Loading ...

Play interactive tourEdit tour

Analysis Report https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.pt

Overview

General Information

Sample URL:https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.pt
Analysis ID:383845
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Yara detected HtmlPhish10
HTML body contains low number of good links
Invalid 'forgot password' link found
No HTML title found
URL contains potential PII (phishing indication)

Classification

Startup

  • System is w10x64
  • iexplore.exe (PID: 1628 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 4380 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1628 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.ptSlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
Antivirus detection for URL or domainShow sources
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

barindex
Yara detected HtmlPhish10Show sources
Source: Yara matchFile source: 745481.pages.csv, type: HTML
Source: Yara matchFile source: 745481.0.links.csv, type: HTML
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.ptHTTP Parser: Number of links: 0
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.ptHTTP Parser: Number of links: 0
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#HTTP Parser: Number of links: 0
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#HTTP Parser: Number of links: 0
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.ptHTTP Parser: Invalid link: Forgot Password?
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.ptHTTP Parser: Invalid link: Forgot Password?
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#HTTP Parser: Invalid link: Forgot Password?
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#HTTP Parser: Invalid link: Forgot Password?
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.ptHTTP Parser: HTML title missing
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.ptHTTP Parser: HTML title missing
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#HTTP Parser: HTML title missing
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#HTTP Parser: HTML title missing
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.ptSample URL: PII: ventura.coelho@novobanco.pt
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.ptHTTP Parser: No <meta name="author".. found
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.ptHTTP Parser: No <meta name="author".. found
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#HTTP Parser: No <meta name="author".. found
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#HTTP Parser: No <meta name="author".. found
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.ptHTTP Parser: No <meta name="copyright".. found
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.ptHTTP Parser: No <meta name="copyright".. found
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#HTTP Parser: No <meta name="copyright".. found
Source: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll
Source: unknownHTTPS traffic detected: 158.177.118.97:443 -> 192.168.2.5:49701 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.5:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.32.25.43:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.32.25.43:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknownDNS traffic detected: queries for: pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud
Source: %2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drString found in binary or memory: http://getbootstrap.com)
Source: popper.min[1].js.3.drString found in binary or memory: http://opensource.org/licenses/MIT).
Source: OSQPDLUI.xml.3.drString found in binary or memory: http://s3.amazonaws.com/doc/2006-03-01/
Source: %2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: %2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drString found in binary or memory: https://cdn.jsdelivr.net/npm/jquery.session
Source: %2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: %2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drString found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: %2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drString found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: %2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drString found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: %2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drString found in binary or memory: https://firebasestorage.googleapis.com/v0/b/dellcssfile.appspot.com/o/bootstrap.min.css?alt=media&to
Source: %2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drString found in binary or memory: https://firebasestorage.googleapis.com/v0/b/dellcssfile.appspot.com/o/font-awesome.min.css?alt=media
Source: free-fa-regular-400[1].eot.3.dr, free.min[1].css.3.drString found in binary or memory: https://fontawesome.com
Source: free.min[1].css.3.drString found in binary or memory: https://fontawesome.com/license/free
Source: free-fa-regular-400[1].eot.3.dr, free-fa-solid-900[1].eot.3.drString found in binary or memory: https://fontawesome.comhttps://fontawesome.comFont
Source: %2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drString found in binary or memory: https://fonts.googleapis.com/css?family=Archivo
Source: css[1].css.3.drString found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v12/tss0ApVBdCYD5Q7hcxTE1ArZ0bbwiXo.woff)
Source: bootstrap.min[1].js0.3.drString found in binary or memory: https://getbootstrap.com)
Source: bootstrap.min[1].js.3.drString found in binary or memory: https://getbootstrap.com/)
Source: %2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.dr, bootstrap.min[1].js.3.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js.3.drString found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: 585b051251[1].js.3.drString found in binary or memory: https://ka-f.fontawesome.com
Source: 585b051251[1].js.3.drString found in binary or memory: https://kit.fontawesome.com
Source: %2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drString found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: %2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: %2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: {4102B589-9894-11EB-90E5-ECF4BB570DC9}.dat.2.drString found in binary or memory: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%2
Source: %2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Source: jquery.session.min[1].js.3.drString found in binary or memory: https://www.jsdelivr.com/using-sri-with-dynamic-files
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownHTTPS traffic detected: 158.177.118.97:443 -> 192.168.2.5:49701 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.5:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.32.25.43:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.32.25.43:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: classification engineClassification label: mal64.phis.win@3/22@10/4
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4102B587-9894-11EB-90E5-ECF4BB570DC9}.datJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF105FD21E7ABA7E2E.TMPJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1628 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1628 CREDAT:17410 /prefetch:2
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Masquerading1OS Credential DumpingFile and Directory Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.pt2%VirustotalBrowse
https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.pt0%Avira URL Cloudsafe
https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.pt100%SlashNextFake Login Page type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#100%SlashNextFake Login Page type: Phishing & Social Engineering
https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%20%Avira URL Cloudsafe
https://fontawesome.comhttps://fontawesome.comFont0%Avira URL Cloudsafe
https://getbootstrap.com)0%Avira URL Cloudsafe
http://getbootstrap.com)0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
stackpath.bootstrapcdn.com
104.18.10.207
truefalse
    high
    d26p066pn2w0s0.cloudfront.net
    13.32.25.43
    truefalse
      high
      cdnjs.cloudflare.com
      104.16.18.94
      truefalse
        high
        maxcdn.bootstrapcdn.com
        104.18.10.207
        truefalse
          high
          s3.eu-de.cloud-object-storage.appdomain.cloud
          158.177.118.97
          truefalse
            unknown
            ka-f.fontawesome.com
            unknown
            unknownfalse
              high
              code.jquery.com
              unknown
              unknownfalse
                high
                cdn.jsdelivr.net
                unknown
                unknownfalse
                  high
                  pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud
                  unknown
                  unknownfalse
                    unknown
                    kit.fontawesome.com
                    unknown
                    unknownfalse
                      high
                      logo.clearbit.com
                      unknown
                      unknownfalse
                        high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#true
                        • SlashNext: Fake Login Page type: Phishing & Social Engineering
                        unknown
                        https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.pttrue
                          unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://ka-f.fontawesome.com585b051251[1].js.3.drfalse
                            high
                            https://code.jquery.com/jquery-3.2.1.slim.min.js%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drfalse
                              high
                              https://www.jsdelivr.com/using-sri-with-dynamic-filesjquery.session.min[1].js.3.drfalse
                                high
                                https://code.jquery.com/jquery-3.1.1.min.js%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drfalse
                                  high
                                  https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%2{4102B589-9894-11EB-90E5-ECF4BB570DC9}.dat.2.drfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://s3.amazonaws.com/doc/2006-03-01/OSQPDLUI.xml.3.drfalse
                                    high
                                    https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drfalse
                                      high
                                      https://getbootstrap.com/)bootstrap.min[1].js.3.drfalse
                                        high
                                        https://fontawesome.comhttps://fontawesome.comFontfree-fa-regular-400[1].eot.3.dr, free-fa-solid-900[1].eot.3.drfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://code.jquery.com/jquery-3.3.1.js%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drfalse
                                          high
                                          https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drfalse
                                            high
                                            https://fontawesome.com/license/freefree.min[1].css.3.drfalse
                                              high
                                              https://fontawesome.comfree-fa-regular-400[1].eot.3.dr, free.min[1].css.3.drfalse
                                                high
                                                https://kit.fontawesome.com585b051251[1].js.3.drfalse
                                                  high
                                                  https://github.com/twbs/bootstrap/graphs/contributors)bootstrap.min[1].js.3.drfalse
                                                    high
                                                    https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drfalse
                                                      high
                                                      https://getbootstrap.com)bootstrap.min[1].js0.3.drfalse
                                                      • Avira URL Cloud: safe
                                                      low
                                                      http://getbootstrap.com)%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drfalse
                                                      • Avira URL Cloud: safe
                                                      low
                                                      https://cdn.jsdelivr.net/npm/jquery.session%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drfalse
                                                        high
                                                        https://github.com/twbs/bootstrap/blob/master/LICENSE)%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.dr, bootstrap.min[1].js.3.drfalse
                                                          high
                                                          http://opensource.org/licenses/MIT).popper.min[1].js.3.drfalse
                                                            high
                                                            https://kit.fontawesome.com/585b051251.js%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drfalse
                                                              high
                                                              https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm.3.drfalse
                                                                high

