Play interactive tour

Edit tour

Analysis Report https://summary.aquilaiajax.com/v3/summary?ref=email&crId=606c5ec27707d53875dac9da

Overview

General Information

Sample URL:	https://summary.aquilaiajax.com/v3/summary?ref=email&crId=606c5ec27707d53875dac9da
Analysis ID:	383834
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Startup

System is w10x64

iexplore.exe (PID: 2680 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 5400 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2680 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: unknown	HTTPS traffic detected: 35.178.120.30:443 -> 192.168.2.6:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.178.120.30:443 -> 192.168.2.6:49698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.108.153:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.108.153:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.6.30:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.6.30:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.178.120.30:443 -> 192.168.2.6:49721 version: TLS 1.2

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x69559cf6,0x01d72c9f</date><accdate>0x69559cf6,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x69559cf6,0x01d72c9f</date><accdate>0x69559cf6,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x6976fdd8,0x01d72c9f</date><accdate>0x6976fdd8,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x6976fdd8,0x01d72c9f</date><accdate>0x6976fdd8,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x6976fdd8,0x01d72c9f</date><accdate>0x6976fdd8,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x6976fdd8,0x01d72c9f</date><accdate>0x69796033,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: summary.aquilaiajax.com

Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: js[1].js.2.dr	String found in binary or memory: https://ade.googlesyndication.com/ddm/activity
Source: js[1].js.2.dr	String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: js[1].js.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: analytics[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: summary[1].htm.2.dr	String found in binary or memory: https://bernii.github.io/gauge.js/dist/gauge.min.js
Source: js[1].js.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: summary[1].htm.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.5.1.min.js
Source: d3.v5.min[1].js.2.dr	String found in binary or memory: https://d3js.org
Source: summary[1].htm.2.dr	String found in binary or memory: https://d3js.org/d3.v5.min.js
Source: summary[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:regular
Source: summary[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/icon?family=Material
Source: icon[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/materialicons/v83/flUhRq6tzZclQEJ-Vdg-IuiaDsNa.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1MmgVxIIzQ.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu51xIIzQ.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmYUtfBBc-.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: js[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: js[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/
Source: analytics[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: ~DF03EBC80C459E6306.TMP.1.dr	String found in binary or memory: https://summary.aquilaiajax.com/v3/summary?ref=email&crId=606c5ec27707d53875dac9da
Source: {92EDE2C2-9892-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://summary.aquilaiajax.com/v3/summary?ref=email&crId=606c5ec27707d53875dac9daRoot
Source: analytics[1].js.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: js[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: js[1].js.2.dr	String found in binary or memory: https://www.google.com
Source: js[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: summary[1].htm.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-165596162-2

Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705

Source: unknown	HTTPS traffic detected: 35.178.120.30:443 -> 192.168.2.6:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.178.120.30:443 -> 192.168.2.6:49698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.108.153:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.108.153:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.6.30:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.6.30:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.178.120.30:443 -> 192.168.2.6:49721 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@3/25@5/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{92EDE2C0-9892-11EB-90E5-ECF4BB2D2496}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF22D8D2F9858A4A01.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2680 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2680 CREDAT:17410 /prefetch:2

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://summary.aquilaiajax.com/v3/summary?ref=email&crId=606c5ec27707d53875dac9da	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
bernii.github.io	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
https://summary.aquilaiajax.com/v3/summary?ref=email&crId=606c5ec27707d53875dac9daRoot	0%	Avira URL Cloud	safe
https://cct.google/taggy/agent.js	0%	URL Reputation	safe
https://cct.google/taggy/agent.js	0%	URL Reputation	safe
https://cct.google/taggy/agent.js	0%	URL Reputation	safe
https://bernii.github.io/gauge.js/dist/gauge.min.js	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bernii.github.io	185.199.108.153	true	false	0%, Virustotal, Browse	unknown
london-sentry-email-summary-1161567812.eu-west-2.elb.amazonaws.com	35.178.120.30	true	false		high
d3js.org	104.26.6.30	true	false		high
summary.aquilaiajax.com	unknown	unknown	false		unknown
code.jquery.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://summary.aquilaiajax.com/v3/summary?ref=email&crId=606c5ec27707d53875dac9da	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.nytimes.com/	msapplication.xml3.1.dr	false		high
https://www.google.%/ads/ga-audiences	analytics[1].js.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	low
https://summary.aquilaiajax.com/v3/summary?ref=email&crId=606c5ec27707d53875dac9da	~DF03EBC80C459E6306.TMP.1.dr	false		unknown
http://www.youtube.com/	msapplication.xml7.1.dr	false		high
https://code.jquery.com/jquery-3.5.1.min.js	summary[1].htm.2.dr	false		high
http://www.wikipedia.com/	msapplication.xml6.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.amazon.com/	msapplication.xml.1.dr	false		high
https://stats.g.doubleclick.net/j/collect	analytics[1].js.2.dr	false		high
http://www.live.com/	msapplication.xml2.1.dr	false		high
https://d3js.org/d3.v5.min.js	summary[1].htm.2.dr	false		high
https://d3js.org	d3.v5.min[1].js.2.dr	false		high
http://www.reddit.com/	msapplication.xml4.1.dr	false		high
http://www.twitter.com/	msapplication.xml5.1.dr	false		high
https://summary.aquilaiajax.com/v3/summary?ref=email&crId=606c5ec27707d53875dac9daRoot	{92EDE2C2-9892-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://cct.google/taggy/agent.js	js[1].js.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://bernii.github.io/gauge.js/dist/gauge.min.js	summary[1].htm.2.dr	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.6.30	d3js.org	United States	13335	CLOUDFLARENETUS	false
35.178.120.30	london-sentry-email-summary-1161567812.eu-west-2.elb.amazonaws.com	United States	16509	AMAZON-02US	false
185.199.108.153	bernii.github.io	Netherlands	54113	FASTLYUS	false

