Play interactive tour

Edit tour

Analysis Report https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef@wcps.k12.md.us

Overview

General Information

Sample URL:	https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef@wcps.k12.md.us
Analysis ID:	356081
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Yara detected HtmlPhish_10

HTML body contains low number of good links

No HTML title found

URL contains potential PII (phishing indication)

Classification

Startup

System is w10x64

iexplore.exe (PID: 4340 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 976 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4340 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef@wcps.k12.md.us	SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
Source: https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef@wcps.k12.md.us	UrlScan: detection malicious, Label: phishing brand: generic email			Perma Link

Antivirus detection for URL or domain

Show sources

Source: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4#gladhjef@wcps.k12.md.us

UrlScan: Label: phishing brand: generic email

Perma Link

Multi AV Scanner detection for domain / URL

Show sources

Source: nliwierfrf.gb.net	Virustotal: Detection: 6%			Perma Link
Source: www.politikesgeuseis.gr	Virustotal: Detection: 7%			Perma Link

Phishing:

Yara detected HtmlPhish_10

Show sources

Source: Yara match	File source: 618321.pages.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm, type: DROPPED

Source: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4#gladhjef@wcps.k12.md.us	HTTP Parser: Number of links: 0
Source: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4#gladhjef@wcps.k12.md.us	HTTP Parser: Number of links: 0

Source: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4#gladhjef@wcps.k12.md.us	HTTP Parser: HTML title missing
Source: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4#gladhjef@wcps.k12.md.us	HTTP Parser: HTML title missing

Source: https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef@wcps.k12.md.us

Sample URL: PII: gladhjef@wcps.k12.md.us

Source: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4#gladhjef@wcps.k12.md.us	HTTP Parser: No <meta name="author".. found
Source: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4#gladhjef@wcps.k12.md.us	HTTP Parser: No <meta name="author".. found

Source: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4#gladhjef@wcps.k12.md.us	HTTP Parser: No <meta name="copyright".. found
Source: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4#gladhjef@wcps.k12.md.us	HTTP Parser: No <meta name="copyright".. found

Compliance:

Uses new MSVCR Dlls

Show sources

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Show sources

Source: unknown	HTTPS traffic detected: 104.129.25.9:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.129.25.9:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.7:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.7:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.214.201.112:443 -> 192.168.2.7:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.214.201.112:443 -> 192.168.2.7:49746 version: TLS 1.2

Networking:

Source: unknown

DNS traffic detected: queries for: nliwierfrf.gb.net

Source: font-awesome.min[1].css.2.dr	String found in binary or memory: http://fontawesome.io
Source: font-awesome.min[1].css.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: bootstrap.min[1].css.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: popper.min[1].js.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	String found in binary or memory: https://biffyeager.ru/bschbvdskchbeds3feb/next.php
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	String found in binary or memory: https://firebasestorage.googleapis.com/v0/b/dellcssfile.appspot.com/o/bootstrap.min.css?alt=media&to
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	String found in binary or memory: https://firebasestorage.googleapis.com/v0/b/dellcssfile.appspot.com/o/font-awesome.min.css?alt=media
Source: free.min[1].css.2.dr, free-fa-solid-900[1].eot.2.dr	String found in binary or memory: https://fontawesome.com
Source: free.min[1].css.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: free-fa-solid-900[1].eot.2.dr, free-fa-regular-400[1].eot.2.dr	String found in binary or memory: https://fontawesome.comhttps://fontawesome.comFont
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Archivo
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v12/tss0ApVBdCYD5Q7hcxTE1ArZ0bbwiXo.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhv.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0d.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[1].css0.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: bootstrap.min[1].js.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: bootstrap.min[2].js.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: 585b051251[1].js.2.dr	String found in binary or memory: https://ka-f.fontawesome.com
Source: 585b051251[1].js.2.dr	String found in binary or memory: https://kit.fontawesome.com
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: ~DF2961C22C6FC71983.TMP.1.dr	String found in binary or memory: https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr
Source: {8A4D8B89-755E-11EB-90E6-ECF4BB82F7E0}.dat.1.dr	String found in binary or memory: https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef
Source: ~DF005E3F5BF1EF3E95.TMP.1.dr	String found in binary or memory: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2c
Source: ~DF005E3F5BF1EF3E95.TMP.1.dr, QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm.2.dr	String found in binary or memory: https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d8
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Source: QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	String found in binary or memory: https://www.google.com/s2/favicons?domain=
Source: imagestore.dat.2.dr, QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	String found in binary or memory: https://www.google.com/s2/favicons?domain=dell.com?v=BUILD_HASH
Source: ~DF005E3F5BF1EF3E95.TMP.1.dr	String found in binary or memory: https://www.politikesgeuseis.gr/cricl/oauth/site/service/demp.php?email=info