                                                                Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                104.18.10.207
                                                                stackpath.bootstrapcdn.comUnited States
                                                                13335CLOUDFLARENETUSfalse
                                                                13.32.25.43
                                                                d26p066pn2w0s0.cloudfront.netUnited States
                                                                7018ATT-INTERNET4USfalse
                                                                104.16.18.94
                                                                cdnjs.cloudflare.comUnited States
                                                                13335CLOUDFLARENETUSfalse
                                                                158.177.118.97
                                                                s3.eu-de.cloud-object-storage.appdomain.cloudUnited States
                                                                36351SOFTLAYERUSfalse

                                                                General Information

                                                                Joe Sandbox Version:31.0.0 Emerald
                                                                Analysis ID:383845
                                                                Start date:08.04.2021
                                                                Start time:10:59:15
                                                                Joe Sandbox Product:CloudBasic
                                                                Overall analysis duration:0h 3m 13s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:light
                                                                Cookbook file name:browseurl.jbs
                                                                Sample URL:https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#ventura.coelho@novobanco.pt
                                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                Number of analysed new started processes analysed:12
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:0
                                                                Technologies:
                                                                • HCA enabled
                                                                • EGA enabled
                                                                • HDC enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Analysis stop reason:Timeout
                                                                Detection:MAL
                                                                Classification:mal64.phis.win@3/22@10/4
                                                                Cookbook Comments:
                                                                • Adjust boot time
                                                                • Enable AMSI
                                                                • Browsing link: https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html#
                                                                Warnings:
                                                                Show All
                                                                • Exclude process from analysis (whitelisted): taskhostw.exe, ielowutil.exe, SgrmBroker.exe, backgroundTaskHost.exe, svchost.exe
                                                                • TCP Packets have been reduced to 100
                                                                • Excluded IPs from analysis (whitelisted): 40.88.32.150, 13.88.21.125, 104.83.120.32, 172.217.168.74, 69.16.175.42, 69.16.175.10, 172.217.168.10, 104.18.23.52, 104.18.22.52, 104.16.86.20, 104.16.87.20, 104.16.89.20, 104.16.85.20, 104.16.88.20, 172.64.203.28, 172.64.202.28, 95.100.54.203, 168.61.161.212, 52.147.198.201, 152.199.19.161
                                                                • Excluded domains from analysis (whitelisted): kit.fontawesome.com.cdn.cloudflare.net, cds.s5x3j6q5.hwcdn.net, fonts.googleapis.com, cdn.jsdelivr.net.cdn.cloudflare.net, fs.microsoft.com, ka-f.fontawesome.com.cdn.cloudflare.net, ajax.googleapis.com, ie9comview.vo.msecnd.net, e1723.g.akamaiedge.net, skypedataprdcolcus17.cloudapp.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e11290.dspg.akamaiedge.net, skypedataprdcoleus16.cloudapp.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, skypedataprdcolwus15.cloudapp.net, cs9.wpc.v0cdn.net
                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.

