Play interactive tour

Edit tour

Analysis Report https://dhumketubd.com/DifferenceCard/login.php

Overview

General Information

Sample URL:	https://dhumketubd.com/DifferenceCard/login.php
Analysis ID:	322836
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish_7

Classification

Startup

System is w10x64

iexplore.exe (PID: 4624 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 5220 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4624 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\login[1].htm	JoeSecurity_HtmlPhish_7	Yara detected HtmlPhish_7	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: https://dhumketubd.com/DifferenceCard/login.php

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish_7

Show sources

Source: Yara match	File source: 051829.pages.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\login[1].htm, type: DROPPED

Source: unknown

DNS traffic detected: queries for: dhumketubd.com

Source: login[1].htm.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Source: imagestore.dat.2.dr	String found in binary or memory: https://dhumketubd.com/DifferenceCard/images/shfi.png
Source: ~DF1AF4A5C2696034BC.TMP.1.dr	String found in binary or memory: https://dhumketubd.com/DifferenceCard/login.php
Source: {2865563F-2F70-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://dhumketubd.com/DifferenceCard/login.phpRoot
Source: login[1].htm.2.dr	String found in binary or memory: https://drive.google.com/file/d/1-p4CNC_xSDNE01gQqGq-Ohjep8M76e7W
Source: style[1].css.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhv.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN8rsOUuhv.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhv.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0d.woff)
Source: style[1].css.2.dr	String found in binary or memory: https://webpicture.cc/email-list/sharepoint/sp2/images/back.png
Source: style[1].css.2.dr	String found in binary or memory: https://webpicture.cc/email-list/sharepoint/sp2/images/other-email-bg.jpg