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 104.129.25.9:443 -> 192.168.2.7:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.129.25.9:443 -> 192.168.2.7:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.7:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.7:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.214.201.112:443 -> 192.168.2.7:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.214.201.112:443 -> 192.168.2.7:49746 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: mal72.phis.win@3/31@9/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8A4D8B87-755E-11EB-90E6-ECF4BB82F7E0}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user~1\AppData\Local\Temp\~DFD481E1B3B9292EBF.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4340 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4340 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef@wcps.k12.md.us	0%	Virustotal		Browse
https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef@wcps.k12.md.us	0%	Avira URL Cloud	safe
https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef@wcps.k12.md.us	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering
https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef@wcps.k12.md.us	100%	UrlScan	phishing brand: generic email	Browse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
nliwierfrf.gb.net	6%	Virustotal		Browse
www.politikesgeuseis.gr	8%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4#gladhjef@wcps.k12.md.us	100%	UrlScan	phishing brand: generic email	Browse
https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d8	0%	Avira URL Cloud	safe
https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2c	0%	Avira URL Cloud	safe
https://fontawesome.comhttps://fontawesome.comFont	0%	Avira URL Cloud	safe
https://biffyeager.ru/bschbvdskchbeds3feb/next.php	0%	Avira URL Cloud	safe
https://www.politikesgeuseis.gr/cricl/oauth/site/service/demp.php?email=info	0%	Avira URL Cloud	safe
https://getbootstrap.com)	0%	Avira URL Cloud	safe
http://getbootstrap.com)	0%	Avira URL Cloud	safe
https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef	0%	Avira URL Cloud	safe
https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
nliwierfrf.gb.net	104.129.25.9	true	true	6%, Virustotal, Browse	unknown
www.politikesgeuseis.gr	35.214.201.112	true	false	8%, Virustotal, Browse	unknown
cdnjs.cloudflare.com	104.16.18.94	true	false		high
stackpath.bootstrapcdn.com	unknown	unknown	false		high
ka-f.fontawesome.com	unknown	unknown	false		high
code.jquery.com	unknown	unknown	false		high
kit.fontawesome.com	unknown	unknown	false		high
maxcdn.bootstrapcdn.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4#gladhjef@wcps.k12.md.us	true	100%, UrlScan, Browse	unknown
https://www.politikesgeuseis.gr/cricl/oauth/site/service/demp.php?email=info@dell.com#	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://fontawesome.io	font-awesome.min[1].css.2.dr	false		high
https://ka-f.fontawesome.com	585b051251[1].js.2.dr	false		high
https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d8	~DF005E3F5BF1EF3E95.TMP.1.dr, QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm.2.dr	true	Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.2.1.slim.min.js	QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	false		high
https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2c	~DF005E3F5BF1EF3E95.TMP.1.dr	true	Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.1.1.min.js	QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	false		high
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	false		high
https://getbootstrap.com/)	bootstrap.min[2].js.2.dr	false		high
https://fontawesome.comhttps://fontawesome.comFont	free-fa-solid-900[1].eot.2.dr, free-fa-regular-400[1].eot.2.dr	false	Avira URL Cloud: safe	unknown
https://biffyeager.ru/bschbvdskchbeds3feb/next.php	QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	false	Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.3.1.js	QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	false		high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css	QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	false		high
https://fontawesome.com/license/free	free.min[1].css.2.dr	false		high
http://fontawesome.io/license	font-awesome.min[1].css.2.dr	false		high
https://fontawesome.com	free.min[1].css.2.dr, free-fa-solid-900[1].eot.2.dr	false		high
https://kit.fontawesome.com	585b051251[1].js.2.dr	false		high
https://www.politikesgeuseis.gr/cricl/oauth/site/service/demp.php?email=info	~DF005E3F5BF1EF3E95.TMP.1.dr	false	Avira URL Cloud: safe	unknown
https://github.com/twbs/bootstrap/graphs/contributors)	bootstrap.min[1].js.2.dr	false		high
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	false		high
https://getbootstrap.com)	bootstrap.min[1].js.2.dr	false	Avira URL Cloud: safe	low
http://getbootstrap.com)	bootstrap.min[1].css.2.dr	false	Avira URL Cloud: safe	low
https://github.com/twbs/bootstrap/blob/master/LICENSE)	bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr	false		high
https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef	{8A4D8B89-755E-11EB-90E6-ECF4BB82F7E0}.dat.1.dr	true	Avira URL Cloud: safe	unknown
http://opensource.org/licenses/MIT).	popper.min[1].js.2.dr	false		high
https://kit.fontawesome.com/585b051251.js	QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	false		high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm0.2.dr	false		high
https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr	~DF2961C22C6FC71983.TMP.1.dr	true	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
104.129.25.9	unknown	United States	8100	ASN-QUADRANET-GLOBALUS	true
35.214.201.112	unknown	United States	19527	GOOGLE-2US	false
104.16.18.94	unknown	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	356081
Start date:	22.02.2021
Start time:	14:36:43
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef@wcps.k12.md.us
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.phis.win@3/31@9/3
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://www.politikesgeuseis.gr/cricl/oauth/site/service/demp.php?email=info@dell.com#
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 168.61.161.212, 204.79.197.200, 13.107.21.200, 51.104.139.180, 23.211.6.115, 104.42.151.234, 88.221.62.148, 209.197.3.24, 142.250.185.202, 104.18.22.52, 104.18.23.52, 142.250.186.138, 209.197.3.15, 104.43.139.144, 172.64.202.28, 172.64.203.28, 142.250.185.164, 142.250.186.131, 13.64.90.137, 23.218.208.56 Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, cds.s5x3j6q5.hwcdn.net, arc.msn.com.nsatc.net, ka-f.fontawesome.com.cdn.cloudflare.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, e11290.dspg.akamaiedge.net, e12564.dspb.akamaiedge.net, go.microsoft.com, www.google.com, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, firebasestorage.googleapis.com, www.bing.com, kit.fontawesome.com.cdn.cloudflare.net, fonts.googleapis.com, skypedataprdcolwus17.cloudapp.net, fs.microsoft.com, dual-a-0001.a-msedge.net, ajax.googleapis.com, fonts.gstatic.com, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, cds.j3z9t3p6.hwcdn.net, skypedataprdcolwus16.cloudapp.net Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8A4D8B87-755E-11EB-90E6-ECF4BB82F7E0}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8533863097316883
Encrypted:	false
SSDEEP:	192:r0ZzZK2nWLtBifUIyzMk6BKUDAsfCIbjX:rkVpWpelTV/v
MD5:	9DA6421315A10A5CB0F82E9AA7A003FC
SHA1:	603AE3CCD52F5B09EAB9FE5AAF1FF0BE6D735C92
SHA-256:	2FED78E124B62302CDFAB77D93BE25E0CD95B82CECCE52CD3EE10844939E753B
SHA-512:	91C3B7AA44FAE09A5B45A9190A91AFEACD5B4BD7BC700F83C3012C625A6B7E08F70305D383BB156702BA31E4C7456FA3E10414DE4D902FEA1143A6524BF76B28
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8A4D8B89-755E-11EB-90E6-ECF4BB82F7E0}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	modified
Size (bytes):	55668
Entropy (8bit):	2.8559994943456606
Encrypted:	false
SSDEEP:	192:r7ZIQw6Gkljx2ZW/MTHWwtTqTV9TX3ykkKTV9TX3yzVg5hRVgZlVo/C5Vgh:rNxbHBgI0jD45FLSSD
MD5:	01E7FA87552D4429992249828EE11BF7
SHA1:	226AE1C63A1AD61CCE36C20C38BB5E37DCCF214E
SHA-256:	904C382B7901C006D8EF7C2761ADCE4151B2A5ED28730A1860BC96E9F89339FF
SHA-512:	5EC8E3B59BBF09A10FA63C5AFEFC9F5EE45D774EC0B48FEC631CCDF0094768699380E1A0BF6B139B2F0650BE79B5DF774749F4B97582E333D10D460C1E959F55
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{912F7419-755E-11EB-90E6-ECF4BB82F7E0}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.564198573244267
Encrypted:	false
SSDEEP:	48:IwqGcprrGwpadG4pQlGrapbSLGQpK/G7HpRJTGIpG:rOZlQf6VBSlAOTvA
MD5:	329E4B5C16AACCB299790C57A05459EC
SHA1:	830C8B2CE0C98313DA15004E21C2E87197C83B43
SHA-256:	B8CB2C5F1B98564AF0A202AA4610A0609B656819E96998956C79B2EDFC9DE819
SHA-512:	AC7376826376B5D86F079597BE8692DDE149D095D53E138D9074AB2F5BFE4DA7BFCF33C8C9E747A91C4DFF2CCCDBA9C190C937294543F52EE01A91358FF572CB
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\po60zt0\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	853
Entropy (8bit):	7.156829091896504
Encrypted:	false
SSDEEP:	24:EwD7SByEH9bArPVO/XfF1NjjkJGHSE8ITlD:EwD7SUEdsTgfd1eJGHr1
MD5:	626AE921F95AC9F569FC939CC71AF3A5
SHA1:	E42D5AC3317ECEDA6C4318751D40DED38761859F
SHA-256:	19DD7BE73C35E2D316FC415BA54E682F1D40C50699B950777F5259DFECCFBFE6
SHA-512:	388C8495639ADCCD995E90237A761F9023C28E813804A5EC93CFBB816D539223BE23F882A62442846F7BA08D4FFF4C57EAB660F416F1741F20D9305DC9CFBAFA
Malicious:	false
Reputation:	low
Preview:	?.h.t.t.p.s.:././.w.w.w...g.o.o.g.l.e...c.o.m./.s.2./.f.a.v.i.c.o.n.s.?.d.o.m.a.i.n.=.d.e.l.l...c.o.m.?.v.=.B.U.I.L.D._.H.A.S.H......PNG........IHDR................a....sBIT....\|.d....hIDAT8...[H.a....&..0i.B.E`.YJ...Q.Mt..^H.B.;+\.DK1...:8...B...7g....Xf.P..:.s.-.t...h/<7...^^..{...Z=..y.=pw.6zr....3.k..>.2.t.@.$...Bh..C...i6.D.=.HtN...>.....0.1.$..P.3.l...Tf..Uf."...d...~....t.......$0..}T.._8>z..C.T..B.n.....Mb%B.n.t.l-.....sj.9ht...+.i..(.....k...Q..U^...V.$\..G.7&!...T.B...3UqQ.l....k.4...2..... I.O.. dik.pD...Q$..&.lF./S(w...8{)...S.5.T....;....\|hu#....'C.NI.@@.+g.Qr.t~.........@..7....!.:..:..O..../."#LH...%...B..].a.........$KA........"....."..6p:.s .....h_..{.b.@.}]3...O$.+z.$.[#. .... ....]..&.e!&..mP.x..v...c+T..Pe.....v...:...v.y9...x.r\|.`.3#...c...$#.O.(-i.2...>..._....IEND.B`..................24`.....24`....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	23825
Entropy (8bit):	6.062338874803593
Encrypted:	false
SSDEEP:	384:Dwlk0vnywO1C3LGI0WDysoIAlwrtCN9by5Qkmcy77GAoIC44CGKM0iU:8lk0BbPAv9b4kcyHfNC44BU
MD5:	88E0927736DF6F074C4F125351D99369
SHA1:	01AC5A3743B2A7988EB011A423EA5403EC39536A
SHA-256:	44CA8E4A5A72D889A6BCD0A0F3B6C61FD0CA4A75D99B9CEFA82B8B596CAD7F32
SHA-512:	21A3F336639D040CBC192C033B791879A93B6399E3E1A11BDFABC60AD3C128E179D44345F9648F4E1B973AED9FED3081435D4FAED9AD5940BB31D038D6FE4E44
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm, Author: Joe Security
Reputation:	low
IE Cache URL:	https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4
Preview:	..<!doctype html>..<html lang="en">..<head>.. <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>.. <script src="https://code.jquery.com/jquery-3.1.1.min.js">.. <script src="https://code.jquery.com/jquery-3.3.1.js" integrity="sha256-2Kok7MbOyxpgUVvAk/HJ2jigOSYS2auK4Pfzbm7uH60=" crossorigin="anonymous"></script>.. Required meta tags -->.. <meta charset="utf-8">.. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.. <link rel="icon" type="image/png" sizes="192x192" href="https://www.google.com/s2/favicons?domain=dell.com?v=BUILD_HASH">.... Bootstrap CSS -->.. <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous"> -->.. <link href="https://fonts.googleapis.com/css?family=Archivo+Narrow&display=swap" rel="stylesheet">.. <sc

