Play interactive tour

Edit tour

Analysis Report https://217023.8b.io/

Overview

General Information

Sample URL:	https://217023.8b.io/
Analysis ID:	339243
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected HtmlPhish_10

Phishing site detected (based on image similarity)

HTML body contains low number of good links

HTML title does not match URL

Suspicious form URL found

Classification

Startup

System is w10x64

iexplore.exe (PID: 5560 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 5832 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5560 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\f9194c93208089b7e39c01a29ca5d620[1].htm	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\mfile[1].htm	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for URL or domain

Show sources

Source: https://lacecompound.com/sm/mfile/

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish_10

Show sources

Source: Yara match	File source: 302494.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\f9194c93208089b7e39c01a29ca5d620[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\mfile[1].htm, type: DROPPED

Phishing site detected (based on image similarity)

Show sources

Source: https://lacecompound.com/sm/mfile/naf/inf/microsoft_logo.svg	Matcher: Found strong image similarity, brand: Microsoft	Jump to dropped file
Source: https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/inc/microsoft_logo.svg	Matcher: Found strong image similarity, brand: Microsoft	Jump to dropped file
Source: https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/inf/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0	Matcher: Found strong image similarity, brand: Microsoft	Jump to dropped file

Source: https://lacecompound.com/sm/mfile/	HTTP Parser: Number of links: 0
Source: https://lacecompound.com/sm/mfile/	HTTP Parser: Number of links: 0

Source: https://lacecompound.com/sm/mfile/	HTTP Parser: Title: Sharing Link Validation does not match URL
Source: https://lacecompound.com/sm/mfile/	HTTP Parser: Title: Sharing Link Validation does not match URL

Source: https://lacecompound.com/sm/mfile/	HTTP Parser: Form action: mai.php
Source: https://lacecompound.com/sm/mfile/	HTTP Parser: Form action: mai.php

Source: https://lacecompound.com/sm/mfile/	HTTP Parser: No <meta name="author".. found
Source: https://lacecompound.com/sm/mfile/	HTTP Parser: No <meta name="author".. found

Source: https://lacecompound.com/sm/mfile/	HTTP Parser: No <meta name="copyright".. found
Source: https://lacecompound.com/sm/mfile/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: unknown	HTTPS traffic detected: 52.7.227.232:443 -> 192.168.2.3:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.7.227.232:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.119.132:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.119.132:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.119.132:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.24.104.39:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.24.104.39:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.24.104.39:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.24.104.39:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 195.181.244.134:443 -> 192.168.2.3:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 195.181.244.134:443 -> 192.168.2.3:49743 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: 217023.8b.io

Source: amp-mustache-0.2[1].js.2.dr	String found in binary or memory: http://github.com/janl/mustache.js
Source: 4VFNILYG.htm.2.dr, ~DFDCDB21E6CD7AAD32.TMP.1.dr	String found in binary or memory: https://217023.8b.io/
Source: ~DFDCDB21E6CD7AAD32.TMP.1.dr	String found in binary or memory: https://217023.8b.io/L
Source: {C6C39364-560F-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://217023.8b.io/Root
Source: amp-mustache-0.2[1].js.2.dr, amp-analytics-0.1[1].js.2.dr, v0[1].js.2.dr	String found in binary or memory: https://3p.ampproject.net
Source: 4VFNILYG.htm.2.dr	String found in binary or memory: https://8b.com
Source: f9194c93208089b7e39c01a29ca5d620[1].htm0.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Source: v0[1].js.2.dr	String found in binary or memory: https://amp.dev/documentation/guides-and-tutorials/develop/style_and_layout/control_layout
Source: v0[1].js.2.dr	String found in binary or memory: https://amp.dev/documentation/guides-and-tutorials/learn/experimental
Source: v0[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/cache:getClientId?key=AIzaSyDKtqGxnoeIqVM33Uf7hRSa3GJxuzR7mLc
Source: v0[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId?key=
Source: 4VFNILYG.htm.2.dr, imagestore.dat.2.dr	String found in binary or memory: https://app.8b.io/app/themes/webamp/projects/writer/assets/images/logo1.png
Source: amp-mustache-0.2[1].js.2.dr, amp-analytics-0.1[1].js.2.dr, v0[1].js.2.dr	String found in binary or memory: https://cdn.ampproject.org
Source: 4VFNILYG.htm.2.dr	String found in binary or memory: https://cdn.ampproject.org/v0.js
Source: 4VFNILYG.htm.2.dr	String found in binary or memory: https://cdn.ampproject.org/v0/amp-analytics-0.1.js
Source: 4VFNILYG.htm.2.dr	String found in binary or memory: https://cdn.ampproject.org/v0/amp-mustache-0.2.js
Source: v0[1].js.2.dr	String found in binary or memory: https://developers.google.com/open-source/licenses/bsd
Source: 4VFNILYG.htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Forum:400
Source: 4VFNILYG.htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Neucha:400
Source: css[2].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/forum/v11/6aey4Ky-Vb8Ew8IROpQ.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/neucha/v12/q5uGsou0JOdh94bfvQlr.woff)
Source: amp-analytics-0.1[1].js.2.dr	String found in binary or memory: https://github.com/ampproject/amphtml/blob/master/spec/amp-iframe-origin-policy.md
Source: {C6C39364-560F-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://lacecompound.c
Source: {C6C39364-560F-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://lacecompound.cL
Source: 4VFNILYG.htm.2.dr	String found in binary or memory: https://lacecompound.com/sm/mfile
Source: ~DFDCDB21E6CD7AAD32.TMP.1.dr, mfile[1].htm.2.dr	String found in binary or memory: https://lacecompound.com/sm/mfile/
Source: ~DFDCDB21E6CD7AAD32.TMP.1.dr	String found in binary or memory: https://lacecompound.com/sm/mfile/.Sharing
Source: ~DFDCDB21E6CD7AAD32.TMP.1.dr	String found in binary or memory: https://lacecompound.com/sm/mfile/f
Source: f9194c93208089b7e39c01a29ca5d620[1].htm.2.dr	String found in binary or memory: https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/?Key=7181801993&rand=13InboxL
Source: ~DFDCDB21E6CD7AAD32.TMP.1.dr	String found in binary or memory: https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/?Key=7181801993&rand=13InboxLight
Source: imagestore.dat.2.dr	String found in binary or memory: https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/inf/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/inf/favicon.ico~
Source: imagestore.dat.2.dr	String found in binary or memory: https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/inf/favicon.ico~(
Source: v0[1].js.2.dr	String found in binary or memory: https://log.amp.dev/?v=012012301722001&id=
Source: amp-loader-0.1[1].js.2.dr	String found in binary or memory: https://mths.be/cssescape
Source: 4VFNILYG.htm.2.dr	String found in binary or memory: https://r.8b.io/217023/images/background5-h_kjukqdlq.jpg
Source: mfile[1].htm0.2.dr	String found in binary or memory: https://spoprod-a.akamaihd.net
Source: amp-mustache-0.2[1].js.2.dr, amp-analytics-0.1[1].js.2.dr, v0[1].js.2.dr	String found in binary or memory: https://us-central1-amp-error-reporting.cloudfunctions.net/r
Source: amp-mustache-0.2[1].js.2.dr, amp-analytics-0.1[1].js.2.dr, v0[1].js.2.dr	String found in binary or memory: https://us-central1-amp-error-reporting.cloudfunctions.net/r-beta
Source: mfile[1].htm0.2.dr	String found in binary or memory: https://vikinggenetics-my.sharepoint.com/personal/datho_vikinggenetics_com_au/_layouts/15/images/pdf

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443

Source: unknown	HTTPS traffic detected: 52.7.227.232:443 -> 192.168.2.3:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.7.227.232:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.119.132:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.119.132:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.119.132:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.24.104.39:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.24.104.39:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.24.104.39:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.24.104.39:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 195.181.244.134:443 -> 192.168.2.3:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 195.181.244.134:443 -> 192.168.2.3:49743 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.win@3/36@7/6

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF609AC1772FA5BA5E.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5560 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5560 CREDAT:17410 /prefetch:2

Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information1	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://217023.8b.io/	0%	Virustotal		Browse
https://217023.8b.io/	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
app.8b.io	0%	Virustotal		Browse
r.8b.io	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://lacecompound.com/sm/mfile/	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering
https://lacecompound.com/sm/mfile/.Sharing	0%	Avira URL Cloud	safe
https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/inf/favicon.ico	0%	Avira URL Cloud	safe
https://lacecompound.com/sm/mfile	0%	Avira URL Cloud	safe
https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/inf/favicon.ico~	0%	Avira URL Cloud	safe
https://r.8b.io/217023/images/background5-h_kjukqdlq.jpg	0%	Avira URL Cloud	safe
https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/inf/favicon.ico~(	0%	Avira URL Cloud	safe
https://log.amp.dev/?v=012012301722001&id=	0%	Avira URL Cloud	safe
https://app.8b.io/app/themes/webamp/projects/writer/assets/images/logo1.png	0%	Avira URL Cloud	safe
https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/?Key=7181801993&rand=13InboxLight	0%	Avira URL Cloud	safe
https://mths.be/cssescape	0%	Avira URL Cloud	safe
https://us-central1-amp-error-reporting.cloudfunctions.net/r	0%	Avira URL Cloud	safe
https://8b.com	0%	Avira URL Cloud	safe
https://217023.8b.io/L	0%	Avira URL Cloud	safe
https://amp.dev/documentation/guides-and-tutorials/develop/style_and_layout/control_layout	0%	Avira URL Cloud	safe
https://lacecompound.cL	0%	Avira URL Cloud	safe
https://vikinggenetics-my.sharepoint.com/personal/datho_vikinggenetics_com_au/_layouts/15/images/pdf	0%	Avira URL Cloud	safe
https://lacecompound.c	0%	Avira URL Cloud	safe
https://217023.8b.io/Root	0%	Avira URL Cloud	safe
https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/?Key=7181801993&rand=13InboxL	0%	Avira URL Cloud	safe
https://lacecompound.com/sm/mfile/f	0%	Avira URL Cloud	safe
https://us-central1-amp-error-reporting.cloudfunctions.net/r-beta	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
app.8b.io	104.24.104.39	true	false	0%, Virustotal, Browse	unknown
lacecompound.com	195.181.244.134	true	false		unknown
r.8b.io	104.24.104.39	true	false	0%, Virustotal, Browse	unknown
proxy-8b-io-1762796164.us-east-1.elb.amazonaws.com	52.7.227.232	true	false		high
cdn-content.ampproject.org	108.177.119.132	true	false		high
17825-ipv4.farm.prod.aa-rt.sharepoint.com	104.146.245.41	true	false		unknown
vikinggenetics-my.sharepoint.com	unknown	unknown	false		unknown
cdn.ampproject.org	unknown	unknown	false		high
217023.8b.io	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://lacecompound.com/sm/mfile/	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://217023.8b.io/	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://lacecompound.com/sm/mfile/.Sharing	~DFDCDB21E6CD7AAD32.TMP.1.dr	true	Avira URL Cloud: safe	unknown
https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/inf/favicon.ico	imagestore.dat.2.dr	true	Avira URL Cloud: safe	unknown
https://lacecompound.com/sm/mfile	4VFNILYG.htm.2.dr	false	Avira URL Cloud: safe	unknown
https://3p.ampproject.net	amp-mustache-0.2[1].js.2.dr, amp-analytics-0.1[1].js.2.dr, v0[1].js.2.dr	false		high
https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/inf/favicon.ico~	imagestore.dat.2.dr	true	Avira URL Cloud: safe	unknown
https://cdn.ampproject.org/v0/amp-analytics-0.1.js	4VFNILYG.htm.2.dr	false		high
https://r.8b.io/217023/images/background5-h_kjukqdlq.jpg	4VFNILYG.htm.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/ampproject/amphtml/blob/master/spec/amp-iframe-origin-policy.md	amp-analytics-0.1[1].js.2.dr	false		high
https://cdn.ampproject.org/v0.js	4VFNILYG.htm.2.dr	false		high
https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/inf/favicon.ico~(	imagestore.dat.2.dr	true	Avira URL Cloud: safe	unknown
https://cdn.ampproject.org	amp-mustache-0.2[1].js.2.dr, amp-analytics-0.1[1].js.2.dr, v0[1].js.2.dr	false		high
https://log.amp.dev/?v=012012301722001&id=	v0[1].js.2.dr	false	Avira URL Cloud: safe	unknown
https://app.8b.io/app/themes/webamp/projects/writer/assets/images/logo1.png	4VFNILYG.htm.2.dr, imagestore.dat.2.dr	false	Avira URL Cloud: safe	unknown
https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/?Key=7181801993&rand=13InboxLight	~DFDCDB21E6CD7AAD32.TMP.1.dr	true	Avira URL Cloud: safe	unknown
https://mths.be/cssescape	amp-loader-0.1[1].js.2.dr	false	Avira URL Cloud: safe	unknown
https://lacecompound.com/sm/mfile/	~DFDCDB21E6CD7AAD32.TMP.1.dr, mfile[1].htm.2.dr	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://us-central1-amp-error-reporting.cloudfunctions.net/r	amp-mustache-0.2[1].js.2.dr, amp-analytics-0.1[1].js.2.dr, v0[1].js.2.dr	false	Avira URL Cloud: safe	unknown
https://8b.com	4VFNILYG.htm.2.dr	false	Avira URL Cloud: safe	unknown
https://217023.8b.io/L	~DFDCDB21E6CD7AAD32.TMP.1.dr	false	Avira URL Cloud: safe	unknown
https://amp.dev/documentation/guides-and-tutorials/develop/style_and_layout/control_layout	v0[1].js.2.dr	false	Avira URL Cloud: safe	unknown
https://lacecompound.cL	{C6C39364-560F-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://vikinggenetics-my.sharepoint.com/personal/datho_vikinggenetics_com_au/_layouts/15/images/pdf	mfile[1].htm0.2.dr	false	Avira URL Cloud: safe	unknown
https://lacecompound.c	{C6C39364-560F-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
http://github.com/janl/mustache.js	amp-mustache-0.2[1].js.2.dr	false		high
https://217023.8b.io/	4VFNILYG.htm.2.dr, ~DFDCDB21E6CD7AAD32.TMP.1.dr	false		unknown
https://spoprod-a.akamaihd.net	mfile[1].htm0.2.dr	false		high
https://217023.8b.io/Root	{C6C39364-560F-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://cdn.ampproject.org/v0/amp-mustache-0.2.js	4VFNILYG.htm.2.dr	false		high
https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/?Key=7181801993&rand=13InboxL	f9194c93208089b7e39c01a29ca5d620[1].htm.2.dr	true	Avira URL Cloud: safe	unknown
https://lacecompound.com/sm/mfile/f	~DFDCDB21E6CD7AAD32.TMP.1.dr	true	Avira URL Cloud: safe	unknown
https://us-central1-amp-error-reporting.cloudfunctions.net/r-beta	amp-mustache-0.2[1].js.2.dr, amp-analytics-0.1[1].js.2.dr, v0[1].js.2.dr	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
108.177.119.132	unknown	United States	15169	GOOGLEUS	false
104.146.245.41	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.7.227.232	unknown	United States	14618	AMAZON-AESUS	false
195.181.244.134	unknown	Lithuania	62282	RACKRAYUABRakrejusLT	false
104.24.104.39	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	339243
Start date:	13.01.2021
Start time:	18:24:46
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 8s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://217023.8b.io/
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.win@3/36@7/6
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://lacecompound.com/sm/mfile
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 104.43.139.144, 52.147.198.201, 88.221.62.148, 108.177.126.95, 108.177.127.94, 51.104.144.132, 23.210.248.85, 152.199.19.161, 92.122.213.247, 92.122.213.194, 108.177.119.95, 93.184.221.240, 51.103.5.186, 20.54.26.129 Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, wns.notify.windows.com.akadns.net, arc.msn.com, wu.azureedge.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, par02p.wns.notify.windows.com.akadns.net, go.microsoft.com, emea1.notify.windows.com.akadns.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, wu.wpc.apr-52dd2.edgecastdns.net, au-bg-shim.trafficmanager.net, fonts.googleapis.com, client.wns.windows.com, fs.microsoft.com, fonts.gstatic.com, ie9comview.vo.msecnd.net, ajax.googleapis.com, wu.ec.azureedge.net, db3p-ris-pf-prod-atm.trafficmanager.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\2H34XN49\217023.8b[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.469670487371862
Encrypted:	false
SSDEEP:	3:D90aKb:JFKb
MD5:	C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
SHA1:	35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
SHA-256:	B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
SHA-512:	6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
Malicious:	false
Reputation:	low
Preview:	<root></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C6C39362-560F-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8610449621205662
Encrypted:	false
SSDEEP:	96:rCZFZY209Wyotym4fyEtZ9MyAxby3z5y42fywtSNX:rCZFZY209Wbt8fBlMDkQf1cX
MD5:	CD7A5314176EA7AE264F14240AFF5953
SHA1:	20E799732EDC32918B05FF15A4CB6C59503A97DE
SHA-256:	10E0E6AFDE153366F61CAEE6D5B3D504EF27D9593D4A82D0AF8EB05CF2087409
SHA-512:	B7E8C871D3E923CE7120F3FBFC167F9909B1734423129B6E6291EBE517E0189B231C27ED2BB93F618DD6BBE2AFCC00A64C0C04E1257508027F512C1FD58604FF
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C6C39364-560F-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	56482
Entropy (8bit):	2.4872268831094617
Encrypted:	false
SSDEEP:	384:r/HFtYhcpQqVKh/NQeNNJXQmD6DMQmDxtj6h+DiiJ:1dSySZ/
MD5:	FC614D13636AA27CF2B4450FAB64C6AB
SHA1:	C1BF7F6D912D06259CED6FA612E0F0E155238299
SHA-256:	97C47FB9714E06DC0CE0414E2294A334737B420EC3E0BAA07F427B1E9ACF16AE
SHA-512:	22C3FF28EA9E5BAA1BFE7EF43763B1D58596AD3DBA7AC9D9C80B5F6D2A7289C13617BB02E51BBC3E614F0BC0F82DE6CBB87EDB3B9582D2D43E156F5204587133
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C6C39365-560F-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5659463602787698
Encrypted:	false
SSDEEP:	48:IwaGcprbGwpaiG4pQeGrapbSurGQpKXG7HpRHsTGIpG:reZ1QS6QBSuFA2TH4A
MD5:	9D1117838D3439A962F471DD5EDFE43A
SHA1:	5915D8BA9AFADD75EA773D1220E106BDDFEDD517
SHA-256:	8838BC5C21015DE5C7111447CD2D55C44059FD6D1DE38334A8B8AF4877D680E7
SHA-512:	2A4A48C8D0836C5F0AECD1E919FB3FC3063A812A441AEBA4F6035ADEE1DFF0E6675ECCF7F78F0776CB66AB2C07954033CFCB46CCF68CB4154C4BA0AE00C300A0
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	modified
Size (bytes):	20404
Entropy (8bit):	3.867273094203485
Encrypted:	false
SSDEEP:	48:Q5Vv64FrnMpqLQ8Ai8eL6mSRHIFcJlNK28vgNEPNmkHEmkHpmkHxmkHtgyyyyyyx:MA8LMpqaiRL6fIFcb6BPaQQQQQB
MD5:	F1C39C40CE7E783AF7B7683E1EA53587
SHA1:	9359C10E69998B0F1791E6C0A39AC2B2351729CA
SHA-256:	FB14B63925BC5212CD44AB6B371932F71DA380B29E4E609ED67CD15B66CF9A12
SHA-512:	D873E1C16F32E4063F9B4E3F9C6A620F46492E65BDB60E075BBB1DB8F965D0E998BAF33CEB269D0D771589A718F29216932DFD0E5D4AA82FA7B945A5EA21F023
Malicious:	false
Reputation:	low
Preview:	K.h.t.t.p.s.:././.a.p.p...8.b...i.o./.a.p.p./.t.h.e.m.e.s./.w.e.b.a.m.p./.p.r.o.j.e.c.t.s./.w.r.i.t.e.r./.a.s.s.e.t.s./.i.m.a.g.e.s./.l.o.g.o.1...p.n.g......PNG........IHDR....................PLTE.....................................................................................................................................................tRNS.+:...R..5.$.gy.B...K].......o....b..1.F..~e>1....IDATx..i..0....<PqA...kw......B2...>._....IH&...............7?p..p..;c.<.`.z....q.@kv.. 2.^...z.....O.:m...9>....".z...&.....l...k.R..\|......t(...1..E.ZWg3./fR.W..X.....3.#.,;.Z......b.....TL..9.c-.'.h.b../.k-\..Q..j..\1...w.u..(......j..'.....h._;.q....#.t...V.6Fo...F..w}j.#.y..O.._=...Z...y{J.....B..i...@.x.V.q.....;L...bJp.".k......c[.AO.*+..eZD-.(..iH.o.wA..V0.fv..j...j...5n.....2.xT?..3>....6E+../....k...O....m..i...n. .JKi.:.,....36...[....y..........);6n.....uS..k.....p...0...)....HeY.{.d...&...Y.....VXK..x...h.2....@.`.-L2.. ..D...J..t..4.&.N..;.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Converged_v21033[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	93795
Entropy (8bit):	5.320085104150025
Encrypted:	false
SSDEEP:	1536:IpHDgWoWJw+kAWUB+2PWrA2XU6BMxoAFieRWj0yme9:O56QymI
MD5:	41551E56A355CA53B7FB3D4CBEBD5433
SHA1:	3F3D17F38D45ECC04D1AA6F82C22CAD3AD41ABBD
SHA-256:	4E9E7C1C2DF9E91CF271A7AFE529360D199CDFF23A721473062EE1EBABD6821F
SHA-512:	46A1A53F884C9A665D9AAE00682FFE646A14C571F16B4573F5A900AB1B0930ABEB65DC1078F16388B3107711FEBF92A517EAE9C29106F8CDF14E037F8091BA86
Malicious:	false
Reputation:	low
IE Cache URL:	https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/inc/Converged_v21033.css
Preview:	/! Copyright (C) Microsoft Corporation. All rights reserved. /./*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any perso