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	383834
Start date:	08.04.2021
Start time:	10:46:54
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 9s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://summary.aquilaiajax.com/v3/summary?ref=email&crId=606c5ec27707d53875dac9da
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@3/25@5/3
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, conhost.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 104.42.151.234, 52.147.198.201, 104.43.193.48, 104.83.120.32, 104.43.139.144, 216.58.215.232, 172.217.168.10, 69.16.175.42, 69.16.175.10, 172.217.168.78, 216.58.215.227, 20.82.210.154, 23.10.249.26, 23.10.249.43, 152.199.19.161, 23.0.174.200, 23.0.174.185, 168.61.161.212, 95.100.54.203 Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, au.download.windowsupdate.com.edgesuite.net, cds.s5x3j6q5.hwcdn.net, arc.msn.com.nsatc.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, www.googletagmanager.com, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.google-analytics.com, fonts.googleapis.com, fs.microsoft.com, www-google-analytics.l.google.com, fonts.gstatic.com, ie9comview.vo.msecnd.net, www-googletagmanager.l.google.com, ctldl.windowsupdate.com, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus16.cloudapp.net, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{92EDE2C0-9892-11EB-90E5-ECF4BB2D2496}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8553341767661293
Encrypted:	false
SSDEEP:	96:r+ZhZK2aWAtG/Afyhjn1Mo/TrCFR3+fjjClX:r+ZhZK2aWAtZfeRMGAufj8X
MD5:	BA5FEFCA16AC71DA85E0BA4AD3E9C1E4
SHA1:	F91DE99E50DA07D03319AE56CBE3DD2372640260
SHA-256:	D40686CB496002E5C42D00F75F6ABA474BBAFE55DE97E574F2E2DA7ADC1D61AE
SHA-512:	32889CB7455DA1486A03E12A5540F52F5BE2AB9F7E49AAE60E005CFC99C572F52796B2CA2941D92B58E2D34C5C6E93267BAECF10069089B811A541AF8B726108
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{92EDE2C2-9892-11EB-90E5-ECF4BB2D2496}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	28128
Entropy (8bit):	1.8845890637881328
Encrypted:	false
SSDEEP:	96:rqoZEpQpE6gBSPjR2lWdM5HHGFwMHGFUF10KFmF8FdFVfvr:r9ZGQq6gkPjR2lWdM5H/Mcwr
MD5:	73D8E8163694ED73EB58AD6C44FEAE4D
SHA1:	8F020A5436D1517E74CA32376163A36AA0E869AE
SHA-256:	BC3E8B2CB60F9963E12C3F9C58F75FE092E005D76DBDB03789D67182AA4C2FBA
SHA-512:	06AC45BCB52D7D6736941DD50D078F007396DDB2DF7E02C591A9BB6836F94862AF9FC3F9CEBD97FFA04EB3A4F34C60558D472DEA866C08948726BCC118B2AC6F
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{92EDE2C3-9892-11EB-90E5-ECF4BB2D2496}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.56470838379993
Encrypted:	false
SSDEEP:	48:IwVGcprIGwpa9G4pQlGrapbSVGQpKTG7HpR9TGIpG:rLZQQ/6VBSfAiT7A
MD5:	17CF6A159EF400BC6E30EF4211B06A01
SHA1:	1E474B9B8D4D85C9AD1BEEA296BE2B4C49DE31C6
SHA-256:	299D90C892187DBEDCFAF2D78FA04087927287114D55E1A824968B183BA75BF4
SHA-512:	A803FA580E9FC74FA528717FE5DD9114448ACEB8E18592ACEDD8A8EADA8DCF2AC80830AF162A6A74E537BA5C3CCDE9036F3AE0ADFC8D6A37390C1B99A0333D83
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	659
Entropy (8bit):	5.099424947632953
Encrypted:	false
SSDEEP:	12:TMHdNMNxOEW/UnWimI002EtM3MHdNMNxOEW/UnWimI00OVbVbkEtMb:2d6NxOF/USZHKd6NxOF/USZ7V6b
MD5:	EA066B1FF0D738C4D4795E6D507CB0E9
SHA1:	B0FB2619B5E72F2E3BCDC999D9FB4C9C972AAE79
SHA-256:	47CA68E3B3EBD04BC9FEBD2729F0808BEB2F9FD76A86F9341741BCF82A6C7AAC
SHA-512:	12C48A37E5A7F581EBC146F2B2483970B540ED79534FBFD68C29B6687A38995F33FC49276E193A7886FEE362B09912149F8A5B981B7C0A539DCB86DDA395C08A
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x6976fdd8,0x01d72c9f</date><accdate>0x6976fdd8,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x6976fdd8,0x01d72c9f</date><accdate>0x6976fdd8,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.13574340355937
Encrypted:	false
SSDEEP:	12:TMHdNMNxe2kh2a2GnWimI002EtM3MHdNMNxe2kh2a2GnWimI00OVbkak6EtMb:2d6NxrdNGSZHKd6NxrdNGSZ7VAa7b
MD5:	AF8F71CA72C3FB94578B6C070A55D565
SHA1:	C452EE8FE872FE0FA008AB79F5C1E0BF5922C55A
SHA-256:	B393502144CCB22C45DB39C6A6B67611E27A84BFBAB209D31496FDEC165611E5
SHA-512:	C84F12F02DF0148D75DFA8450968CA86513B19D7616A1285B0E231D57FB8937418E399A128A91B0B61AEFF5AE6256213A252FBCEF6C946C5A830325650750DAE
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x694c1397,0x01d72c9f</date><accdate>0x694c1397,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x694c1397,0x01d72c9f</date><accdate>0x694c1397,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	665
Entropy (8bit):	5.117135819290925
Encrypted:	false
SSDEEP:	12:TMHdNMNxvLW/UnWimI002EtM3MHdNMNxvLW/UnWimI00OVbmZEtMb:2d6NxvS/USZHKd6NxvS/USZ7Vmb
MD5:	374CDA9CF5FD0C68F833B950801611BF
SHA1:	4CC6AF963E2A020D57DFF392F502034CB0875A98
SHA-256:	58C0EC7E30BC99E0CE2734126EC9DF80362F298E29DAF45DCEF654B58C0CB073
SHA-512:	96105FBC059F9A2674D847B566BF4407AE3C47314D697E00F8D396510D0767A41D9FBD2CF212589B7349F4ECC82134E5AF417DEC245000B5D87E21B6986D2AC0
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x6976fdd8,0x01d72c9f</date><accdate>0x6976fdd8,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x6976fdd8,0x01d72c9f</date><accdate>0x6976fdd8,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	650
Entropy (8bit):	5.153746522918667
Encrypted:	false
SSDEEP:	12:TMHdNMNxieBKBvnWimI002EtM3MHdNMNxieBKBvnWimI00OVbd5EtMb:2d6Nx6SZHKd6Nx6SZ7VJjb
MD5:	5DD625485C8B2407D5465CD5368615E8
SHA1:	CE52767ADC1CEEA662BB20F6EBAAC317A549FF5A
SHA-256:	87DAFB5CA1C7F460C509DD1F80D815A6A6409E27AE3E6170CB0C4FCDB23EDA80
SHA-512:	97690D1190AC750DB3FF2F23573316FDFE140C05F6DCE6C36D03F7A5C2BA889BF508BC02EEDFA6E3954EF512DABA21B0EA48A4BA3A0BD2ACA876B60AFFA01B12
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x69749b86,0x01d72c9f</date><accdate>0x69749b86,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x69749b86,0x01d72c9f</date><accdate>0x69749b86,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	659
Entropy (8bit):	5.137715062558384
Encrypted:	false
SSDEEP:	12:TMHdNMNxhGwW/UnWimI002EtM3MHdNMNxhGwW7nWimI00OVb8K075EtMb:2d6NxQJ/USZHKd6NxQJ7SZ7VYKajb
MD5:	9104FCE224F7AFD6CC95E0DEFD68EB05
SHA1:	6CB9369C3E1FF77C29CA991564DCC68C3D619FD8
SHA-256:	697ADA40F6DCC2BEC91E0C8346DDF635184CD2D1D75EA8BC69F1FAA89CF2A461
SHA-512:	2C1BAE319C8CB06A1A01C20203B72A9C4EBD315D27645F8A6F8F2ED3A69A0D8254F9257AEC7AA603AB022D7073A6451B8EDE896EFA5614A72E560BC163BA07A9
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x6976fdd8,0x01d72c9f</date><accdate>0x6976fdd8,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x6976fdd8,0x01d72c9f</date><accdate>0x69796033,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.098591770449194
Encrypted:	false
SSDEEP:	12:TMHdNMNx0nW/UnWimI002EtM3MHdNMNx0nW/UnWimI00OVbxEtMb:2d6Nx0W/USZHKd6Nx0W/USZ7Vnb
MD5:	8AAFE0CDAA3E4981225126DC1A7E37D9
SHA1:	7F234184369208DD89BBA2D8224D69C2029355F7
SHA-256:	9AF3B4A6841265B87F8ACFAF85722645CCC23EF1B7DB9492FC38CDB52C56B24B