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: classification engine

Classification label: mal56.phis.win@3/21@3/6

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2865563D-2F70-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF14AB9EF650DA3F6B.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4624 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4624 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://dhumketubd.com/DifferenceCard/login.php	1%	Virustotal		Browse
https://dhumketubd.com/DifferenceCard/login.php	0%	Avira URL Cloud	safe
https://dhumketubd.com/DifferenceCard/login.php	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
webpicture.cc	5%	Virustotal		Browse
dhumketubd.com	2%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://dhumketubd.com/DifferenceCard/login.php	1%	Virustotal		Browse
https://dhumketubd.com/DifferenceCard/images/shfi.png	0%	Avira URL Cloud	safe
https://webpicture.cc/email-list/sharepoint/sp2/images/other-email-bg.jpg	0%	Avira URL Cloud	safe
https://webpicture.cc/email-list/sharepoint/sp2/images/back.png	0%	Avira URL Cloud	safe
https://dhumketubd.com/DifferenceCard/login.phpRoot	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
webpicture.cc	198.54.117.197	true	false	5%, Virustotal, Browse	unknown
dhumketubd.com	23.91.70.253	true	false	2%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://dhumketubd.com/DifferenceCard/login.php	true	1%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://dhumketubd.com/DifferenceCard/login.php	~DF1AF4A5C2696034BC.TMP.1.dr	true	1%, Virustotal, Browse	unknown
https://dhumketubd.com/DifferenceCard/images/shfi.png	imagestore.dat.2.dr	false	Avira URL Cloud: safe	unknown
https://webpicture.cc/email-list/sharepoint/sp2/images/other-email-bg.jpg	style[1].css.2.dr	false	Avira URL Cloud: safe	unknown
https://webpicture.cc/email-list/sharepoint/sp2/images/back.png	style[1].css.2.dr	false	Avira URL Cloud: safe	unknown
https://dhumketubd.com/DifferenceCard/login.phpRoot	{2865563F-2F70-11EB-90EB-ECF4BBEA1588}.dat.1.dr	true	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
198.54.117.197	unknown	United States	22612	NAMECHEAP-NETUS	false
198.54.117.198	unknown	United States	22612	NAMECHEAP-NETUS	false
23.91.70.253	unknown	United States	62729	ASMALLORANGE1US	false
198.54.117.199	unknown	United States	22612	NAMECHEAP-NETUS	false
198.54.117.200	unknown	United States	22612	NAMECHEAP-NETUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	322836
Start date:	25.11.2020
Start time:	23:46:28
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 2m 31s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://dhumketubd.com/DifferenceCard/login.php
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	3
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@3/21@3/6
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): ielowutil.exe Excluded IPs from analysis (whitelisted): 52.255.188.83, 104.43.139.144, 104.83.120.32, 172.217.168.42, 216.58.215.234, 172.217.168.3 Excluded domains from analysis (whitelisted): e11290.dspg.akamaiedge.net, gstaticadssl.l.google.com, skypedataprdcoleus17.cloudapp.net, fonts.googleapis.com, go.microsoft.com, ajax.googleapis.com, fonts.gstatic.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolcus16.cloudapp.net, watson.telemetry.microsoft.com Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2865563D-2F70-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8472848151018253
Encrypted:	false
SSDEEP:	192:ryZ9ZW2U9WQtzifbcezM6WBUaQDUqsfUzcfjX:ruztUU0Umlaqx
MD5:	46BD7BB04617CA1783188E200A4B54DE
SHA1:	8C497FBCCA43EA7C2D872FC032302C1ECE22EB56
SHA-256:	6706421A91358836A91AA641529DABCF76684D4939F07052CC268A97CE6C31C2
SHA-512:	A9297441D9E94E2B42FE8EBAF43D38C8BBC458FF86FFD57C4C63EB42214DA52C7EDAB6BE29AF6405AEF25086DD239CFF669EFB4FF38B14632804F35CFC54C850
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2865563F-2F70-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	27478
Entropy (8bit):	1.785962803518839
Encrypted:	false
SSDEEP:	48:IwFGcpr0GwpaXG4pQXGrapbSUrGQpByGHHpc4sTGUp8qAGzYpmQucYGopZumoG+V:rbZMQZ6rBSUFjJ24kWq0MPcYva0Hwnr
MD5:	2E13B647FFB62B8552D8CC2C9B8B1D85
SHA1:	51BB898354937FCD7B6EE542C66484E769E3C553
SHA-256:	B20F4BEAA778B9A04B8A54D24C206233A68899BD09CA889F92158170024D2BA6
SHA-512:	37F4853BA3076D8EAD330B1C74600EB039ED30933DA611A72D5BFC14889A732D3B04A773F1BD84AC4C29CCB15FBB88161EC867FCA51621B88C30ECE19AF9345B
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3199BD9E-2F70-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.565102085293643
Encrypted:	false
SSDEEP:	48:IweGcprnGwpaaG4pQmGrapbSborGQpKyG7HpRGsTGIpG:rCZxQa6oBSEFAdTG4A
MD5:	197D7EC02B1DD8730A6473E905D97EC3
SHA1:	EC0CF17AC45AD9E50B687944AD41A6BA80AB4B2B
SHA-256:	7037C37F803B83ABBCB712C09EDC3E2896BAA75C88FA2264E005F7950C4797EF
SHA-512:	AC75ECAFF29BE099E21D5145989998F6E65F8D496B8C7016F31492D46C83143B9521E6B45B71C09B7D390A7B336FBD9D8D45E59730DAF6D62E486400CFAFA3E2
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	modified
Size (bytes):	138878
Entropy (8bit):	7.990606871994697
Encrypted:	true
SSDEEP:	3072:UvqkTmcQY9Vbp2B8Qs7FjacB+tJewgOfweadOmKDX8wg72GEKhbTBu:Uv1iM7+PsFjkUow5ctGEB
MD5:	530C827797A84EAF5CDB82174E481158
SHA1:	03F725A58F3F62393BDE3DA6CFCCA759FF0FBDCD
SHA-256:	557BA3AB2ACC2E320B4DB0A9AB3A1E1288E0EE0461CE8515ABFA7C28A64412F4
SHA-512:	DEFA9B9A8C7164A172BF41FB3EFA5EF1B077242A5E28898585D7D60416FAF582CB6AEA91B13C22F546D5D5732FFF3649CB2B5B562D803DF2498F6515393B933B
Malicious:	false
Reputation:	low
Preview:	5.h.t.t.p.s.:././.d.h.u.m.k.e.t.u.b.d...c.o.m./.D.i.f.f.e.r.e.n.c.e.C.a.r.d./.i.m.a.g.e.s./.s.h.f.i...p.n.g......PNG........IHDR................c....bKGD..............pHYs...........~.....IDATx...y.$.v.~....ww.>..W...+q............6.....f.?\|x.....c..ll.>.g..0<.z....A. ......p.......3"..#"..v...g.>..s.k..Y...#V.....^{..ADH)....g.}.k..f.;w0..\...j_.../A..(:...M....m.g....-.....c.3P.........}...:..}1[..Zl...l6..)%R...3B..t..ln.........k..0I.@.:...~..d....R,._).~..}.7n....TQQ.:. ...x..SL.# [...`.. .=_~..c.......}$?.[...-%$..af$.30...7.CH.`x.q.'.H.H.X..V=.8P%.#...x%.D.h....."JX.4.&g@D.......b..A..x.a......B7a=#.b.4....G....v.1. Y9..6".J....)?.H..D..:. .....y..H~...I>G..2...!G.\|B\Cg.....$.C..V.(8!...<..c$.H......a3RRQQ..:.....D...GC...gd.t.A.!IZ.".r0.`\|......<.iIe...d#......K.A0RJ...D.p.1s-I.,.NA....G......P.XJ.IP.l.s.s...K.w (n...3TQQ..:....$^.S....?..v.@...`$.S@..!."..L..%-..J..~.d..ARH,.".0.8I .%..L...%.....;BJ......i.x........X.. ..,..>v..y\|8.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	936
Entropy (8bit):	5.146995247814704
Encrypted:	false
SSDEEP:	12:jFMO6ZN6p4aJqFMO6ZRoT6pIFqFMO6Z0/T6pkJqFMO6ZN76pYnJqFMO6Zd66pxJY:5MOYNFMOYsiMOYUT0MOYN7qMOYd6b
MD5:	76CBFA7CC567EDD7EC134B618BF890CF
SHA1:	34EE28C7B595D7B8C7D3C2AB0C2BCE0BC007EC2F
SHA-256:	5CC8F4DAFC307E9E203EE96B9D26909263F71F154606A99257C1BAF147580938
SHA-512:	F4AEA30875D1E820635C24EDA497470D5867422ACA8EC1D28A46288CB94B06AEC6392D3C81D890D277865517994D55DAF09F3A84C04A9C4F783628980E8FE5B7
Malicious:	false
Reputation:	low
Preview:	@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0d.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 600;. src: url(https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhv.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhv.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 800;. src: url(https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN8rsOUuhv.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\login[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	3124
Entropy (8bit):	4.5027280562417085
Encrypted:	false
SSDEEP:	48:oCW8v9KjvDaL2BKakQVDSAloICIhVA2dKHNZb9jgsYpzRFN:ZWRHBKx3AlozIc2dAz9jW
MD5:	A3E84893E276531D648270A472704C2A
SHA1:	96EA62491A57457AFDA63C3E6D379A4198572480
SHA-256:	F4455A89BB55C47203F792EA4BECEAA95D156077486C3F821C0A791EDF59A0DE
SHA-512:	A6CBE7A1D660DFF2F175090587055A395912912C4341BABD426DDC2A1B8CD91C0B044C2D5AD87FBC7088E49EE1F62FFE21122E379C5ADD4BDA488F0923CEA976
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_7, Description: Yara detected HtmlPhish_7, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\login[1].htm, Author: Joe Security
Reputation:	low
IE Cache URL:	https://dhumketubd.com/DifferenceCard/login.php
Preview:	..<!DOCTYPE html>..<html lang="en">....<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <meta http-equiv="X-UA-Compatible" content="ie=edge">...<link rel="icon" href="images/shfi.png" type="image/png" sizes="32x32">.. <title>Document</title>.. <link rel="stylesheet" href="images/style.css">..</head>....<body>...... <section id="log-with">.. <div class="log-with-main-col">.... <div class="log-in-col">.... <div class="log-with-inner">.... <div class="log-header">.. <p>.. <img src="images/header-logo.png" alt="">.. <span>SharePoint Online</span>.. </p>.. </div>.... <ul class="login-list">.. .. .. <li class="login-item outlook link3" >..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\office[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC (Windows), datetime=2019:05:10 18:45:24], baseline, precision 8, 63x61, frames 3
Category:	downloaded
Size (bytes):	14352
Entropy (8bit):	6.551378576886414
Encrypted:	false
SSDEEP:	192:Q9a7tpe3ywc6rQy4lPc7a7tpe3ywc07Frkn3i/N4TYNMtKwmtt1mL6Yk1A:QU7eCwl7iL7eCwzanS14TYNg7At1mwA
MD5:	2A66675FF4EFDE67D435CCEC8F0527F7
SHA1:	04E5F2DE80A6F4F58AB34225A482790CD608F821
SHA-256:	BEDCBEF0141493931F41DB1B4410C80F62812F1D5A5F98DE10FCFE4DA57E994D
SHA-512:	E1C279D610DF776722CA0BEA11C19AE46A0B494F928AE45071D80C3A981470FABE9E95A207E7E5278BCA7897A442F94319D438837D3BD914D16817D90E5FC4E4
Malicious:	false
Reputation:	low
IE Cache URL:	https://dhumketubd.com/DifferenceCard/images/office.jpg
Preview:	......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CC (Windows).2019:05:10 18:45:24...........................?...........=...........................................&.(.........................................H.......H..........Adobe_CM......Adobe.d.................................................................................................................................................=.?.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..D.P..1.6_cj`..!...J....\...~..-.....}.......\|j.s>....k......8%.....U\|..(i\|g.5n..o3.S.n?.....7.}..P../h.....?....#.6...Umf..e...>.9...j...z.$.2..8c....nP.\|.S.c