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\amp-analytics-0.1[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	98815
Entropy (8bit):	5.426219391512523
Encrypted:	false
SSDEEP:	1536:dCnsjVr6tmjE93elQIB+A1kfYGh8wPBDOKa:dd4u3B++oOwPBDOH
MD5:	3C7A16E30FEF30EFB221DDD3944B7F21
SHA1:	A458DBE35B4261C967EEA284B5D174335A001619
SHA-256:	F95305FFA81A843FD855D10212D8A52D308679931B107E1869239F0DFAB49EB9
SHA-512:	FFEB60D593FC3D724925377AE50689EEAA78514D78D99DB060C5EFD2F7FD41BE2B43E5E813D25EFCA4086B61B43D201CD39471758A45031A4635E7DC2A13F191
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn.ampproject.org/v0/amp-analytics-0.1.js
Preview:	(self.AMP=self.AMP\|\|[]).push({n:"amp-analytics",v:"2012301722001",f:(function(AMP,_){.'use strict';var l,aa="function"==typeof Object.create?Object.create:function(a){function b(){}b.prototype=a;return new b};function ba(a){for(var b=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global],c=0;c<b.length;++c){var d=b[c];if(d&&d.Math==Math)return d}return function(){throw Error("Cannot find global object");}()}var ca=ba(this);"function"===typeof Symbol&&Symbol("x");var da;.if("function"==typeof Object.setPrototypeOf)da=Object.setPrototypeOf;else{var ea;a:{var fa={a:!0},ha={};try{ha.__proto__=fa;ea=ha.a;break a}catch(a){}ea=!1}da=ea?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new TypeError(a+" is not extensible");return a}:null}var ia=da;.function p(a,b){a.prototype=aa(b.prototype);a.prototype.constructor=a;if(ia)ia(a,b);else for(var c in b)if("prototype"!=c)if(Object.defineProperties){var d=Object.ge

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\logo1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 150 x 150, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1800
Entropy (8bit):	7.684986795686894
Encrypted:	false
SSDEEP:	48:0rnMpqLQ8Ai8eL6mSRHIFcJlNK28vgNEPY:0LMpqaiRL6fIFcb6BPY
MD5:	7A171A1BC5BD4C43DF195ADFEADDEB3D
SHA1:	3C144DCED2C3BBD498777DC32ACC3679E470FC44
SHA-256:	A4DC520571540D3661034628E72005CC9C52E022C67526DC7BD20B7C12CBD615
SHA-512:	2C149208ED7884ED6C2EA7F3CA822817B20226F417CE0EC51CCD0A7BD039EEDE36D477AA934D671C2E249709533E81877BE0A2213CBBF774DCD1F4E6A14E912D
Malicious:	false
Reputation:	low
IE Cache URL:	https://app.8b.io/app/themes/webamp/projects/writer/assets/images/logo1.png
Preview:	.PNG........IHDR....................PLTE.....................................................................................................................................................tRNS.+:...R..5.$.gy.B...K].......o....b..1.F..~e>1....IDATx..i..0....<PqA...kw......B2...>._....IH&...............7?p..p..;c.<.`.z....q.@kv.. 2.^...z.....O.:m...9>....".z...&.....l...k.R..\|......t(...1..E.ZWg3./fR.W..X.....3.#.,;.Z......b.....TL..9.c-.'.h.b../.k-\..Q..j..\1...w.u..(......j..'.....h._;.q....#.t...V.6Fo...F..w}j.#.y..O.._=...Z...y{J.....B..i...@.x.V.q.....;L...bJp.".k......c[.AO.+..eZD-.(..iH.o.wA..V0.fv..j...j...5n.....2.xT?..3>....6E+../....k...O....m..i...n. .JKi.:.,....36...[....y..........);6n.....uS..k.....p...0...)....HeY.{.d...&...Y.....VXK..x...h.2....@.`.-L2.. ..D...J..t..4.&.N..;....UJ....%....;.....I.....swR...0..."{.._.s..^.ES.e.0.VM...Bt..2P]...D/@$IGd-......r...>Q+!.3VICGvY..z...C.B.Ml..'.U...?...*,....'^dz.Z."yx7!.0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\microsoft_logo[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
IE Cache URL:	https://lacecompound.com/sm/mfile/naf/inf/microsoft_logo.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\microsoft_logo[2].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
IE Cache URL:	https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/inc/microsoft_logo.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\v0[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	260053
Entropy (8bit):	5.369323142824894
Encrypted:	false
SSDEEP:	3072:1d1NMZo12NdZgOX2w/FU52Rw+o6y0OyCa:D1NMZoYNdNGw/FU5IeA
MD5:	76044E118D79DCF4046348A96A1ADF29
SHA1:	B290E62F428143D4E730E89EEAB96E7A9D0240C7
SHA-256:	4DDFCE71F7DB4C847F4410C9C4093D4182098D9A87646F6BE35AC9E65ADA543B
SHA-512:	EE62BB3330B64D944F522E5513CC08979661FF702FFCD02AE35795B9889D57973966190E735074BA2FB36A7572ACA5495BF0F70C36738BE8793E313B9FBEDCA1
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn.ampproject.org/v0.js
Preview:	self.AMP_CONFIG={"v":"012012301722001","type":"production","allow-doc-opt-in":["amp-next-page","analytics-chunks-inabox"],"allow-url-opt-in":["pump-early-frame"],"canary":0,"a4aProfilingRate":0.01,"adsense-ad-size-optimization":0.1,"amp-accordion-display-locking":1,"amp-action-macro":1,"amp-story-responsive-units":1,"amp-story-v1":1,"chunked-amp":1,"doubleclickSraExp":0.01,"doubleclickSraReportExcludedBlock":0.1,"expand-json-targeting":1,"fix-inconsistent-responsive-height-selection":0,"flexAdSlots":0.05,"intersect-resources":0,"ios-fixed-no-transfer":0,"pump-early-frame":1,"adsense-ptt-exp":0.1,"doubleclick-ptt-exp":0.1,"fie-resources":0.1,"visibility-trigger-improvements":1};/AMP_CONFIG/var global=self;self.AMP=self.AMP\|\|[];try{(function(_){.'use strict';var g,aa="function"==typeof Object.create?Object.create:function(a){function b(){}b.prototype=a;return new b};function ca(a){for(var b=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\amp-loader-0.1[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	14986
Entropy (8bit):	5.442055514702969
Encrypted:	false
SSDEEP:	384:mSba5F4U5A4WR2vj5F4U5A4WR2vFinnHX+l:mD5F4U5A4WR2vj5F4U5A4WR2vEG
MD5:	F5256BD9CACED5B54BFF3ED3E7AD9D6B
SHA1:	4EA0EF3D3EE0A6A2CCFC324CB986A8C09C2FC824
SHA-256:	EA23401A3895913CEA6ED0EA456373C9081C4A116594B2306A994F15470BF34F
SHA-512:	9C232D49CECAA2396F4BAFFF0EDC637409AB78E041EEEB2D57E925621F7729CF53D679C1CCD1158246E33278EC75A26061B15412A878E8CDCE591027577870A9
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn.ampproject.org/rtv/012012301722001/v0/amp-loader-0.1.js
Preview:	(self.AMP=self.AMP\|\|[]).push({n:"amp-loader",v:"2012301722001",f:(function(AMP,_){.'use strict';var g=self.AMP_CONFIG\|\|{},k=("string"==typeof g.cdnProxyRegex?new RegExp(g.cdnProxyRegex):g.cdnProxyRegex)\|\|/^https:\/\/([a-zA-Z0-9_-]+\.)?cdn\.ampproject\.org$/;function l(a){if(self.document&&self.document.head&&(!self.location\|\|!k.test(self.location.origin))){var b=self.document.head.querySelector('meta[name="'+a+'"]');b&&b.getAttribute("content")}}g.cdnUrl\|\|l("runtime-host");g.geoApiUrl\|\|l("amp-geo-api");self.__AMP_LOG=self.__AMP_LOG\|\|{user:null,dev:null,userForEmbed:null};function m(a){a=a.__AMP_TOP\|\|(a.__AMP_TOP=a);var b=a.__AMP_SERVICES;b\|\|(b=a.__AMP_SERVICES={});a=b.extensions;a.obj\|\|(a.obj=new a.ctor(a.context),a.ctor=null,a.context=null,a.resolve&&a.resolve(a.obj));return a.obj};/. https://mths.be/cssescape v1.5.1 by @mathias \| MIT license /.var n;function p(a){a=a.ownerDocument\|\|a;n&&n.ownerDocument===a\|\|(n=a.createElement("div"));return q}function q(a){var b=n;b.innerHTML=a[0];

