B9535A2FEC696319C8
Malicious:	false
Preview:	sessionid.870f8q0nwnf4p0q0ka4d2s9940v0mtak.workflowy.com/.9729.967350912.30887578.2256688253.30851041..__utma.218586911.716604285.1605947765.1605947765.1605947765.1.workflowy.com/.1600.2015059968.30997892.2264314326.30851041..__utmb.218586911.2.10.1605947765.workflowy.com/.1600.3077575680.30851045.2264339326.30851041..__utmz.218586911.1605947765.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none).workflowy.com/.1600.1123106816.30887754.2264389327.30851041..__utmt.1.workflowy.com/.1600.3202477568.30851042.1506777794.30851041..__utmv.218586911.\|1=Cohort=2020-11-20=1.workflowy.com/.1600.2015059968.30997892.2264414327.30851041..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\C08G4TO5.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	636
Entropy (8bit):	4.736145000231072
Encrypted:	false
SSDEEP:	12:QQz8LcN1uiMvNHCgo9TVt+t3uM0N3o9TVX6uMcNN0iRiv+OV9TV54HTgsm49TVNe:QvsCox45u2Riv+oSTgT4hOTBmxLs
MD5:	F6DA581A4C791EED896ADAB3D867B46B
SHA1:	7B270C6D88E17CFEDC9ED1E1308C4C8D39B50616
SHA-256:	B128BBB9FA65F3DF7EA810729304677C2AC59B528CC80BA29EE8AA4E0F04A61B
SHA-512:	DD9E494A51C54DF625F905159D6729076C7A488E9332C925BEFA0F01C2FC94E2322BFDE1EBC599C017CCB5F0358E406B876C73F616C3A2CE3A9C63425514177E
Malicious:	false
Preview:	sessionid.870f8q0nwnf4p0q0ka4d2s9940v0mtak.workflowy.com/.9729.967350912.30887578.2256688253.30851041..__utma.218586911.716604285.1605947765.1605947765.1605947765.1.workflowy.com/.1600.2015059968.30997892.2264564330.30851041..__utmb.218586911.3.10.1605947765.workflowy.com/.1600.3077575680.30851045.2264564330.30851041..__utmz.218586911.1605947765.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none).workflowy.com/.1600.1123106816.30887754.2264389327.30851041..__utmt.1.workflowy.com/.1600.3202477568.30851042.1506777794.30851041..__utmv.218586911.\|1=Cohort=2020-11-20=1.workflowy.com/.1600.2015059968.30997892.2264414327.30851041..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\EJ38YTYP.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	104
Entropy (8bit):	4.626922108045781
Encrypted:	false
SSDEEP:	3:RMvdSVBUhbNRhbJSN6ESMPVKVcU/hHtJopuQU72Xn:+vQzUNNRhbJSN1VPqNJolQyn
MD5:	CC4539C877B1D31FB091F65E3D4DE320
SHA1:	A3AE0E80A604020A4B812A1D4E039FB57EF7149C
SHA-256:	B914CB633C2BAB83679071AF8930B278C28E576425D1A5C76C2F614DD57E3BBB
SHA-512:	4239768353C2E013BD31A35AA4BA4197AB79009F8C559A45567460F9E44F5B0BFD11D419DCF7C1C7F8B0CBA3B9CD297CF4F7AFC6D05FC6F1299AA1E16982A1B1
Malicious:	false
Preview:	sessionid.870f8q0nwnf4p0q0ka4d2s9940v0mtak.workflowy.com/.9729.207350912.30887578.1501917689.30851041.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\FJQJA7G9.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	635
Entropy (8bit):	4.73294247465524
Encrypted:	false
SSDEEP:	12:QQz8LcN1uiMvNHCgo9TVt+tXIw0Nb+o9TVXPcNN0iRiv+OV9TV/4l8m49TVNcbTz:QvsCoxAKERiv+oI4hOTBm7CD
MD5:	1862C7D447217F26A7D0C486CF748E73
SHA1:	7C36F84FB890FC342992ADBC54C5AF58BD7CFDB3
SHA-256:	878EAD3DCD7A7B80342E00541E70BDAB480A496CECBCE593181AEE98F6D7E950
SHA-512:	B0D6FF6442042CF17A60B44FE681733FD14DB7AAD636553261AD9988D68667F1F9B56C6BDF4F1E143F17E7ADBADF75994855BC1E04AEC4B1C05B28083A5C2FD0
Malicious:	false
Preview:	sessionid.870f8q0nwnf4p0q0ka4d2s9940v0mtak.workflowy.com/.9729.967350912.30887578.2256688253.30851041..__utma.218586911.716604285.1605947765.1605947765.1605947765.1.workflowy.com/.1600.2015059968.30997892.2264314326.30851041..__utmb.218586911.2.10.1605947765.workflowy.com/.1600.3077575680.30851045.2264339326.30851041..__utmz.218586911.1605947765.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none).workflowy.com/.1600.393106816.30887754.1531272860.30851041..__utmt.1.workflowy.com/.1600.3202477568.30851042.1506777794.30851041..__utmv.218586911.\|1=Cohort=2020-11-20=1.workflowy.com/.1600.1285059968.30997892.1531272860.30851041..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\GNHVW6BT.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	635
Entropy (8bit):	4.728044974196928
Encrypted:	false
SSDEEP:	12:QQz8LcN1uiMvNHCgo9TVt+tXIw0Nb+o9TVtVQ3nqMcNN0iRiv+OV9TV/4l8m49TQ:QvsCoxAKxVb/Riv+oI4hOTBm7CD
MD5:	1AB2CDE892CDDB190D6215823C1196D7
SHA1:	5D197DDBD88600EB801F437027ABB307CE48C55E
SHA-256:	E3B1F227AF47E0EDA204DB4335FCE9EBE21349CC5AF2F46E656E37D777785949
SHA-512:	66F3DE7C052E504015B19EA5DE667B96A95157B5B6ACF709656F4BBF2D0D81026453044F3827B54EB7E9A6EAEA5332B4E4A5E27244B45187DF1B5085C776178C
Malicious:	false
Preview:	sessionid.870f8q0nwnf4p0q0ka4d2s9940v0mtak.workflowy.com/.9729.967350912.30887578.2256688253.30851041..__utma.218586911.716604285.1605947765.1605947765.1605947765.1.workflowy.com/.1600.2015059968.30997892.2264314326.30851041..__utmb.218586911.2.10.1605947765.workflowy.com/.1600.2347575680.30851045.1531097857.30851041..__utmz.218586911.1605947765.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none).workflowy.com/.1600.393106816.30887754.1531272860.30851041..__utmt.1.workflowy.com/.1600.3202477568.30851042.1506777794.30851041..__utmv.218586911.\|1=Cohort=2020-11-20=1.workflowy.com/.1600.1285059968.30997892.1531272860.30851041..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\HWA2M6MO.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	533
Entropy (8bit):	4.699143157322637
Encrypted:	false
SSDEEP:	12:QQz8LcN1tbpvNHCgo9TVPgdLpM0NNo9TVtVQ3nHuscNN0iRiv+OV9TV/4Ymm49TJ:QvszPo7CpkxVuufRiv+ov4hOTC
MD5:	BBB4E96E9424A98A546F5AAACBD212DA
SHA1:	093C4035B637E807FAC417E821EB4A4F80846DB1
SHA-256:	C10DB9034926FB14B1D1623CEE53FC7DB64EBC9AFB9A21276186EB1E0DC5DC02
SHA-512:	22F55E5DCA5FEE8823A982196902DE5A2AFF0B2A794D7EE5B65C55CDC71E45DC6DDC117D66DFE9DC3CEA3F3B8B2429F30424A2CD6AEBCAB387591D19D236642A
Malicious:	false