                                                                Simulations

                                                                Behavior and APIs

                                                                No simulations

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                No context

                                                                Domains

                                                                No context

                                                                ASN

                                                                No context

                                                                JA3 Fingerprints

                                                                No context

                                                                Dropped Files

                                                                No context

                                                                Created / dropped Files

                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4102B587-9894-11EB-90E5-ECF4BB570DC9}.dat
                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                File Type:Microsoft Word Document
                                                                Category:dropped
                                                                Size (bytes):30296
                                                                Entropy (8bit):1.8542181473300787
                                                                Encrypted:false
                                                                SSDEEP:96:rQZDZ6D26ZW6Jt6Xbf6o4fKM693q6CdQ6Xxf6H4G6X:rQZDZM2uWatgf9RMlsqfO8X
                                                                MD5:2C09639FCCE8028552D8CF96CC936135
                                                                SHA1:98FD35F73BD1794EC0E029F987688362F500FE9B
                                                                SHA-256:A9EE60FA456142F2D2E17206C5D2DC6FE4A32949190AC1FB037DF6D45169DC58
                                                                SHA-512:93F61044852F4CF4BA0EDD5A4E601B5B6EC1094594E350B1F649B1A9D13C58EB2ADA1D03C0D9B7C3D9CED21DF2B7795F2031D63EDCB1D8E8FF03D0B4995028D9
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4102B589-9894-11EB-90E5-ECF4BB570DC9}.dat
                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                File Type:Microsoft Word Document
                                                                Category:dropped
                                                                Size (bytes):43872
                                                                Entropy (8bit):2.2872150938939972
                                                                Encrypted:false
                                                                SSDEEP:192:rwZDQS6Ikqjx2JWFMdCIVHvO/o9/62VjIKm0qmOZmKL:rgM9Vkg4GYwP4o9/dtmVmkmi
                                                                MD5:3079BA76AA3E875607C1842ED557CB91
                                                                SHA1:6368DD9F5762D68ACDBE6783426790E8DE95240E
                                                                SHA-256:D8B414CE429527BBE294BCA3DA85F99710FDA26676157990078B5259BCF2C4FB
                                                                SHA-512:1DB29DCA7B328ED329024AE61DF6B2ECF43603E2C5DEA6FC37CCAFB46B024683707E4D1C0399A1D9567E69E0F7D5C43217FF2E78CA3BCD3768A53AABB2377515
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4712D020-9894-11EB-90E5-ECF4BB570DC9}.dat
                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                File Type:Microsoft Word Document
                                                                Category:dropped
                                                                Size (bytes):16984
                                                                Entropy (8bit):1.5630623868273312
                                                                Encrypted:false
                                                                SSDEEP:48:Iwu1GcpreGwpaIG4pQEGrapbSRGQpKSG7HpRmTGIpG:rurZWQY6SBSrA9TSA
                                                                MD5:A7E42AB855566510FEA2E2F0F9A8DDBE
                                                                SHA1:CE10AB402C59D389088DE3BEF8B176D4775D1192
                                                                SHA-256:758B89AB5B0D2B651FBA1E64DB8FA1A0CA90218BB706939264E55EB921ED7405
                                                                SHA-512:05A510C7F9B8EA80F7AD75F8BFA100D23DEB308B2B3A54E9111EE1A725F00AF232D7B44F4272D6F17DEDDF6EA9AC5F9EE1C2384B39798A3186E0A9690B39F9EF
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\bootstrap.min[1].js
                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                File Type:ASCII text, with very long lines
                                                                Category:downloaded
                                                                Size (bytes):51039
                                                                Entropy (8bit):5.247253437401007
                                                                Encrypted:false
                                                                SSDEEP:768:E9Yw7GuJM+HV0cen/7Kh5rM7V4RxCKg8FW/xsXQUd+FiID65r48Hgp5HRl+:E9X7PMIM7V4R5LFAxTWyuHHgp5HRl+
                                                                MD5:67176C242E1BDC20603C878DEE836DF3
                                                                SHA1:27A71B00383D61EF3C489326B3564D698FC1227C
                                                                SHA-256:56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
                                                                SHA-512:9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A
                                                                Malicious:false
                                                                Reputation:low
                                                                IE Cache URL:https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
                                                                Preview: /*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enum
                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\css[1].css
                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                File Type:ASCII text
                                                                Category:downloaded
                                                                Size (bytes):223
                                                                Entropy (8bit):5.142612311542767
                                                                Encrypted:false
                                                                SSDEEP:6:0IFFDK+Q+56ZRWHMqh7izlpdRSRk68k3tg9EFNin:jFI+QO6ZRoMqt6p3Tk9g9CY
                                                                MD5:72C5D331F2135E52DA2A95F7854049A3
                                                                SHA1:572F349BB65758D377CCBAE434350507341ACD7B
                                                                SHA-256:C3A12D7E8F6B2B1F5E4CD0C9938DFC79532AEF90802B424EE910093F156586DA
                                                                SHA-512:9EA12CC277C9858524083FEBBE1A3E61FDECE5268F63B14C9FFAFE29396C7CCDB3B07BE10E829936BCCD8F3B9E39DCFA6BC4316F189E4CEA914F1D06916DB66B
                                                                Malicious:false
                                                                Reputation:low
                                                                IE Cache URL:https://fonts.googleapis.com/css?family=Archivo+Narrow&display=swap
                                                                Preview: @font-face {. font-family: 'Archivo Narrow';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/archivonarrow/v12/tss0ApVBdCYD5Q7hcxTE1ArZ0bbwiXo.woff) format('woff');.}.
                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\free-v4-shims.min[1].css
                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                File Type:ASCII text, with very long lines
                                                                Category:downloaded
                                                                Size (bytes):26701
                                                                Entropy (8bit):4.829823522211244
                                                                Encrypted:false
                                                                SSDEEP:192:dP6hT1bIl4w0QUmQ10PwKLaAu5CwWavpHo4O6wgLPbJVR8XD7mycP:0hal4w0QK+PwK05eavpmgPPeXD7mycP
                                                                MD5:8A99CE81EC2F89FBCA03F2C8CF1A3679
                                                                SHA1:58F9EF32D12A5DA52CBAB7BD518BCC998FC59EF9
                                                                SHA-256:362DAEAF1F7E05FEE9A609E549F148AACBE518C166FBD96EAD69057E295742AF
                                                                SHA-512:930F28449365FAED13718BB8F332625DB110ABB08C3778DC632FDF00A0187A61A086B5EB4765FFC1923B64E2584C02592A213914B024DE6890FF3DBFC3A12FE5
                                                                Malicious:false
                                                                Reputation:low
                                                                IE Cache URL:https://ka-f.fontawesome.com/releases/v5.15.3/css/free-v4-shims.min.css?token=585b051251
                                                                Preview: /*!. * Font Awesome Free 5.15.3 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.fa.fa-glass:before{content:"\f000"}.fa.fa-meetup{font-family:"Font Awesome 5 Brands";font-weight:400}.fa.fa-star-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-star-o:before{content:"\f005"}.fa.fa-close:before,.fa.fa-remove:before{content:"\f00d"}.fa.fa-gear:before{content:"\f013"}.fa.fa-trash-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-trash-o:before{content:"\f2ed"}.fa.fa-file-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-file-o:before{content:"\f15b"}.fa.fa-clock-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-clock-o:before{content:"\f017"}.fa.fa-arrow-circle-o-down{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-arrow-circle-o-down:before{content:"\f358"}.fa.fa-arrow-circle-o-up{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-arro