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\bootstrap.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	48944
Entropy (8bit):	5.272507874206726
Encrypted:	false
SSDEEP:	768:9VG5R15WbHVKZrycEHSYro34CrSLB6WU/6DqBf4l1B:9VIRuo53XiwWTvl1B
MD5:	14D449EB8876FA55E1EF3C2CC52B0C17
SHA1:	A9545831803B1359CFEED47E3B4D6BAE68E40E99
SHA-256:	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
SHA-512:	00D9069B9BD29AD0DAA0503F341D67549CCE28E888E1AFFD1A2A45B64A4C1BC460D81CFC4751857F991F2F4FB3D2572FD97FCA651BA0C2B0255530209B182F22
Malicious:	false
Reputation:	low
IE Cache URL:	https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Preview:	/!. Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function r(){return(r=Object.assign\|\|function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&e.hasOwnProperty("default")?e.default:e,n=n&&n.hasOwnProp

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\bootstrap.min[2].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	51039
Entropy (8bit):	5.247253437401007
Encrypted:	false
SSDEEP:	768:E9Yw7GuJM+HV0cen/7Kh5rM7V4RxCKg8FW/xsXQUd+FiID65r48Hgp5HRl+:E9X7PMIM7V4R5LFAxTWyuHHgp5HRl+
MD5:	67176C242E1BDC20603C878DEE836DF3
SHA1:	27A71B00383D61EF3C489326B3564D698FC1227C
SHA-256:	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
SHA-512:	9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A
Malicious:	false
Reputation:	low
IE Cache URL:	https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Preview:	/!. Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enum