Preview:	sessionid.870f8q0nwnf4p0q0ka4d2s9940v0mtak.workflowy.com/.9729.207350912.30887578.1501917689.30851041..__utma.218586911.716604285.1605947765.1605947765.1605947765.1.workflowy.com/.1600.1285059968.30997892.1530672851.30851041..__utmb.218586911.1.10.1605947765.workflowy.com/.1600.2347575680.30851045.1530747852.30851041..__utmz.218586911.1605947765.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none).workflowy.com/.1600.393106816.30887754.1530772852.30851041..__utmt.1.workflowy.com/.1600.3202477568.30851042.1506777794.30851041.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\KIVMU0HH.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	533
Entropy (8bit):	4.693073022240486
Encrypted:	false
SSDEEP:	12:QQz8LcN1tbpvNHCgo9TV9tLhW80Nt+o9TVtfnVd56mcNN0iRiv+OV9TVwl4bm499:QvszPo5hhSzx56VRiv+oY4hOTC
MD5:	1CDE935F76C5B3CDA7C683F2558A777D
SHA1:	1B48DD7306B3C5FF128BC585E0AB868E2E69BB8F
SHA-256:	00CEC227A7BB0F9058D6DC5B392932D1AF7BF2BA429351DB0F15A0A99A9B2D4E
SHA-512:	406751E4FEF968A9D42A023A1C62E31346051283B40D0171B64FD27D24127C6E01EE0488228426EF84324E65DCDF04AD498C9DA9AC932E7BBAF459F4014BE78A
Malicious:	false
Preview:	sessionid.870f8q0nwnf4p0q0ka4d2s9940v0mtak.workflowy.com/.9729.207350912.30887578.1501917689.30851041..__utma.218586911.716604285.1605947765.1605947765.1605947765.1.workflowy.com/.1600.1255059968.30997892.1506437791.30851041..__utmb.218586911.0.10.1605947765.workflowy.com/.1600.2317575680.30851045.1506467793.30851041..__utmz.218586911.1605947765.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none).workflowy.com/.1600.363106816.30887754.1506477794.30851041..__utmt.1.workflowy.com/.1600.3202477568.30851042.1506777794.30851041.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\KVH6AM6A.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	635
Entropy (8bit):	4.716007870033196
Encrypted:	false
SSDEEP:	12:QQz8LcN1tbpvNHCgo9TVPgdLpM0NNo9TVtVQ3nHuscNN0iRiv+OV9TV/4Ymm49TZ:QvszPo7CpkxVuufRiv+ov4hOTBm7Ci
MD5:	26F582D9E67F16FFBC3209EDF1F8A13B
SHA1:	612FEE83F0CB0FB095BED46249CF797CED16C38D
SHA-256:	3BCE52AB018947D02651576782F23943163A2B82F6363AB6FA809032E65F2C3F
SHA-512:	69AC8712FB6F495F6B5BA062DB265852335C1B3E5D36E664BE2F7CA88891D14B180CEF0388FC1FE874A9B0C017AADE6585026363D59BEE7F91FC5E3FE4A9F706
Malicious:	false
Preview:	sessionid.870f8q0nwnf4p0q0ka4d2s9940v0mtak.workflowy.com/.9729.207350912.30887578.1501917689.30851041..__utma.218586911.716604285.1605947765.1605947765.1605947765.1.workflowy.com/.1600.1285059968.30997892.1530672851.30851041..__utmb.218586911.1.10.1605947765.workflowy.com/.1600.2347575680.30851045.1530747852.30851041..__utmz.218586911.1605947765.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none).workflowy.com/.1600.393106816.30887754.1530772852.30851041..__utmt.1.workflowy.com/.1600.3202477568.30851042.1506777794.30851041..__utmv.218586911.\|1=Cohort=2020-11-20=1.workflowy.com/.1600.1285059968.30997892.1530922855.30851041..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\OKD2JEM2.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	323
Entropy (8bit):	4.498301889141059
Encrypted:	false
SSDEEP:	6:+vQzUNNRhbJSN1VPqNJolQyvNHCg73mMo9TV9t3h52v2WgQyJ6NtVgo9TVtWM4YH:QQz8LcN1tbpvNHCgo9TV9tLhW80Nt+oh
MD5:	ABFCB2A73B0B7114ABCB97EEBEA8F155
SHA1:	3007E10CDCE20DCD8C279FD5F694DC9AB75105D6
SHA-256:	2122C744F483DF224F37BAC31087A32D82BD17D23F79E54A9D8CF574217DB8AF
SHA-512:	D2E4DF5207584361F91379692D11F51D5A799406F991FBCD0944BB293C666C18AD386A5FF6F25DF61DAAB04A17A8D805F9BD6976C7F3B01E947A31898BE2777B
Malicious:	false
Preview:	sessionid.870f8q0nwnf4p0q0ka4d2s9940v0mtak.workflowy.com/.9729.207350912.30887578.1501917689.30851041..__utma.218586911.716604285.1605947765.1605947765.1605947765.1.workflowy.com/.1600.1255059968.30997892.1506437791.30851041..__utmb.218586911.0.10.1605947765.workflowy.com/.1600.2317575680.30851045.1506467793.30851041.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\P0VR5QOE.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	533
Entropy (8bit):	4.6970114395216305
Encrypted:	false
SSDEEP:	12:QQz8LcN1tbpvNHCgo9TVPgdLpM0NNo9TVtVQ3nHuscNN0iRiv+OV9TVwl4eZm499:QvszPo7CpkxVuufRiv+oN4hOTC
MD5:	67AAECE1C30AA3AABC2B2E4509FAA1C2
SHA1:	8F13C1DD475F7EB113D0A23ABBFFCAD2E6471AE7
SHA-256:	253707FD76167C8748CEBBB5D272BC5F91CA80EAEDD10648A25C246A0CB05D93
SHA-512:	EFCE757FB00A3F81DAFC3A91B2DD19CA2B3D4CC32F796B087BB502BF5A62AB376DA01F3C575F1B03724E778C4C93084187383CD0B2F5116DDB8585F3733B7746
Malicious:	false
Preview:	sessionid.870f8q0nwnf4p0q0ka4d2s9940v0mtak.workflowy.com/.9729.207350912.30887578.1501917689.30851041..__utma.218586911.716604285.1605947765.1605947765.1605947765.1.workflowy.com/.1600.1285059968.30997892.1530672851.30851041..__utmb.218586911.1.10.1605947765.workflowy.com/.1600.2347575680.30851045.1530747852.30851041..__utmz.218586911.1605947765.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none).workflowy.com/.1600.363106816.30887754.1506977794.30851041..__utmt.1.workflowy.com/.1600.3202477568.30851042.1506777794.30851041.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\Q0N28S8O.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	636
Entropy (8bit):	4.734550784873515
Encrypted:	false
SSDEEP:	12:QQz8LcN1uiMvNHCgo9TVt+tXIw0Nb+o9TVXPcNN0iRiv+OV9TV54HTgsm49TVNcD:QvsCoxAKERiv+oSTgT4hOTBm7CD
MD5:	CEA5DEF22C75F28AB9A6DC7D1C7DB303
SHA1:	7A78E25F588EAC06642B00A9C0F666BB0C98C7CC
SHA-256:	58B0D59001BDD4D363C9C3E77209475B61686E9A743FA4F093B1094B7538D60F
SHA-512:	903D43DEC95C6733EE0074C2CC8C746C43BC4391DCE2F87E0556B877024A18D72AF3548E140CE417B31894C3CEB3037E48B69339DA996517A5692BDD33766D70
Malicious:	false