                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\free.min[1].css
                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                File Type:ASCII text, with very long lines
                                                                Category:downloaded
                                                                Size (bytes):60351
                                                                Entropy (8bit):4.728641238865369
                                                                Encrypted:false
                                                                SSDEEP:768:0Uh31IPiyXNq4YxBowbgJlkwF//zMQyYJYX9Bft6VSz8:0U0PxXE4YXJgndFTfy9lt5Q
                                                                MD5:390B4210E10C744C3C597500BCF0B31A
                                                                SHA1:2600C7C2F25D7DBCBC668231601E426010DC6489
                                                                SHA-256:C2819CA1F7AD1AF7BA53C4EDFDFD395C547BCB16D29892A234D7860C689ED929
                                                                SHA-512:E8A7E466BE8CC092E12994B51A6A8A39E2FBB66DD48221BCF499BB89365B4004D73C1909F8FE0BBBBF13907D5901D76FFE127D92FDD7493853646F83F5985CBE
                                                                Malicious:false
                                                                Reputation:low
                                                                IE Cache URL:https://ka-f.fontawesome.com/releases/v5.15.3/css/free.min.css?token=585b051251
                                                                Preview: /*!. * Font Awesome Free 5.15.3 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pul
                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\novobanco[1].png
                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                File Type:PNG image data, 128 x 25, 8-bit/color RGBA, non-interlaced
                                                                Category:downloaded
                                                                Size (bytes):4079
                                                                Entropy (8bit):7.937439553226231
                                                                Encrypted:false
                                                                SSDEEP:96:EkonmYI1B0fu2tW04eNP1WlNIOtVDi/odhRgR0Fh8FKUeZ1:NomYInZ2I04c1WlNIuViQjORWMKUeZ1
                                                                MD5:882ADCFF6213F4AF637243AD794B0B2C
                                                                SHA1:386BE134FD43FF4428EDA80BB6E56EAD7546C957
                                                                SHA-256:F30F922F66A667568BC25ACE8561196CA0580BB77804F8D4BD484CD817756921
                                                                SHA-512:A530116536A871CCDBDC4898AD7B58199A42C1758529A824D3F06CC96F0D211A929186C07DAF3028DE1A6852664997FB23271D02085017F182ED33FD5059DCC9
                                                                Malicious:false
                                                                Reputation:low
                                                                IE Cache URL:https://logo.clearbit.com/novobanco.pt
                                                                Preview: .PNG........IHDR..............W&@....IDATx..zytU....9wH..(j..3.@.....A.j...b.....OTr....].}}U.[.&AQ.$.R...,.....!..a...Z.$.......[..........Y.....w.;.gpZ....0...8..}..*BaQQ.}]SS....8.0j....n...Y...|.......8=Ph.g......'...|.39.i.....o...:.....r......S.fe.....6Z.....'.(...Q./..f;=6T.K..m...f....c..=+..dCm4._.......[.hk..QX2.D..V..%V=.C@..........b.....f..%.UO.r].4Q.|..9....I..c....F.......$..."%d...n.n..NIy?.p.YCmo...>.+LfFJ>.....P.oP.....(..Pr.Ye.O..{-...s.loX...y{v~........+.$.l.....M....,.y./.}.o..Cw...D..b....7.F#.on.O)...%D..Dt.r3....K..L...>...... ........WW<2.....w.}9!...=.K<...G6....o.b......p.@.3otl...E]....j.U.s...,[?@...[.m.=..k..H.;{..gx...~.....,k|:.r..j./......mO..~..}.c.!T2.q.Y=}d.T....$/....S..|..A....B..i.:.eU...~.3.$...J]...3.H.U,e|..\.....l....4..hPI.2-.....?:$.>ZQ...4...aW..z?....2..-...T..8.. *......y.+`....w.o..L5.A.Z.WF.Ty.e.&..7.+..0.......0..X.i.._{s../.nw..v\.....~.......!"`4...*.._.+.K^...G......y.m|:.'.Dt.
                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523[1].htm
                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                File Type:HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                Category:downloaded
                                                                Size (bytes):136881
                                                                Entropy (8bit):5.2879371700567654
                                                                Encrypted:false
                                                                SSDEEP:768:4sPy3Gxw/Vc/QWlJxtQOIuiHlq5mzI4X8OAduFKbv2ctg2Bd8JP7ecQVvH1FLk0u:lBw/a1fIuiHlq5mN8lDbNmPbw2H
                                                                MD5:12B3656E9F183AF94FBD2A61B26B9AE7
                                                                SHA1:3F44AB6A4BAD668A25131B95BFFC2A9BF4BB9D66
                                                                SHA-256:B4A4921CD5BB26896A9F4246546333B841A5AAA0DC9320B67FE23E72FCCB5056
                                                                SHA-512:FFBB2C49833724B4FE01E79F4122A4F1C3E7A5C5A5325303FDD403DB1DB95C2437A08E2361E8907A5EFCD2D97E9614D6847E6770BFF939D4B47CF1793BB3EB62
                                                                Malicious:false
                                                                Reputation:low
                                                                IE Cache URL:https://pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloud/%2540%2523%2524%2525%255E%2526%2526()(%2526%2526%255E%255E%2525%2525%2524%2524%2524%2523%2523.html
                                                                Preview: .......<!doctype html>..<html lang="en">..<head>.. <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>.. <script src="https://code.jquery.com/jquery-3.1.1.min.js">.. <script src="https://code.jquery.com/jquery-3.3.1.js" integrity="sha256-2Kok7MbOyxpgUVvAk/HJ2jigOSYS2auK4Pfzbm7uH60=" crossorigin="anonymous"></script>.. Required meta tags -->.. <meta charset="utf-8">.. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.. <link rel="icon" type="image/png" sizes="192x192" class="logoimg" href="">.... Bootstrap CSS -->.. <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous"> -->.. <link href="https://fonts.googleapis.com/css?family=Archivo+Narrow&display=swap" rel="stylesheet">.. <script src="https://kit.fontawesome.com/58
                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\585b051251[1].js
                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                File Type:ASCII text, with very long lines
                                                                Category:downloaded
                                                                Size (bytes):10866
                                                                Entropy (8bit):5.182623714755422
                                                                Encrypted:false
                                                                SSDEEP:192:BgHN42S+9SZRvACpiIthFzoXnemF+shSGnZ+PPxQDqv7jh81Q5l8OcchIlzbCn:WRCfhFzevnEZ/h81Q5l8OsE
                                                                MD5:D8CA71772D1E86D5FB9D5E2F6CC1AE70
                                                                SHA1:9B043E60997FE552D652E4474E16AFF923D7AA76
                                                                SHA-256:7D840153F02AD6D91D652354E35B590721916D16C33956631EEF0E7D3B5613EE
                                                                SHA-512:8E9DA8E9AE10EC0EB854A6E488FB4568A960EE10AF46FE4AA49F22F227CB94997F40E49E10A81E341B99489256163A2C0E065730EEA642777061CDA61B4D56C1
                                                                Malicious:false
                                                                Reputation:low
                                                                IE Cache URL:https://kit.fontawesome.com/585b051251.js
                                                                Preview: window.FontAwesomeKitConfig = {"asyncLoading":{"enabled":true},"autoA11y":{"enabled":true},"baseUrl":"https://ka-f.fontawesome.com","baseUrlKit":"https://kit.fontawesome.com","detectConflictsUntil":null,"iconUploads":{},"id":132286382,"license":"free","method":"css","minify":{"enabled":true},"token":"585b051251","v4FontFaceShim":{"enabled":false},"v4shim":{"enabled":true},"version":"5.15.3"};.!function(t){"function"==typeof define&&define.amd?define("kit-loader",t):t()}((function(){"use strict";function t(e){return(t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t})(e)}function e(t,e,n){return e in t?Object.defineProperty(t,e,{value:n,enumerable:!0,configurable:!0,writable:!0}):t[e]=n,t}function n(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter((function(e){return Object.g
                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\bootstrap.min[1].js
                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                File Type:ASCII text, with very long lines
                                                                Category:downloaded
                                                                Size (bytes):48944
                                                                Entropy (8bit):5.272507874206726
                                                                Encrypted:false
                                                                SSDEEP:768:9VG5R15WbHVKZrycEHSYro34CrSLB6WU/6DqBf4l1B:9VIRuo53XiwWTvl1B
                                                                MD5:14D449EB8876FA55E1EF3C2CC52B0C17
                                                                SHA1:A9545831803B1359CFEED47E3B4D6BAE68E40E99