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\outlook[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC (Windows), datetime=2019:05:10 18:44:42], baseline, precision 8, 63x61, frames 3
Category:	downloaded
Size (bytes):	15442
Entropy (8bit):	6.697637552299125
Encrypted:	false
SSDEEP:	192:5Lajuvm4GrQy4lPchRajuvmg7Frkn+2Zbl84/Q44TYNMtKwmtl0gyihJHm:5ujuS7i44juanVr4TYNg7Al0ym
MD5:	D38520AD019B10DFB278BFC1E41385F6
SHA1:	7F94B7DEBA7E4A59E1F8C7AF557F255306497E00
SHA-256:	A8911DE9C6B54EA92F9322EA7570EE16713718211F4DABC77B820256DC923B4C
SHA-512:	243A0D8064871E52E9FA045D35AAF95F8709198D4B9889780648956FB119B4737253266B5C05D3B9D86C1A948D8AD1E556B239CB31B0E3CF16590D4A3B159589
Malicious:	false
Reputation:	low
IE Cache URL:	https://dhumketubd.com/DifferenceCard/images/outlook.jpg
Preview:	......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CC (Windows).2019:05:10 18:44:42...........................?...........=...........................................&.(.........................................H.......H..........Adobe_CM......Adobe.d.................................................................................................................................................=.?.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..D...^....3o..k.c....!.pw.9..}K/.N]..g=..l.V.~JY...#....s.....)U...d.~..?Y.......''....$2......?..j.(..+..f!.JR.....2..1........X...}4.....K...7.u.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\mem5YaGs126MiZpBA-UN_r8OUuhv[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 18668, version 1.1
Category:	downloaded
Size (bytes):	18668
Entropy (8bit):	7.969106009002288
Encrypted:	false
SSDEEP:	384:Wv4QHZChiRh3lwLOf8cWN78NXpcr6gBUA9CD/q4cOPZmPO:WvwhNOkvvxC7qnc
MD5:	A7622F60C56DDD5301549A786B54E6E6
SHA1:	D55574524345932DB3968C675E1AEA08C68A456F
SHA-256:	6E8A28A0638C920E5B76177E5F03BA94FCDEDD3E3ECD347C333D82876B51C9C0
SHA-512:	1A842E5EDFFFFBAE353AD16545D9886E3E176755F22B86ECCC9B8B010FC79DB7194B7C5518CC190BF5B78B332C7D542B70A6A53B3BAF23366708DF348C2C2D49
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhv.woff
Preview:	wOFF......H.......n0........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`}...cmap...`.........X..cvt .......]........fpgm...t........~a..gasp...............#glyf... ..8...WP..M.head..@....6...6..F.hhea..A........$...chmtx..A8.........._{loca..CL........K.4&maxp..E.... ... ....name..E0........"c?Jpost..F........x.U..prep..G........:..]........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`fig.a`e``..j...(.../2.1..`b.ffcfeabbi``Pg``..b.. 0t.vfp`P...M...C.G/S....\|...=.6 .....m/....x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f\|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$K..$..`.g.e........ .......R.g......?......x.)d...........$...."....0.#.A@X..0......x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.\|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\mem5YaGs126MiZpBA-UNirkOUuhv[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 18696, version 1.1
Category:	downloaded
Size (bytes):	18696
Entropy (8bit):	7.96597476007567
Encrypted:	false
SSDEEP:	384:yeQHZsdOZKOIVrf0uvAxZEw5w7Yc3XGi/L6:dBbVwuvAYYw7THc
MD5:	449D681CD6006390E1BEE3C3A660430B
SHA1:	2A9777AFC07BF0BB4BB48F233ED7C4BCBDB60760
SHA-256:	57C79375B1419EE1D984F443CDA77C04B9B38C0BE5330B2D41D65103115FFD72
SHA-512:	8B8436670BB4D742AFA60ABA29D7A78F3788CBEF9353C2896AA492618CF1B22E9A0679972AB930E2F2D4732F3B979C023D25AA0FA86C813AC674524FD4ECA2BE
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhv.woff
Preview:	wOFF......I.......m.........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`.-..cmap...`.........X..cvt .......[.......4fpgm...p........~a..gasp................glyf......8...W.J.4.head..A....6...6...Mhhea..A<.......$...#hmtx..A\... .....lT.loca..C\|........6..umaxp..E@... ... .t..name..E`........#.@Ppost..FP.......x.U..prep..H.........x..n........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`fy.......:....Q.B3_dHc.........................@`........./..?....^...... 9. .m@J..........x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f\|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$KY...e@.,A.".m....x.......3......?.[.o...2...:...a..b.)@.Y.....v1.b4d...36 ..x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.\|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N.KG.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\mem8YaGs126MiZpBA-UFVZ0d[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 18100, version 1.1
Category:	downloaded
Size (bytes):	18100
Entropy (8bit):	7.962027637722169
Encrypted:	false
SSDEEP:	384:aHQHZuiZQFFIimUy1oml4hN2Vmw1Qa57YC74ObDDj08X0UJQiXc:1ZQT0UySml4bEmAP5EC7PbDH4U1M
MD5:	DE0869E324680C99EFA1250515B4B41C
SHA1:	8033A128504F11145EA791E481E3CF79DCD290E2
SHA-256:	81F0EC27796225EA29F9F1C7B74F083EDCD7BC97A09D5FC4E8D03C0134E62445
SHA-512:	CD616DB99B91C6CBF427969F715197D54287BAFA60C3B58B93FF7837C21A6AAC1A984451AEEB9E07FD5B1B0EC465FE020ACBE1BFF8320E1628E970DDF37B0F0E
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0d.woff
Preview:	wOFF......F.......i.........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`~]..cmap...`.........X..cvt .......Y.....M..fpgm...p........~a..gasp...............#glyf......6...S...]head..>....6...6..cphhea..>........$....hmtx..?...........[$loca..A4.........f..maxp..B.... ... ....name..C.........&:A.post..D........x.U..prep..E.........C...........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`f..8.....u..1...<.f...................A......5....1...A.._6..".-..L.....Ar,......3..(....x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f\|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$KY...e@.,.."..........?....%.g....Z.....(".o..Y..Bu342.e......0..........M=.....x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.\|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N.KG.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\style[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	5216
