Play interactive tour

Edit tour

Analysis Report http://nicklaussglen.buzz/011

Overview

General Information

Sample URL:	http://nicklaussglen.buzz/011
Analysis ID:	384875
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Phishing site detected (based on shot template match)

Yara detected HtmlPhish10

Yara detected HtmlPhish7

Phishing site detected (based on various OCR indicators)

HTML body contains low number of good links

HTML title does not match URL

Classification

Startup

System is w10x64

iexplore.exe (PID: 4600 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 3924 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4600 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\011[1].htm	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\011[1].htm	JoeSecurity_HtmlPhish_7	Yara detected HtmlPhish_7	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: http://nicklaussglen.buzz/011

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Antivirus detection for URL or domain

Show sources

Source: https://nicklaussglen.buzz/011/

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Phishing site detected (based on shot template match)

Show sources

Source: https://nicklaussglen.buzz/011/

Matcher: Template: outlook matched

Yara detected HtmlPhish10

Show sources

Source: Yara match	File source: 301389.pages.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\011[1].htm, type: DROPPED

Yara detected HtmlPhish7

Show sources

Source: Yara match	File source: 301389.pages.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\011[1].htm, type: DROPPED

Phishing site detected (based on various OCR indicators)

Show sources

Source: Screenshots	OCR Text: dL Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. Sign in with Outlook Sign in with Office365 OO Sign in with Other Mail Select your email provider to view Document CopyRight 2020 Adobe.
Source: Screenshots	OCR Text: UdLE u Edleu; yi jUt cucu otmj ^rv1 '"'qy"' <:= e https//nicklaussglen.buu/011/ G nicklaussglen.buux Hi - [I X X\|Sarh...JO-Grtk@ G . e https//nicklaussglen.buzz1011/ e Share Point Onlinex [I 0 0 CSearch... ,E dL Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. Sign in with Outlook Sign in with Office365 OO Sign in with Other Mail Select your email provider to view Document CopyRight 2020 Adobe. X JO-GjCUC1 e https//nicklaussglen.buzz1011/ e Share Point Onlinex [I 0 0 CSearch... ,E dL Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. Sign in with Outlook Sign in with Office365 OO Sign in with Other Mail Select your email provider to view Document CopyRight 2020 Adobe. X JO-GjCUC1

Source: https://nicklaussglen.buzz/011/	HTTP Parser: Number of links: 0
Source: https://nicklaussglen.buzz/011/	HTTP Parser: Number of links: 0

Source: https://nicklaussglen.buzz/011/	HTTP Parser: Title: Share Point Online does not match URL
Source: https://nicklaussglen.buzz/011/	HTTP Parser: Title: Share Point Online does not match URL

Source: https://nicklaussglen.buzz/011/	HTTP Parser: No <meta name="author".. found
Source: https://nicklaussglen.buzz/011/	HTTP Parser: No <meta name="author".. found

Source: https://nicklaussglen.buzz/011/	HTTP Parser: No <meta name="copyright".. found
Source: https://nicklaussglen.buzz/011/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: unknown	HTTPS traffic detected: 104.21.95.21:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.21:443 -> 192.168.2.3:49735 version: TLS 1.2

Source: global traffic	HTTP traffic detected: GET /011 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: nicklaussglen.buzzConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /011/ HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: nicklaussglen.buzz

Source: unknown

DNS traffic detected: queries for: nicklaussglen.buzz

Source: hover[1].css.2.dr	String found in binary or memory: http://ianlunn.co.uk/
Source: hover[1].css.2.dr	String found in binary or memory: http://ianlunn.github.io/Hover/)
Source: popper.min[1].js.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: 011[1].htm.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: 011[1].htm.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: 011[1].htm.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: 011[1].htm.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: 011[1].htm.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: free.min[1].css.2.dr	String found in binary or memory: https://fontawesome.com
Source: free.min[1].css.2.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: 011[1].htm.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Yellowtail&display=swap
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/yellowtail/v11/OZpGg_pnoDtINPfRIlLohlvHxw.woff)
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: hover[1].css.2.dr	String found in binary or memory: https://github.com/IanLunn/Hover
Source: bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: 585b051251[1].js.2.dr	String found in binary or memory: https://ka-f.fontawesome.com
Source: 585b051251[1].js.2.dr	String found in binary or memory: https://kit.fontawesome.com
Source: 011[1].htm.2.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: 011[1].htm.2.dr	String found in binary or memory: https://login.microsoftonline.com/common/login
Source: 011[1].htm.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: 011[1].htm.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: ~DF4835BC9D9DDAD3A2.TMP.1.dr	String found in binary or memory: https://nicklaussglen.buzz/011/
Source: ~DF4835BC9D9DDAD3A2.TMP.1.dr	String found in binary or memory: https://nicklaussglen.buzz/011/$Share
Source: {C585FDE6-99CC-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://nicklaussglen.buzz/011/Root

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 104.21.95.21:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.95.21:443 -> 192.168.2.3:49735 version: TLS 1.2

Source: classification engine

Classification label: mal84.phis.win@3/26@7/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF3B2F4095378D9A2A.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4600 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4600 CREDAT:17410 /prefetch:2