                                                                SHA-256:E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
                                                                SHA-512:00D9069B9BD29AD0DAA0503F341D67549CCE28E888E1AFFD1A2A45B64A4C1BC460D81CFC4751857F991F2F4FB3D2572FD97FCA651BA0C2B0255530209B182F22
                                                                Malicious:false
                                                                Reputation:low
                                                                IE Cache URL:https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
                                                                Preview: /*!. * Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function r(){return(r=Object.assign||function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&e.hasOwnProperty("default")?e.default:e,n=n&&n.hasOwnProp
                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\free-fa-regular-400[1].eot
                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                File Type:Embedded OpenType (EOT), Font Awesome 5 Free Regular family
                                                                Category:downloaded
                                                                Size (bytes):34034
                                                                Entropy (8bit):6.323740915979423
                                                                Encrypted:false
                                                                SSDEEP:384:TsILh/4eF1sQQbC5LbC4TH/s+v4B3Q89h8g6WIHL8ScQU5:TPLZ49tep3/8Bn9vIHL8ScQU5
                                                                MD5:2FF042159499ED1D620A024733E4F65C
                                                                SHA1:2FD0833B9EC62A4BCC13A8E0D23DC150DA0AEA58
                                                                SHA-256:5C46B816B52A8468D6395A1FDA444481AD87779708D2A8CF74674CD2DA068BED
                                                                SHA-512:DB54BAFE1EE611F475ADF5A0724BA801ADA5486D42F3029EDE698706512FEB952EC4AA4DDC804BA9AF88FC5ED34C53F21CB2F3D48249382EC3878A2CDF1012A3
                                                                Malicious:false
                                                                Reputation:low
                                                                IE Cache URL:https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-regular-400.eot?
                                                                Preview: ................................LP..............................................6.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .R.e.g.u.l.a.r.....R.e.g.u.l.a.r...L.3.3.1...5.2.3. .(.F.o.n.t. .A.w.e.s.o.m.e. .v.e.r.s.i.o.n.:. .5...1.5...3.)...6.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .R.e.g.u.l.a.r................PFFTM.._5........GDEF.*..........OS/2A.S....X...`cmap...........gasp............glyf.;y.... ..m\head..........6hhea.5.........$hmtx...t.......Tloca..H.......6maxp.......8... name:.>"..v|...[post.iA...{..........K......_.<..........v|-.....v|3.................................................................................@.................L.f...G.L.f....................................PfEd...............T.........:..... ...................@...........................@...............@...................@.......@...@.......@...@...................................`...............................@...................@....................................................................
                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\free-fa-solid-900[1].eot
                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                File Type:Embedded OpenType (EOT), Font Awesome 5 Free Solid family
                                                                Category:downloaded
                                                                Size (bytes):203030
                                                                Entropy (8bit):6.347367233249361
                                                                Encrypted:false
                                                                SSDEEP:6144:ZtrDdIZG2nqJElpL3im9+3Kz9BngKbtPLLd5Mn:36TnSEl1yt6zzng0Lu
                                                                MD5:D5DE805D9CC4E0665FB04CA2D2336EE8
                                                                SHA1:89D5DBEBA993F33C0B5BE98C0DF0D87B03AD1B37
                                                                SHA-256:BC0CCA590079A0D7921FF7445BB4EBD55928D00ADA1C9E6F41E16918AAFC8171
                                                                SHA-512:576721318162E4E82F50D624EA37382CB52137332FBA5B4A868EB4D67F591CFB5F3E3A35D658EBE0A791625006294CA09C50B61D0A83E96A3E9837E20A233D08
                                                                Malicious:false
                                                                Reputation:low
                                                                IE Cache URL:https://ka-f.fontawesome.com/releases/v5.15.3/webfonts/free-fa-solid-900.eot?
                                                                Preview: ..................................LP........................W.ve..................2.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .S.o.l.i.d.....S.o.l.i.d...L.3.3.1...5.2.3. .(.F.o.n.t. .A.w.e.s.o.m.e. .v.e.r.s.i.o.n.:. .5...1.5...3.)...2.F.o.n.t. .A.w.e.s.o.m.e. .5. .F.r.e.e. .S.o.l.i.d................PFFTM.._6........GDEF.*..........OS/23.V`...X...`cmap.j.4...h....gasp............glyfT....-....lhead..........6hhea.C.-.......$hmtx............loca..jD...8....maxp.N.]...8... name%.1....X...+post..Fa.....1......K..ev.W_.<..........v|......v|3...............................................................Z. ...............@.................L.f...G.L.f....................................PfEd...............T.........:..... ...................................@.......@. .........................@...........@...................................................................................@...........................`.......................@.......@.......@...................................@....
                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\OSQPDLUI.xml
                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                File Type:XML 1.0 document, ASCII text, with very long lines, with no line terminators
                                                                Category:dropped
                                                                Size (bytes):661
                                                                Entropy (8bit):5.506275470187611
                                                                Encrypted:false
                                                                SSDEEP:12:TMHdthfn4DxdEQZXhk9C8dA/oknXfNtRquMXOsjqFBEaD7XQODCfQOECoCnRueor:2dtp4VtZXC9LdINj9psjQEgVDKVEYZ6b
                                                                MD5:9200BCE632BDFA5495790EFCAC51F233
                                                                SHA1:AB03352FF47A2C20EB80CCDD6B4208E93A4B6F21
                                                                SHA-256:733ECF8B65A4755B8B65CB8CC5BC9649CCA2E48500078D30048DB4F809B86CF2
                                                                SHA-512:9761A88D27E99F90528C3F540CEFB1D2E71968A7FD04EE80B7BC03332C695E20D8CC5438F709641B50C7219AF22867D0E767E4103FCA4DDB67310A394C6FE05C
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><ListBucketResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Name>pendingdelivery348scnpf</Name><Prefix></Prefix><Marker></Marker><MaxKeys>1000</MaxKeys><Delimiter></Delimiter><IsTruncated>false</IsTruncated><Contents><Key>%40%23%24%25%5E%26%26()(%26%26%5E%5E%25%25%24%24%24%23%23.html</Key><LastModified>2021-04-01T10:54:07.561Z</LastModified><ETag>"12b3656e9f183af94fbd2a61b26b9ae7"</ETag><Size>136881</Size><Owner><ID>0f0797b5-40a2-486a-b189-258ba7eb56fc</ID><DisplayName>0f0797b5-40a2-486a-b189-258ba7eb56fc</DisplayName></Owner><StorageClass>STANDARD</StorageClass></Contents></ListBucketResult>
                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\jquery-3.1.1.min[1].js
                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                File Type:ASCII text, with very long lines
                                                                Category:downloaded
                                                                Size (bytes):86709
                                                                Entropy (8bit):5.367391365596119
                                                                Encrypted:false
                                                                SSDEEP:1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
                                                                MD5:E071ABDA8FE61194711CFC2AB99FE104
                                                                SHA1:F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
                                                                SHA-256:85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
                                                                SHA-512:53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
                                                                Malicious:false
                                                                Reputation:low
                                                                IE Cache URL:https://code.jquery.com/jquery-3.1.1.min.js
                                                                Preview: /*! jQuery v3.1.1 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con
                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\jquery-3.2.1.slim.min[1].js
                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                File Type:ASCII text, with very long lines
                                                                Category:downloaded
                                                                Size (bytes):69597
                                                                Entropy (8bit):5.369216080582935
                                                                Encrypted:false