Preview:	sessionid.870f8q0nwnf4p0q0ka4d2s9940v0mtak.workflowy.com/.9729.967350912.30887578.2256688253.30851041..__utma.218586911.716604285.1605947765.1605947765.1605947765.1.workflowy.com/.1600.2015059968.30997892.2264314326.30851041..__utmb.218586911.2.10.1605947765.workflowy.com/.1600.3077575680.30851045.2264339326.30851041..__utmz.218586911.1605947765.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none).workflowy.com/.1600.1123106816.30887754.2264389327.30851041..__utmt.1.workflowy.com/.1600.3202477568.30851042.1506777794.30851041..__utmv.218586911.\|1=Cohort=2020-11-20=1.workflowy.com/.1600.1285059968.30997892.1531272860.30851041..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\RP8HJGZS.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	636
Entropy (8bit):	4.739015573376945
Encrypted:	false
SSDEEP:	12:QQz8LcN1uiMvNHCgo9TVt+tf0NMo9TVXwcNN0iRiv+OV9TV54HTa62Mm49TVNcbW:QvsCoxFnRiv+oSTa62z4hOTBmxq62M
MD5:	B32CFAE218C2453FB0382197DCCF27BE
SHA1:	61AEE5CD1438CD165992BA5BDF0AE7AB29924956
SHA-256:	ECA856B24CF272A864C409B0369F2D02E2ABAA1183B42045B8D16DC7FC3C83BF
SHA-512:	D637C8503CB2193CDA0D2DA9E64A5D1BF94DAB1487BF715F985E549A70F8545C249EE7C0E9F2E483ABCD8AFF7914D5E6450F8B2469D46DDA5441A0034221C10C
Malicious:	false
IE Cache URL:	workflowy.com/
Preview:	sessionid.870f8q0nwnf4p0q0ka4d2s9940v0mtak.workflowy.com/.9729.967350912.30887578.2256688253.30851041..__utma.218586911.716604285.1605947765.1605947765.1605947765.1.workflowy.com/.1600.2015059968.30997892.2266493340.30851041..__utmb.218586911.4.10.1605947765.workflowy.com/.1600.3077575680.30851045.2266493340.30851041..__utmz.218586911.1605947765.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none).workflowy.com/.1600.1123106816.30887754.2266443339.30851041..__utmt.1.workflowy.com/.1600.3202477568.30851042.1506777794.30851041..__utmv.218586911.\|1=Cohort=2020-11-20=1.workflowy.com/.1600.2015059968.30997892.2266443339.30851041..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\THU81BG5.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	533
Entropy (8bit):	4.692206886838586
Encrypted:	false
SSDEEP:	12:QQz8LcN1tbpvNHCgo9TVPgdLpM0NNo9TVtfnVRh/cNN0iRiv+OV9TVwl4eZm49TJ:QvszPo7CpkxrhYRiv+oN4hOTC
MD5:	7F5CCBA33EF26CE0F3B4789C4E006E2C
SHA1:	64499129269B3A9220A1EDA4092697159E95A857
SHA-256:	92F362D19CC4899909CD59DC59CE644AB80894ACE0E183F44717ABED4818A733
SHA-512:	0F09E16540C29F2CF12030413DA4ECD72D85C63EB05F5B93545865631B7DC5469E30D72A7C5CBF291B26BAE0E1994FD62E0E0575B4CDC58843ABBA41AFEE376D
Malicious:	false
Preview:	sessionid.870f8q0nwnf4p0q0ka4d2s9940v0mtak.workflowy.com/.9729.207350912.30887578.1501917689.30851041..__utma.218586911.716604285.1605947765.1605947765.1605947765.1.workflowy.com/.1600.1285059968.30997892.1530672851.30851041..__utmb.218586911.1.10.1605947765.workflowy.com/.1600.2317575680.30851045.1506877794.30851041..__utmz.218586911.1605947765.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none).workflowy.com/.1600.363106816.30887754.1506977794.30851041..__utmt.1.workflowy.com/.1600.3202477568.30851042.1506777794.30851041.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\VTFEJJP0.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	533
Entropy (8bit):	4.690454915322049
Encrypted:	false
SSDEEP:	12:QQz8LcN1tbpvNHCgo9TV9tLM/0NNo9TVtfnVRh/cNN0iRiv+OV9TVwl4bm49TVNB:QvszPo5hMFxrhYRiv+oY4hOTC
MD5:	D8187D1AA0870EC8B0877D78EF09728F
SHA1:	EE60CC03858E85AE41292F886D3DC2FCF3C57259
SHA-256:	6C20F9321728CE33515D40D8999A50F89004E8A2189685B63C172E81F3ED0A69
SHA-512:	72E912DEB63302017658FD241A0C89CCB49093DF17049E5400944AAEEB29F16C971D5E4ADA9AB3ED6C4D5EF17A948571E8D688CBB00671D465773750D5A3F285
Malicious:	false
Preview:	sessionid.870f8q0nwnf4p0q0ka4d2s9940v0mtak.workflowy.com/.9729.207350912.30887578.1501917689.30851041..__utma.218586911.716604285.1605947765.1605947765.1605947765.1.workflowy.com/.1600.1255059968.30997892.1506877794.30851041..__utmb.218586911.1.10.1605947765.workflowy.com/.1600.2317575680.30851045.1506877794.30851041..__utmz.218586911.1605947765.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none).workflowy.com/.1600.363106816.30887754.1506477794.30851041..__utmt.1.workflowy.com/.1600.3202477568.30851042.1506777794.30851041.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\XA5F7322.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	462
Entropy (8bit):	4.718416990033245
Encrypted:	false
SSDEEP:	12:QQz8LcN1tbpvNHCgo9TV9tLhW80Nt+o9TVtfnVd56mcNN0iRiv+OV9TVwl4bn:QvszPo5hhSzx56VRiv+o9
MD5:	323CD1F8736757074CFE63153BA0840C
SHA1:	59ADEE9EE4E7A50580C3CAB1A913509A996812B1
SHA-256:	25F3F8895256CB00F9C0420ACC329C135B885ACD89C5601327D88F8AE5259B62
SHA-512:	E7DE8F6E42FB8E2826525EDAC57C5328974F8C680265E689A452FE34AA339AFDED50294E53296986DAE222076B2E549D2953A26637EF6670D0D3772647ED6B95
Malicious:	false
Preview:	sessionid.870f8q0nwnf4p0q0ka4d2s9940v0mtak.workflowy.com/.9729.207350912.30887578.1501917689.30851041..__utma.218586911.716604285.1605947765.1605947765.1605947765.1.workflowy.com/.1600.1255059968.30997892.1506437791.30851041..__utmb.218586911.0.10.1605947765.workflowy.com/.1600.2317575680.30851045.1506467793.30851041..__utmz.218586911.1605947765.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none).workflowy.com/.1600.363106816.30887754.1506477794.30851041..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\XLJJ3868.txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	228
Entropy (8bit):	4.535189371498204
Encrypted:	false
SSDEEP:	6:+vQzUNNRhbJSN1VPqNJolQyvNHCg73mMo9TV9t3h52v2WgQyn:QQz8LcN1tbpvNHCgo9TV9tLhW8n
MD5:	F1439DCFA22F568F99CB2C7A59C573DE
SHA1:	F83A88A38AF2C170EA52B1BDCCFC73B165C9073D
SHA-256:	88435557D05E2F06A6793322994611AC1E94330F17E4EDA329712C04FC99CE69
SHA-512:	C4676EBF134B0B7EBD3375F026ADF37460D94B5CEFEA7F979DB89345DA6F999A47619506F2C087CBC99BF3933900F756772A364112EEAAE8262208C47FF2A15D
Malicious:	false
Preview:	sessionid.870f8q0nwnf4p0q0ka4d2s9940v0mtak.workflowy.com/.9729.207350912.30887578.1501917689.30851041..__utma.218586911.716604285.1605947765.1605947765.1605947765.1.workflowy.com/.1600.1255059968.30997892.1506437791.30851041..