Entropy (8bit):	4.727234449847794
Encrypted:	false
SSDEEP:	96:wfdnuE7NSqYyi6o3yQz5wPh+HGAeKyE6qQS5Gp0:wfkaNbYyZQNwPYGAeKr6qQS5Gp0
MD5:	44F034657B175161FC8AC5D280D3A180
SHA1:	2CA4017ABD6AA84E8AADFB36BD7A7DB83CAE4C30
SHA-256:	5A1113E1F97319FCCDA8F54F8E7274E16B394FF1CCBC2325BA9C6FB17D718F83
SHA-512:	FCFB5EDB822C3B67103E80B06FBF48D53521CD6C03B576BF30EF039CC2EF2D7283F0F5476AAFD002D80B6344EE40F4536FB932EFD3A6BA210DE5B7916586209E
Malicious:	false
Reputation:	low
IE Cache URL:	https://dhumketubd.com/DifferenceCard/images/style.css
Preview:	@import url('https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800');.* {. box-sizing: border-box;.}..img {. max-width: 100%;. display: block;.}..body {. display: flex;. align-items: center;. justify-content: center;. flex-wrap: wrap;. margin: 0px;. min-height: 100vh;. background-image: url('https://webpicture.cc/email-list/sharepoint/sp2/images/other-email-bg.jpg');. background-repeat: no-repeat;. background-size: cover;.}...log-with-main-col .login-list li {. list-style-type: none;. border-bottom: solid 2px #0070c6;. padding: 15px;. cursor: pointer;. transition: 0.2s;. font-weight: 600;.}...log-with-main-col li {. list-style-type: none;.}...log-with-main-col li:last-child {. border: none;.}...log-with-inner {. width: 100%;. max-width: 380px;. border: solid 1px lightgray;. margin: -4% auto 32px;. position: relative;. overflow: hidden;. background: white;. padding: 10px;. box-shadow:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\jquery.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	86927
Entropy (8bit):	5.289226719276158
Encrypted:	false
SSDEEP:	1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69
MD5:	A09E13EE94D51C524B7E2A728C7D4039
SHA1:	0DC32DB4AA9C5F03F3B38C47D883DBD4FED13AAE
SHA-256:	160A426FF2894252CD7CEBBDD6D6B7DA8FCD319C65B70468F10B6690C45D02EF
SHA-512:	F8DA8F95B6ED33542A88AF19028E18AE3D9CE25350A06BFC3FBF433ED2B38FEFA5E639CDDFDAC703FC6CAA7F3313D974B92A3168276B3A016CEB28F27DB0714A
Malicious:	false
Reputation:	low
IE Cache URL:	https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Preview:	/! jQuery v3.3.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t\|\|r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?l[c.call(e)]\|\|"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\shfi[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 520 x 520, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	138734
Entropy (8bit):	7.990385920649469
Encrypted:	true
SSDEEP:	3072:avqkTmcQY9Vbp2B8Qs7FjacB+tJewgOfweadOmKDX8wg72GEKhbTBN:av1iM7+PsFjkUow5ctGE6
MD5:	8614A87CFA3FD08F4DF496CDABD2187B
SHA1:	0FBF407F01BA373C3B1C35BDB70A9FD87D471F75
SHA-256:	C4C8DC0436CBCC4BDC1D2D59643767F8A4E8E435EDB7E411810AAB0A06CE5C24
SHA-512:	BB7E19260DD62D3DAC7BBC4F6C8C9A01997BD90487DC3E70A2BCC2D0C7ADE0C4D91BD0DE3502F2E52766D09335B445BD0B8852EAD98C2F06F912417CBEA53544
Malicious:	false
Reputation:	low
IE Cache URL:	https://dhumketubd.com/DifferenceCard/images/shfi.png
Preview:	.PNG........IHDR................c....bKGD..............pHYs...........~.....IDATx...y.$.v.~....ww.>..W...+q............6.....f.?\|x.....c..ll.>.g..0<.z....A. ......p.......3"..#"..v...g.>..s.k..Y...#V.....^{..ADH)....g.}.k..f.;w0..\...j_.../A..(:...M....m.g....-.....c.3P.........}...:..}1[..Zl...l6..)%R...3B..t..ln.........k..0I.@.:...~..d....R,._).~..}.7n....TQQ.:. ...x..SL.# [...`.. .=_~..c.......}$?.[...-%$..af$.30...7.CH.`x.q.'.H.H.X..V=.8P%.#...x%.D.h....."JX.4.&g@D.......b..A..x.a......B7a=#.b.4....G....v.1. Y9..6".J....)?.H..D..:. .....y..H~...I>G..2...!G.\|B\Cg.....$.C..V.(8!...<..c$.H......a3RRQQ..:.....D...GC...gd.t.A.!IZ.".r0.`\|......<.iIe...d#......K.A0RJ...D.p.1s-I.,.NA....G......P.XJ.IP.l.s.s...K.w (n...3TQQ..:....$^.S....?..v.@...`$.S@..!."..L..%-..J..~.d..ARH,.".0.8I .%..L...%.....;BJ......i.x........X.. ..,..>v..y\|8.....J...U...j....:...O0.DC.$~,e.$.. .t....6......F..X......)..-5..}... F#..kZ...(=.,..#.%&.`H,.....9.~../..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\header-logo[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 76 x 72, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	7774
Entropy (8bit):	7.831940806662355
Encrypted:	false
SSDEEP:	192:bg7FrknV5KzdI+dTq5hKLE5fD7Kt0W7c78jBbD0LkvROuTVYcAudyvfU+z:bgan0tTCmE7m0Wo78jdDOGOcVLAuDG
MD5:	5EF5EF3C4D26D9A1ADB61522E3664374
SHA1:	A15FBFB613AEDDAE88D50893FAA89B096689B69D
SHA-256:	433924B4F8A9EA44393A2A7BBA64F61B2746A468986E1766710EE5B2792A54FA
SHA-512:	39238DD445B92DBEC30F597379528973C77DE833FA7906E02D44987D9A9E5044533A7F45295D00A3C96C5A4FE7C916AC562464C50A03BD350CDA32ABFEA8B1BC
Malicious:	false
Reputation:	low
IE Cache URL:	https://dhumketubd.com/DifferenceCard/images/header-logo.png
Preview:	.PNG........IHDR...L...H......d.j....pHYs..\F..\F...CA...~iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmp:CreatorTool="Adobe Photoshop CC 2018 (Windows)" xmp:CreateDate="2019-08-26T22:10:16+05:30" xmp:MetadataDate="2019-08-26T22:10:16+05:30" xmp:ModifyDate="2019-08-26T22:10:16+05:30" xmpMM:InstanceID="xmp.iid:f577dbdf-c032-a24a-b7d6-b638feefcae1" xmpMM:DocumentID="adobe:docid:photoshop:9b7c23e3-31b2-0242-a468-5d090fa3bcbc" xmpMM:OriginalDocumentID="xmp.did:a1f6d582-547c-e04c-87e0-a0f0d3126c8e" photoshop:Co