                                                                SSDEEP:1536:qNhEyjjTikEJO4edXXe9J578go6MWX2xkjVe4c4j2ll2Ac7pK3F71QDU8CuT:Exc2yjq4j2uYnQDU8CuT
                                                                MD5:5F48FC77CAC90C4778FA24EC9C57F37D
                                                                SHA1:9E89D1515BC4C371B86F4CB1002FD8E377C1829F
                                                                SHA-256:9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
                                                                SHA-512:CAB8C4AFA1D8E3A8B7856EE29AE92566D44CEEAD70C8D533F2C98A976D77D0E1D314719B5C6A473789D8C6B21EBB4B89A6B0EC2E1C9C618FB1437EBC77D3A269
                                                                Malicious:false
                                                                Reputation:low
                                                                IE Cache URL:https://code.jquery.com/jquery-3.2.1.slim.min.js
                                                                Preview: /*! jQuery v3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-event/ajax,-effects,-effects/Tween,-effects/animatedSelector | (c) JS Foundation and other contributors | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_e
                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\jquery.min[1].js
                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                File Type:ASCII text, with very long lines
                                                                Category:downloaded
                                                                Size (bytes):85578
                                                                Entropy (8bit):5.366055229017455
                                                                Encrypted:false
                                                                SSDEEP:1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
                                                                MD5:2F6B11A7E914718E0290410E85366FE9
                                                                SHA1:69BB69E25CA7D5EF0935317584E6153F3FD9A88C
                                                                SHA-256:05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
                                                                SHA-512:0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
                                                                Malicious:false
                                                                Reputation:low
                                                                IE Cache URL:https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
                                                                Preview: /*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call
                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\jquery.session.min[1].js
                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                File Type:ASCII text, with very long lines
                                                                Category:downloaded
                                                                Size (bytes):2333
                                                                Entropy (8bit):5.3037723566289285
                                                                Encrypted:false
                                                                SSDEEP:48:tLSLSwAvdOnljQOAtQDIDoK0oKtxunwLKu61hUd1FnifsnU9Jla6N9QQdgIv:tL4SmPAiDkqxZG/C6ECgIv
                                                                MD5:C0AC9C9487D60DE96DC68DBB25BD8DD6
                                                                SHA1:99419B0BE4B85422FF84870E54DBD8A52DC6DAB1
                                                                SHA-256:76AD6584AC5BDD459939DC7532FAE7C2BDD8E22D773FF16D2306F42A1FFC569C
                                                                SHA-512:C62F8DF47104F7B878772DCCA4AEA04D11AB1144E73492BF5E49B9FC92582EB23C7F7ED8A580214F7772506A47602815311D2F3EE3AC3C9B8AA4AADE319BA1D7
                                                                Malicious:false
                                                                Reputation:low
                                                                IE Cache URL:https://cdn.jsdelivr.net/npm/jquery.session@1.0.0/jquery.session.min.js
                                                                Preview: /**. * Minified by jsDelivr using UglifyJS v3.0.24.. * Original file: /npm/jquery.session@1.0.0/jquery.session.js. * . * Do NOT use SRI with dynamically generated files! More information: https://www.jsdelivr.com/using-sri-with-dynamic-files. */.!function(e){e.session={_id:null,_cookieCache:void 0,_init:function(){window.name||(window.name=Math.random()),this._id=window.name,this._initCache();var e=new RegExp(this._generatePrefix()+"=([^;]+);").exec(document.cookie);if(e&&document.location.protocol!==e[1]){this._clearSession();for(var t in this._cookieCache)try{window.sessionStorage.setItem(t,this._cookieCache[t])}catch(e){}}document.cookie=this._generatePrefix()+"="+document.location.protocol+";path=/;expires="+new Date((new Date).getTime()+12e4).toUTCString()},_generatePrefix:function(){return"__session:"+this._id+":"},_initCache:function(){var e=document.cookie.split(";");this._cookieCache={};for(var t in e){var i=e[t].split("=");new RegExp(this._generatePrefix()+".+").test(i[0])&&i
                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\popper.min[1].js
                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                File Type:ASCII text, with very long lines
                                                                Category:downloaded
                                                                Size (bytes):19188
                                                                Entropy (8bit):5.212814407014048
                                                                Encrypted:false
                                                                SSDEEP:384:+CbuG4xGNoDic2UjKPafxwC5b/4xQviOJU7QzxzivDdE3pcGdjkd/9jt3B+Kb964:zb4xGmiJfaf7gxQvVU7eziv+cSjknZ3f
                                                                MD5:70D3FDA195602FE8B75E0097EED74DDE
                                                                SHA1:C3B977AA4B8DFB69D651E07015031D385DED964B
                                                                SHA-256:A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
                                                                SHA-512:51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14
                                                                Malicious:false
                                                                Reputation:low
                                                                IE Cache URL:https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
                                                                Preview: /*. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode||e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio
                                                                C:\Users\user\AppData\Local\Temp\~DF105FD21E7ABA7E2E.TMP
                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):13029
                                                                Entropy (8bit):0.4803378324678475
                                                                Encrypted:false
                                                                SSDEEP:24:c9lLh9lLh9lIn9lIn9lo6s9lo689lW6JLk:kBqoI6X6x6O
                                                                MD5:149FBB3591652C0AF923FFEFEAC9F9F2
                                                                SHA1:43B1CF8ABEC760127A7A910E902410E30B1498BF
                                                                SHA-256:ADAFBAD9F14FE56CFFF077D3D15D4DB23FF60D774D32BCD3603CD7A4AD34FB15
                                                                SHA-512:6DE52EC8EB8A2C5CAF303A58C5CF6245148970B6C0842DC48A74FAC634647D0ADC28D991B11CF3D6006357098D483306DC3F4DC1DE05BB698ABD00699DF8617C
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                C:\Users\user\AppData\Local\Temp\~DFC3C1BC5AD8F6D885.TMP
                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):50755
                                                                Entropy (8bit):0.8205419065877129
                                                                Encrypted:false
                                                                SSDEEP:96:kBqoxKAuvScS+iEOnUqUMzmlMzxMzD/mbMzUDMzsMzm+Mz+4G9SMzDRbMzpmQMzS:kBqoxKAuqR+iEOnUqIz/o9/cemMm
                                                                MD5:BB0103CE1A6223EBACC91E6DBABCF891
                                                                SHA1:507BA1024582813F497D1500B7C23D6F5EC47CFB
                                                                SHA-256:A5266266656E97769987671B37CA54DD011529247A0572B3A5A1A6C15DAEA1C2
                                                                SHA-512:D24E6533A045E039F695A6550DD6D740AAE6D3BE9C28BA055A0A592F23EC28CE3FA18EFBCCDC91AF462701DE78D7721298E9446A03035259CB46163BE4DF5E93
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                C:\Users\user\AppData\Local\Temp\~DFDAC7FEA86EE98ECF.TMP
                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):25441
                                                                Entropy (8bit):0.27918767598683664
                                                                Encrypted:false
                                                                SSDEEP:24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
                                                                MD5:AB889A32AB9ACD33E816C2422337C69A
                                                                SHA1:1190C6B34DED2D295827C2A88310D10A8B90B59B
                                                                SHA-256:4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
                                                                SHA-512:BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                Static File Info