C:\Users\user\Desktop\~$Fennec Pharma.xlsx Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	165
Entropy (8bit):	1.4377382811115937
Encrypted:	false
SSDEEP:	3:vZ/FFDJw2fV:vBFFGS
MD5:	797869BB881CFBCDAC2064F92B26E46F
SHA1:	61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
SHA-256:	D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
SHA-512:	1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
Malicious:	false
Preview:	.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Static File Info

General
File type:	Microsoft Excel 2007+
Entropy (8bit):	7.724791075038105
TrID:	Excel Microsoft Office Open XML Format document (40004/1) 83.33% ZIP compressed archive (8000/1) 16.67%
File name:	Fennec Pharma.xlsx
File size:	83695
MD5:	a2315b66552273d966bdc8570a6a7208
SHA1:	ad82640b54ce17f43e9df68ebfa700de48df5ef0
SHA256:	8c3a18ce48dbab7971870da260421c03483e279795768bfdeb0ee7dd6079ec2b
SHA512:	37a4eea1568b2477fd32c62ec4d8d96f32ba986818ebf140f64997987acca3c4c342e8516ae0c2f7fd36a7ced3fd53c1482de1a5b0feafd85a2c55e9057e840b
SSDEEP:	1536:kITxWDwbNcsRF6RFBn2Sc9IQDwsQiaFghujpHqG:LTrNcc6RFBxQDzQaujpKG
File Content Preview:	PK..........!.....i...........[Content_Types].xml ...(.........................................................................................................................................................................................................