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	726
Entropy (8bit):	5.180796546063191
Encrypted:	false
SSDEEP:	12:jFMO6ZRoT6pIFqFMO6ZN76pYnJqF/iO6ZRoT6pixuGEqF/iO6ZN76pixuyvJY:5MOYsiMOYN7q/iOYsNxDv/iOYN7Nxw
MD5:	22502A622488078B8DE4406FD548E1E5
SHA1:	78475040F2A19CE19AE97F70AB5086C52161F707
SHA-256:	37EFD16EBE120F8057C19B36BE006601E83EB64772A25897E07293891C4F3BC0
SHA-512:	D03E79E23C2CBC8017CF43CF24A57DE4397CC58EC6291070E8E96998670F8DC42394709C5DC38B03199D3AE8E2A40563A5E3A41DC4148859A7FB472137991625
Malicious:	false
Reputation:	low
Preview:	@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0d.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhv.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\font-awesome.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	31000
Entropy (8bit):	4.746143404849733
Encrypted:	false
SSDEEP:	384:wHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:wwlr+Klk3Yi+fwYUf2l8yQ/e9vf
MD5:	269550530CC127B6AA5A35925A7DE6CE
SHA1:	512C7D79033E3028A9BE61B540CF1A6870C896F8
SHA-256:	799AEB25CC0373FDEE0E1B1DB7AD6C2F6A0E058DFADAA3379689F583213190BD
SHA-512:	49F4E24E55FA924FAA8AD7DEBE5FFB2E26D439E25696DF6B6F20E7F766B50EA58EC3DBD61B6305A1ACACD2C80E6E659ACCEE4140F885B9C9E71008E9001FBF4B
Malicious:	false
Reputation:	low
IE Cache URL:	https://firebasestorage.googleapis.com/v0/b/dellcssfile.appspot.com/o/font-awesome.min.css?alt=media&token=e6f19ce7-a9ca-457e-80df-0f4823412ad5
Preview:	/!. Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot?v=4.7.0');src:url('../fonts/fontawesome-webfont.eot?#iefix&v=4.7.0') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff2?v=4.7.0') format('woff2'),url('../fonts/fontawesome-webfont.woff?v=4.7.0') format('woff'),url('../fonts/fontawesome-webfont.ttf?v=4.7.0') format('truetype'),url('../fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\bootstrap.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	121200
Entropy (8bit):	5.0982146191887106
Encrypted:	false
SSDEEP:	768:Vy3Gxw/Vc/QWlJxtQOIuiHlq5mzI4X8OAduFKbv2ctg2Bd8JP7ecQVvH1FS:nw/a1fIuiHlq5mN8lDbNmPbh
MD5:	EC3BB52A00E176A7181D454DFFAEA219
SHA1:	6527D8BF3E1E9368BAB8C7B60F56BC01FA3AFD68
SHA-256:	F75E846CC83BD11432F4B1E21A45F31BC85283D11D372F7B19ACCD1BF6A2635C
SHA-512:	E8C5DAF01EAE68ED7C1E277A6E544C7AD108A0FA877FB531D6D9F2210769B7DA88E4E002C7B0BE3B72154EBF7CBF01A795C8342CE2DAD368BD6351E956195F8B
Malicious:	false
Reputation:	low
IE Cache URL:	https://firebasestorage.googleapis.com/v0/b/dellcssfile.appspot.com/o/bootstrap.min.css?alt=media&token=ec34bc68-b721-48e5-a02a-8deed9a44325
Preview:	/!. Bootstrap v3.3.7 (http://getbootstrap.com). * Copyright 2011-2016 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). //! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css */html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{margin:.67em 0;font-size:2em}mark{color:#000;background:#ff0}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	223
Entropy (8bit):	5.142612311542767
Encrypted:	false
SSDEEP:	6:0IFFDK+Q+56ZRWHMqh7izlpdRSRk68k3tg9EFNin:jFI+QO6ZRoMqt6p3Tk9g9CY
MD5:	72C5D331F2135E52DA2A95F7854049A3
SHA1:	572F349BB65758D377CCBAE434350507341ACD7B
SHA-256:	C3A12D7E8F6B2B1F5E4CD0C9938DFC79532AEF90802B424EE910093F156586DA
SHA-512:	9EA12CC277C9858524083FEBBE1A3E61FDECE5268F63B14C9FFAFE29396C7CCDB3B07BE10E829936BCCD8F3B9E39DCFA6BC4316F189E4CEA914F1D06916DB66B
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.googleapis.com/css?family=Archivo+Narrow&display=swap
Preview:	@font-face {. font-family: 'Archivo Narrow';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/archivonarrow/v12/tss0ApVBdCYD5Q7hcxTE1ArZ0bbwiXo.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\free-fa-regular-400[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Font Awesome 5 Free Regular family
Category:	downloaded
Size (bytes):	34350
Entropy (8bit):	6.319416398409097
Encrypted:	false
SSDEEP:	384:2TILSQt3owpXUazLuDULbNVTH/oOkKQB3I+89AyI6WcRwkw8cQUtR:2ULSe3yy6DOP/oDB29uc5w8cQUL
MD5:	73570FCA80D5237954C19C20BDA58A70
SHA1:	E27F09071CA6B858A1B96B1CD02B2B34BCE85178
SHA-256:	75BAC9C568E4B2DF8C25F96513A92FA4740D4B11E58FB0ADB88E2F4DADC7FFCD
SHA-512:	60632D9B3893631C82FDC7D56741A8EFA52BA9333BF4FECA083330B9B1454CC6F4A1AEEDF621EBF92CFF634A0BA91F4EB1F0DF6009A69C6BD14A0A39908E8B99
Malicious:	false
Reputation:	low
IE Cache URL:	https://ka-f.fontawesome.com/releases/v5.15.2/webfonts/free-fa-regular-400.eot?
Preview:	..................................LP..........................w...................6.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .R.e.g.u.l.a.r.....R.e.g.u.l.a.r...L.3.3.1...5.2.2. .(.F.o.n.t. .A.w.e.s.o.m.e. .v.e.r.s.i.o.n.:. .5...1.5...2.)...6.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .R.e.g.u.l.a.r................PFFTM.4.........GDEF.*..........OS/2A.S....X...`cmap...........gasp............glyf\|.7.... ..n.head.&.........6hhea.5.........$hmtx...t.......Tloca.e........6maxp.......8... name9.;"..w....[post.iA...}..........K...w.._.<..........$.Z.....$.`.................................................................................@.................L.f...G.L.f....................................PfEd...............T.........:..... ...................@...........................@...............@...................@.......@...@.......@...@...................................`...............................@...................@....................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\free-fa-solid-900[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Font Awesome 5 Free Solid family
Category:	downloaded
Size (bytes):	204814
Entropy (8bit):	6.343269877413605
Encrypted:	false
SSDEEP:	6144:9t+zd6McnODzpN2BDXTIRSwRKSK3NC59M4:iELnODze58Rjg+5b
MD5:	AD5381B40F2857CE48DC73585FC92294
SHA1:	B404BB9916EDFD272560C27CFD09C032EC9F9B96
SHA-256:	2D45F4A3844BEFB918111DF65049A4FA71577D5E8FF009934B62E647E4702AB0
SHA-512:	69409725FE954403937CA22F5CDE811574FA2EBDBE24BF7CD5566826259A2427692251BFC90E663696C6A425F6C2DB95C8946495B4A5228B3BA8FEA10F79C2F5
Malicious:	false
Reputation:	low
IE Cache URL:	https://ka-f.fontawesome.com/releases/v5.15.2/webfonts/free-fa-solid-900.eot?
Preview:	. ................................LP...........................F..................2.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .S.o.l.i.d.....S.o.l.i.d...L.3.3.1...5.2.2. .(.F.o.n.t. .A.w.e.s.o.m.e. .v.e.r.s.i.o.n.:. .5...1.5...2.)...2.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .S.o.l.i.d................PFFTM.4.........GDEF.*..........OS/23.V`...X...`cmap.j.4...h....gasp............glyfh.....-....dhead.4.........6hhea.C.-.......$hmtx.Q..........loca.......8....maxp.N.`...8... name#./....P...+post..Fa...\|..1......K..F..._.<..........$.\.....$.`...............................................................]. ...............@.................L.f...G.L.f....................................PfEd...............T.........:..... ...................................@.......@. .........................@...........@...................................................................................@...........................`.......................@.......@.......@...................................@....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\jquery.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
IE Cache URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	830
Entropy (8bit):	5.7045908853377485
Encrypted:	false
SSDEEP:	12:J0+ox0RJWWPboKqVTIfCccbqVTIfCccXSUqVTIfCccJIvmKD1AT:y+OWPbjqVTIfsqVTIfZUqVTIf8IuK2
MD5:	55A2F2C2F7FD02E3EC843A0B5DD7BDC9
SHA1:	3F2F1FD8D955B07D96C6A66C22369630C79277F5
SHA-256:	673687FA69ABD36E46E6FA918088738E19B10CE4196160776F27C19D916B7B03
SHA-512:	5A33A54A04FFC1310BE0AF5220573578B2799A04361C799AC8D1A20EA2517E295F1BC53E9029F5F8C36B86F7B292E8E38CF0B2B8301A3DD06D038F97C28D1114
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="https://nliwierfrf.gb.net/xcvbn/QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y/?Key=QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y&rand=13InboxLightaspxn_QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y_MzRRc1FBNzZlcWdkRjlZ-&d7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4">here</a>.</p>.</body></html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\favicons[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	410
Entropy (8bit):	7.1505149338619995
Encrypted:	false
SSDEEP:	6:6v/lhPysn9+H/GaB3RbRtsUUOqW906ZMIteZ3hyerzK/S7UYSSsR/+BqymCzQX2c:6v/7HkdRts6KygTyEzKagxShUAc
MD5:	E4D0C70B753B2AE3AA28F2BBCB1F3978
SHA1:	A65701DC3DA06436129AD937722B6F6E10C3B9FB
SHA-256:	3CC7592C40DBE6B04FF0682D7865EAE3D8B48F1B7C8BC6C166E4DDD7F9DFE402
SHA-512:	C804C6C731959FE8A2AE6EB96BDC9D952D72D2B09E209841C095A31B6BFCC31FC083AA3FD0F3AEE6839219655179A747873C2BDF23A80A7FEA767AA2A16B8506
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/s2/favicons?domain=wcps.k12.md.us
Preview:	.PNG........IHDR................a....sBIT....\|.d....QIDAT8.c`.....[o..3000#.}g``.T.f\|w...Q...^..............z._.........7n..[L..??..g.`.n....C..._....rq.>......O..88.....C.....77..?..3{.E.=}.........?$.~....b?~\|.?.{......u}...R...../.>.2....../.Y.7.1.z......o.E.7...n?zf,..w...\6+{.....w...?...<..NY;..fd```pt.}.c`.._@..};...........\\.~..)...7EM]..s..d.x.eg.x........( ..w....p....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\free-v4-shims.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	26701
Entropy (8bit):	4.82979949483045
Encrypted:	false
SSDEEP:	192:SP6hT1bIl4w0QUmQ10PwKLaAu5CwWavpHo4O6wgLPbJVR8XD7mycP:5hal4w0QK+PwK05eavpmgPPeXD7mycP
MD5:	1848E71668F42835079E5FA2AF6CF4A8
SHA1:	6AE345E2FEB8C2A524E7CF9E22A3A87BAEE60593
SHA-256:	D7CC3C57F9BDA4C6DCB83BB3C19F2F2AA86ECEC6274E243CD4EC315AE8E30101
SHA-512:	24E0AF4EC32A9AAB61D9E1AF9B2083F2D13CC98961B5E32BB613A02FEEF63F5F30C3B21C6308A4A204D981D77C86F09E221D0DB7B051A3538ACE07E727F29F58
Malicious:	false
Reputation:	low
IE Cache URL:	https://ka-f.fontawesome.com/releases/v5.15.2/css/free-v4-shims.min.css?token=585b051251
Preview:	/!. Font Awesome Free 5.15.2 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.fa.fa-glass:before{content:"\f000"}.fa.fa-meetup{font-family:"Font Awesome 5 Brands";font-weight:400}.fa.fa-star-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-star-o:before{content:"\f005"}.fa.fa-close:before,.fa.fa-remove:before{content:"\f00d"}.fa.fa-gear:before{content:"\f013"}.fa.fa-trash-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-trash-o:before{content:"\f2ed"}.fa.fa-file-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-file-o:before{content:"\f15b"}.fa.fa-clock-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-clock-o:before{content:"\f017"}.fa.fa-arrow-circle-o-down{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-arrow-circle-o-down:before{content:"\f358"}.fa.fa-arrow-circle-o-up{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-arro

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\free.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	60351
Entropy (8bit):	4.728636851806783
Encrypted:	false
SSDEEP:	768:5Uh31IPiyXNq4YxBowbgJlkwF//zMQyYJYX9Bft6VSz8:5U0PxXE4YXJgndFTfy9lt5Q
MD5:	4ECC071B77D6B1790FA9FB8A5173F972
SHA1:	B44FCBAAC4F3AA7381D71DE20064AC84B0B729D1
SHA-256:	8C7BBA7DEB64FF95E98F7AC8CD0D3B675A4BCF02F302E57EDC5A1D6FA3D6CF94
SHA-512:	7CC1D04078B5917269025B6F37C7DDD83A0A5A0C5840E2A6E99ADFE2FB3E2242C626F25315480ADCD725C855AD2881DDF672B6FC1D793377C2D16FF38EAF69E9
Malicious:	false
Reputation:	low
IE Cache URL:	https://ka-f.fontawesome.com/releases/v5.15.2/css/free.min.css?token=585b051251
Preview:	/!. Font Awesome Free 5.15.2 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pul