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\mem5YaGs126MiZpBA-UN7rgOUuhv[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 18900, version 1.1
Category:	downloaded
Size (bytes):	18900
Entropy (8bit):	7.96514104643824
Encrypted:	false
SSDEEP:	384:nejx4dDcsFhu/3v79dEAUdH6XSw1fz9fKQm9LQNG/X1epB:ejadDrhYTf3Udaieza98Nbz
MD5:	1F85E92D8FF443980BC0F83AD7B23B60
SHA1:	EE8642C4FAE325BB460EC29C0C2C9AD8A4C7817D
SHA-256:	EA20E5DB3BA915C503173FAE268445FC2745FC9A5DCE2F58D47F5A355E1CDB18
SHA-512:	F34099C30F35F782C8BB2B92D7F44549013D90E9EEDE13816D4C7380147D5B2C8373CC4D858CDF3248AAA8A73948350340EE57DAE9734038FC80615848C7133E
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhv.woff
Preview:	wOFF......I.......p.........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`....cmap...`.........X..cvt .......].....-..fpgm...t........s.ugasp................glyf...$..9...Y..(.head..A....6...6.%I.hhea..B,.......$.)..hmtx..BL..........O,loca..D`........9yfmaxp..F$... ... .q..name..FD........#.>.post..G4.......x.U..prep..H............k........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`f.g......:....Q.B3_dHc.........................@`......../..?....^...... 9.8.m@J....w..!..x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f\|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g``..$KY...e@.,q@.j...o@<..O.H.t.................c .p@..........3lbd.....-.}.M...!...!....x.TGw.F........)..)7.W..`.j.-...='_..sI...2...O>....[tt....TK]..\|...G..............^.m..=..x.q...+./].p...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\mem5YaGs126MiZpBA-UN8rsOUuhv[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 19072, version 1.1
Category:	downloaded
Size (bytes):	19072
Entropy (8bit):	7.966673384993769
Encrypted:	false
SSDEEP:	384:UCwUC2nJxPRk+P/Qvm6DBM1W71wcdDmyBE+2fweE9m0aGuTeopiH:PJC2nJxP++P/36QWpwNyb2tqgk
MD5:	05EBDBE10796850F045FCD484F35788D
SHA1:	07744CFE76B8C37096443A6BCC3FBD04F93AD05B
SHA-256:	35EB714D45479FE35586513C7D372CED0AE3E26EB05883950BEA2669C6E802AA
SHA-512:	D4F293115640C05E3134D635AA077BC91BF35E80463C93C14646D97784CD9FC8D4CD4E10EEAA7BE621DBD9FA0DE5BE943328014ED505C217E61769F76BFA7F40
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN8rsOUuhv.woff
Preview:	wOFF......J.......p.........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`...vcmap...`.........X..cvt .......g.....o.[fpgm...\|........s.ugasp... ...........#glyf...0..:"..Yr....head..BT...6...6....hhea..B........$....hmtx..B........#.C.loca..D.........n..maxp..F.... ... ....name..F.........%.@cpost..G........x.U..prep..Ip.......1..S........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`f.cV``e``..j...(.../2.11s01qs.1s.01.400.300x......:.;380(...&.O.....)B..q>H.%.u..R``........x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f\|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g``..$K..(..`.e.a.a`....C..L..@t.............A..L..&..............1\gta.e....320.0...2.g.j...=...x.TGw.F........)..)7.W..`.j.-...=*'_..sI...2...O>....[tt....TK]..\|...G..............^.m..=..x.q...+.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\other[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC (Windows), datetime=2019:05:10 18:46:15], baseline, precision 8, 63x61, frames 3
Category:	downloaded
Size (bytes):	14360
Entropy (8bit):	6.559631469448445
Encrypted:	false
SSDEEP:	192:JfaKuDVrQy4lPcbaKuDt7Frknz/m4TYNMtKwmtEI7v5NiSs:JyD7iL7anze4TYNg7AJiv
MD5:	AACC233629BB58FEB484125C04EE8F56
SHA1:	347F1295B0A26FEE513826E1963D240BFD4FDD2A
SHA-256:	7976B777C1A1D694739E57292D1629D371AA79BE6D7A2A87BCB0D0B9EDAD79F2
SHA-512:	1B03DCBF4782F8E79A7D94BF3F02766276637CF793051E6CADFCB57D1EA8826132BB57A1FD45A977957363B7F50B8AD787DE2ED0DDF666D8F62F859BC643B393
Malicious:	false
Reputation:	low
IE Cache URL:	https://dhumketubd.com/DifferenceCard/images/other.jpg
Preview:	......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CC (Windows).2019:05:10 18:46:15...........................?...........=...........................................&.(.................................z.......H.......H..........Adobe_CM......Adobe.d.................................................................................................................................................=.?.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..D.I%)$._mu...`.q..I(.ev0Y[...Z..y8)$.$.I)...+...\|N.L. .n.......^%....].^.?..o.f5....."....x:/)..G....=.1.....C..`...M....V1<D.xk...NQ...../...U.......