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\background5-h_kjukqdlq[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1446x1410, frames 3
Category:	downloaded
Size (bytes):	104013
Entropy (8bit):	7.533819949957715
Encrypted:	false
SSDEEP:	1536:AjCKmdJ+C1i7a4m3s5ciTiqtTW1VetP0TD4JXqzVFGr/4ifx61:A670OpiPHW1gQUMz2rQiI
MD5:	CD21AD096013ABD227DA90B82BFE0C3A
SHA1:	878FC3D0ABAD817D6CD5BCD81F943EB2745C820F
SHA-256:	2763F69A231E96638E749DFC9E7BBD1CA01E2664C33853BA06D4A3BBE0916FB4
SHA-512:	487115EDD004FB092C9B33F9F6EA815C21E0BEC6EBB51F314BEC8FCCC12D525D8E5B0560824E96967C301194DE38E515651698654D9A069B0F48434ABE5BDCA3
Malicious:	false
Reputation:	low
IE Cache URL:	https://r.8b.io/217023/images/background5-h_kjukqdlq.jpg
Preview:	......JFIF.............C....................................................................C............................................................................"..........................................g...........................!1..Qaq..."2AR.....UV...36BST....#5bt..CFWrs...$4%8Du....de(9v......)Ecf...................................:.............................!QSa.1AT......5q"2BR.3bs..r............?..S..<I.%..3...c.79......N..k.,......0.t..RJ..G+..x.....S....~.K...X..........=.Y..F..."..lQ3NI..e\.n..q.G....F..i*x5=..<7F..BY^..r.q...d..v.KZ.....5....Y;.=.....kTr..Z.h.~.cr&...f...:a.$.X._.....L.s.i...)&@ZSa.X..J{....N.(X..[....\.q..52DP>.......i.dL.I,k..U..&h...2a.9..Z..5.......^..r.Vx......C.q.S.....q...c.`C...5..4..e.>.i$..}..3J1...n..Z.....j=Z.."..E<_.....p.......@.......................................................................................................................................................\.ku.y..-...cl.+z..F...1..9+..h.......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	175
Entropy (8bit):	5.047535944462214
Encrypted:	false
SSDEEP:	3:0SYWFFWlIYCd4dSRI5XwDKLRIHDfFRWdFTfqzrZqcduTiGKOnkUYARNin:0IFFqdS+56ZRWHTizlpduTimJNin
MD5:	3A015FB2F44F9C2C0885F8B4F087B782
SHA1:	50D21ACD13DA2E6A233FE53F1058D9E35CDAE0DB
SHA-256:	7E23D171A94F7EBF386AD6E544368FFA22EC113B724E5916003F943F6B041A14
SHA-512:	36B6585DD500EB535F198900CB2ECC354DE468E5F67C0B1697E149885EC0468AB3A6877901D41119EBBCFFB31AD7D78F7BC660EF70ABBBF9A84ABD78B941AACA
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.googleapis.com/css?family=Neucha:400
Preview:	@font-face {. font-family: 'Neucha';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/neucha/v12/q5uGsou0JOdh94bfvQlr.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[2].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	172
Entropy (8bit):	5.057077814309068
Encrypted:	false
SSDEEP:	3:0SYWFFWlIYCPX7sRI5XwDKLRIHDfFRWdFTfqzrZqcdcAJICTOq7LSuMUYARNin:0IFFg+56ZRWHTizlpdcrCaYLSuNin
MD5:	C8F8B59F84161FE076FC915857FFD06F
SHA1:	B9C8C8492C55999F1188F66911935B3D0B38409F
SHA-256:	50A15F59ECB3FEBE2F62BA9DD4A12B93F7AB7E113D23A098E599F9041D1ADDFD
SHA-512:	BD7848DC190B7200E4D3D7BCFCE10D3A4E5E0DE587288DF2531A7D4183756B6C156543A1B82A609A677910DED237DFF32F95B244414AA14FA9DE86870F6F4EE7
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.googleapis.com/css?family=Forum:400
Preview:	@font-face {. font-family: 'Forum';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/forum/v11/6aey4Ky-Vb8Ew8IROpQ.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\f9194c93208089b7e39c01a29ca5d620[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	downloaded
Size (bytes):	15234
Entropy (8bit):	5.392263938737801
Encrypted:	false
SSDEEP:	384:tj3Tj5Yzg5UihvYQOukHuxh/r00Hqn2DvN0IUqq:JTtT5UBHuP/g0Hqn2DvN0IUqq
MD5:	6D72DD5E6EA133016087FDA1474D821E
SHA1:	FAFC2E8404711C99C6814FE4CC8B62A6AD878058
SHA-256:	FD8060A061B27EB4FB4E487322A48942E87B96F0C1084E2FF3246B9EC40C7C01
SHA-512:	E4DD63A177886862206E4B5B7B771A6F82632A2420A80F998D41312773A27492EB78F9C189785D9316581CCBF392E1AE1A902BD8A5610FFE70C1039FD8005551
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\f9194c93208089b7e39c01a29ca5d620[1].htm, Author: Joe Security
Reputation:	low
IE Cache URL:	https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/?Key=7181801993&rand=13InboxLightaspxn.71818019931774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn..1774256418&fid.1252899642&fid.1&fav.1&login=&.rand=13InboxLight.aspx?n=71818019931774256418&fid=4
Preview:	...<html xmlns='http://www.w3.org/1999/xhtml'>..<!DOCTYPE html>.<html dir="ltr" lang="EN-US">..<head>. <title>Sign in to your MÎcrosoft account</title>. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no">. <link rel="shortcut icon" href="inf/favicon.ico">. <link rel="stylesheet" title="Converged_v2" type="text/css" href="inc/Converged_v21033.css">..<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>.</head>..<body class="cb" data-bind="defineGlobals: ServerData, bodyCssClass">. <div>. -->. <div data-bind="component: { name: 'background-image', publicMethods: backgroundControlMethods }">. <div class="background" role="presentation" data-bind="css: { app: isAppBranding }, style: { background: backgroundStyle }">. ko if: smallImageUrl -->. <div data-bind="backgroundImage: smallImageUrl()

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jquery.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	86927
Entropy (8bit):	5.289226719276158
Encrypted:	false
SSDEEP:	1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69
MD5:	A09E13EE94D51C524B7E2A728C7D4039
SHA1:	0DC32DB4AA9C5F03F3B38C47D883DBD4FED13AAE
SHA-256:	160A426FF2894252CD7CEBBDD6D6B7DA8FCD319C65B70468F10B6690C45D02EF
SHA-512:	F8DA8F95B6ED33542A88AF19028E18AE3D9CE25350A06BFC3FBF433ED2B38FEFA5E639CDDFDAC703FC6CAA7F3313D974B92A3168276B3A016CEB28F27DB0714A
Malicious:	false
Reputation:	low
IE Cache URL:	https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Preview:	/! jQuery v3.3.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t\|\|r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?l[c.call(e)]\|\|"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\0-small[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x28, frames 3
Category:	downloaded
Size (bytes):	3006
Entropy (8bit):	3.009694812062996
Encrypted:	false
SSDEEP:	12:tWK1TbpOMo7FL2cDPilY1Qtc150XyoseAfQx9Jq4U3DXCFSAt78aULgf5GY48:AK1hNo7FCWwNtc1spAYx9VOCUiXVf5x
MD5:	138BCEE624FA04EF9B75E86211A9FE0D
SHA1:	23BBCDAAEBD6C9A6E57E96E44493B2212860FCAB
SHA-256:	F89E908280791803BBF1F33B596FF4A2179B355A8E15AD02EBAA2B1DA11127EA
SHA-512:	D20765E5738F4AC5A91396B5F5D88057C3B5125840BCE42039AC9D5D75B1C3FB9629ACA6290A475625DFE60887CF59D4FB52108D024FF4FA8094C9B8458F9F33
Malicious:	false
Reputation:	low
IE Cache URL:	https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/inf/0-small.jpg?x=138bcee624fa04ef9b75e86211a9fe0d
Preview:	......JFIF.....H.H.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\0[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, baseline, precision 8, 1920x1080, frames 3
Category:	downloaded
Size (bytes):	283351
Entropy (8bit):	7.975896455873056
Encrypted:	false
SSDEEP:	6144:hPgRhluS12CyK8XGsLzsr5XONnQ4/bEmhZSIj6xU2zyOX/:2vz1pyWsLoXqN/YWPUU2OOX/
MD5:	A5DBD4393FF6A725C7E62B61DF7E72F0
SHA1:	55B292F885FFC92ABCE18750B07AA4ACFA4E903E
SHA-256:	211A907DE2DA0FF4A0E90917AC8054E2F35C351180977550C26E51B4909F2BEB
SHA-512:	850586A05B67EF25492BD50A090F1EC0A0CC21DC4E4EFEB35E19CDC78A98F9415A3807318FA02664EADE87F0E2D8FA2A2958CD0D712329800FC05689E01DC614
Malicious:	false
Reputation:	low
IE Cache URL:	https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/inf/0.jpg?x=a5dbd4393ff6a725c7e62b61df7e72f0
Preview:	.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\amp-intersection-observer-polyfill-0.1[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	12475
Entropy (8bit):	5.36778912603774
Encrypted:	false
SSDEEP:	192:AYRscGnKsnR8pncgHO8NN4BUcXalO/G8iQGRXOBM/Z5+p1ycO+HbXjyhXuV99QyJ:AYoAJHLwFipRCdFbye+h39j6
MD5:	9F81383065E00538C374286DFDA095C3
SHA1:	52A1A7CC4414862E71A92684FFB65774D778F081
SHA-256:	22611BBA3A501FEFB8F4BA7749809BD532AE504FB752DAD1D5A6C10AD861FAFD
SHA-512:	4535AB538871854EC6B504F0E3AEFA6007921FACBA831648542B31D59A514A71F6DEDF86967A5CFD1C7A77B3A0E8F1744DAFEC287D4E1CDFA8988EFB47C5E0A9
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn.ampproject.org/rtv/012012301722001/v0/amp-intersection-observer-polyfill-0.1.js
Preview:	(self.AMP=self.AMP\|\|[]).push({n:"amp-intersection-observer-polyfill",v:"2012301722001",f:(function(AMP,_){.'use strict';function B(c){for(var f=["object"==typeof globalThis&&globalThis,c,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global],e=0;e<f.length;++e){var k=f[e];if(k&&k.Math==Math)return}(function(){throw Error("Cannot find global object");})()}B(this);.function F(){(function(){function c(a){try{return a.defaultView&&a.defaultView.frameElement\|\|null}catch(b){return null}}function f(a){this.time=a.time;this.target=a.target;this.rootBounds=E(a.rootBounds);this.boundingClientRect=E(a.boundingClientRect);this.intersectionRect=E(a.intersectionRect\|\|z());this.isIntersecting=!!a.intersectionRect;var b=this.boundingClientRect,d=b.widthb.height,g=this.intersectionRect,h=g.widthg.height;this.intersectionRatio=d?Number((h/d).toFixed(4)):this.isIntersecting?.1:0}function e(a,b){b=b\|\|{};if("function"!=typeof a)throw Error("callback must be a functio