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\mem5YaGs126MiZpBA-UN7rgOUuhv[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 18900, version 1.1
Category:	downloaded
Size (bytes):	18900
Entropy (8bit):	7.96514104643824
Encrypted:	false
SSDEEP:	384:nejx4dDcsFhu/3v79dEAUdH6XSw1fz9fKQm9LQNG/X1epB:ejadDrhYTf3Udaieza98Nbz
MD5:	1F85E92D8FF443980BC0F83AD7B23B60
SHA1:	EE8642C4FAE325BB460EC29C0C2C9AD8A4C7817D
SHA-256:	EA20E5DB3BA915C503173FAE268445FC2745FC9A5DCE2F58D47F5A355E1CDB18
SHA-512:	F34099C30F35F782C8BB2B92D7F44549013D90E9EEDE13816D4C7380147D5B2C8373CC4D858CDF3248AAA8A73948350340EE57DAE9734038FC80615848C7133E
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhv.woff
Preview:	wOFF......I.......p.........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`....cmap...`.........X..cvt .......].....-..fpgm...t........s.ugasp................glyf...$..9...Y..(.head..A....6...6.%I.hhea..B,.......$.)..hmtx..BL..........O,loca..D`........9yfmaxp..F$... ... .q..name..FD........#.>.post..G4.......x.U..prep..H............k........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`f.g......:....Q.B3_dHc.........................@`......../..?....^...... 9.8.m@J....w..!..x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f\|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g``..$KY...e@.,q@.j...o@<..O.H.t.................c .p@..........3lbd.....-.}.M...!...!....x.TGw.F........)..)7.W..`.j.-...='_..sI...2...O>....[tt....TK]..\|...G..............^.m..=..x.q...+./].p...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\popper.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	19188
Entropy (8bit):	5.212814407014048
Encrypted:	false
SSDEEP:	384:+CbuG4xGNoDic2UjKPafxwC5b/4xQviOJU7QzxzivDdE3pcGdjkd/9jt3B+Kb964:zb4xGmiJfaf7gxQvVU7eziv+cSjknZ3f
MD5:	70D3FDA195602FE8B75E0097EED74DDE
SHA1:	C3B977AA4B8DFB69D651E07015031D385DED964B
SHA-256:	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
SHA-512:	51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Preview:	/. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. /(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode\|\|e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto\|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\xcvbn[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	1159
Entropy (8bit):	5.1328878916132075
Encrypted:	false
SSDEEP:	24:D5KqVTIfgIcIDFI5Kc/IYiIyhLXdP+oYwBgb:vTFZid7dWoYIe
MD5:	CC51C88E532F188EBAD2DB4DF3006F49
SHA1:	A331E205196EFFB490F17B330D0332698CBE2CB5
SHA-256:	4ADFB4E7BCBCB339DC754909D31CB668F9A1B4EE01A81D6397B4A1D6561A8651
SHA-512:	AAACE0BCD86044E4AF65B86CAD414314D33D70203C8E3E8A2DAF8D7AA05FE0C3A93E4418FF05347E118212A2476FCA52FE6F82EFA6A8273E6C223403CA3956D6
Malicious:	false
Reputation:	low
Preview:	.<script type="text/javascript">.. var random = 'QXNpYQ==22-02-202101-37-31pm3803fe4e995ba53820d5309dd609ff4d2cc7b4d82702293091209e3ad38ed14aMzRRc1FBNzZlcWdkRjlZVUVzPQ==UGFraXN0YW4=VUVzPQ==34QsQA76eqgdF9Y';. var b = 'MzRRc1FBNzZlcWdkRjlZ';. var result = 'd7410d2ca94e005b22cf0a37c379149e2f2aab88fd8c965f38f02b4abdc333f4';. var url = "";.. var hashValue = location.hash.substr(1);. if (hashValue == "") {. var queryString = window.location.search;. var urlParams = new URLSearchParams(queryString);. var userid = urlParams.get('userid');.. if (userid != "" && userid != null) {. url = random + "?Key=" + random + "&rand=13InboxLightaspxn_" + random + "_" + b + "-&" + result + "&userid=" + userid;. window.location.href = url;. } else {. url = random + "?Key=" + random + "&rand=13InboxLightaspxn_" + random + "_" + b + "-&" + result;. window.location.href = url;. }.. } else {. url = ra

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\585b051251[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	10866
Entropy (8bit):	5.182477446178365
Encrypted:	false
SSDEEP:	192:BBHN42S+9SZRvACpiIthFzoXnemF+shSGnZ+PPxQDqv7jh81Q5l8OcchIlzbCn:HRCfhFzevnEZ/h81Q5l8OsE
MD5:	4B900F0AF3BBDA85E1077C8EC8C83831
SHA1:	7E7015965195F25AFA3A47BE2108278AD6A0A4AC
SHA-256:	7943D6D067DB8587E9FB675F0D2CC78D6C90C91B187CF8642A3F52FF91381685
SHA-512:	2CD82E0DCD1381447522CFFD610136513323E5D2980FAE730801FE8BBA580FF7FDF9CB8D2E9AC794D6F2FB59C724EDA71BECE7CAA72C775BC963E1A54B30EBCB
Malicious:	false
Reputation:	low
IE Cache URL:	https://kit.fontawesome.com/585b051251.js
Preview:	window.FontAwesomeKitConfig = {"asyncLoading":{"enabled":true},"autoA11y":{"enabled":true},"baseUrl":"https://ka-f.fontawesome.com","baseUrlKit":"https://kit.fontawesome.com","detectConflictsUntil":null,"iconUploads":{},"id":132286382,"license":"free","method":"css","minify":{"enabled":true},"token":"585b051251","v4FontFaceShim":{"enabled":false},"v4shim":{"enabled":true},"version":"5.15.2"};.!function(t){"function"==typeof define&&define.amd?define("kit-loader",t):t()}((function(){"use strict";function t(e){return(t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t})(e)}function e(t,e,n){return e in t?Object.defineProperty(t,e,{value:n,enumerable:!0,configurable:!0,writable:!0}):t[e]=n,t}function n(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter((function(e){return Object.g