File Icon


Icon Hash:	e4e2aa8aa4b4bcb4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 21, 2020 00:35:56.793020010 CET	49165	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:56.793653965 CET	49166	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:56.896008015 CET	443	49165	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:56.896049023 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:56.896106005 CET	49165	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:56.896136045 CET	49166	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:56.913537025 CET	49166	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:56.913752079 CET	49165	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.016037941 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.016347885 CET	443	49165	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.017422915 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.017466068 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.017504930 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.017535925 CET	49166	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.017540932 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.017585039 CET	49166	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.017594099 CET	49166	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.017599106 CET	49166	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.017847061 CET	443	49165	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.017889023 CET	443	49165	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.017923117 CET	49165	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.017925978 CET	443	49165	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.017966986 CET	443	49165	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.018002987 CET	49165	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.018008947 CET	49165	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.018021107 CET	49165	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.025341988 CET	49166	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.031975985 CET	49165	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.128045082 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.128125906 CET	49166	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.134782076 CET	443	49165	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.134860992 CET	49165	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.334388971 CET	49166	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.475466013 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.475528002 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.475579023 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.475617886 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.475656033 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.475703001 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.475733995 CET	49166	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.475749016 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.475766897 CET	49166	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.475771904 CET	49166	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.475788116 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.475826025 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.475887060 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.476845026 CET	49166	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.578442097 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.578511000 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.578691959 CET	49166	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.647543907 CET	49166	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.648699045 CET	49165	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.651459932 CET	49167	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.751646996 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.751957893 CET	49166	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.752582073 CET	443	49165	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.752614975 CET	443	49165	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.753297091 CET	49165	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.754040003 CET	443	49167	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.754293919 CET	49167	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.759658098 CET	49166	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.778884888 CET	49167	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.864454985 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.864530087 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.864571095 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.864609957 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.864648104 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.864696026 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.864738941 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.864778042 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.864818096 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.864856005 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.864892960 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.864931107 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.864963055 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.865010977 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.865051985 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.865088940 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.865128040 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.865225077 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.865263939 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.865300894 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.865497112 CET	49166	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.865590096 CET	49166	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.865598917 CET	49166	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.881522894 CET	443	49167	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.881690025 CET	443	49167	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.882769108 CET	49167	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.884242058 CET	49167	443	192.168.2.22	54.84.56.113
Nov 21, 2020 00:35:57.967967033 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.968045950 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.968084097 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.968132019 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.968162060 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.968189001 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.968228102 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.968255997 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.968281984 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.968314886 CET	443	49166	54.84.56.113	192.168.2.22
Nov 21, 2020 00:35:57.968348026 CET	443	49166	54.84.56.113	192.168.2.22