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\amp-mustache-0.2[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	36278
Entropy (8bit):	5.511282334881756
Encrypted:	false
SSDEEP:	768:XPBgluaZE0cYUS6KIv72SMkPH3hsUekoDJBzYXYNW+e05l:UdZEL2ksUeLq6ttl
MD5:	8B41DA4B6B319D3F8E9F1E3DAE1CA8A9
SHA1:	8639EF63F16BBD2BC53D59083E734CE07AAAEB0B
SHA-256:	18980A3ABB4D681235F6C00E44BE13D6DB484681B1361AF1999066485C78FDFF
SHA-512:	9FDBC4AE128C0312BB5E7E87004A0D53DCE7B8B88CB2D0C87B43DED44C122981274154316FE049EF536E589655E930E8A6DAF02ABC18927A86BB65D8F070B3E5
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn.ampproject.org/v0/amp-mustache-0.2.js
Preview:	(self.AMP=self.AMP\|\|[]).push({n:"amp-mustache",v:"2012301722001",f:(function(AMP,_){.'use strict';var z;function aa(a){for(var b=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global],c=0;c<b.length;++c){var d=b[c];if(d&&d.Math==Math)return}(function(){throw Error("Cannot find global object");})()}aa(this);"function"===typeof Symbol&&Symbol("x");var ca="function"==typeof Object.create?Object.create:function(a){function b(){}b.prototype=a;return new b},da;.if("function"==typeof Object.setPrototypeOf)da=Object.setPrototypeOf;else{var na;a:{var oa={a:!0},pa={};try{pa.__proto__=oa;na=pa.a;break a}catch(a){}na=!1}da=na?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new TypeError(a+" is not extensible");return a}:null}var qa=da;function va(a,b){var c=b=void 0===b?"":b;try{return decodeURIComponent(a)}catch(d){return c}};var wa=/(?:^[#?]?\|&)([^=&]+)(?:=([^&]*))?/g;var J=self.AMP_CONFIG\|\|{},xa=("string"==typ

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\arrow_left[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	513
Entropy (8bit):	4.720499940334011
Encrypted:	false
SSDEEP:	12:t4BdU/uRqv6DLfBHKFWJCDLfBSU1pRXIFl+MJ4bADc:t4TU/uRff0EcfIU1XXU+t2c
MD5:	A9CC2824EF3517B6C4160DCF8FF7D410
SHA1:	8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064
SHA-256:	34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
SHA-512:	AA3DDAB0A1CFF9533F9A668ABA4FB5E3D75ED9F8AFF8A1CAA4C29F9126D85FF4529E82712C0119D2E81035D1CE1CC491FF9473384D211317D4D00E0E234AD97F
Malicious:	false
Reputation:	low
IE Cache URL:	https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/inc/arrow_left.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.578H18v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944m0-.141-.071.07L5.929,11.929,5.858,12l.071.071,4.944,4.944.071.07.071-.07.594-.595.071-.07-.071-.071L7.858,12.522H18.1V11.478H7.858l3.751-3.757.071-.071-.071-.07-.594-.595-.071-.07Z" fill="#404040"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
IE Cache URL:	https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/inf/favicon.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\mfile[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	242
Entropy (8bit):	5.0737173888397455
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwol6hEr6VX16hu9nP3GNKYMJfw+KqD:J0+ox0RJWWP3ezMRT
MD5:	B8664C5CB94E26F82CBA5DDD725810B8
SHA1:	C4BD14AF6073721229AEE0A7D0611F7EE3DE5027
SHA-256:	30089A819C8CD726BECD00C6088A23C250ACCDF0DB5282BC1516A0E0F83C2469
SHA-512:	FF9C5965B618A75322BE6274F606887B9AAB20BC50E451132F1D1A0E762D45A89661F3E3147C62F869B0B113BFDBEA80EDFDC65A2BDBEB90146CA2667B8D495D
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\mfile[1].htm, Author: Joe Security
Reputation:	low
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="https://lacecompound.com/sm/mfile/">here</a>.</p>.</body></html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\pdf[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	6830
Entropy (8bit):	7.849424154989951
Encrypted:	false
SSDEEP:	192:n6ND9AxRGozwHD0Ksf+GQUAU6Z0WoYGoKUcsgYRU:6xWRXwHmtfYGLUYIU
MD5:	F1E3F187F7C23FA8D1555004F3800356
SHA1:	E71E52A142E754399AE39EF38584789B66E9EA00
SHA-256:	DB307FCEF7F95139689007D7A623B340EC21282BD421C4E4B2BA09078F230545
SHA-512:	BD568B1C92D7C3B586E2EA7E9C47B08FD1171FF6615FA4F670F12950DC62315B58E6BB5336F50B111FF42B27558398DFF9715054A8E44F0A8B9CD1541F0BC07D
Malicious:	false
Reputation:	low
IE Cache URL:	https://vikinggenetics-my.sharepoint.com/personal/datho_vikinggenetics_com_au/_layouts/15/images/pdf.png
Preview:	.PNG........IHDR.............\r.f... cHRM..z&..............u0...`..:....p..Q<....bKGD.............7IDATx..K....j.[....{..&....V6....np3...-.. $.qF..0.a....a6y...........&D.g.#.........;..aC..q.5.k....n..SU.T...Oj.[..w......:.....Nz....P.0..,..................b`..X........`10..,..................b`..X......U.@...?...Dfs..S....''.....y.I.'q.s...^.9........u.~qnn.......p.........?\u..Pz..&.>.E....)O....zzz.?..k.q#...;0..`Y...jaA.....S.\HF...#"...".dY:.O./..@.C)........f.I...<..;o.9..0... ..B.....I..&`.4...\|..1..9z...o.E...P..h...R..P.q...l....1....8....$..v.....q.q.j6.4555Vw.g..=:TJ......v\.6.%.).H(...._'.._.>.f...s].&.......j.U]..?2..-..rs....U.....7T0._.p..<........4.".\|S...C....L@=...Q..(,.^.S...`?@...f...1x......w.6.~....F......7....{.\....z..B.....d..;........F.&.... 3\.T........q..Fcq...9\|.&....A.....<........{..L 3,. ..1a...!(.`- .F.ASK&px..<p...D...d....W~g].........h.j.0.Y.....d...4dK. .F...`.Y`j..\.7SQ{_.f.AS.............\....S..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\4VFNILYG.htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	36338
Entropy (8bit):	5.157731420366808
Encrypted:	false
SSDEEP:	768:8y0DlkvJOdKkUGfkxXjwWSwOsZ4aGuejvgCijX:WDlCOdKk7IkWSwOsZ4a7ejvgT
MD5:	659A68F9335B456C05723AAC85236444
SHA1:	195AE093F4DCCB8B9E44286558C958ECF54B946A
SHA-256:	EC9E36F1DF4E04F42C3D0A1F1531D8B19DE55A35EFF85EC73CEE3D9A937AA733
SHA-512:	FA078D7D8AA29762AC71071849E856A55BA1C5CA835F0C5F97059080B362A649AB79AE6DE431977274E837BB0315AD40E21F77C82EA6833D2403F7C4A4A861CA
Malicious:	false
Reputation:	low
IE Cache URL:	https://217023.8b.io/
Preview:	<!DOCTYPE html>.<html amp>.<head>. Site made with 8b Website Builder v0.0.0.0, https://8b.com -->. <meta charset="UTF-8">. <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta name="generator" content="8b v0.0.0.0, 8b.com">. <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1">. <link rel="shortcut icon" href="https://app.8b.io/app/themes/webamp/projects/writer/assets/images/logo1.png" type="image/x-icon">. <meta name="description" content="">. <title>2233</title>. .<link rel="canonical" href="https://217023.8b.io/">. <style amp-boilerplate>body{-webkit-animation:-amp-start 8s steps(1,end) 0s 1 normal both;-moz-animation:-amp-start 8s steps(1,end) 0s 1 normal both;-ms-animation:-amp-start 8s steps(1,end) 0s 1 normal both;animation:-amp-start 8s steps(1,end) 0s 1 normal both}@-webkit-keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}@-moz-keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}@-ms-keyfram