                                                                No static file info

                                                                Network Behavior

                                                                Network Port Distribution

                                                                TCP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Apr 8, 2021 11:00:12.288345098 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.288353920 CEST49701443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.321197987 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.321230888 CEST44349701158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.321434021 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.323839903 CEST49701443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.332381010 CEST49701443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.332451105 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.365427017 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.365489006 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.365514994 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.365531921 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.365643024 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.365668058 CEST44349701158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.365701914 CEST44349701158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.365706921 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.365775108 CEST44349701158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.365787029 CEST49701443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.365796089 CEST44349701158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.365819931 CEST49701443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.365860939 CEST49701443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.398407936 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.398619890 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.398750067 CEST44349701158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.398849010 CEST49701443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.453663111 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.453691006 CEST49701443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.463023901 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.492526054 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.492758036 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.492799997 CEST44349701158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.492897987 CEST49701443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.501869917 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.501914978 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.501938105 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.501964092 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.501988888 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.502012014 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.502034903 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.502049923 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.502058983 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.502082109 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.502131939 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.502177954 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.502234936 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.502257109 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.502326965 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.502384901 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.502438068 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.502458096 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.502512932 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.534923077 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.534982920 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535010099 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535037994 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535063982 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535088062 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535111904 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535131931 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.535134077 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535157919 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535181999 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535183907 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.535204887 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535226107 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.535233021 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535253048 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.535257101 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535290956 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.535317898 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.535339117 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535392046 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.535439968 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535465002 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535492897 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.535501957 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535511971 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.535550117 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.535578012 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535602093 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535628080 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535631895 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.535653114 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535655022 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.535676956 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.535680056 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535701036 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.535706997 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535726070 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.535731077 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535752058 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535758018 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.535774946 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.535777092 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535800934 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.535825014 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.535825968 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.535868883 CEST49702443192.168.2.5158.177.118.97
                                                                Apr 8, 2021 11:00:12.568263054 CEST44349702158.177.118.97192.168.2.5
                                                                Apr 8, 2021 11:00:12.568312883 CEST44349702158.177.118.97192.168.2.5

                                                                UDP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Apr 8, 2021 11:00:07.764519930 CEST4955753192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:07.781152964 CEST53495578.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:08.675750017 CEST6173353192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:08.688731909 CEST53617338.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:10.829020023 CEST6544753192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:10.842592001 CEST53654478.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:12.253360033 CEST5244153192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:12.276051044 CEST53524418.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:12.810266972 CEST6217653192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:12.822832108 CEST53621768.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:12.880878925 CEST5959653192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:12.882910013 CEST6529653192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:12.893567085 CEST53595968.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:12.895569086 CEST53652968.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:12.958467960 CEST6318353192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:12.971174955 CEST53631838.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:13.009102106 CEST6015153192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:13.021701097 CEST53601518.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:13.141686916 CEST5696953192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:13.146478891 CEST5516153192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:13.165457010 CEST53551618.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:13.171691895 CEST53569698.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:13.204453945 CEST5475753192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:13.223170996 CEST53547578.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:13.670351982 CEST4999253192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:13.683104992 CEST53499928.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:14.951759100 CEST6007553192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:14.971440077 CEST53600758.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:23.658374071 CEST5501653192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:23.677087069 CEST53550168.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:29.118576050 CEST6434553192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:29.142258883 CEST53643458.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:34.741512060 CEST5712853192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:34.754457951 CEST53571288.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:35.737076998 CEST5479153192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:35.750508070 CEST53547918.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:40.805149078 CEST5046353192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:40.818733931 CEST53504638.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:41.634048939 CEST5039453192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:41.647481918 CEST53503948.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:41.809273005 CEST5046353192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:41.821999073 CEST53504638.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:42.637799978 CEST5039453192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:42.650234938 CEST53503948.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:42.809206009 CEST5046353192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:42.822449923 CEST53504638.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:43.653003931 CEST5039453192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:43.666280031 CEST53503948.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:44.825711012 CEST5046353192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:44.839063883 CEST53504638.8.8.8192.168.2.5
                                                                Apr 8, 2021 11:00:45.668951988 CEST5039453192.168.2.58.8.8.8
                                                                Apr 8, 2021 11:00:45.682543039 CEST53503948.8.8.8192.168.2.5

                                                                DNS Queries

                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                Apr 8, 2021 11:00:12.253360033 CEST192.168.2.58.8.8.80x8696Standard query (0)pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloudA (IP address)IN (0x0001)
                                                                Apr 8, 2021 11:00:12.880878925 CEST192.168.2.58.8.8.80xf51bStandard query (0)code.jquery.comA (IP address)IN (0x0001)
                                                                Apr 8, 2021 11:00:12.958467960 CEST192.168.2.58.8.8.80x83d9Standard query (0)kit.fontawesome.comA (IP address)IN (0x0001)
                                                                Apr 8, 2021 11:00:13.009102106 CEST192.168.2.58.8.8.80xf0e2Standard query (0)cdnjs.cloudflare.comA (IP address)IN (0x0001)
                                                                Apr 8, 2021 11:00:13.141686916 CEST192.168.2.58.8.8.80xac3bStandard query (0)maxcdn.bootstrapcdn.comA (IP address)IN (0x0001)
                                                                Apr 8, 2021 11:00:13.146478891 CEST192.168.2.58.8.8.80x8f31Standard query (0)stackpath.bootstrapcdn.comA (IP address)IN (0x0001)
                                                                Apr 8, 2021 11:00:13.204453945 CEST192.168.2.58.8.8.80x35c7Standard query (0)cdn.jsdelivr.netA (IP address)IN (0x0001)
                                                                Apr 8, 2021 11:00:13.670351982 CEST192.168.2.58.8.8.80xeaf9Standard query (0)ka-f.fontawesome.comA (IP address)IN (0x0001)
                                                                Apr 8, 2021 11:00:14.951759100 CEST192.168.2.58.8.8.80xa3f2Standard query (0)logo.clearbit.comA (IP address)IN (0x0001)
                                                                Apr 8, 2021 11:00:29.118576050 CEST192.168.2.58.8.8.80xdb17Standard query (0)pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.cloudA (IP address)IN (0x0001)