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 20356, version 1.1
Category:	downloaded
Size (bytes):	20356
Entropy (8bit):	7.972919215442608
Encrypted:	false
SSDEEP:	384:of+dt1ebKR28EPpAXxR5wthZZv4B8Te/h4+ctr5NH9NwZaUp4VsEgm:of+P1eeRcU8Hqdy+UHHbEw/
MD5:	ADCDE98F1D584DE52060AD7B16373DA3
SHA1:	0A9B76D81989A7A45336EBD7B48ED25803F344B9
SHA-256:	806EA46C426AF8FC24E5CF42A210228739696933D36299EB28AEE64F69FC71F1
SHA-512:	7B1D6CC0D841A9E5EFEC540387BC5F9B47E07A21FDC3DC4CE029BB0E3C74664BBC9F1BCCFD8FB575B595C2CC1FD16925C533E062C4C82EEE0C310FFD2B4C2927
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff
Preview:	wOFF......O.................................GDEF.......G...d....GPOS.............~..GSUB.......'......r.OS/2.......Q...`u...cmap...\..........W.cvt ...T...H...H+~..fpgm.......3...._...gasp................glyf......;...k....hdmx..H....m....!$..head..H....6...6...\hhea..I,.......$.&..hmtx..IL...y.....XF.loca..K.........`.C.maxp..M.... ... .(..name..M........~..9.post..N........ .m.dprep..N........)v60x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x....dK...{....?..F?.\|.~.m...ms.{.Z..;......U.]7s......\.=D.=.7...>....x...D..O\|.U:...\|o..3.x.j.r"B.............../.)x$.'"j.....1LGmaGxQxG....~.:'.A..hd.z,.k..KO.....^.}H\|#z_.O......R..A...9..A..!.(./..."..:.Iq1.r..s..r.7r.7s..q.wr....nz..]...2..d4c..c....d....T.1...d....\....,c9k.g..Yv.#O."%...... ...t"uM..%.......j.#^.....}\c.q.i...<jy.D...C.01.2.r.....V..z.W.7b..L.S.41]..kUs.X/6..b.........(..(...K..{.^..'........`#./..B......N+p.m`...].lQ....Drg.M..Kx.^.S...........h ..$.k.'Hy.I.ze..4z.-T.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\KFOmCnqEu92Fr1Mu4mxM[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 20268, version 1.1
Category:	downloaded
Size (bytes):	20268
Entropy (8bit):	7.970212610239314
Encrypted:	false
SSDEEP:	384:LyfRPUY1e32pJd75q1DzPjsnouCrZsZtetWFNFfIP0cIWvdzNcrm:uJPb1em3dSPjKrZYtWntk0wvdzh
MD5:	60FA3C0614B8FB2F394FA29944C21540
SHA1:	42C8AE79841C592A26633F10EE9A26C75BCF9273
SHA-256:	C1DC87F99C7FF228806117D58F085C6C573057FA237228081802B7D8D3CF7684
SHA-512:	C921362A52F3187224849EB566E297E48842D121E88C33449A5C6C1193FD4842BBD3EF181D770ADE9707011EB6F4078947B8165FAD51C72C17F43B592439FFF4
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff
Preview:	wOFF......O,.......P........................GDEF.......G...d....GPOS................GSUB.......'......r.OS/2.......P...`t...cmap...$..........W.cvt .......T...T+...fpgm...p...5....w.`.gasp................glyf......;Q..lD..&0hdmx..H....n..... ..head..Hx...6...6.j.zhhea..H........$....hmtx..H....t......Xdloca..KD........BC%.maxp..M0... ... .(..name..MP.......t.U9.post..N ....... .m.dprep..N4.......I.f..x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x.l..h.a........l.m.6.1+.X....i...y....&...._..63..5....2>...x\|D...ct.Kx..H@b.3..l..#u.....L......^..4.....rP..{.......Q...JT.:Xu>..T./>...oq...........~..@.....lq../.... ..#..".&.8.H$..r...J)..jj...&..f.=.9..N9.....'F..8.4.....m...m...m.m..n..&.X..}....S.\|.....n........PHaE...J...4..MjJ.*..nW)..rn3'/.....ks5zY5c...Mgg.5..p..rR{c...p..t\.8.c=..p...X.(.......7....=.........!...H ........(.0...(.q.JT?.b..z].'T...m..vNi.....t....:P.R..H....t.........&?.:.j.51+.S.":j.SK'I.^....}S.i.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\favicons[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	689
Entropy (8bit):	7.547514317403399
Encrypted:	false
SSDEEP:	12:6v/7aH90mJv85rPVOlNXbmMFb6IL9LjjPcQOJPQqG+GS+tVpAiz+1O4MbsDN:hH9bArPVO/XfF1NjjkJGHSE8ITG
MD5:	6F45B2E7280E12B8D0DF8280FDE4C155
SHA1:	7F4912503B0710270A047F0D1F2820FAE7B849E0
SHA-256:	B5BA52047193427D28D3F169FB3E4A2835C0FA1CA6F59192381BAA79CE74FBFB
SHA-512:	5C8C9114C682080337FD2BD2067D8C58C5E0D7E5B2DDEF64AE735E95AA5392AD15AE84153D7E15A113FF509B19B929616D74F5C65E2E583C2C7E3D122062F39F
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................a....sBIT....\|.d....hIDAT8...[H.a....&..0i.B.E`.YJ...Q.Mt..^H.B.;+\.DK1...:8...B...7g....Xf.P..:.s.-.t...h/<7...^^..{...Z=..y.=pw.6zr....3.k..>.2.t.@.$...Bh..C...i6.D.=.HtN...>.....0.1.$..P.3.l...Tf..Uf."...d...~....t.......$0..}T.._8>z..C.T..B.n.....Mb%B.n.t.l-.....sj.9ht...+.i..(.....k...Q..U^...V.$\..G.7&!...T.B...3UqQ.l....k.4...2..... I.O.. dik.pD...Q$..&.lF./S(w...8{)...S.5.T....;....\|hu#....'C.NI.@@.+g.Qr.t~.........@..7....!.:..:..O..../."#LH...%...B..].a.........$KA........"....."..6p:.s .....h_..{.b.@.}]3...O$.+z.$.[#. .... ....]..&.e!&..mP.x..v...c+T..Pe.....v...:...v.y9...x.r\|.`.3#...c...$#.O.(-i.2...>..._....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\jquery-3.1.1.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
Reputation:	low
IE Cache URL:	https://code.jquery.com/jquery-3.1.1.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\jquery-3.2.1.slim.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	69597
Entropy (8bit):	5.369216080582935
Encrypted:	false
SSDEEP:	1536:qNhEyjjTikEJO4edXXe9J578go6MWX2xkjVe4c4j2ll2Ac7pK3F71QDU8CuT:Exc2yjq4j2uYnQDU8CuT
MD5:	5F48FC77CAC90C4778FA24EC9C57F37D
SHA1:	9E89D1515BC4C371B86F4CB1002FD8E377C1829F
SHA-256:	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
SHA-512:	CAB8C4AFA1D8E3A8B7856EE29AE92566D44CEEAD70C8D533F2C98A976D77D0E1D314719B5C6A473789D8C6B21EBB4B89A6B0EC2E1C9C618FB1437EBC77D3A269
Malicious:	false
Reputation:	low
IE Cache URL:	https://code.jquery.com/jquery-3.2.1.slim.min.js
Preview:	/! jQuery v3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-event/ajax,-effects,-effects/Tween,-effects/animatedSelector \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_e

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\mem8YaGs126MiZpBA-UFVZ0d[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 18100, version 1.1
Category:	downloaded
Size (bytes):	18100
Entropy (8bit):	7.962027637722169
Encrypted:	false
SSDEEP:	384:aHQHZuiZQFFIimUy1oml4hN2Vmw1Qa57YC74ObDDj08X0UJQiXc:1ZQT0UySml4bEmAP5EC7PbDH4U1M
MD5:	DE0869E324680C99EFA1250515B4B41C
SHA1:	8033A128504F11145EA791E481E3CF79DCD290E2
SHA-256:	81F0EC27796225EA29F9F1C7B74F083EDCD7BC97A09D5FC4E8D03C0134E62445
SHA-512:	CD616DB99B91C6CBF427969F715197D54287BAFA60C3B58B93FF7837C21A6AAC1A984451AEEB9E07FD5B1B0EC465FE020ACBE1BFF8320E1628E970DDF37B0F0E
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0d.woff
Preview:	wOFF......F.......i.........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`~]..cmap...`.........X..cvt .......Y.....M..fpgm...p........~a..gasp...............#glyf......6...S...]head..>....6...6..cphhea..>........$....hmtx..?...........[$loca..A4.........f..maxp..B.... ... ....name..C.........&:A.post..D........x.U..prep..E.........C...........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`f..8.....u..1...<.f...................A......5....1...A.._6..".-..L.....Ar,......3..(....x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f\|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$KY...e@.,.."..........?....%.g....Z.....(".o..Y..Bu342.e......0..........M=.....x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.\|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N.KG.