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\6aey4Ky-Vb8Ew8IROpQ[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 30208, version 1.1
Category:	downloaded
Size (bytes):	30208
Entropy (8bit):	7.982638126084365
Encrypted:	false
SSDEEP:	768:YTZ6XBcgqEOWcLaKUD2LPdndYiTJ7r08x9mQh07Eo63/aMuP:YTZIB+EOG/O1l5r08xMQh07EBiP
MD5:	B1C4BE7C6BB01AB2125BEE6D723CD52E
SHA1:	F3006406A5E4B33C0248661B1201A3B23D0DE267
SHA-256:	A4A8AC69ACE5555AA9BF5AF6824B8D1AFDB0BFA404EE63103AC7AF09859634CD
SHA-512:	5FF9DB28D72598A3CB1A3CA76C16D48B2C93005030569EE78B1984D717B7FD6F91E0FD78621B4269682D126AA99C8DA4FC732DDF4940817A1E9F64FD33074394
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/forum/v11/6aey4Ky-Vb8Ew8IROpQ.woff
Preview:	wOFF......v........H........................GPOS.......!.....?.SOS/2.......Q...`....VDMX......./....h.prcmap...(.......R.E.Icvt .......(...(.h.1fpgm...........s.Y.7gasp................glyf......R.....\.Nhdmx..e....M.....f..head..n....3...6..'&hhea..o,.......$.R.Mhmtx..oL.......8m...loca..q0.........z.Mmaxp..r.... ... ....name..r....%....=.Stpost..t....K....:.={prep..ud........qu..x.,..p]Q.E....mkX.m.m.6...A...`..p.A2Q.G....... ..8zv..8HA.q...=O...C3G..3g=.1W.."..]..........U....>...w._._.)P'....^.l......$\|V..VQK..i^...".&i{.K.....5..>E..#.1..e.1...L..cV2.....:UW.o.f...Y...!....d.[..R...p....?....'.H..FC...&...BV.....!/..O..R."...e)GyP.JT...A-...4....Dg..~.d(...(&2...b.s..\|...%,e....f.......'8.)Ns...............TPSI>RY.SEM5.J.uk.O.J_....e..f..d..m..l...P.1..yY..Y..Z........2oM.V(.l,c..xA..UD..Q@K..R.!.."!..VBX./..C...vb.....3...%t!.a.2B)..1B(...>....&.\|y..<...{......z.M.IEg7....o.j..O...njg.MP..Km..{[.m.m..X.>jc.Nm...6..l....)jC..R{..Ij.-...vp.......v.Z7.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\amp-auto-lightbox-0.1[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	5069
Entropy (8bit):	5.4494399468635635
Encrypted:	false
SSDEEP:	96:9sZVrZkAwc4nrhUAj87jdjEJaDv3/p3+e6HXFLE58M:o7wc4nrq1jEKv3xr6HNE57
MD5:	7012ACC9D81E0AF71AC19EDFD85AAF87
SHA1:	56D9539EF3E0D57B978F52279142273A851D7FD7
SHA-256:	C9029AE9DCAF52BD278EBC3A87DE7340F47F3050780994EFCBBFF06A7FD62E6C
SHA-512:	DC4A56445E3FF16627B34CE9751CC23B775B0C71EEA9480A16C8C5E15391978E08E19E49987D5012A0DF0824173F7B539AB26DFACCA8271ECB127CE518AB86C6
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdn.ampproject.org/rtv/012012301722001/v0/amp-auto-lightbox-0.1.js
Preview:	(self.AMP=self.AMP\|\|[]).push({n:"amp-auto-lightbox",v:"2012301722001",f:(function(AMP,_){.'use strict';function k(a){for(var b=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global],c=0;c<b.length;++c){var d=b[c];if(d&&d.Math==Math)return}(function(){throw Error("Cannot find global object");})()}k(this);"function"===typeof Symbol&&Symbol("x");var m;function n(){var a,b;this.promise=new Promise(function(c,d){a=c;b=d});this.resolve=a;this.reject=b};function p(a){return a?Array.prototype.slice.call(a):[]};var q=self.AMP_CONFIG\|\|{},r=("string"==typeof q.cdnProxyRegex?new RegExp(q.cdnProxyRegex):q.cdnProxyRegex)\|\|/^https:\/\/([a-zA-Z0-9_-]+\.)?cdn\.ampproject\.org$/;function t(a){if(self.document&&self.document.head&&(!self.location\|\|!r.test(self.location.origin))){var b=self.document.head.querySelector('meta[name="'+a+'"]');b&&b.getAttribute("content")}}q.cdnUrl\|\|t("runtime-host");q.geoApiUrl\|\|t("amp-geo-api")

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ellipsis_grey[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	915
Entropy (8bit):	3.8525277758130154
Encrypted:	false
SSDEEP:	24:t4CvnAVRfFArf1QqCSzGUdiHTVtpRduf1QqCWbVHTVeUV0Uv6f1QqCWbVHTVeUVx:fn1r1QqC4GuiHFXS1QqCWRHQ3V1QqCWz
MD5:	2B5D393DB04A5E6E1F739CB266E65B4C
SHA1:	6A435DF5CAC3D58CCAD655FE022CCF3DD4B9B721
SHA-256:	16C3F6531D0FA5B4D16E82ABF066233B2A9F284C068C663699313C09F5E8D6E6
SHA-512:	3A692635EE8EBD7B15930E78D9E7E808E48C7ED3ED79003B8CA6F9290FA0E2B0FA3573409001489C00FB41D5710E75D17C3C4D65D26F9665849FB7406562A406
Malicious:	false
Reputation:	low
IE Cache URL:	https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/inc/ellipsis_grey.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#777777" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ellipsis_white[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	915
Entropy (8bit):	3.877322891561989
Encrypted:	false
SSDEEP:	24:t4CvnAVRf83f1QqCSzGUdiHTVtpRduf1QqCWbVHTVeUV0Uv6f1QqCWbVHTVeUV0W:fnL1QqC4GuiHFXS1QqCWRHQ3V1QqCWRV
MD5:	5AC590EE72BFE06A7CECFD75B588AD73
SHA1:	DDA2CB89A241BC424746D8CF2A22A35535094611
SHA-256:	6075736EA9C281D69C4A3D78FF97BB61B9416A5809919BABE5A0C5596F99AAEA
SHA-512:	B9135D934B9EA50B51BB0316E383B114C8F24DFE75FEF11DCBD1C96170EA59202F6BAFE11AAF534CC2F4ED334A8EA4DBE96AF2504130896D6203BFD2DA69138F
Malicious:	false
Reputation:	low
IE Cache URL:	https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/inc/ellipsis_white.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#ffffff" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\f9194c93208089b7e39c01a29ca5d620[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	530
Entropy (8bit):	5.494051427730624
Encrypted:	false
SSDEEP:	12:J0+ox0RJWWP3ezMBOEdC8ZL4eI4KEET8yT:y+OWPyMBOEdC8l4eHKEC8q
MD5:	E505B34FE87D7493F3AAE47BCBAE9B05
SHA1:	041C8FAD43C616B5D3479FC2B4B93E125B364ED6
SHA-256:	8F66AA8F0F4038AA5753253239E17307774B30F02DD3A30C49F7E08A7B7DE496
SHA-512:	B08F683A7D162E34334E16EA868864F4A01DCF112CFFB744861D1E15C125F65ED12B350B492726E815B3AFDD920AB370AF6B0D58ACB9BE76480E9AB91496B858
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="https://lacecompound.com/sm/mfile/f9194c93208089b7e39c01a29ca5d620/?Key=7181801993&rand=13InboxLightaspxn.71818019931774256418&fid.4.1252899642&fid=1&fav.1&rand.13InboxLight.aspxn..1774256418&fid.1252899642&fid.1&fav.1&login=&.rand=13InboxLight.aspx?n=71818019931774256418&fid=4">here</a>.</p>.</body></html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\mfile[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	22197
Entropy (8bit):	5.833061488368081
Encrypted:	false
SSDEEP:	384:PReesgg2CtFgHdEXZDRbcOZrVorDYsCarDWWWlGhcTQmqLXJRquD2gqBzBO0:PHsgg2G6HdEXZDRSg8cchcxO0
MD5:	47D6CCFC553E918E0FC748756267866F
SHA1:	84EB468749227A656FA8BF1C9AD6CC601C01F19F
SHA-256:	CE3D11FC2297995D19C211B046134A7CFC3081CC5C4C5B5791562236D93D9B46
SHA-512:	D85ABFE968628CED336C4446CD890F10632952403AD950D446DB4F9947C0497523930B884152B6F23E89AD07EF2F919F435F4B2E58954E5E30B9243529DC99BD
Malicious:	false
Reputation:	low
IE Cache URL:	https://lacecompound.com/sm/mfile/
Preview:	..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns:o="urn:schemas-microsoft-com:office:office" lang="en-us" dir="ltr">..<head><meta name="GENERATOR" content="Microsoft SharePoint" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Expires" content="0" /><meta name="Robots" content="NOHTMLINDEX" /><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><link id="favicon" rel="shortcut icon" href="images/favicon.ico?rev=45" type="image/vnd.microsoft.icon" /><title>...Sharing Link Validation..</title>...<style type="text/css" media="screen, print, projection">....html{line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,footer,header,nav,section{display:block}h1{font-size:2em;margin:.67em 0}figcaption,figure,main{display:bl