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 21, 2020 00:35:55.880028963 CET	52197	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:35:55.916964054 CET	53	52197	8.8.8.8	192.168.2.22
Nov 21, 2020 00:35:56.749073029 CET	53099	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:35:56.786586046 CET	53	53099	8.8.8.8	192.168.2.22
Nov 21, 2020 00:35:57.833378077 CET	52838	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:35:57.877511024 CET	53	52838	8.8.8.8	192.168.2.22
Nov 21, 2020 00:35:58.120951891 CET	61200	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:35:58.165009022 CET	53	61200	8.8.8.8	192.168.2.22
Nov 21, 2020 00:36:00.366734028 CET	49548	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:36:00.374326944 CET	55627	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:36:00.376749992 CET	56009	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:36:00.382883072 CET	61865	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:36:00.394880056 CET	53	49548	8.8.8.8	192.168.2.22
Nov 21, 2020 00:36:00.395431995 CET	55171	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:36:00.398137093 CET	52496	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:36:00.404958010 CET	53	56009	8.8.8.8	192.168.2.22
Nov 21, 2020 00:36:00.407099009 CET	57564	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:36:00.411519051 CET	53	61865	8.8.8.8	192.168.2.22
Nov 21, 2020 00:36:00.413166046 CET	53	55627	8.8.8.8	192.168.2.22
Nov 21, 2020 00:36:00.423897028 CET	53	55171	8.8.8.8	192.168.2.22
Nov 21, 2020 00:36:00.435122013 CET	53	52496	8.8.8.8	192.168.2.22
Nov 21, 2020 00:36:00.445075035 CET	53	57564	8.8.8.8	192.168.2.22
Nov 21, 2020 00:36:01.150670052 CET	63009	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:36:01.178512096 CET	53	63009	8.8.8.8	192.168.2.22
Nov 21, 2020 00:36:01.794205904 CET	59319	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:36:01.821325064 CET	53	59319	8.8.8.8	192.168.2.22
Nov 21, 2020 00:36:26.518518925 CET	53070	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:36:26.545665979 CET	53	53070	8.8.8.8	192.168.2.22
Nov 21, 2020 00:36:27.530570030 CET	53070	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:36:27.567900896 CET	53	53070	8.8.8.8	192.168.2.22
Nov 21, 2020 00:36:28.544620991 CET	53070	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:36:28.583697081 CET	53	53070	8.8.8.8	192.168.2.22
Nov 21, 2020 00:36:30.385845900 CET	59770	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:36:30.427398920 CET	53	59770	8.8.8.8	192.168.2.22
Nov 21, 2020 00:36:30.572654009 CET	53070	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:36:30.608406067 CET	53	53070	8.8.8.8	192.168.2.22
Nov 21, 2020 00:36:31.304359913 CET	61523	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:36:31.331377983 CET	53	61523	8.8.8.8	192.168.2.22
Nov 21, 2020 00:36:32.298985004 CET	61523	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:36:32.326273918 CET	53	61523	8.8.8.8	192.168.2.22
Nov 21, 2020 00:36:33.312700033 CET	61523	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:36:33.339879990 CET	53	61523	8.8.8.8	192.168.2.22
Nov 21, 2020 00:36:34.576699018 CET	53070	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:36:34.604034901 CET	53	53070	8.8.8.8	192.168.2.22
Nov 21, 2020 00:36:35.325468063 CET	61523	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:36:35.352783918 CET	53	61523	8.8.8.8	192.168.2.22
Nov 21, 2020 00:36:39.335205078 CET	61523	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:36:39.371196032 CET	53	61523	8.8.8.8	192.168.2.22
Nov 21, 2020 00:37:07.971049070 CET	62791	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:37:08.009129047 CET	53	62791	8.8.8.8	192.168.2.22
Nov 21, 2020 00:37:14.558470964 CET	50667	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:37:14.607232094 CET	53	50667	8.8.8.8	192.168.2.22
Nov 21, 2020 00:37:15.122312069 CET	54129	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:37:15.123759985 CET	65329	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:37:15.149502039 CET	53	54129	8.8.8.8	192.168.2.22
Nov 21, 2020 00:37:15.150810957 CET	53	65329	8.8.8.8	192.168.2.22
Nov 21, 2020 00:37:15.159512043 CET	60718	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:37:15.160123110 CET	49157	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:37:15.186714888 CET	53	60718	8.8.8.8	192.168.2.22
Nov 21, 2020 00:37:15.195616007 CET	53	49157	8.8.8.8	192.168.2.22
Nov 21, 2020 00:37:15.644191027 CET	57391	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:37:15.671468973 CET	53	57391	8.8.8.8	192.168.2.22
Nov 21, 2020 00:37:15.678564072 CET	61858	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:37:15.705692053 CET	53	61858	8.8.8.8	192.168.2.22
Nov 21, 2020 00:37:15.727087975 CET	62500	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:37:15.762665987 CET	53	62500	8.8.8.8	192.168.2.22
Nov 21, 2020 00:37:15.767411947 CET	51652	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:37:15.794589043 CET	53	51652	8.8.8.8	192.168.2.22
Nov 21, 2020 00:37:16.255084038 CET	62762	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:37:16.273473978 CET	56905	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:37:16.278562069 CET	54609	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:37:16.289488077 CET	58101	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:37:16.290368080 CET	64329	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:37:16.291014910 CET	64881	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:37:16.292434931 CET	55327	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:37:16.298592091 CET	53	62762	8.8.8.8	192.168.2.22
Nov 21, 2020 00:37:16.300527096 CET	53	56905	8.8.8.8	192.168.2.22
Nov 21, 2020 00:37:16.305610895 CET	53	54609	8.8.8.8	192.168.2.22
Nov 21, 2020 00:37:16.317975998 CET	53	64881	8.8.8.8	192.168.2.22
Nov 21, 2020 00:37:16.324954033 CET	53	58101	8.8.8.8	192.168.2.22
Nov 21, 2020 00:37:16.327955008 CET	53	55327	8.8.8.8	192.168.2.22
Nov 21, 2020 00:37:16.334085941 CET	53	64329	8.8.8.8	192.168.2.22
Nov 21, 2020 00:37:16.758481979 CET	59150	53	192.168.2.22	8.8.8.8
Nov 21, 2020 00:37:16.785702944 CET	53	59150	8.8.8.8	192.168.2.22