SHA-512:	B1E746892A5154AB4E72C1B38ADD3958C02DA2787F0045C7BB26FD15F9D784419138BB8114D740468E31CCAF053144373D7A798BAF221E60D9716B56A9A356DE
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x6976fdd8,0x01d72c9f</date><accdate>0x6976fdd8,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x6976fdd8,0x01d72c9f</date><accdate>0x6976fdd8,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	659
Entropy (8bit):	5.177354750399331
Encrypted:	false
SSDEEP:	12:TMHdNMNxxeBKBvnWimI002EtM3MHdNMNxxeBKBvnWimI00OVb6Kq5EtMb:2d6NxzSZHKd6NxzSZ7Vob
MD5:	6879193BEBEA4D56294DA3EECA265771
SHA1:	34B4D6D8C656ED70D45238C6BD0CF2D444076868
SHA-256:	5CA9CCFD837B19C7BFADDC797484BE6A9FB24C07A367E40A1C861D95515FECF8
SHA-512:	0308805E3724E0CF2A8A57CA7A0898047205304491A5728B4072515C0C8650C4890F9036AF1C5ED3182EEA98E5F3644F78055D557CCFA7079B3D3708670E3068
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x69749b86,0x01d72c9f</date><accdate>0x69749b86,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x69749b86,0x01d72c9f</date><accdate>0x69749b86,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	662
Entropy (8bit):	5.1211540941540195
Encrypted:	false
SSDEEP:	12:TMHdNMNxcloxovnWimI002EtM3MHdNMNxcloxovnWimI00OVbVEtMb:2d6NxoEySZHKd6NxoEySZ7VDb
MD5:	680E7D72F53549721855EBF367B211AF
SHA1:	DFDB0CFF6D3975C30307964F5109001ADDF3A88F
SHA-256:	052E8034B67A6FB5D507EC5C163EE6CF71EC68DFC8ABB68E3AEFC1C36B327E15
SHA-512:	64D88D987AFE462AD3AB4F3D12159E1D73CA0262E17E7E9FA7ECD16E250FC7A55610D83DD8ED38FED8BDA2770A654963683A924CCC705B596C6953E5246B2F7C
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x69559cf6,0x01d72c9f</date><accdate>0x69559cf6,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x69559cf6,0x01d72c9f</date><accdate>0x69559cf6,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.1041029151403885
Encrypted:	false
SSDEEP:	12:TMHdNMNxfnloxovnWimI002EtM3MHdNMNxfnloxovnWimI00OVbe5EtMb:2d6NxdEySZHKd6NxdEySZ7Vijb
MD5:	733B48FE76656D2C0A2820A39EC01FD0
SHA1:	A4BEB6198E44B5995D0E4F8B391CDE124462CC1F
SHA-256:	9771C4DAEF8D976B69F32ECDA715BF02E665AF946806A21BFDCBFEDB6BBC4A22
SHA-512:	CE86F09270080D36BA8B97D023DC332646FFFB7585B7A9CD9868C92732AF01178E2A9237C7603CC4CB594B94D0591D142B07ECBE78BEC26E3AC96C8EFF12CACD
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x69559cf6,0x01d72c9f</date><accdate>0x69559cf6,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x69559cf6,0x01d72c9f</date><accdate>0x69559cf6,0x01d72c9f</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\flUhRq6tzZclQEJ-Vdg-IuiaDsNa[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 130756, version 1.1
Category:	downloaded
Size (bytes):	130756
Entropy (8bit):	7.997569544548267
Encrypted:	true
SSDEEP:	1536:Ooii1lPMWWNJT61xmASmr/SWoyJNRfLZlt3oZG9Q8K5/dU3mpt8g2A7ldewfXitc:Of/F6edmr/SlUjZkx+2AkRviuZPObKR
MD5:	38CCFCEEE9C33469A63D1F9B09A217B3
SHA1:	CBF0D79C08B6D75978B3CF1A1362633ADC0C153D
SHA-256:	4E5222EDBA958CB96C5CB0080FBD1506B132304B1B6029768F0C57DDDD95F15A
SHA-512:	10ED290719BA096B7317CABC281CA80E69D2AA0BAC3A7C0157F8FECB5022B329F14C1FB3D3E542B157B774408CE46BEFB3D1012124933BEB978F4B93127E7F93
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/materialicons/v83/flUhRq6tzZclQEJ-Vdg-IuiaDsNa.woff
Preview:	wOFF..............U.........................GDEF...X...........SGPOS...t............GSUB......G....,Gi)%OS/2..I4...?...`.s"ccmap..It...... .E..cvt ..Y ...........Dgasp..Y$............glyf..Y,......=...head.......6...6.H..hhea...........$....hmtx...(.......\|.:..loca...H..........:.maxp........... ...Qname...........z..5.post........... ...2...................'...(....................x.t.c.5;...I2<3.9.{.m..m.m.m....RS...........(.v..G......U....lDJ...-h.~...kB....n....M.Q..%...\|...C[..}.N..f....>~..].y...<.../n...o..WAR.Vl.....!8.g."\.....2..P@..t.HB.b.BRg).`".\|.d.E.(.C.(..K....(....QTHd+ ........E.D...".(.v.(.v.d.Q.r4...`+.$j'.T=R.j.v.H...#......H...Z4S..p..1..#.c..0.c=(.H"Kb.{....{."..$IDi.zp...zp..T1..ILe..1..G<:E%..Rl&..Y.....,.M.#..2........b..vj.p....KiM....B...^.3......g.![.9.J.Id.9....17.a!.uO...v..u......F......5.F...K.l.V....N....>.f0.J... v...=..c...<..y;._.....E"Y4.m.A..q.xH.&~.+..^.o...?....3.....8...x.x...Xb&..f.....y.y.y.y.....9.bV.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\icon[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	504
Entropy (8bit):	4.872378322590643
Encrypted:	false
SSDEEP:	12:jFP/sO6ZRoT6pHAcig//s6ZmOHc9n+5cMK00k14enEsTeq:58OYsKGrYmOOk4TfenEsTL
MD5:	66603C52704A5F67A333CE06B65D15F0
SHA1:	398A025E0B63CBACE061C9CC1C763E94ED01D92E
SHA-256:	4B764D6D54D7F2FC5A3338D6DAFF53BE424D07B37BC8D201ACA810EE9B18A300
SHA-512:	FD31B32005F3680861B72BB7C323654A1172624F77C7E48C6EAEBF56F74D115C063882AD3D857C7E491D28BD03110F19CB916E396A6722F328DADF2A9A6B3CB2
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.googleapis.com/icon?family=Material+Icons
Preview:	@font-face {. font-family: 'Material Icons';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/materialicons/v83/flUhRq6tzZclQEJ-Vdg-IuiaDsNa.woff) format('woff');.}...material-icons {. font-family: 'Material Icons';. font-weight: normal;. font-style: normal;. font-size: 24px;. line-height: 1;. letter-spacing: normal;. text-transform: none;. display: inline-block;. white-space: nowrap;. word-wrap: normal;. direction: ltr;. font-feature-settings: 'liga';.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\analytics[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	48759
Entropy (8bit):	5.5215063523389265
Encrypted:	false
SSDEEP:	768:/yR3fYFBLbfsce5XqY1TyPnHpX/KWY3SoavPVRhwmCgYUD0lgEw0stZc:/y9gZfA5h1UHpXxY3Soiuw0sU
MD5:	0A4E309B5F2D7439B4F8876B19F37FC7
SHA1:	7AC30F933A2B889EDBE5D3449F4EC90049B0E2A9
SHA-256:	F79723478F4C48501CD49AC52B81D6244A6562B9D3F08CE8AB208A8B8878D4C4
SHA-512:	891337D9CD308331BD0166BAA7C99C2B856D47F0ADE8AF596F71AFFC962546BBE0952554C51CC9A10E28BB4CEE3648AEC819D83A8935E69E95F53F5CBF141C44
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google-analytics.com/analytics.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var n=this\|\|self,p=function(a,b){a=a.split(".");var c=n;a[0]in c\|\|"undefined"==typeof c.execScript\|\|c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var q={},r=function(){q.TAGGING=q.TAGGING\|\|[];q.TAGGING[1]=!0};var t=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},v=function(a){for(var b in a)if(a.hasOwnProperty(b))return!0;return!1};var x=/^(?:(?:https?\|mailto\|ftp):\|[^:/?#]*(?:[/?#]\|$))/i;var y=window,z=document,A=function(a,b){z.addEventListener?z.addEventListener(a,b,!1):z.attachEvent&&z.attachEvent("on"+a,b)};var B=/:[0-9]+$/,C=function(a,b,c){a=a.split("&");for(var d=0;d<a.length;d++){var e=a[d].split("=");if(decodeURIComponent(e[0]).replace(/\+/g," ")===b)return b=e.slice(1).join("="),c?b:decodeURIComponent(b).replace(/\+/g," ")}},F=function(a,b){b&&(b=String(b).toLowerCase());if("p