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol2	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer1	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://nicklaussglen.buzz/011	0%	Virustotal		Browse
http://nicklaussglen.buzz/011	0%	Avira URL Cloud	safe
http://nicklaussglen.buzz/011	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://nicklaussglen.buzz/011/	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering
http://ianlunn.github.io/Hover/)	0%	Avira URL Cloud	safe
https://nicklaussglen.buzz/011/Root	0%	Avira URL Cloud	safe
http://nicklaussglen.buzz/011/	0%	Avira URL Cloud	safe
https://getbootstrap.com)	0%	Avira URL Cloud	safe
https://nicklaussglen.buzz/011/$Share	0%	Avira URL Cloud	safe
http://ianlunn.co.uk/	0%	URL Reputation	safe
http://ianlunn.co.uk/	0%	URL Reputation	safe
http://ianlunn.co.uk/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
nicklaussglen.buzz	104.21.95.21	true	true	unknown
cdnjs.cloudflare.com	104.16.19.94	true	false	high
maxcdn.bootstrapcdn.com	104.18.11.207	true	false	high
ka-f.fontawesome.com	unknown	unknown	false	high
code.jquery.com	unknown	unknown	false	high
kit.fontawesome.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://nicklaussglen.buzz/011/	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
http://nicklaussglen.buzz/011	true		unknown
http://nicklaussglen.buzz/011/	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://ianlunn.github.io/Hover/)	hover[1].css.2.dr	false	Avira URL Cloud: safe	unknown
https://ka-f.fontawesome.com	585b051251[1].js.2.dr	false		high
https://code.jquery.com/jquery-3.2.1.slim.min.js	011[1].htm.2.dr	false		high
https://code.jquery.com/jquery-3.1.1.min.js	011[1].htm.2.dr	false		high
https://nicklaussglen.buzz/011/	~DF4835BC9D9DDAD3A2.TMP.1.dr	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://code.jquery.com/jquery-3.3.1.js	011[1].htm.2.dr	false		high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css	011[1].htm.2.dr	false		high
https://fontawesome.com/license/free	free.min[1].css.2.dr	false		high
https://fontawesome.com	free.min[1].css.2.dr	false		high
https://nicklaussglen.buzz/011/Root	{C585FDE6-99CC-11EB-90E4-ECF4BB862DED}.dat.1.dr	true	Avira URL Cloud: safe	unknown
https://kit.fontawesome.com	585b051251[1].js.2.dr	false		high
https://github.com/twbs/bootstrap/graphs/contributors)	bootstrap.min[1].js.2.dr	false		high
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	011[1].htm.2.dr	false		high
https://login.microsoftonline.com/common/login	011[1].htm.2.dr	false		high
https://getbootstrap.com)	bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr	false	Avira URL Cloud: safe	low
https://nicklaussglen.buzz/011/$Share	~DF4835BC9D9DDAD3A2.TMP.1.dr	true	Avira URL Cloud: safe	unknown
http://ianlunn.co.uk/	hover[1].css.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://github.com/twbs/bootstrap/blob/master/LICENSE)	bootstrap.min[1].js.2.dr, bootstrap.min[1].css.2.dr	false		high
https://github.com/IanLunn/Hover	hover[1].css.2.dr	false		high
http://opensource.org/licenses/MIT).	popper.min[1].js.2.dr	false		high
https://kit.fontawesome.com/585b051251.js	011[1].htm.2.dr	false		high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	011[1].htm.2.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.11.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
104.21.95.21	nicklaussglen.buzz	United States	13335	CLOUDFLARENETUS	true
104.16.19.94	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	384875
Start date:	10.04.2021
Start time:	00:16:30
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 2m 38s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	http://nicklaussglen.buzz/011
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal84.phis.win@3/26@7/3
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 104.43.139.144, 13.64.90.137, 52.147.198.201, 13.88.21.125, 104.83.120.32, 69.16.175.10, 69.16.175.42, 172.217.168.10, 104.18.23.52, 104.18.22.52, 172.64.203.28, 172.64.202.28, 52.255.188.83, 20.82.210.154, 23.10.249.43, 23.10.249.26, 152.199.19.161, 23.54.113.104 Excluded domains from analysis (whitelisted): cds.s5x3j6q5.hwcdn.net, arc.msn.com.nsatc.net, ka-f.fontawesome.com.cdn.cloudflare.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, kit.fontawesome.com.cdn.cloudflare.net, skypedataprdcolwus17.cloudapp.net, fonts.googleapis.com, fs.microsoft.com, ajax.googleapis.com, ie9comview.vo.msecnd.net, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, skypedataprdcoleus16.cloudapp.net, skypedataprdcoleus17.cloudapp.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus15.cloudapp.net, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C585FDE4-99CC-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.854171144703057