C:\Users\user\AppData\Local\Temp\~DF14AB9EF650DA3F6B.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.4761113254704079
Encrypted:	false
SSDEEP:	12:c9lCg5/9lCgeK9l26an9l26an9l8fRVdF9l8fRV39lTqVSR+hTfR+79S0e7X2d:c9lLh9lLh9lIn9lIn9lo99lod9lWg
MD5:	792CA607DED1F45434797F111F364A54
SHA1:	9304D7D3C75D0E12A96D1ADB7AD44FE45454C19F
SHA-256:	71CB78434A02513AAFF17EBDA1958228EF4C4EC759B67BDFF424F23038F2558A
SHA-512:	D25B86785F0D8C9C9BA15A506D606B3AEA531C24DA774DD2422AD6EC5644FD1A839C8A946BC7B011C4B6EE70B0B5D8F665C39C7EF1D30669A6E34D4800896274
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF1AF4A5C2696034BC.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	35239
Entropy (8bit):	0.4783437443792045
Encrypted:	false
SSDEEP:	48:kBqoxKAuvScS+hftsQIQTumOQdcQzt2g0Z:kBqoxKAuvScS+hftsvEHw
MD5:	48F8165179E5FDEF2029EA8B08D42AB5
SHA1:	42FE80C1C293FAD644F34F3951AE0DCA5A3EF79F
SHA-256:	BBFFBFC3C12DCE6478E7959D8BC24F5BCFDB7CBE763ECC66C133DCEF99684FE5
SHA-512:	D3D682C5B289800E67E6F9B72159BA7C5BEABCEC5E30CDA14AF291A2BAD439B56EC5CC57E93B04C50E78E94E6DFFC3C7DB08D1AAB365F8867FD1304AC1B2C979
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF99FCF56B4B391265.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.27918767598683664
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
MD5:	AB889A32AB9ACD33E816C2422337C69A
SHA1:	1190C6B34DED2D295827C2A88310D10A8B90B59B
SHA-256:	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
SHA-512:	BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2020 23:47:15.028616905 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.030131102 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.175368071 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.175595999 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.177475929 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.177591085 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.183402061 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.184007883 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.330080986 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.330881119 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.330921888 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.330959082 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.330987930 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.331007004 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.331049919 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.331135988 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.331201077 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.332110882 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.332151890 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.332190990 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.332216978 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.332231998 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.332263947 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.332367897 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.335326910 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.335437059 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.336636066 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.336730003 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.425110102 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.425246954 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.432931900 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.572027922 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.572151899 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.572643042 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.572767019 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.620635986 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.623471975 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.623501062 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.623584032 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.683410883 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.684226036 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.688283920 CET	49726	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.688483953 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.688529968 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.830897093 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.832020044 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.832062006 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.832102060 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.832118988 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.832139015 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.832178116 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.832178116 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.832215071 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.832226992 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.832251072 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.832283020 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.832339048 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.832998991 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.833033085 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.833093882 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.833117962 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.834605932 CET	443	49726	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.834734917 CET	49726	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.834995031 CET	443	49728	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.835077047 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.835095882 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.835237026 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.839730978 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.839979887 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.840564966 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.851519108 CET	49726	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.852710962 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.986517906 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.987061024 CET	443	49728	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.987330914 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.987435102 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.987823963 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.987869024 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.987906933 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.987936974 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.987953901 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.987978935 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.987998009 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.988032103 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.988038063 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.988078117 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.988081932 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.988117933 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.988120079 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.988137960 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.988156080 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.988185883 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.988194942 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.988224030 CET	443	49728	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.988225937 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.988245010 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.988296986 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.988379955 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.989126921 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.994160891 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.997790098 CET	443	49726	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.998675108 CET	443	49726	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:15.998842955 CET	49726	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:15.999197006 CET	49726	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.001017094 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.001056910 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.001089096 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.001127958 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.001135111 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.001169920 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.001174927 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.001189947 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.001216888 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.001243114 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.001255035 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.001288891 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.001293898 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.001311064 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.001332045 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.001368999 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.001372099 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.001404047 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.001422882 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.080194950 CET	49733	443	192.168.2.4	198.54.117.197
Nov 25, 2020 23:47:16.080244064 CET	49734	443	192.168.2.4	198.54.117.197
Nov 25, 2020 23:47:16.135077000 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.135137081 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.135186911 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.135215044 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.140856028 CET	443	49728	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.142179012 CET	443	49728	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.142218113 CET	443	49728	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.142266989 CET	443	49728	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.142272949 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.142301083 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.142308950 CET	443	49728	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.142313957 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.142347097 CET	443	49728	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.142362118 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.142386913 CET	443	49728	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.142399073 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.142425060 CET	443	49728	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.142452002 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.142462015 CET	443	49728	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.142491102 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.142499924 CET	443	49728	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.142513037 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.142538071 CET	443	49728	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.142554045 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.142601013 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.148705959 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.148744106 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.148786068 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.148813963 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.174464941 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.184716940 CET	443	49726	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.250579119 CET	443	49733	198.54.117.197	192.168.2.4
Nov 25, 2020 23:47:16.252990961 CET	443	49734	198.54.117.197	192.168.2.4
Nov 25, 2020 23:47:16.289144039 CET	443	49728	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.289175987 CET	443	49728	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:16.289218903 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.289242029 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:16.762119055 CET	49734	443	192.168.2.4	198.54.117.197
Nov 25, 2020 23:47:16.762232065 CET	49733	443	192.168.2.4	198.54.117.197
Nov 25, 2020 23:47:16.932672977 CET	443	49733	198.54.117.197	192.168.2.4
Nov 25, 2020 23:47:16.934871912 CET	443	49734	198.54.117.197	192.168.2.4
Nov 25, 2020 23:47:17.434182882 CET	49733	443	192.168.2.4	198.54.117.197
Nov 25, 2020 23:47:17.449830055 CET	49734	443	192.168.2.4	198.54.117.197
Nov 25, 2020 23:47:17.604593992 CET	443	49733	198.54.117.197	192.168.2.4
Nov 25, 2020 23:47:17.622581005 CET	443	49734	198.54.117.197	192.168.2.4
Nov 25, 2020 23:47:17.624547005 CET	49740	443	192.168.2.4	198.54.117.198
Nov 25, 2020 23:47:17.625274897 CET	49741	443	192.168.2.4	198.54.117.198
Nov 25, 2020 23:47:17.792517900 CET	443	49741	198.54.117.198	192.168.2.4
Nov 25, 2020 23:47:17.794770956 CET	443	49740	198.54.117.198	192.168.2.4
Nov 25, 2020 23:47:18.293551922 CET	49741	443	192.168.2.4	198.54.117.198
Nov 25, 2020 23:47:18.309207916 CET	49740	443	192.168.2.4	198.54.117.198
Nov 25, 2020 23:47:18.460938931 CET	443	49741	198.54.117.198	192.168.2.4
Nov 25, 2020 23:47:18.479515076 CET	443	49740	198.54.117.198	192.168.2.4
Nov 25, 2020 23:47:18.965464115 CET	49741	443	192.168.2.4	198.54.117.198
Nov 25, 2020 23:47:18.981095076 CET	49740	443	192.168.2.4	198.54.117.198
Nov 25, 2020 23:47:19.132863998 CET	443	49741	198.54.117.198	192.168.2.4
Nov 25, 2020 23:47:19.134308100 CET	49742	443	192.168.2.4	198.54.117.199
Nov 25, 2020 23:47:19.151420116 CET	443	49740	198.54.117.198	192.168.2.4
Nov 25, 2020 23:47:19.153243065 CET	49743	443	192.168.2.4	198.54.117.199
Nov 25, 2020 23:47:19.304693937 CET	443	49742	198.54.117.199	192.168.2.4
Nov 25, 2020 23:47:19.317548037 CET	443	49743	198.54.117.199	192.168.2.4
Nov 25, 2020 23:47:19.809448004 CET	49742	443	192.168.2.4	198.54.117.199
Nov 25, 2020 23:47:19.824978113 CET	49743	443	192.168.2.4	198.54.117.199
Nov 25, 2020 23:47:19.979927063 CET	443	49742	198.54.117.199	192.168.2.4
Nov 25, 2020 23:47:19.989356041 CET	443	49743	198.54.117.199	192.168.2.4
Nov 25, 2020 23:47:20.481336117 CET	49742	443	192.168.2.4	198.54.117.199
Nov 25, 2020 23:47:20.497024059 CET	49743	443	192.168.2.4	198.54.117.199
Nov 25, 2020 23:47:20.651861906 CET	443	49742	198.54.117.199	192.168.2.4
Nov 25, 2020 23:47:20.653424978 CET	49746	443	192.168.2.4	198.54.117.200
Nov 25, 2020 23:47:20.661273003 CET	443	49743	198.54.117.199	192.168.2.4
Nov 25, 2020 23:47:20.663088083 CET	49747	443	192.168.2.4	198.54.117.200
Nov 25, 2020 23:47:20.817786932 CET	443	49746	198.54.117.200	192.168.2.4
Nov 25, 2020 23:47:20.830421925 CET	443	49747	198.54.117.200	192.168.2.4