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\js[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	99089
Entropy (8bit):	5.520588929342422
Encrypted:	false
SSDEEP:	1536:JoUK1bOl80E+Hl4nK+sCEOkKQfn2zeWgXvC6sXuHAil1U9aKPt52QsnyAC7iHg:JoUKxu80Envs+SqnXRinhg
MD5:	81B8F8F72E53CBF7A980FBD3BA43C7D8
SHA1:	F3D3C1DC6884E8E7F37BA37EC4A4CF5A00D69EA9
SHA-256:	63176BB7E8E859E3543E42ED3F1A2470B47591918B2E6E0B73A8117D84B52A04
SHA-512:	A45DB333CAC917520C1A2166393121E4466C9B378A02D5039AA68488A803815A6FCD0B1E228EC3E6B81FF645A1DB463BE8369D33AB5ED5D1FA665D46146EA466
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.googletagmanager.com/gtag/js?id=UA-165596162-2
Preview:	.// Copyright 2012 Google Inc. All rights reserved..(function(){..var data = {."resource": {. "version":"1",. . "macros":[{. "function":"__e". },{. "function":"__cid". }],. "tags":[{. "function":"__rep",. "once_per_event":true,. "vtp_containerId":["macro",1],. "tag_id":1. }],. "predicates":[{. "function":"_eq",. "arg0":["macro",0],. "arg1":"gtm.js". }],. "rules":[. [["if",0],["add",0]]].},."runtime":[].....};../.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var aa,ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ca=function(a){var b="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return b?b.call(a):{next:ba(a)}},da="function"==typeof Object.create?Object.create:function(a){var b=function(){};b.prototype=a;return new b},ea;.if("function"==typeof Object.setPrototypeOf)ea=Object.setPrototypeOf;else{var ia;a:{var ja={a:!0},ma={};