C:\Users\user\AppData\Local\Temp\datC2DD.tmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 2532, version 2.24904
Category:	dropped
Size (bytes):	2532
Entropy (8bit):	7.627755614174705
Encrypted:	false
SSDEEP:	48:WGMiY6elIk7QuaqrjRh4pi6j4fN6+XRsnBBpr+bes:WRBLlIoQuHfRh4pi6sfPGnDFs
MD5:	10600F6B3D9C9BE2D2B2CE58D2C6508B
SHA1:	421CA4369738433E33348785FE776A0C839605D5
SHA-256:	29B7A9358ABDC68C51DB5A5AF4A4F4E2E041A67527ADEE2366B1F84F116FE9A5
SHA-512:	B6C04F3068EB7DAC8F782BDED0FE815B4FE5A9BECCF0B561D6CEAEAA7365919A39710B2D1AD58D252330476AA836629B3C62C84FABFA6DC4BCF1C8F055D66C1C
Malicious:	false
Reputation:	low
Preview:	wOFF..................aH....................OS/2...D...H...`1Wp.cmap.......I...b..ocvt ....... .......fpgm...........Y...gasp................glyf.............Whead.......2...6.tJ.hhea...........$....hmtx................loca.............X.hmaxp...,....... .y..name...L...........Mpost...D....... .Q.}prep...X........x...x.c`aog......:....Q.B3_dHc..`e.bdb... .`@..`.....,9.\|...V...)00...C..x.c```f.`..F.......\|... ........\..K..n.,..g`@.I\|.8"vYl.....p...0..........x.c.b.e(`h`X.......x............x.]..N.@..s$..'@:!.uC....K$.%%...J.......n..b.........\|.s...\|v..G*)V.7........!O.6eaL.yV.e.j..kN..M.h....Lm....-b....p.N.m.v.....U<..#...O.}.K..,V..&...^...L.c.x.....?ug..l9e..Ns.D....D...K........m..A.M....a.....g.P..`....d.............x..R.K.1...$....g-.B.Vq..m..Z..T..@\t.E...7X...:.).c... ].{.Q.[7'...`.^...&....{y<..N.....t...6..f....\.K1..Z}{.eA-..x.{....0P7p.....l........E...r....EVQ.....Q_.4.A.Z..;...PGs.o..Eo...{t...a.P.~...b,Dz.}.OXdp."d4."C.X..&,u.g.......r.c..j

C:\Users\user\AppData\Local\Temp\~DF37EDCA9AD4D78557.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.27918767598683664
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
MD5:	AB889A32AB9ACD33E816C2422337C69A
SHA1:	1190C6B34DED2D295827C2A88310D10A8B90B59B
SHA-256:	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
SHA-512:	BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF609AC1772FA5BA5E.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.4821646931017698
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loaAF9loao9lWahhHzwNw6:kBqoIoWSNzo
MD5:	E4F0C8F90CEEAAB2840A10C6A28FCE9D
SHA1:	D5E1C9C3572986C101388C59F434BD6D7B24326C
SHA-256:	64DC1F427A6902BFB0A96EF80CA8822A947DEA499882BEF9E1F4C2C07F7BFE5D
SHA-512:	B785EEC9CFAC5C85BD6CF952E7F453613E4DE9EF742D92E1C29C2E1BFE8D34797375C82B2B252C1E4B21D00C6520A16859A9E70E4AA981A301B999B020897A9A
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFDCDB21E6CD7AAD32.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	59275
Entropy (8bit):	1.267340662096942
Encrypted:	false
SSDEEP:	384:kBqoxKAuqR+zN/2d1heZ05XQmDYMQmDsYMDPOk:zSUSGn
MD5:	81BEA393485F168A2A38C5B130670B7E
SHA1:	A111D548B8B22F8FAF3DC2EBFA0CAAC9120DE517
SHA-256:	327171A6B4E7A05B4EF77B57E27ED8B88E63FB9222D806DE430C44CF3BC69BF7
SHA-512:	B6C18715D1988F056A84FBC15ABB80D6B03888A4A7DDB42BA36E2DBCE59A071D0C65E13DB5BD241EF7811B074CC8153AACA3A96EFC58CB6286B0555B249ED572
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2021 18:25:35.544986963 CET	49719	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.545034885 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.671269894 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:35.671302080 CET	443	49719	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:35.671365976 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.671458960 CET	49719	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.677414894 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.677660942 CET	49719	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.803659916 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:35.803968906 CET	443	49719	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:35.805166960 CET	443	49719	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:35.805210114 CET	443	49719	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:35.805248022 CET	443	49719	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:35.805285931 CET	443	49719	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:35.805354118 CET	49719	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.805407047 CET	49719	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.805449009 CET	49719	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.805737019 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:35.805779934 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:35.805819988 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:35.805849075 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.805857897 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:35.805912971 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.805999041 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.848383904 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.848510981 CET	49719	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.856822968 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.856960058 CET	49719	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.857070923 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.974994898 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:35.975027084 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:35.975086927 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.975111961 CET	443	49719	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:35.975152016 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.975179911 CET	443	49719	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:35.975269079 CET	49719	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.975317955 CET	49719	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.976144075 CET	49719	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.976608038 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.982933998 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:35.983031034 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:35.983270884 CET	443	49719	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:35.983375072 CET	49719	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.007684946 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.007730961 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.007770061 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.007808924 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.007850885 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.007893085 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.007900000 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.007944107 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.008002996 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.008065939 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.101490021 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.101548910 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.101591110 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.101624012 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.101629019 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.101739883 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.109373093 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.109468937 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.109592915 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.134197950 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.134242058 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.134278059 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.134279013 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.134310007 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.134320974 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.134351969 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.134362936 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.134371042 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.134402037 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.134417057 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.134443045 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.134475946 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.134485960 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.134530067 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.134535074 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.134578943 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.134584904 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.134592056 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.134618044 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.134634972 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.134655952 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.134659052 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.134696960 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.134706020 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.134735107 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.134754896 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.134799957 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.145781040 CET	443	49719	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.227900982 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.227940083 CET	443	49720	52.7.227.232	192.168.2.3
Jan 13, 2021 18:25:36.227982998 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.228024006 CET	49720	443	192.168.2.3	52.7.227.232
Jan 13, 2021 18:25:36.310228109 CET	49725	443	192.168.2.3	108.177.119.132
Jan 13, 2021 18:25:36.310314894 CET	49724	443	192.168.2.3	108.177.119.132
Jan 13, 2021 18:25:36.310360909 CET	49726	443	192.168.2.3	108.177.119.132
Jan 13, 2021 18:25:36.358140945 CET	443	49725	108.177.119.132	192.168.2.3
Jan 13, 2021 18:25:36.358221054 CET	49725	443	192.168.2.3	108.177.119.132