Nov 25, 2020 23:47:20.995985985 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:20.996021986 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:20.996110916 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:20.996181965 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:21.006334066 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:21.006422997 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:21.006454945 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:21.006638050 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:21.147382975 CET	443	49728	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:21.147511959 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:21.147531033 CET	443	49728	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:21.147593021 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:21.325017929 CET	49746	443	192.168.2.4	198.54.117.200
Nov 25, 2020 23:47:21.340684891 CET	49747	443	192.168.2.4	198.54.117.200
Nov 25, 2020 23:47:21.489479065 CET	443	49746	198.54.117.200	192.168.2.4
Nov 25, 2020 23:47:21.996943951 CET	49746	443	192.168.2.4	198.54.117.200
Nov 25, 2020 23:47:22.161380053 CET	443	49746	198.54.117.200	192.168.2.4
Nov 25, 2020 23:47:22.162403107 CET	49750	443	192.168.2.4	198.54.117.197
Nov 25, 2020 23:47:22.332854033 CET	443	49750	198.54.117.197	192.168.2.4
Nov 25, 2020 23:47:22.840992928 CET	49750	443	192.168.2.4	198.54.117.197
Nov 25, 2020 23:47:23.011601925 CET	443	49750	198.54.117.197	192.168.2.4
Nov 25, 2020 23:47:23.340895891 CET	49747	443	192.168.2.4	198.54.117.200
Nov 25, 2020 23:47:23.508533001 CET	443	49747	198.54.117.200	192.168.2.4
Nov 25, 2020 23:47:23.509943962 CET	49751	443	192.168.2.4	198.54.117.197
Nov 25, 2020 23:47:23.512950897 CET	49750	443	192.168.2.4	198.54.117.197
Nov 25, 2020 23:47:23.682929039 CET	443	49751	198.54.117.197	192.168.2.4
Nov 25, 2020 23:47:23.683259010 CET	443	49750	198.54.117.197	192.168.2.4
Nov 25, 2020 23:47:23.798393011 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:23.798444033 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:23.798783064 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:23.798825026 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:23.809308052 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:23.809355974 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:23.810300112 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:23.945050955 CET	443	49728	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:23.945265055 CET	49728	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:23.946130991 CET	443	49725	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:23.946366072 CET	49725	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:23.956135035 CET	443	49724	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:23.956612110 CET	49724	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:23.957020044 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:23.957310915 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:23.957351923 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:23.957490921 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:23.957499981 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:23.957535028 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:23.957540989 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:23.957575083 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:23.957600117 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:23.957631111 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:23.957672119 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:23.957701921 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:23.957705975 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:23.957726955 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:23.957731009 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:23.957736969 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:23.957762957 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:23.957783937 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:23.957825899 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.104630947 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.104672909 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.104732037 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.104764938 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.104804039 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.104835033 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.104872942 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.104916096 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.104933023 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.104964972 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.105006933 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.105003119 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.105038881 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.105057001 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.105063915 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.105068922 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.105101109 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.105130911 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.105215073 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.184724092 CET	49751	443	192.168.2.4	198.54.117.197
Nov 25, 2020 23:47:24.251967907 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.252012014 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.252057076 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.252088070 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.252125978 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.252156019 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.252193928 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.252223015 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.252259970 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.252264977 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.252291918 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.252320051 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.252322912 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.252340078 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.252362967 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.252393961 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.252413988 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.252432108 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.252461910 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.252485037 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.252500057 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.252530098 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.252556086 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.252569914 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.252600908 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.252614975 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.252679110 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.357625008 CET	443	49751	198.54.117.197	192.168.2.4
Nov 25, 2020 23:47:24.399322033 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.399363041 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.399391890 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.399421930 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.399451017 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.399503946 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.399537086 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.399578094 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.399573088 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.399610043 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.399621964 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.399627924 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.399641991 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.399677038 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.399681091 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.399710894 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.399727106 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.399740934 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.399771929 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.399787903 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.399804115 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.399832964 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.399843931 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.399864912 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.399895906 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.399904966 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.399921894 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.399950981 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.399956942 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.399981976 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.400012016 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.400034904 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.400043011 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.400072098 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.400101900 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.400121927 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.400141954 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.400171995 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.400197029 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.400264025 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.546863079 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.546916008 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.546962023 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547008991 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547055006 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547072887 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.547101021 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547111988 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.547152996 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547200918 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547219992 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.547251940 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547281981 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.547292948 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547344923 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547355890 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.547379017 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547424078 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547436953 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.547454119 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547485113 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547514915 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547522068 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.547544956 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547584057 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547616959 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.547630072 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547635078 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.547665119 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547693968 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547719002 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.547723055 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547769070 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547790051 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.547800064 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547828913 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547859907 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547859907 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.547889948 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547907114 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.547929049 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547966003 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.547985077 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.547998905 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.548023939 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.548038960 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.548054934 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.548084021 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.548111916 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.548130035 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.548158884 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:24.548165083 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.548261881 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:24.872180939 CET	49751	443	192.168.2.4	198.54.117.197
Nov 25, 2020 23:47:25.045101881 CET	443	49751	198.54.117.197	192.168.2.4
Nov 25, 2020 23:47:29.552378893 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:29.552427053 CET	443	49727	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:29.552592993 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:29.552664995 CET	49727	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:31.389609098 CET	49752	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:31.541168928 CET	443	49752	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:31.541332960 CET	49752	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:31.544356108 CET	49752	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:31.695863008 CET	443	49752	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:31.696845055 CET	443	49752	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:31.696878910 CET	443	49752	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:31.696902037 CET	443	49752	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:31.696916103 CET	443	49752	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:31.696983099 CET	49752	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:31.697043896 CET	49752	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:31.697051048 CET	49752	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:31.701481104 CET	443	49752	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:31.701626062 CET	49752	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:31.707611084 CET	49752	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:31.859721899 CET	443	49752	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:31.859925032 CET	49752	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:31.891035080 CET	49752	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:32.043850899 CET	443	49752	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:32.045362949 CET	49752	443	192.168.2.4	23.91.70.253
Nov 25, 2020 23:47:37.050299883 CET	443	49752	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:37.050364017 CET	443	49752	23.91.70.253	192.168.2.4
Nov 25, 2020 23:47:37.050520897 CET	49752	443	192.168.2.4	23.91.70.253