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1429
Entropy (8bit):	5.157847660905589
Encrypted:	false
SSDEEP:	24:5/iY3QYsNxol+/iY3QYN7NxY/iOYP7Nxoh/iOYNNxsl/iOYsNxUv/iOYXNxa/iOb:UY3QLN0BY3QCNpOS7NhOWNROLNKCOgNQ
MD5:	FF16F93C81B674B8DB132C6CF46D7312
SHA1:	5C6207ADEDA6D534A7013011DFDA3336181BBA70
SHA-256:	DF160F29CF2F62D3AD2946EC734B024B32B1DAC98EF29357D979DA9EA6DB8364
SHA-512:	B278DBAE9874CDE0E2FCE087E0CBE060AE80D1BB8BEAD9E1850BBCAA82540F39DF1EB8D378FBE2AF402772ADE9FBF675536BF799B68C2450BE1DA8ADFDE78DF4
Malicious:	false
Reputation:	low
Preview:	@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu51xIIzQ.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: italic;. font-weight: 700;. src: url(https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 100;. src: url(https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1MmgVxIIzQ.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff) format('woff');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 500;. src: url(https://fonts.gst

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\lookup[1].txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	35
Entropy (8bit):	3.943289445392768
Encrypted:	false
SSDEEP:	3:2FoauMLWgJsV2Z:KGguI
MD5:	6FF4EF5DAF2C3D533DE7B40338F73323
SHA1:	2910F50834DFAFD708CF46307964EEDA0A419A9F
SHA-256:	855D85ADEC2DC9D8CE152B969D2134406199A2365EEB8B510CF82678563D627D
SHA-512:	BCB324FB831CAE0766EF6C26AFD36B2EBDB2053D429171820685C43B36325F7D56A97E51E712A5BE9E9B89C28CE78DFCFD0E655AA3693729F109FC8CEE11809F
Malicious:	false
Reputation:	low
IE Cache URL:	https://summary.aquilaiajax.com/v3/lookup?crId=606c5ec27707d53875dac9da
Preview:	City of Westminster, United Kingdom

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\d3.v5.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	C source, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	248314
Entropy (8bit):	5.416046087758796
Encrypted:	false
SSDEEP:	3072:87Xq8QrvDCwEUrbtJZ3FomOMa1yYKitNvAL:8768+DCwEUrbtJZ3amOMok
MD5:	F0B2EC5AFC87EB622D86F587DAD23E02
SHA1:	B08505510B7196E07A641962DDA9C0B104EBCA58
SHA-256:	5DBE924B3847DF010F0B8572DD6EF42EA87D6370EEFF72B13EA236247412A53C
SHA-512:	147B0554A43F4F52962431926EB5214C9C92D69877791AF1236DBC343D0419A129EAFE1AFEF1B03D67770ED77FFBD708EDC7287D9BE5FF0BA520212EAC7375A6
Malicious:	false
Reputation:	low
IE Cache URL:	https://d3js.org/d3.v5.min.js
Preview:	// https://d3js.org v5.16.0 Copyright 2020 Mike Bostock.!function(t,n){"object"==typeof exports&&"undefined"!=typeof module?n(exports):"function"==typeof define&&define.amd?define(["exports"],n):n((t=t\|\|self).d3=t.d3\|\|{})}(this,function(t){"use strict";function n(t,n){return t<n?-1:t>n?1:t>=n?0:NaN}function e(t){var e;return 1===t.length&&(e=t,t=function(t,r){return n(e(t),r)}),{left:function(n,e,r,i){for(null==r&&(r=0),null==i&&(i=n.length);r<i;){var o=r+i>>>1;t(n[o],e)<0?r=o+1:i=o}return r},right:function(n,e,r,i){for(null==r&&(r=0),null==i&&(i=n.length);r<i;){var o=r+i>>>1;t(n[o],e)>0?i=o:r=o+1}return r}}}var r=e(n),i=r.right,o=r.left;function a(t,n){return[t,n]}function u(t){return null===t?NaN:+t}function c(t,n){var e,r,i=t.length,o=0,a=-1,c=0,f=0;if(null==n)for(;++a<i;)isNaN(e=u(t[a]))\|\|(f+=(r=e-c)(e-(c+=r/++o)));else for(;++a<i;)isNaN(e=u(n(t[a],a,t)))\|\|(f+=(r=e-c)(e-(c+=r/++o)));if(o>1)return f/(o-1)}function f(t,n){var e=c(t,n);return e?Math.sqrt(e):e}function s(t,n){var e,r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\gauge.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	18104
Entropy (8bit):	5.098853381101453
Encrypted:	false
SSDEEP:	384:ko0U7cXfOfizEBGIv4X/6l86nrQx7sUsf44gW6grQ:J0xWLt9ksUsA4gWk
MD5:	9AC9D2D812C59BA801A1036EBB966E54
SHA1:	89595B74EF46BBB298BF2C695CEBF92AD806CA48
SHA-256:	1C7D701D8DA3E2C05FB44D8C4A13C13FAE937D6D7CFC3DF17EAD6798819BC5B2
SHA-512:	27477555F75F4D20E80CF12C6A10AD7F69C2FA0AE85DD5A4B901722634BEB370A92A3EB75FD1DFDE930426D8C826DFCE0E1D10C13471DBF3A2A0BFBD7CCA2A48
Malicious:	false
Reputation:	low
IE Cache URL:	https://bernii.github.io/gauge.js/dist/gauge.min.js
Preview:	(function(){function t(t,i){for(var e in i)m.call(i,e)&&(t[e]=i[e]);function s(){this.constructor=t}return s.prototype=i.prototype,t.prototype=new s,t.__super__=i.prototype,t}var i,e,s,n,o,p,a,h,r,l,g,c,u,d=[].slice,m={}.hasOwnProperty,x=[].indexOf\|\|function(t){for(var i=0,e=this.length;i<e;i++)if(i in this&&this[i]===t)return i;return-1};function f(t,i){null==t&&(t=!0),this.clear=null==i\|\|i,t&&AnimationUpdater.add(this)}function v(){return v.__super__.constructor.apply(this,arguments)}function y(t,i){this.el=t,this.fractionDigits=i}function V(t,i){if(this.elem=t,this.text=null!=i&&i,V.__super__.constructor.call(this),void 0===this.elem)throw new Error("The element isn't defined.");this.value=1*this.elem.innerHTML,this.text&&(this.value=0)}function w(t){if(this.gauge=t,void 0===this.gauge)throw new Error("The element isn't defined.");this.ctx=this.gauge.ctx,this.canvas=this.gauge.canvas,w.__super__.constructor.call(this,!1,!1),this.setOptions()}function S(t){this.elem=t}function M(t){v