C:\Users\user\AppData\Local\Temp\~DF005E3F5BF1EF3E95.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	62670
Entropy (8bit):	1.8936106827958605
Encrypted:	false
SSDEEP:	768:gu3Oukkk/abn8u3Oukkk/abou3Oukkk/aa:W
MD5:	59F87613C5BC506230F3306D3CD82937
SHA1:	308E682E20C6C4BE940EF8EF9ABBD8146E13F566
SHA-256:	17C8FEDB6C777F797DCD229E572046BD8A8C1476D859EC7B3590F19EC0C3F9DD
SHA-512:	C6568592FA2C91A8F4BF0B24115297E591852C4E0C90B9BF536F7AE15D9171D3C4ED5D661DCC6DEB1B72A5E9633A812827CB13AC8BDFFDD6AA0EAC2F057A6944
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF2961C22C6FC71983.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	1.0709942163039183
Encrypted:	false
SSDEEP:	48:kBqoxxJhHWSVSEabN+7+QB+Xq0h7is+7+QB+Xq0p7is+7+QB+Xq0t77iZ:kBqoxDhHWSVSE+HqQqkqa+
MD5:	B38856D54C4C66846250BB47B00936F7
SHA1:	E20911E157C24C896FDDDBDCC47F9BA9F562D274
SHA-256:	D215977158BE5D422A7F51A38DEF3C15451A36AA9937AB5B55732D881CBF4427
SHA-512:	964FBD35D54E09AFD01625F872D85121A74E989ED3790AA9A3FE81DD3C750ACD1308E74AF8D96A01B7E58260412D05DFC6EDC82597345877B6278C767134D7AE
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFD481E1B3B9292EBF.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.4800413028390838
Encrypted:	false
SSDEEP:	12:c9lCg5/9lCgeK9l26an9l26an9l8fRqk9l8fRq09lTqqU68ZKWK6qKaqK0K+UDfT:c9lLh9lLh9lIn9lIn9lo39lo39lWNNI
MD5:	4DD04DAF1119673BC230743F6159DAC4
SHA1:	227746AD550DC6E3149BEEFCD1EBF5A71285AC88
SHA-256:	C3F3FE47943FCB916196A8C496D886B802EB4574C6E723DDABFF4843A2C6765C
SHA-512:	41BA9ACABB442EB74E220501906086565A0A06DECC74C0FB77661EE93AF13C81D13EDB51B71D1846BD8B0B84B050CC2BDE8E6FEFB32AFF56E3356D6FA39468E3
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 22, 2021 14:37:30.877618074 CET	49709	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:30.878508091 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:31.019853115 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:31.019891024 CET	443	49709	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:31.019999027 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:31.020065069 CET	49709	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:31.026719093 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:31.027880907 CET	49709	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:31.166362047 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:31.168520927 CET	443	49709	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:31.171300888 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:31.171346903 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:31.171371937 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:31.171380043 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:31.171401978 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:31.171411037 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:31.171458960 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:31.172265053 CET	443	49709	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:31.172308922 CET	443	49709	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:31.172333956 CET	443	49709	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:31.172362089 CET	443	49709	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:31.172418118 CET	49709	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:31.172444105 CET	49709	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:31.172446966 CET	49709	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:31.245989084 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:31.249464035 CET	49709	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:31.252384901 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:31.386023045 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:31.386181116 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:31.390394926 CET	443	49709	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:31.390717030 CET	49709	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:31.431849003 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:31.648036003 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:31.648101091 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:31.648169041 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:31.648210049 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:32.231791019 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:32.371797085 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.372787952 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.372822046 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.372869015 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:32.372896910 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:32.377088070 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:32.518215895 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.518255949 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.518273115 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.518296957 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.518318892 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.518336058 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.518358946 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.518379927 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:32.518388033 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.518408060 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.518429995 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.518440962 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:32.518460989 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.518469095 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:32.518491030 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.518496990 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:32.518507004 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.518541098 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:32.561476946 CET	49709	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:32.658423901 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.658452988 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.658468008 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.658490896 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.658510923 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:32.658516884 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.658535004 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.658546925 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:32.658560038 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.658586979 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:32.658618927 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:32.658684015 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.658701897 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.658725023 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:32.658726931 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.658751011 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.658766031 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.658775091 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:32.658790112 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.658791065 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:32.658813953 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.658837080 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:32.658859015 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:32.703099966 CET	443	49709	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:32.703238964 CET	49709	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:32.736635923 CET	49721	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.738181114 CET	49722	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.781255960 CET	443	49721	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.781369925 CET	49721	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.781908989 CET	49721	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.782800913 CET	443	49722	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.782888889 CET	49722	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.783862114 CET	49722	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.829209089 CET	443	49721	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.829971075 CET	443	49721	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.829991102 CET	443	49721	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.830040932 CET	49721	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.830089092 CET	49721	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.831037998 CET	443	49722	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.831675053 CET	443	49722	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.831690073 CET	443	49722	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.831758976 CET	49722	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.905038118 CET	49722	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.905353069 CET	49721	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.913199902 CET	49722	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.914400101 CET	49721	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.915576935 CET	49722	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.949599028 CET	443	49722	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.949801922 CET	443	49722	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.949860096 CET	49722	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.949862957 CET	443	49722	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.949922085 CET	49722	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.949955940 CET	443	49721	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.950090885 CET	443	49721	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.950149059 CET	49721	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.950186968 CET	443	49721	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.950229883 CET	49721	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.950834990 CET	49721	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.951030970 CET	49722	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.957742929 CET	443	49722	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.957762957 CET	443	49722	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.957837105 CET	49722	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.959096909 CET	443	49721	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.959115028 CET	443	49721	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.959243059 CET	49721	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.966907024 CET	443	49722	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.966929913 CET	443	49722	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.966942072 CET	443	49722	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.967009068 CET	49722	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.967039108 CET	443	49722	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.967050076 CET	49722	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.967055082 CET	443	49722	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.967068911 CET	443	49722	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.967138052 CET	49722	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.968033075 CET	443	49722	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.968091965 CET	443	49722	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.968612909 CET	49722	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:32.969053030 CET	443	49722	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:32.969137907 CET	49722	443	192.168.2.7	104.16.18.94
Feb 22, 2021 14:37:33.043442011 CET	443	49721	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:33.045514107 CET	443	49722	104.16.18.94	192.168.2.7
Feb 22, 2021 14:37:37.523600101 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:37.523641109 CET	443	49710	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:37.523694038 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:37.523750067 CET	49710	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:37.708483934 CET	443	49709	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:37.708549976 CET	443	49709	104.129.25.9	192.168.2.7
Feb 22, 2021 14:37:37.708633900 CET	49709	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:37.708690882 CET	49709	443	192.168.2.7	104.129.25.9
Feb 22, 2021 14:37:49.479244947 CET	49746	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.479325056 CET	49745	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.532459021 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.532617092 CET	49745	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.533518076 CET	49745	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.539016962 CET	443	49746	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.539439917 CET	49746	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.540118933 CET	49746	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.587356091 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.591756105 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.591830015 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.591877937 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.591891050 CET	49745	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.591934919 CET	49745	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.591942072 CET	49745	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.600408077 CET	443	49746	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.602622986 CET	49745	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.603192091 CET	49745	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.603303909 CET	49745	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.604037046 CET	443	49746	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.604068041 CET	443	49746	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.604083061 CET	443	49746	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.604162931 CET	49746	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.610955954 CET	49746	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.611399889 CET	49746	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.653909922 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.654457092 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.654478073 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.655797005 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.658267975 CET	49745	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.666656017 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.667331934 CET	49745	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.667584896 CET	49745	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.669919968 CET	443	49746	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.669946909 CET	443	49746	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.674951077 CET	443	49746	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.675048113 CET	443	49746	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.675077915 CET	49746	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.675118923 CET	49746	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.675806046 CET	49746	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.718745947 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.735105038 CET	443	49746	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.739558935 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.739590883 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.739614964 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.739638090 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.739659071 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.739679098 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.739696026 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.739707947 CET	49745	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.739716053 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.739732981 CET	49745	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.739737034 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.739753008 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.739754915 CET	49745	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.739777088 CET	49745	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.739814997 CET	49745	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.792581081 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.792622089 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.792645931 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.792665005 CET	49745	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.792668104 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.792689085 CET	443	49745	35.214.201.112	192.168.2.7
Feb 22, 2021 14:37:49.792695999 CET	49745	443	192.168.2.7	35.214.201.112
Feb 22, 2021 14:37:49.792730093 CET	49745	443	192.168.2.7	35.214.201.112