                                                                DNS Answers

                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                Apr 8, 2021 11:00:12.276051044 CEST8.8.8.8192.168.2.50x8696No error (0)pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.clouds3.eu-de.cloud-object-storage.appdomain.cloudCNAME (Canonical name)IN (0x0001)
                                                                Apr 8, 2021 11:00:12.276051044 CEST8.8.8.8192.168.2.50x8696No error (0)s3.eu-de.cloud-object-storage.appdomain.cloud158.177.118.97A (IP address)IN (0x0001)
                                                                Apr 8, 2021 11:00:12.893567085 CEST8.8.8.8192.168.2.50xf51bNo error (0)code.jquery.comcds.s5x3j6q5.hwcdn.netCNAME (Canonical name)IN (0x0001)
                                                                Apr 8, 2021 11:00:12.971174955 CEST8.8.8.8192.168.2.50x83d9No error (0)kit.fontawesome.comkit.fontawesome.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                Apr 8, 2021 11:00:13.021701097 CEST8.8.8.8192.168.2.50xf0e2No error (0)cdnjs.cloudflare.com104.16.18.94A (IP address)IN (0x0001)
                                                                Apr 8, 2021 11:00:13.021701097 CEST8.8.8.8192.168.2.50xf0e2No error (0)cdnjs.cloudflare.com104.16.19.94A (IP address)IN (0x0001)
                                                                Apr 8, 2021 11:00:13.165457010 CEST8.8.8.8192.168.2.50x8f31No error (0)stackpath.bootstrapcdn.com104.18.10.207A (IP address)IN (0x0001)
                                                                Apr 8, 2021 11:00:13.165457010 CEST8.8.8.8192.168.2.50x8f31No error (0)stackpath.bootstrapcdn.com104.18.11.207A (IP address)IN (0x0001)
                                                                Apr 8, 2021 11:00:13.171691895 CEST8.8.8.8192.168.2.50xac3bNo error (0)maxcdn.bootstrapcdn.com104.18.10.207A (IP address)IN (0x0001)
                                                                Apr 8, 2021 11:00:13.171691895 CEST8.8.8.8192.168.2.50xac3bNo error (0)maxcdn.bootstrapcdn.com104.18.11.207A (IP address)IN (0x0001)
                                                                Apr 8, 2021 11:00:13.223170996 CEST8.8.8.8192.168.2.50x35c7No error (0)cdn.jsdelivr.netcdn.jsdelivr.net.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                Apr 8, 2021 11:00:13.683104992 CEST8.8.8.8192.168.2.50xeaf9No error (0)ka-f.fontawesome.comka-f.fontawesome.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                Apr 8, 2021 11:00:14.971440077 CEST8.8.8.8192.168.2.50xa3f2No error (0)logo.clearbit.comd26p066pn2w0s0.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                Apr 8, 2021 11:00:14.971440077 CEST8.8.8.8192.168.2.50xa3f2No error (0)d26p066pn2w0s0.cloudfront.net13.32.25.43A (IP address)IN (0x0001)
                                                                Apr 8, 2021 11:00:14.971440077 CEST8.8.8.8192.168.2.50xa3f2No error (0)d26p066pn2w0s0.cloudfront.net13.32.25.60A (IP address)IN (0x0001)
                                                                Apr 8, 2021 11:00:14.971440077 CEST8.8.8.8192.168.2.50xa3f2No error (0)d26p066pn2w0s0.cloudfront.net13.32.25.80A (IP address)IN (0x0001)
                                                                Apr 8, 2021 11:00:14.971440077 CEST8.8.8.8192.168.2.50xa3f2No error (0)d26p066pn2w0s0.cloudfront.net13.32.25.101A (IP address)IN (0x0001)
                                                                Apr 8, 2021 11:00:29.142258883 CEST8.8.8.8192.168.2.50xdb17No error (0)pendingdelivery348scnpf.s3.eu-de.cloud-object-storage.appdomain.clouds3.eu-de.cloud-object-storage.appdomain.cloudCNAME (Canonical name)IN (0x0001)
                                                                Apr 8, 2021 11:00:29.142258883 CEST8.8.8.8192.168.2.50xdb17No error (0)s3.eu-de.cloud-object-storage.appdomain.cloud158.177.118.97A (IP address)IN (0x0001)

                                                                HTTPS Packets

                                                                TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                Apr 8, 2021 11:00:13.087450027 CEST104.16.18.94443192.168.2.549711CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEWed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                                Apr 8, 2021 11:00:13.146941900 CEST104.16.18.94443192.168.2.549712CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEWed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                                Apr 8, 2021 11:00:13.233441114 CEST104.18.10.207443192.168.2.549713CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                                Apr 8, 2021 11:00:13.234277964 CEST104.18.10.207443192.168.2.549715CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                                Apr 8, 2021 11:00:13.235784054 CEST104.18.10.207443192.168.2.549714CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                                Apr 8, 2021 11:00:13.235930920 CEST104.18.10.207443192.168.2.549716CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                                Apr 8, 2021 11:00:15.023288012 CEST13.32.25.43443192.168.2.549721CN=clearbit.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed May 20 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009Sun Jun 20 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                CN=Amazon, OU=Server CA 1B, O=Amazon, C=USCN=Amazon Root CA 1, O=Amazon, C=USThu Oct 22 02:00:00 CEST 2015Sun Oct 19 02:00:00 CEST 2025
                                                                CN=Amazon Root CA 1, O=Amazon, C=USCN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USMon May 25 14:00:00 CEST 2015Thu Dec 31 02:00:00 CET 2037
                                                                CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 02 02:00:00 CEST 2009Wed Jun 28 19:39:16 CEST 2034
                                                                Apr 8, 2021 11:00:15.025095940 CEST13.32.25.43443192.168.2.549722CN=clearbit.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed May 20 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009Sun Jun 20 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,09e10692f1b7f78228b2d4e424db3a98c
                                                                CN=Amazon, OU=Server CA 1B, O=Amazon, C=USCN=Amazon Root CA 1, O=Amazon, C=USThu Oct 22 02:00:00 CEST 2015Sun Oct 19 02:00:00 CEST 2025
                                                                CN=Amazon Root CA 1, O=Amazon, C=USCN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USMon May 25 14:00:00 CEST 2015Thu Dec 31 02:00:00 CET 2037
                                                                CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 02 02:00:00 CEST 2009Wed Jun 28 19:39:16 CEST 2034

                                                                Code Manipulations

                                                                Statistics

                                                                Behavior

                                                                Click to jump to process

                                                                System Behavior

                                                                General

                                                                Start time:11:00:08
                                                                Start date:08/04/2021
                                                                Path:C:\Program Files\internet explorer\iexplore.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                                                                Imagebase:0x7ff792cb0000
                                                                File size:823560 bytes
                                                                MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:low

                                                                General

                                                                Start time:11:00:09
                                                                Start date:08/04/2021
                                                                Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1628 CREDAT:17410 /prefetch:2
                                                                Imagebase:0xa00000
                                                                File size:822536 bytes
                                                                MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:low

                                                                Disassembly

                                                                Reset < >