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\jquery-3.5.1.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	89476
Entropy (8bit):	5.2896589255084425
Encrypted:	false
SSDEEP:	1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1
MD5:	DC5E7F18C8D36AC1D3D4753A87C98D0A
SHA1:	C8E1C8B386DC5B7A9184C763C88D19A346EB3342
SHA-256:	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
SHA-512:	6CB4F4426F559C06190DF97229C05A436820D21498350AC9F118A5625758435171418A022ED523BAE46E668F9F8EA871FEAB6AFF58AD2740B67A30F196D65516
Malicious:	false
Reputation:	low
IE Cache URL:	https://code.jquery.com/jquery-3.5.1.min.js
Preview:	/! jQuery v3.5.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"o

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\summary[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	11019
Entropy (8bit):	4.602885976778971
Encrypted:	false
SSDEEP:	96:DpiV1Ow3BKOFh5qb/8bINbZTKgxbpTxjiHGNKpuyVdthDnVpmN6mmuBgEM0SB:Dpiz15qb8elKgxVxbNKVthDSNN67
MD5:	7B0775E7FEFDA016C91007EC0D556E50
SHA1:	8ADD58BE587F5CBE81F4840696C9D38121883D09
SHA-256:	34EADCCE2DC55900822CE98B1E2480C9FEB65F5195F107BB698CC18463AE881B
SHA-512:	51C451ED63EB0797D04D2E2BE526DF48D623F5B3A2AED65669B879AC3037E188695CAD333B94A00F097776461EC55C67A659C96C0E6D8869DA62FDFD39746A3C
Malicious:	false
Reputation:	low
IE Cache URL:	https://summary.aquilaiajax.com/v3/summary?ref=email&crId=606c5ec27707d53875dac9da
Preview:	<!DOCTYPE html>..<html lang="en">..<head>.. Global site tag (gtag.js) - Google Analytics -->.. <script async src="https://www.googletagmanager.com/gtag/js?id=UA-165596162-2"></script>.. <script>.. window.dataLayer = window.dataLayer \|\| [];.. function gtag(){dataLayer.push(arguments);}.. gtag('js', new Date());.... gtag('config', "UA-165596162-2");.. gtag('event', "email", {"event_category": "ref"});.. </script>.. <meta charset="utf-8"></meta>.. <meta http-equiv="X-UA-Compatible" content="IE=edge"></meta>.. <meta name="description" content="A front-end template that helps you build fast, modern mobile web apps."></meta>.. <meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0"></meta>.. <title>Email Summary</title>.. <link rel="stylesheet" type="text/css" href="/css/dialog-polyfill.css"/>.. <link rel="stylesheet".. href="https://fonts.googleapis.com/css?family=Roboto:regular,bold,ita