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 22, 2021 14:37:20.558984995 CET	56590	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:20.609910011 CET	53	56590	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:20.671821117 CET	60501	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:20.703818083 CET	53775	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:20.723824978 CET	53	60501	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:20.755734921 CET	53	53775	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:21.755023956 CET	51837	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:21.803776026 CET	53	51837	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:22.614783049 CET	55411	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:22.674195051 CET	53	55411	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:22.736778975 CET	63668	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:22.786186934 CET	53	63668	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:23.704505920 CET	54640	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:23.753158092 CET	53	54640	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:24.731990099 CET	58739	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:24.780512094 CET	53	58739	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:25.835668087 CET	60338	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:25.884316921 CET	53	60338	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:26.915956974 CET	58717	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:26.964548111 CET	53	58717	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:28.125936031 CET	59762	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:28.174848080 CET	53	59762	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:28.473176956 CET	54329	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:28.531650066 CET	53	54329	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:29.677958965 CET	58052	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:30.679775000 CET	58052	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:30.854752064 CET	53	58052	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:32.533967972 CET	54008	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:32.541718960 CET	59451	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:32.552170992 CET	52914	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:32.566406012 CET	64569	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:32.577702999 CET	52816	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:32.593029976 CET	53	59451	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:32.601480961 CET	53	52914	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:32.601562023 CET	53	54008	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:32.615281105 CET	53	64569	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:32.645457983 CET	53	52816	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:32.682753086 CET	50781	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:32.688536882 CET	54230	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:32.691732883 CET	54911	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:32.734066010 CET	53	50781	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:32.739972115 CET	53	54230	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:32.740305901 CET	53	54911	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:32.860807896 CET	49958	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:32.912432909 CET	53	49958	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:32.987962008 CET	50860	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:33.039870024 CET	53	50860	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:33.853785038 CET	50452	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:33.902584076 CET	53	50452	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:34.283879042 CET	59730	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:34.364212036 CET	53	59730	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:34.829427004 CET	59310	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:34.880867958 CET	53	59310	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:35.880539894 CET	51919	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:35.940969944 CET	53	51919	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:37.168045998 CET	64296	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:37.216872931 CET	53	64296	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:38.879170895 CET	56680	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:38.927872896 CET	53	56680	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:39.845670938 CET	58820	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:39.897480965 CET	53	58820	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:41.106272936 CET	60983	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:41.157876015 CET	53	60983	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:42.122042894 CET	49247	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:42.170883894 CET	53	49247	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:47.627041101 CET	52286	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:47.684161901 CET	53	52286	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:48.255949020 CET	56064	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:48.307437897 CET	53	56064	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:49.227860928 CET	63744	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:49.279387951 CET	53	63744	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:49.311466932 CET	61457	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:49.475977898 CET	53	61457	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:49.956263065 CET	58367	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:50.008083105 CET	53	58367	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:50.427438021 CET	60599	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:50.476218939 CET	53	60599	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:50.711183071 CET	59571	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:50.771526098 CET	53	59571	8.8.8.8	192.168.2.7
Feb 22, 2021 14:37:51.878051043 CET	52689	53	192.168.2.7	8.8.8.8
Feb 22, 2021 14:37:51.926670074 CET	53	52689	8.8.8.8	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Feb 22, 2021 14:37:29.677958965 CET	192.168.2.7	8.8.8.8	0x59c4	Standard query (0)	nliwierfrf.gb.net	A (IP address)	IN (0x0001)
Feb 22, 2021 14:37:30.679775000 CET	192.168.2.7	8.8.8.8	0x59c4	Standard query (0)	nliwierfrf.gb.net	A (IP address)	IN (0x0001)
Feb 22, 2021 14:37:32.541718960 CET	192.168.2.7	8.8.8.8	0xe1a6	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)
Feb 22, 2021 14:37:32.566406012 CET	192.168.2.7	8.8.8.8	0x47fd	Standard query (0)	kit.fontawesome.com	A (IP address)	IN (0x0001)
Feb 22, 2021 14:37:32.682753086 CET	192.168.2.7	8.8.8.8	0xeeca	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)
Feb 22, 2021 14:37:32.688536882 CET	192.168.2.7	8.8.8.8	0x9cd8	Standard query (0)	maxcdn.bootstrapcdn.com	A (IP address)	IN (0x0001)
Feb 22, 2021 14:37:32.691732883 CET	192.168.2.7	8.8.8.8	0x1274	Standard query (0)	stackpath.bootstrapcdn.com	A (IP address)	IN (0x0001)
Feb 22, 2021 14:37:32.987962008 CET	192.168.2.7	8.8.8.8	0xaaa0	Standard query (0)	ka-f.fontawesome.com	A (IP address)	IN (0x0001)
Feb 22, 2021 14:37:49.311466932 CET	192.168.2.7	8.8.8.8	0x15b1	Standard query (0)	www.politikesgeuseis.gr	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Feb 22, 2021 14:37:30.854752064 CET	8.8.8.8	192.168.2.7	0x59c4	No error (0)	nliwierfrf.gb.net		104.129.25.9	A (IP address)	IN (0x0001)
Feb 22, 2021 14:37:32.593029976 CET	8.8.8.8	192.168.2.7	0xe1a6	No error (0)	code.jquery.com	cds.s5x3j6q5.hwcdn.net		CNAME (Canonical name)	IN (0x0001)
Feb 22, 2021 14:37:32.615281105 CET	8.8.8.8	192.168.2.7	0x47fd	No error (0)	kit.fontawesome.com	kit.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Feb 22, 2021 14:37:32.734066010 CET	8.8.8.8	192.168.2.7	0xeeca	No error (0)	cdnjs.cloudflare.com		104.16.18.94	A (IP address)	IN (0x0001)
Feb 22, 2021 14:37:32.734066010 CET	8.8.8.8	192.168.2.7	0xeeca	No error (0)	cdnjs.cloudflare.com		104.16.19.94	A (IP address)	IN (0x0001)
Feb 22, 2021 14:37:32.739972115 CET	8.8.8.8	192.168.2.7	0x9cd8	No error (0)	maxcdn.bootstrapcdn.com	cds.j3z9t3p6.hwcdn.net		CNAME (Canonical name)	IN (0x0001)
Feb 22, 2021 14:37:32.740305901 CET	8.8.8.8	192.168.2.7	0x1274	No error (0)	stackpath.bootstrapcdn.com	cds.j3z9t3p6.hwcdn.net		CNAME (Canonical name)	IN (0x0001)
Feb 22, 2021 14:37:33.039870024 CET	8.8.8.8	192.168.2.7	0xaaa0	No error (0)	ka-f.fontawesome.com	ka-f.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Feb 22, 2021 14:37:49.475977898 CET	8.8.8.8	192.168.2.7	0x15b1	No error (0)	www.politikesgeuseis.gr		35.214.201.112	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Feb 22, 2021 14:37:31.171346903 CET	104.129.25.9	443	192.168.2.7	49710	CN=*.nliwierfrf.gb.net CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Jan 07 22:07:31 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Wed Apr 07 23:07:31 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 22, 2021 14:37:31.171346903 CET	104.129.25.9	443	192.168.2.7	49710	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
Feb 22, 2021 14:37:31.172308922 CET	104.129.25.9	443	192.168.2.7	49709	CN=*.nliwierfrf.gb.net CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Jan 07 22:07:31 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Wed Apr 07 23:07:31 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 22, 2021 14:37:31.172308922 CET	104.129.25.9	443	192.168.2.7	49709	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
Feb 22, 2021 14:37:32.829991102 CET	104.16.18.94	443	192.168.2.7	49721	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 22, 2021 14:37:32.829991102 CET	104.16.18.94	443	192.168.2.7	49721	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Feb 22, 2021 14:37:32.831690073 CET	104.16.18.94	443	192.168.2.7	49722	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 22, 2021 14:37:32.831690073 CET	104.16.18.94	443	192.168.2.7	49722	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Feb 22, 2021 14:37:49.591830015 CET	35.214.201.112	443	192.168.2.7	49745	CN=politikesgeuseis.gr CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Tue Jan 05 10:56:34 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Mon Apr 05 11:56:34 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 22, 2021 14:37:49.591830015 CET	35.214.201.112	443	192.168.2.7	49745	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
Feb 22, 2021 14:37:49.604068041 CET	35.214.201.112	443	192.168.2.7	49746	CN=politikesgeuseis.gr CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Tue Jan 05 10:56:34 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Mon Apr 05 11:56:34 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Feb 22, 2021 14:37:49.604068041 CET	35.214.201.112	443	192.168.2.7	49746	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 4340 Parent PID: 792

General

Start time:	14:37:27
Start date:	22/02/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff650a90000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: iexplore.exe PID: 976 Parent PID: 4340

General

Start time:	14:37:28
Start date:	22/02/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4340 CREDAT:17410 /prefetch:2
Imagebase:	0x1370000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://nliwierfrf.gb.net/xcvbn/?sicmalsnj3f3=83djnskjac4fr#gladhjef@wcps.k12.md.us

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 4340 Parent PID: 792

General

Chronological Activities

Analysis Process: iexplore.exe PID: 976 Parent PID: 4340

General

Chronological Activities

Disassembly