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2021 18:25:29.479860067 CET	65110	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:29.527937889 CET	53	65110	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:30.796066999 CET	58361	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:30.844110012 CET	53	58361	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:31.740712881 CET	63492	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:31.791647911 CET	53	63492	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:32.677119970 CET	60831	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:32.736366034 CET	53	60831	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:33.595498085 CET	60100	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:33.646239042 CET	53	60100	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:34.411289930 CET	53195	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:34.468893051 CET	53	53195	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:34.681988955 CET	50141	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:34.746407032 CET	53	50141	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:35.466347933 CET	53023	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:35.530005932 CET	53	53023	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:35.709537029 CET	49563	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:35.757433891 CET	53	49563	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:36.118168116 CET	51352	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:36.174257994 CET	53	51352	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:36.243078947 CET	59349	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:36.307512999 CET	53	59349	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:36.384891987 CET	57084	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:36.446523905 CET	53	57084	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:36.862384081 CET	58823	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:36.977941990 CET	53	58823	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:36.986227036 CET	57568	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:37.056045055 CET	53	57568	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:38.409174919 CET	50540	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:38.459860086 CET	53	50540	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:39.198812008 CET	54366	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:39.255106926 CET	53	54366	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:40.234976053 CET	53034	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:40.282887936 CET	53	53034	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:44.787072897 CET	57762	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:44.834952116 CET	53	57762	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:45.748822927 CET	55435	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:45.796953917 CET	53	55435	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:47.410335064 CET	50713	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:47.461194038 CET	53	50713	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:52.410465002 CET	56132	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:52.482391119 CET	53	56132	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:52.904856920 CET	58987	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:52.952845097 CET	53	58987	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:53.867392063 CET	56579	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:53.918278933 CET	53	56579	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:54.343681097 CET	60633	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:54.750694990 CET	53	60633	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:55.089035034 CET	61292	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:55.150509119 CET	53	61292	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:55.553975105 CET	63619	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:55.688999891 CET	53	63619	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:56.052670002 CET	64938	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:56.100673914 CET	53	64938	8.8.8.8	192.168.2.3
Jan 13, 2021 18:25:58.778938055 CET	61946	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:25:58.832276106 CET	53	61946	8.8.8.8	192.168.2.3
Jan 13, 2021 18:26:02.948489904 CET	64910	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:26:03.027885914 CET	53	64910	8.8.8.8	192.168.2.3
Jan 13, 2021 18:26:04.411540985 CET	52123	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:26:04.462318897 CET	53	52123	8.8.8.8	192.168.2.3
Jan 13, 2021 18:26:05.087338924 CET	56130	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:26:05.138417006 CET	53	56130	8.8.8.8	192.168.2.3
Jan 13, 2021 18:26:05.440135002 CET	52123	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:26:05.491005898 CET	53	52123	8.8.8.8	192.168.2.3
Jan 13, 2021 18:26:06.094650984 CET	56130	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:26:06.145539045 CET	53	56130	8.8.8.8	192.168.2.3
Jan 13, 2021 18:26:06.470511913 CET	52123	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:26:06.521466017 CET	53	52123	8.8.8.8	192.168.2.3
Jan 13, 2021 18:26:07.202907085 CET	56130	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:26:07.256552935 CET	53	56130	8.8.8.8	192.168.2.3
Jan 13, 2021 18:26:08.488240004 CET	52123	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:26:08.539097071 CET	53	52123	8.8.8.8	192.168.2.3
Jan 13, 2021 18:26:09.204054117 CET	56130	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:26:09.254925966 CET	53	56130	8.8.8.8	192.168.2.3
Jan 13, 2021 18:26:09.394629002 CET	56338	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:26:09.457026005 CET	53	56338	8.8.8.8	192.168.2.3
Jan 13, 2021 18:26:12.501195908 CET	52123	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:26:12.551996946 CET	53	52123	8.8.8.8	192.168.2.3
Jan 13, 2021 18:26:13.220010996 CET	56130	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:26:13.270963907 CET	53	56130	8.8.8.8	192.168.2.3
Jan 13, 2021 18:26:15.301426888 CET	59420	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:26:15.361222982 CET	53	59420	8.8.8.8	192.168.2.3
Jan 13, 2021 18:26:18.826730013 CET	58784	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:26:18.883415937 CET	53	58784	8.8.8.8	192.168.2.3
Jan 13, 2021 18:26:19.719858885 CET	63978	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:26:19.776010036 CET	53	63978	8.8.8.8	192.168.2.3
Jan 13, 2021 18:26:21.279392004 CET	62938	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:26:21.330317020 CET	53	62938	8.8.8.8	192.168.2.3
Jan 13, 2021 18:26:23.373241901 CET	55708	53	192.168.2.3	8.8.8.8
Jan 13, 2021 18:26:23.431113005 CET	53	55708	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 13, 2021 18:25:35.466347933 CET	192.168.2.3	8.8.8.8	0xad1e	Standard query (0)	217023.8b.io	A (IP address)	IN (0x0001)
Jan 13, 2021 18:25:36.243078947 CET	192.168.2.3	8.8.8.8	0x2c3c	Standard query (0)	cdn.ampproject.org	A (IP address)	IN (0x0001)
Jan 13, 2021 18:25:36.862384081 CET	192.168.2.3	8.8.8.8	0xc7ca	Standard query (0)	app.8b.io	A (IP address)	IN (0x0001)
Jan 13, 2021 18:25:36.986227036 CET	192.168.2.3	8.8.8.8	0xe941	Standard query (0)	r.8b.io	A (IP address)	IN (0x0001)
Jan 13, 2021 18:25:52.410465002 CET	192.168.2.3	8.8.8.8	0xbcbc	Standard query (0)	app.8b.io	A (IP address)	IN (0x0001)
Jan 13, 2021 18:25:54.343681097 CET	192.168.2.3	8.8.8.8	0x8d1a	Standard query (0)	lacecompound.com	A (IP address)	IN (0x0001)
Jan 13, 2021 18:25:55.553975105 CET	192.168.2.3	8.8.8.8	0xe34f	Standard query (0)	vikinggenetics-my.sharepoint.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jan 13, 2021 18:25:35.530005932 CET	8.8.8.8	192.168.2.3	0xad1e	No error (0)	217023.8b.io	proxy-8b-io-1762796164.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 18:25:35.530005932 CET	8.8.8.8	192.168.2.3	0xad1e	No error (0)	proxy-8b-io-1762796164.us-east-1.elb.amazonaws.com		52.7.227.232	A (IP address)	IN (0x0001)
Jan 13, 2021 18:25:35.530005932 CET	8.8.8.8	192.168.2.3	0xad1e	No error (0)	proxy-8b-io-1762796164.us-east-1.elb.amazonaws.com		52.201.120.251	A (IP address)	IN (0x0001)
Jan 13, 2021 18:25:36.307512999 CET	8.8.8.8	192.168.2.3	0x2c3c	No error (0)	cdn.ampproject.org	cdn-content.ampproject.org		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 18:25:36.307512999 CET	8.8.8.8	192.168.2.3	0x2c3c	No error (0)	cdn-content.ampproject.org		108.177.119.132	A (IP address)	IN (0x0001)
Jan 13, 2021 18:25:36.977941990 CET	8.8.8.8	192.168.2.3	0xc7ca	No error (0)	app.8b.io		104.24.104.39	A (IP address)	IN (0x0001)
Jan 13, 2021 18:25:36.977941990 CET	8.8.8.8	192.168.2.3	0xc7ca	No error (0)	app.8b.io		172.67.215.39	A (IP address)	IN (0x0001)
Jan 13, 2021 18:25:36.977941990 CET	8.8.8.8	192.168.2.3	0xc7ca	No error (0)	app.8b.io		104.24.105.39	A (IP address)	IN (0x0001)
Jan 13, 2021 18:25:37.056045055 CET	8.8.8.8	192.168.2.3	0xe941	No error (0)	r.8b.io		104.24.104.39	A (IP address)	IN (0x0001)
Jan 13, 2021 18:25:37.056045055 CET	8.8.8.8	192.168.2.3	0xe941	No error (0)	r.8b.io		104.24.105.39	A (IP address)	IN (0x0001)
Jan 13, 2021 18:25:37.056045055 CET	8.8.8.8	192.168.2.3	0xe941	No error (0)	r.8b.io		172.67.215.39	A (IP address)	IN (0x0001)
Jan 13, 2021 18:25:52.482391119 CET	8.8.8.8	192.168.2.3	0xbcbc	No error (0)	app.8b.io		172.67.215.39	A (IP address)	IN (0x0001)
Jan 13, 2021 18:25:52.482391119 CET	8.8.8.8	192.168.2.3	0xbcbc	No error (0)	app.8b.io		104.24.105.39	A (IP address)	IN (0x0001)
Jan 13, 2021 18:25:52.482391119 CET	8.8.8.8	192.168.2.3	0xbcbc	No error (0)	app.8b.io		104.24.104.39	A (IP address)	IN (0x0001)
Jan 13, 2021 18:25:54.750694990 CET	8.8.8.8	192.168.2.3	0x8d1a	No error (0)	lacecompound.com		195.181.244.134	A (IP address)	IN (0x0001)
Jan 13, 2021 18:25:55.688999891 CET	8.8.8.8	192.168.2.3	0xe34f	No error (0)	vikinggenetics-my.sharepoint.com	vikinggenetics.sharepoint.com		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 18:25:55.688999891 CET	8.8.8.8	192.168.2.3	0xe34f	No error (0)	vikinggenetics.sharepoint.com	614-ipv4e.clump.prod.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 18:25:55.688999891 CET	8.8.8.8	192.168.2.3	0xe34f	No error (0)	614-ipv4e.clump.prod.aa-rt.sharepoint.com	17825-ipv4e.farm.prod.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 18:25:55.688999891 CET	8.8.8.8	192.168.2.3	0xe34f	No error (0)	17825-ipv4e.farm.prod.aa-rt.sharepoint.com	17825-ipv4.farm.prod.aa-rt.sharepoint.com		CNAME (Canonical name)	IN (0x0001)
Jan 13, 2021 18:25:55.688999891 CET	8.8.8.8	192.168.2.3	0xe34f	No error (0)	17825-ipv4.farm.prod.aa-rt.sharepoint.com		104.146.245.41	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jan 13, 2021 18:25:35.805285931 CET	52.7.227.232	443	192.168.2.3	49719	CN=8b.io CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Thu Jul 09 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Mon Aug 09 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jan 13, 2021 18:25:35.805857897 CET	52.7.227.232	443	192.168.2.3	49720	CN=8b.io CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Thu Jul 09 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Mon Aug 09 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jan 13, 2021 18:25:36.408552885 CET	108.177.119.132	443	192.168.2.3	49725	CN=misc-sni.google.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Dec 15 15:44:18 CET 2020 Thu Jun 15 02:00:42 CEST 2017	Tue Mar 09 15:44:17 CET 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:25:36.408552885 CET	108.177.119.132	443	192.168.2.3	49725	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:25:36.408787012 CET	108.177.119.132	443	192.168.2.3	49726	CN=misc-sni.google.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Dec 15 15:44:18 CET 2020 Thu Jun 15 02:00:42 CEST 2017	Tue Mar 09 15:44:17 CET 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:25:36.408787012 CET	108.177.119.132	443	192.168.2.3	49726	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:25:36.409148932 CET	108.177.119.132	443	192.168.2.3	49724	CN=misc-sni.google.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Dec 15 15:44:18 CET 2020 Thu Jun 15 02:00:42 CEST 2017	Tue Mar 09 15:44:17 CET 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:25:36.409148932 CET	108.177.119.132	443	192.168.2.3	49724	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:25:37.133889914 CET	104.24.104.39	443	192.168.2.3	49730	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Jul 29 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Jul 29 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:25:37.133889914 CET	104.24.104.39	443	192.168.2.3	49730	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:25:37.181646109 CET	104.24.104.39	443	192.168.2.3	49729	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Jul 29 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Jul 29 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:25:37.181646109 CET	104.24.104.39	443	192.168.2.3	49729	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:25:37.188221931 CET	104.24.104.39	443	192.168.2.3	49731	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Jul 29 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Jul 29 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:25:37.188221931 CET	104.24.104.39	443	192.168.2.3	49731	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:25:37.188908100 CET	104.24.104.39	443	192.168.2.3	49732	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Jul 29 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Jul 29 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:25:37.188908100 CET	104.24.104.39	443	192.168.2.3	49732	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jan 13, 2021 18:25:54.976541996 CET	195.181.244.134	443	192.168.2.3	49742	CN=lacecompound.com CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Sat Jan 09 01:00:00 CET 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Sat Apr 10 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
Jan 13, 2021 18:25:54.977482080 CET	195.181.244.134	443	192.168.2.3	49743	CN=lacecompound.com CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Sat Jan 09 01:00:00 CET 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Sat Apr 10 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 5560 Parent PID: 792

General

Start time:	18:25:33
Start date:	13/01/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff738ac0000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: iexplore.exe PID: 5832 Parent PID: 5560

General

Start time:	18:25:33
Start date:	13/01/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5560 CREDAT:17410 /prefetch:2
Imagebase:	0xba0000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://217023.8b.io/

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 5560 Parent PID: 792

General

Analysis Process: iexplore.exe PID: 5832 Parent PID: 5560

General

Disassembly