C:\Users\user\AppData\Local\Temp\~DF03EBC80C459E6306.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	35825
Entropy (8bit):	0.5597960603500532
Encrypted:	false
SSDEEP:	96:kBqoxKAuvScS+2wqDwTHGFUF10KFmF8FdFV:kBqoxKAuqR+2wqDwTs
MD5:	5251FECC1784DCDF66EDF4EC1F49D0E6
SHA1:	4B6B1145EA8AFAA922F445BDDD974936DD563155
SHA-256:	15CF53AB94E04C2564538B957A5112724D4DE3A49401464D787797C9888BB326
SHA-512:	FC52CA5F075B6E707A6AE3C50A39FC65D3FBF56B45AC2BF83DA87DFC6C7F3E93A30B43606B4E1525776CDB6B425ABD636424167AFC12ACF1C93DC148D65C2479
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF22D8D2F9858A4A01.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.478867735908643
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lod9lo99lWWeNoCin:kBqoIGYRXy
MD5:	8EF6EB91F54AF9E2FFC05F0D778F90BE
SHA1:	9866CEBBE54DC16A54D492984969AFDC3161FD77
SHA-256:	30D2C468E113C4D9150BC93DF987A5BE907F05EE8AFC43175F0D40D5D60DF589
SHA-512:	3B48597AD1D96EEC8ED0179F89271622F96641C8B174079AD3C6DDBB42F3A8EF2959AE5592981C56B4AD58BCFCDB3979B8B173D88095DA24B15FFB0A57C6F19C
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF3C49D9964B8B7017.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.27918767598683664
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
MD5:	AB889A32AB9ACD33E816C2422337C69A
SHA1:	1190C6B34DED2D295827C2A88310D10A8B90B59B
SHA-256:	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
SHA-512:	BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 8, 2021 10:48:09.276118994 CEST	49698	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.277002096 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.304579973 CEST	443	49698	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.304858923 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.305129051 CEST	49698	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.305664062 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.320635080 CEST	49698	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.320787907 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.348541975 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.348768950 CEST	443	49698	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.349791050 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.349832058 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.349857092 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.349909067 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.349911928 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.349980116 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.350044012 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.350752115 CEST	443	49698	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.350785017 CEST	443	49698	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.350809097 CEST	443	49698	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.350831985 CEST	443	49698	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.350846052 CEST	49698	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.350889921 CEST	49698	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.390057087 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.391074896 CEST	49698	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.396094084 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.396317005 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.396439075 CEST	49698	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.418747902 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.418778896 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.418899059 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.419492960 CEST	443	49698	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.419517994 CEST	443	49698	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.419840097 CEST	49698	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.420305014 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.421192884 CEST	49698	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.423844099 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.424474955 CEST	443	49698	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.424609900 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.425127983 CEST	49698	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.434278011 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.434307098 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.434417009 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.436469078 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.436503887 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.436532021 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.436556101 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.436580896 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.436630964 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.436758041 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.446852922 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.446886063 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.446971893 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.447029114 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.447031021 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.447051048 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.447118044 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.491887093 CEST	443	49698	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.491934061 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.494220018 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.504530907 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.522082090 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.525675058 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.525711060 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.525758982 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.525795937 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.535540104 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.535583973 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.535629034 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.535634041 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.535664082 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.535676956 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.535682917 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.535715103 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.535737038 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.535757065 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.535773039 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.535789967 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.535805941 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.535835028 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.540287018 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.561163902 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.561496019 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.561707973 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.561954975 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.564380884 CEST	49705	443	192.168.2.6	185.199.108.153
Apr 8, 2021 10:48:09.565105915 CEST	49706	443	192.168.2.6	185.199.108.153
Apr 8, 2021 10:48:09.571810961 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.571855068 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.571894884 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.571933031 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.571939945 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.571969986 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.571995974 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.572009087 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.572027922 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.572056055 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.572060108 CEST	49699	443	192.168.2.6	35.178.120.30
Apr 8, 2021 10:48:09.572099924 CEST	443	49699	35.178.120.30	192.168.2.6
Apr 8, 2021 10:48:09.572139025 CEST	443	49699	35.178.120.30	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 8, 2021 10:48:05.662277937 CEST	49283	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:05.675158024 CEST	53	49283	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:06.844727039 CEST	58377	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:06.857454062 CEST	53	58377	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:07.708872080 CEST	55074	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:07.722054005 CEST	53	55074	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:08.139997959 CEST	54513	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:08.158118010 CEST	53	54513	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:08.518280983 CEST	62044	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:08.531517982 CEST	53	62044	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:09.225549936 CEST	63791	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:09.260755062 CEST	53	63791	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:09.498373985 CEST	64267	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:09.508337975 CEST	49448	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:09.511869907 CEST	53	64267	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:09.520968914 CEST	53	49448	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:09.538675070 CEST	60342	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:09.545523882 CEST	61346	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:09.558103085 CEST	51774	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:09.558595896 CEST	53	61346	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:09.561809063 CEST	53	60342	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:09.570753098 CEST	53	51774	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:09.763956070 CEST	56023	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:09.790844917 CEST	53	56023	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:09.945456982 CEST	58384	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:09.958925962 CEST	53	58384	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:10.332631111 CEST	60261	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:10.345479012 CEST	53	60261	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:17.579364061 