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2020 23:47:08.789933920 CET	65248	53	192.168.2.4	8.8.8.8
Nov 25, 2020 23:47:08.816951036 CET	53	65248	8.8.8.8	192.168.2.4
Nov 25, 2020 23:47:11.869676113 CET	53723	53	192.168.2.4	8.8.8.8
Nov 25, 2020 23:47:11.905112982 CET	53	53723	8.8.8.8	192.168.2.4
Nov 25, 2020 23:47:12.679142952 CET	64646	53	192.168.2.4	8.8.8.8
Nov 25, 2020 23:47:12.717061996 CET	53	64646	8.8.8.8	192.168.2.4
Nov 25, 2020 23:47:13.642184973 CET	65298	53	192.168.2.4	8.8.8.8
Nov 25, 2020 23:47:13.669280052 CET	53	65298	8.8.8.8	192.168.2.4
Nov 25, 2020 23:47:13.984553099 CET	59123	53	192.168.2.4	8.8.8.8
Nov 25, 2020 23:47:14.021681070 CET	53	59123	8.8.8.8	192.168.2.4
Nov 25, 2020 23:47:14.686410904 CET	54531	53	192.168.2.4	8.8.8.8
Nov 25, 2020 23:47:14.724056005 CET	53	54531	8.8.8.8	192.168.2.4
Nov 25, 2020 23:47:14.982909918 CET	49714	53	192.168.2.4	8.8.8.8
Nov 25, 2020 23:47:15.018315077 CET	53	49714	8.8.8.8	192.168.2.4
Nov 25, 2020 23:47:15.694780111 CET	58028	53	192.168.2.4	8.8.8.8
Nov 25, 2020 23:47:15.751045942 CET	53	58028	8.8.8.8	192.168.2.4
Nov 25, 2020 23:47:15.862416029 CET	53097	53	192.168.2.4	8.8.8.8
Nov 25, 2020 23:47:15.897870064 CET	53	53097	8.8.8.8	192.168.2.4
Nov 25, 2020 23:47:16.042601109 CET	49257	53	192.168.2.4	8.8.8.8
Nov 25, 2020 23:47:16.070492029 CET	62389	53	192.168.2.4	8.8.8.8
Nov 25, 2020 23:47:16.078005075 CET	53	49257	8.8.8.8	192.168.2.4
Nov 25, 2020 23:47:16.114090919 CET	53	62389	8.8.8.8	192.168.2.4
Nov 25, 2020 23:47:19.190638065 CET	49910	53	192.168.2.4	8.8.8.8
Nov 25, 2020 23:47:19.217904091 CET	53	49910	8.8.8.8	192.168.2.4
Nov 25, 2020 23:47:19.916460037 CET	55854	53	192.168.2.4	8.8.8.8
Nov 25, 2020 23:47:19.943661928 CET	53	55854	8.8.8.8	192.168.2.4
Nov 25, 2020 23:47:20.770114899 CET	64549	53	192.168.2.4	8.8.8.8
Nov 25, 2020 23:47:20.805434942 CET	53	64549	8.8.8.8	192.168.2.4
Nov 25, 2020 23:47:21.689245939 CET	63153	53	192.168.2.4	8.8.8.8
Nov 25, 2020 23:47:21.716739893 CET	53	63153	8.8.8.8	192.168.2.4
Nov 25, 2020 23:47:31.351739883 CET	52991	53	192.168.2.4	8.8.8.8
Nov 25, 2020 23:47:31.387187004 CET	53	52991	8.8.8.8	192.168.2.4
Nov 25, 2020 23:47:35.338259935 CET	53700	53	192.168.2.4	8.8.8.8
Nov 25, 2020 23:47:35.373716116 CET	53	53700	8.8.8.8	192.168.2.4
Nov 25, 2020 23:47:36.257541895 CET	51726	53	192.168.2.4	8.8.8.8
Nov 25, 2020 23:47:36.284820080 CET	53	51726	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Nov 25, 2020 23:47:14.982909918 CET	192.168.2.4	8.8.8.8	0x1b65	Standard query (0)	dhumketubd.com	A (IP address)	IN (0x0001)
Nov 25, 2020 23:47:16.042601109 CET	192.168.2.4	8.8.8.8	0x4497	Standard query (0)	webpicture.cc	A (IP address)	IN (0x0001)
Nov 25, 2020 23:47:31.351739883 CET	192.168.2.4	8.8.8.8	0xa037	Standard query (0)	dhumketubd.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Nov 25, 2020 23:47:15.018315077 CET	8.8.8.8	192.168.2.4	0x1b65	No error (0)	dhumketubd.com	23.91.70.253	A (IP address)	IN (0x0001)
Nov 25, 2020 23:47:16.078005075 CET	8.8.8.8	192.168.2.4	0x4497	No error (0)	webpicture.cc	198.54.117.197	A (IP address)	IN (0x0001)
Nov 25, 2020 23:47:16.078005075 CET	8.8.8.8	192.168.2.4	0x4497	No error (0)	webpicture.cc	198.54.117.198	A (IP address)	IN (0x0001)
Nov 25, 2020 23:47:16.078005075 CET	8.8.8.8	192.168.2.4	0x4497	No error (0)	webpicture.cc	198.54.117.199	A (IP address)	IN (0x0001)
Nov 25, 2020 23:47:16.078005075 CET	8.8.8.8	192.168.2.4	0x4497	No error (0)	webpicture.cc	198.54.117.200	A (IP address)	IN (0x0001)
Nov 25, 2020 23:47:31.387187004 CET	8.8.8.8	192.168.2.4	0xa037	No error (0)	dhumketubd.com	23.91.70.253	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Nov 25, 2020 23:47:15.335326910 CET	23.91.70.253	443	192.168.2.4	49724	CN=dhumketubd.com CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Sat Oct 17 02:00:00 CEST 2020 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Sat Jan 16 00:59:59 CET 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
Nov 25, 2020 23:47:15.336636066 CET	23.91.70.253	443	192.168.2.4	49725	CN=dhumketubd.com CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Sat Oct 17 02:00:00 CEST 2020 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Sat Jan 16 00:59:59 CET 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
Nov 25, 2020 23:47:31.701481104 CET	23.91.70.253	443	192.168.2.4	49752	CN=dhumketubd.com CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Sat Oct 17 02:00:00 CEST 2020 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Sat Jan 16 00:59:59 CET 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 4624 Parent PID: 800

General

Start time:	23:47:13
Start date:	25/11/2020
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff6985d0000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: iexplore.exe PID: 5220 Parent PID: 4624

General

Start time:	23:47:13
Start date:	25/11/2020
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4624 CREDAT:17410 /prefetch:2
Imagebase:	0x900000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://dhumketubd.com/DifferenceCard/login.php

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 4624 Parent PID: 800

General

Chronological Activities

Analysis Process: iexplore.exe PID: 5220 Parent PID: 4624

General

Chronological Activities

Disassembly