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Nov 21, 2020 00:35:56.749073029 CET	192.168.2.22	8.8.8.8	0x734a	Standard query (0)	workflowy.com	A (IP address)	IN (0x0001)
Nov 21, 2020 00:35:58.120951891 CET	192.168.2.22	8.8.8.8	0x653e	Standard query (0)	stats.g.doubleclick.net	A (IP address)	IN (0x0001)
Nov 21, 2020 00:36:00.407099009 CET	192.168.2.22	8.8.8.8	0xbc17	Standard query (0)	js-agent.newrelic.com	A (IP address)	IN (0x0001)
Nov 21, 2020 00:36:01.150670052 CET	192.168.2.22	8.8.8.8	0x63fe	Standard query (0)	bam-cell.nr-data.net	A (IP address)	IN (0x0001)
Nov 21, 2020 00:37:07.971049070 CET	192.168.2.22	8.8.8.8	0xd927	Standard query (0)	workflowy.com	A (IP address)	IN (0x0001)
Nov 21, 2020 00:37:14.558470964 CET	192.168.2.22	8.8.8.8	0x50d3	Standard query (0)	jamif-cdn3d.us-east-1.linodeobjects.com	A (IP address)	IN (0x0001)
Nov 21, 2020 00:37:16.273473978 CET	192.168.2.22	8.8.8.8	0xaa5c	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)
Nov 21, 2020 00:37:16.278562069 CET	192.168.2.22	8.8.8.8	0xec57	Standard query (0)	maxcdn.bootstrapcdn.com	A (IP address)	IN (0x0001)
Nov 21, 2020 00:37:16.289488077 CET	192.168.2.22	8.8.8.8	0xe2e	Standard query (0)	s3.amazonaws.com	A (IP address)	IN (0x0001)
Nov 21, 2020 00:37:16.291014910 CET	192.168.2.22	8.8.8.8	0x336e	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)
Nov 21, 2020 00:37:16.292434931 CET	192.168.2.22	8.8.8.8	0xec4e	Standard query (0)	kit.fontawesome.com	A (IP address)	IN (0x0001)
Nov 21, 2020 00:37:16.758481979 CET	192.168.2.22	8.8.8.8	0xef20	Standard query (0)	ka-f.fontawesome.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Nov 21, 2020 00:35:56.786586046 CET	8.8.8.8	192.168.2.22	0x734a	No error (0)	workflowy.com		54.84.56.113	A (IP address)	IN (0x0001)
Nov 21, 2020 00:35:56.786586046 CET	8.8.8.8	192.168.2.22	0x734a	No error (0)	workflowy.com		54.164.228.73	A (IP address)	IN (0x0001)
Nov 21, 2020 00:35:56.786586046 CET	8.8.8.8	192.168.2.22	0x734a	No error (0)	workflowy.com		107.23.99.91	A (IP address)	IN (0x0001)
Nov 21, 2020 00:35:58.165009022 CET	8.8.8.8	192.168.2.22	0x653e	No error (0)	stats.g.doubleclick.net	stats.l.doubleclick.net		CNAME (Canonical name)	IN (0x0001)
Nov 21, 2020 00:35:58.165009022 CET	8.8.8.8	192.168.2.22	0x653e	No error (0)	stats.l.doubleclick.net		74.125.140.154	A (IP address)	IN (0x0001)
Nov 21, 2020 00:35:58.165009022 CET	8.8.8.8	192.168.2.22	0x653e	No error (0)	stats.l.doubleclick.net		74.125.140.156	A (IP address)	IN (0x0001)
Nov 21, 2020 00:35:58.165009022 CET	8.8.8.8	192.168.2.22	0x653e	No error (0)	stats.l.doubleclick.net		74.125.140.157	A (IP address)	IN (0x0001)
Nov 21, 2020 00:35:58.165009022 CET	8.8.8.8	192.168.2.22	0x653e	No error (0)	stats.l.doubleclick.net		74.125.140.155	A (IP address)	IN (0x0001)
Nov 21, 2020 00:36:00.445075035 CET	8.8.8.8	192.168.2.22	0xbc17	No error (0)	js-agent.newrelic.com	f4.shared.global.fastly.net		CNAME (Canonical name)	IN (0x0001)
Nov 21, 2020 00:36:01.178512096 CET	8.8.8.8	192.168.2.22	0x63fe	No error (0)	bam-cell.nr-data.net	tls12.newrelic.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Nov 21, 2020 00:37:08.009129047 CET	8.8.8.8	192.168.2.22	0xd927	No error (0)	workflowy.com		54.164.228.73	A (IP address)	IN (0x0001)
Nov 21, 2020 00:37:08.009129047 CET	8.8.8.8	192.168.2.22	0xd927	No error (0)	workflowy.com		54.84.56.113	A (IP address)	IN (0x0001)
Nov 21, 2020 00:37:08.009129047 CET	8.8.8.8	192.168.2.22	0xd927	No error (0)	workflowy.com		107.23.99.91	A (IP address)	IN (0x0001)
Nov 21, 2020 00:37:14.607232094 CET	8.8.8.8	192.168.2.22	0x50d3	No error (0)	jamif-cdn3d.us-east-1.linodeobjects.com	us-east-1.linodeobjects.com		CNAME (Canonical name)	IN (0x0001)
Nov 21, 2020 00:37:14.607232094 CET	8.8.8.8	192.168.2.22	0x50d3	No error (0)	us-east-1.linodeobjects.com		45.79.137.127	A (IP address)	IN (0x0001)
Nov 21, 2020 00:37:14.607232094 CET	8.8.8.8	192.168.2.22	0x50d3	No error (0)	us-east-1.linodeobjects.com		45.56.104.115	A (IP address)	IN (0x0001)
Nov 21, 2020 00:37:14.607232094 CET	8.8.8.8	192.168.2.22	0x50d3	No error (0)	us-east-1.linodeobjects.com		97.107.137.245	A (IP address)	IN (0x0001)
Nov 21, 2020 00:37:14.607232094 CET	8.8.8.8	192.168.2.22	0x50d3	No error (0)	us-east-1.linodeobjects.com		45.79.157.59	A (IP address)	IN (0x0001)
Nov 21, 2020 00:37:14.607232094 CET	8.8.8.8	192.168.2.22	0x50d3	No error (0)	us-east-1.linodeobjects.com		96.126.106.143	A (IP address)	IN (0x0001)
Nov 21, 2020 00:37:14.607232094 CET	8.8.8.8	192.168.2.22	0x50d3	No error (0)	us-east-1.linodeobjects.com		173.255.231.96	A (IP address)	IN (0x0001)
Nov 21, 2020 00:37:16.300527096 CET	8.8.8.8	192.168.2.22	0xaa5c	No error (0)	code.jquery.com	cds.s5x3j6q5.hwcdn.net		CNAME (Canonical name)	IN (0x0001)
Nov 21, 2020 00:37:16.305610895 CET	8.8.8.8	192.168.2.22	0xec57	No error (0)	maxcdn.bootstrapcdn.com	cds.j3z9t3p6.hwcdn.net		CNAME (Canonical name)	IN (0x0001)
Nov 21, 2020 00:37:16.317975998 CET	8.8.8.8	192.168.2.22	0x336e	No error (0)	cdnjs.cloudflare.com		104.16.19.94	A (IP address)	IN (0x0001)
Nov 21, 2020 00:37:16.317975998 CET	8.8.8.8	192.168.2.22	0x336e	No error (0)	cdnjs.cloudflare.com		104.16.18.94	A (IP address)	IN (0x0001)
Nov 21, 2020 00:37:16.324954033 CET	8.8.8.8	192.168.2.22	0xe2e	No error (0)	s3.amazonaws.com		52.217.43.14	A (IP address)	IN (0x0001)