CEST	56061	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:17.591986895 CEST	53	56061	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:19.165263891 CEST	58336	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:19.198019981 CEST	53	58336	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:21.858017921 CEST	53781	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:21.871566057 CEST	53	53781	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:22.738100052 CEST	54064	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:22.751172066 CEST	53	54064	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:26.186917067 CEST	52811	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:26.208895922 CEST	53	52811	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:38.129240990 CEST	55299	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:38.142143011 CEST	53	55299	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:38.256716013 CEST	63745	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:38.269490957 CEST	53	63745	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:38.862298965 CEST	50055	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:38.885986090 CEST	53	50055	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:39.141288042 CEST	55299	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:39.154097080 CEST	53	55299	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:39.262383938 CEST	61374	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:39.275865078 CEST	53	61374	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:39.874763012 CEST	50055	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:39.892148018 CEST	53	50055	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:40.400796890 CEST	55299	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:40.413625002 CEST	53	55299	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:41.610440969 CEST	50055	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:41.623208046 CEST	53	50055	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:42.517668962 CEST	55299	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:42.530651093 CEST	53	55299	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:42.544367075 CEST	50339	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:42.557307959 CEST	53	50339	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:43.624675035 CEST	50055	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:43.638374090 CEST	53	50055	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:46.531168938 CEST	55299	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:46.543850899 CEST	53	55299	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:47.694808960 CEST	50055	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:47.709513903 CEST	53	50055	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:49.064199924 CEST	63307	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:49.077617884 CEST	53	63307	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:50.350361109 CEST	49694	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:50.364201069 CEST	53	49694	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:51.533723116 CEST	54982	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:51.546253920 CEST	53	54982	8.8.8.8	192.168.2.6
Apr 8, 2021 10:48:53.334549904 CEST	50010	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:48:53.352998018 CEST	53	50010	8.8.8.8	192.168.2.6
Apr 8, 2021 10:49:20.003391981 CEST	63718	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:49:20.016170979 CEST	53	63718	8.8.8.8	192.168.2.6
Apr 8, 2021 10:49:20.667484045 CEST	62116	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:49:20.679644108 CEST	53	62116	8.8.8.8	192.168.2.6
Apr 8, 2021 10:49:21.750871897 CEST	63816	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:49:21.763720989 CEST	53	63816	8.8.8.8	192.168.2.6
Apr 8, 2021 10:49:23.310806990 CEST	55014	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:49:23.324017048 CEST	53	55014	8.8.8.8	192.168.2.6
Apr 8, 2021 10:49:23.567084074 CEST	62208	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:49:23.614825964 CEST	53	62208	8.8.8.8	192.168.2.6
Apr 8, 2021 10:49:25.639123917 CEST	57574	53	192.168.2.6	8.8.8.8
Apr 8, 2021 10:49:25.651542902 CEST	53	57574	8.8.8.8	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Apr 8, 2021 10:48:09.225549936 CEST	192.168.2.6	8.8.8.8	0x3e03	Standard query (0)	summary.aquilaiajax.com	A (IP address)	IN (0x0001)
Apr 8, 2021 10:48:09.538675070 CEST	192.168.2.6	8.8.8.8	0xb41	Standard query (0)	bernii.github.io	A (IP address)	IN (0x0001)
Apr 8, 2021 10:48:09.545523882 CEST	192.168.2.6	8.8.8.8	0xa873	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)
Apr 8, 2021 10:48:09.558103085 CEST	192.168.2.6	8.8.8.8	0x3506	Standard query (0)	d3js.org	A (IP address)	IN (0x0001)
Apr 8, 2021 10:48:26.186917067 CEST	192.168.2.6	8.8.8.8	0x80f3	Standard query (0)	summary.aquilaiajax.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Apr 8, 2021 10:48:09.260755062 CEST	8.8.8.8	192.168.2.6	0x3e03	No error (0)	summary.aquilaiajax.com	london-sentry-email-summary-1161567812.eu-west-2.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)
Apr 8, 2021 10:48:09.260755062 CEST	8.8.8.8	192.168.2.6	0x3e03	No error (0)	london-sentry-email-summary-1161567812.eu-west-2.elb.amazonaws.com		35.178.120.30	A (IP address)	IN (0x0001)
Apr 8, 2021 10:48:09.260755062 CEST	8.8.8.8	192.168.2.6	0x3e03	No error (0)	london-sentry-email-summary-1161567812.eu-west-2.elb.amazonaws.com		18.133.148.78	A (IP address)	IN (0x0001)
Apr 8, 2021 10:48:09.558595896 CEST	8.8.8.8	192.168.2.6	0xa873	No error (0)	code.jquery.com	cds.s5x3j6q5.hwcdn.net		CNAME (Canonical name)	IN (0x0001)
Apr 8, 2021 10:48:09.561809063 CEST	8.8.8.8	192.168.2.6	0xb41	No error (0)	bernii.github.io		185.199.108.153	A (IP address)	IN (0x0001)
Apr 8, 2021 10:48:09.561809063 CEST	8.8.8.8	192.168.2.6	0xb41	No error (0)	bernii.github.io		185.199.109.153	A (IP address)	IN (0x0001)
Apr 8, 2021 10:48:09.561809063 CEST	8.8.8.8	192.168.2.6	0xb41	No error (0)	bernii.github.io		185.199.110.153	A (IP address)	IN (0x0001)
Apr 8, 2021 10:48:09.561809063 CEST	8.8.8.8	192.168.2.6	0xb41	No error (0)	bernii.github.io		185.199.111.153	A (IP address)	IN (0x0001)
Apr 8, 2021 10:48:09.570753098 CEST	8.8.8.8	192.168.2.6	0x3506	No error (0)	d3js.org		104.26.6.30	A (IP address)	IN (0x0001)
Apr 8, 2021 10:48:09.570753098 CEST	8.8.8.8	192.168.2.6	0x3506	No error (0)	d3js.org		172.67.73.126	A (IP address)	IN (0x0001)
Apr 8, 2021 10:48:09.570753098 CEST	8.8.8.8	192.168.2.6	0x3506	No error (0)	d3js.org		104.26.7.30	A (IP address)	IN (0x0001)
Apr 8, 2021 10:48:26.208895922 CEST	8.8.8.8	192.168.2.6	0x80f3	No error (0)	summary.aquilaiajax.com	london-sentry-email-summary-1161567812.eu-west-2.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)
Apr 8, 2021 10:48:26.208895922 CEST	8.8.8.8	192.168.2.6	0x80f3	No error (0)	london-sentry-email-summary-1161567812.eu-west-2.elb.amazonaws.com		35.178.120.30	A (IP address)	IN (0x0001)
Apr 8, 2021 10:48:26.208895922 CEST	8.8.8.8	192.168.2.6	0x80f3	No error (0)	london-sentry-email-summary-1161567812.eu-west-2.elb.amazonaws.com		18.133.148.78	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Apr 8, 2021 10:48:09.349909067 CEST	35.178.120.30	443	192.168.2.6	49699	CN=summary.aquilaiajax.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Thu Nov 12 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Sun Dec 12 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Apr 8, 2021 10:48:09.350831985 CEST	35.178.120.30	443	192.168.2.6	49698	CN=summary.aquilaiajax.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Thu Nov 12 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Sun Dec 12 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Apr 8, 2021 10:48:09.614320993 CEST	185.199.108.153	443	192.168.2.6	49705	CN=www.github.com, O="GitHub, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed May 06 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013	Thu Apr 14 14:00:00 CEST 2022 Sun Oct 22 14:00:00 CEST 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 8, 2021 10:48:09.614320993 CEST	185.199.108.153	443	192.168.2.6	49705	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028		9e10692f1b7f78228b2d4e424db3a98c
Apr 8, 2021 10:48:09.619069099 CEST	185.199.108.153	443	192.168.2.6	49706	CN=www.github.com, O="GitHub, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed May 06 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013	Thu Apr 14 14:00:00 CEST 2022 Sun Oct 22 14:00:00 CEST 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 8, 2021 10:48:09.619069099 CEST	185.199.108.153	443	192.168.2.6	49706	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028		9e10692f1b7f78228b2d4e424db3a98c
Apr 8, 2021 10:48:09.669550896 CEST	104.26.6.30	443	192.168.2.6	49709	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Aug 12 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Aug 12 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 8, 2021 10:48:09.669550896 CEST	104.26.6.30	443	192.168.2.6	49709	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Apr 8, 2021 10:48:09.675996065 CEST	104.26.6.30	443	192.168.2.6	49708	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Aug 12 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Aug 12 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 8, 2021 10:48:09.675996065 CEST	104.26.6.30	443	192.168.2.6	49708	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Apr 8, 2021 10:48:26.326838017 CEST	35.178.120.30	443	192.168.2.6	49721	CN=summary.aquilaiajax.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Thu Nov 12 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Sun Dec 12 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 2680 Parent PID: 792

General

Start time:	10:48:06
Start date:	08/04/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff721e20000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: iexplore.exe PID: 5400 Parent PID: 2680

General

Start time:	10:48:07
Start date:	08/04/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2680 CREDAT:17410 /prefetch:2
Imagebase:	0xc70000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://summary.aquilaiajax.com/v3/summary?ref=email&crId=606c5ec27707d53875dac9da

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 2680 Parent PID: 792

General

Analysis Process: iexplore.exe PID: 5400 Parent PID: 2680

General

Disassembly