Nov 21, 2020 00:37:16.327955008 CET	8.8.8.8	192.168.2.22	0xec4e	No error (0)	kit.fontawesome.com	kit.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Nov 21, 2020 00:37:16.785702944 CET	8.8.8.8	192.168.2.22	0xef20	No error (0)	ka-f.fontawesome.com	ka-f.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Nov 21, 2020 00:35:57.017540932 CET	54.84.56.113	443	192.168.2.22	49166	CN=*.workflowy.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Sun Oct 25 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Thu Nov 25 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Nov 21, 2020 00:35:57.017966986 CET	54.84.56.113	443	192.168.2.22	49165	CN=*.workflowy.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Sun Oct 25 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Thu Nov 25 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Nov 21, 2020 00:35:58.228271008 CET	74.125.140.154	443	192.168.2.22	49171	CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Nov 03 08:33:42 CET 2020 Thu Jun 15 02:00:42 CEST 2017	Tue Jan 26 08:33:42 CET 2021 Wed Dec 15 01:00:42 CET 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Nov 21, 2020 00:35:58.228271008 CET	74.125.140.154	443	192.168.2.22	49171	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		7dcce5b76c8b17472d024758970a406b
Nov 21, 2020 00:35:58.229171991 CET	74.125.140.154	443	192.168.2.22	49170	CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Nov 03 08:33:42 CET 2020 Thu Jun 15 02:00:42 CEST 2017	Tue Jan 26 08:33:42 CET 2021 Wed Dec 15 01:00:42 CET 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Nov 21, 2020 00:35:58.229171991 CET	74.125.140.154	443	192.168.2.22	49170	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		7dcce5b76c8b17472d024758970a406b
Nov 21, 2020 00:37:14.900779963 CET	45.79.137.127	443	192.168.2.22	49186	CN=linodeobjects.com CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Mon Sep 28 14:53:21 CEST 2020 Thu Mar 17 17:40:46 CET 2016	Sun Dec 27 13:53:21 CET 2020 Wed Mar 17 17:40:46 CET 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Nov 21, 2020 00:37:14.900779963 CET	45.79.137.127	443	192.168.2.22	49186	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Mar 17 17:40:46 CET 2016	Wed Mar 17 17:40:46 CET 2021		7dcce5b76c8b17472d024758970a406b
Nov 21, 2020 00:37:14.904580116 CET	45.79.137.127	443	192.168.2.22	49187	CN=linodeobjects.com CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Mon Sep 28 14:53:21 CEST 2020 Thu Mar 17 17:40:46 CET 2016	Sun Dec 27 13:53:21 CET 2020 Wed Mar 17 17:40:46 CET 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Nov 21, 2020 00:37:14.904580116 CET	45.79.137.127	443	192.168.2.22	49187	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Mar 17 17:40:46 CET 2016	Wed Mar 17 17:40:46 CET 2021		7dcce5b76c8b17472d024758970a406b
Nov 21, 2020 00:37:16.358623981 CET	104.16.19.94	443	192.168.2.22	49199	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Nov 21, 2020 00:37:16.358623981 CET	104.16.19.94	443	192.168.2.22	49199	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		7dcce5b76c8b17472d024758970a406b
Nov 21, 2020 00:37:16.362054110 CET	104.16.19.94	443	192.168.2.22	49200	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Nov 21, 2020 00:37:16.362054110 CET	104.16.19.94	443	192.168.2.22	49200	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		7dcce5b76c8b17472d024758970a406b
Nov 21, 2020 00:37:16.559813976 CET	52.217.43.14	443	192.168.2.22	49202	CN=s3.amazonaws.com, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Tue Aug 04 02:00:00 CEST 2020 Tue Dec 08 13:05:07 CET 2015	Mon Aug 09 14:00:00 CEST 2021 Sat May 10 14:00:00 CEST 2025	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Nov 21, 2020 00:37:16.559813976 CET	52.217.43.14	443	192.168.2.22	49202	CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Tue Dec 08 13:05:07 CET 2015	Sat May 10 14:00:00 CEST 2025		7dcce5b76c8b17472d024758970a406b
Nov 21, 2020 00:37:16.568072081 CET	52.217.43.14	443	192.168.2.22	49201	CN=s3.amazonaws.com, O="Amazon.com, Inc.", L=Seattle, ST=Washington, C=US CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Tue Aug 04 02:00:00 CEST 2020 Tue Dec 08 13:05:07 CET 2015	Mon Aug 09 14:00:00 CEST 2021 Sat May 10 14:00:00 CEST 2025	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Nov 21, 2020 00:37:16.568072081 CET	52.217.43.14	443	192.168.2.22	49201	CN=DigiCert Baltimore CA-2 G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Tue Dec 08 13:05:07 CET 2015	Sat May 10 14:00:00 CEST 2025		7dcce5b76c8b17472d024758970a406b

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: EXCEL.EXE PID: 2376 Parent PID: 584

General

Start time:	00:35:38
Start date:	21/11/2020
Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Imagebase:	0x13f140000
File size:	27641504 bytes
MD5 hash:	5FB0A0F93382ECD19F5F499A5CAA59F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: iexplore.exe PID: 2552 Parent PID: 584

General

Start time:	00:36:02
Start date:	21/11/2020
Path:	C:\Program Files\Internet Explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x13f5d0000
File size:	814288 bytes
MD5 hash:	4EB098135821348270F27157F7A84E65
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: iexplore.exe PID: 2856 Parent PID: 2552

General

Start time:	00:36:02
Start date:	21/11/2020
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2552 CREDAT:275457 /prefetch:2
Imagebase:	0x310000
File size:	815304 bytes
MD5 hash:	8A590F790A98F3D77399BE457E01386A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report Fennec Pharma.xlsx

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: EXCEL.EXE PID: 2376 Parent PID: 584

General

Analysis Process: iexplore.exe PID: 2552 Parent PID: 584

General

Analysis Process: iexplore.exe PID: 2856 Parent PID: 2552

General

Disassembly