Encrypted:	false
SSDEEP:	192:rwZ8ZW2XW6t0xfsyP0MFHkDNOuWbfuGJyaEX:rg8tmS4Nu8uEuGu
MD5:	150F7C2C5ACECB8692481B3F5D5D9D83
SHA1:	80346CE92834E602CE15ABE3F207DCA0380B48ED
SHA-256:	FE8A1AF1620EF3A25FC6426B8B6167EE663BDA43F29ABEB475DE9996DD769443
SHA-512:	8D24C4AD5FADEA39192BEB2E3C5D6E55EB848031BC61E37B0F739AAA08E01D6F8FEA0EF9934F76225C5C14D3025CE475246E5EA79EB45747B2116CB1C5C01B4C
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C585FDE6-99CC-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	27338
Entropy (8bit):	1.7567954483604622
Encrypted:	false
SSDEEP:	96:rEZrQP6VBS3j92FWXMTwic/jib+FZXiJbh5zr:rEZrQP6Vk3j92FWXMTwi2jib+FZXiRr
MD5:	2F05553C3EFF2A3513AA6C66A48D8FF0
SHA1:	F9E2CA3874B730DBC30429CE864C1D4AAEBAA3B2
SHA-256:	FDD3CAEA0C2D3FE8F9C64B0C625257DFE1BA459177526110195FB823BD07C76A
SHA-512:	4E55BED838FD223B6E594AB49DF3F0AC2DE752A494A97BA68D4E9A48729443C948E30C028B42490577ECC42195943464C85C9D8D459B92AE6B7D55F786DD3980
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C585FDE7-99CC-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5651341096044085
Encrypted:	false
SSDEEP:	48:IwbGcprmGwpaHG4pQDGrapbS/GQpKBG7HpRoQTGIpG:rBZ+Qp6nBSpAwToEA
MD5:	6EC22A923B47CEB6453C3873812FD3BD
SHA1:	F04F7D0C8A60B980FEFE351C07C1E686D5295E5F
SHA-256:	6F55FE708CF7BE114A9B26B23473BD6D6ABD82750FAA24B9E006B90F4F20A493
SHA-512:	E17C3C7DEF7390F52BD48703826A0CF3113E64E139B70C1CFC8BD8F729393AE201CA955DF4FDA44E44078D45FC7D4103E81E5952FB67C897354F6DEFEE8EB017
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\011[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	11777
Entropy (8bit):	4.8159515725639555
Encrypted:	false
SSDEEP:	192:K2FI5vEJKnYmrDfG4RywAOT+UY/t4IdtWPtY:1nmRnAKyt48tZ
MD5:	6D1D3C4FD92B63CC534BE0EDF3AF18DC
SHA1:	5F5442FEB5BE60239F185E969C45050A7DBADE2A
SHA-256:	65ADCB045AEFB4D0028A6AF36EC9D42BBD4DAE9AFF2CF85810BB4A6F44D4B25C
SHA-512:	2D42684CF0A44E262C958172C2446974A4AE9B8D17F7208A5FCB690964EE0D56FEB157B9AB6166B8F94FBDCBA027271C36B66784655E8FD96CE0B5522FE71AA2
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\011[1].htm, Author: Joe Security Rule: JoeSecurity_HtmlPhish_7, Description: Yara detected HtmlPhish_7, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\011[1].htm, Author: Joe Security
Reputation:	low
IE Cache URL:	https://nicklaussglen.buzz/011/
Preview:	...<!doctype html>..<html lang="en">..<head>.. <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>.. <script src="https://code.jquery.com/jquery-3.1.1.min.js">.. <script src="https://code.jquery.com/jquery-3.3.1.js" integrity="sha256-2Kok7MbOyxpgUVvAk/HJ2jigOSYS2auK4Pfzbm7uH60=" crossorigin="anonymous"></script>.. Required meta tags -->.. <meta charset="utf-8">.. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.... Bootstrap CSS -->.. <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">.. <link href="https://fonts.googleapis.com/css?family=Yellowtail&display=swap" rel="stylesheet">.. <script src="https://kit.fontawesome.com/585b051251.js" crossorigin="anonymous"></script>.. <title>Share Point Online</title>.. <link

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\585b051251[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	10866
Entropy (8bit):	5.182623714755422
Encrypted:	false
SSDEEP:	192:BgHN42S+9SZRvACpiIthFzoXnemF+shSGnZ+PPxQDqv7jh81Q5l8OcchIlzbCn:WRCfhFzevnEZ/h81Q5l8OsE
MD5:	D8CA71772D1E86D5FB9D5E2F6CC1AE70
SHA1:	9B043E60997FE552D652E4474E16AFF923D7AA76
SHA-256:	7D840153F02AD6D91D652354E35B590721916D16C33956631EEF0E7D3B5613EE
SHA-512:	8E9DA8E9AE10EC0EB854A6E488FB4568A960EE10AF46FE4AA49F22F227CB94997F40E49E10A81E341B99489256163A2C0E065730EEA642777061CDA61B4D56C1
Malicious:	false
Reputation:	low
IE Cache URL:	https://kit.fontawesome.com/585b051251.js
Preview:	window.FontAwesomeKitConfig = {"asyncLoading":{"enabled":true},"autoA11y":{"enabled":true},"baseUrl":"https://ka-f.fontawesome.com","baseUrlKit":"https://kit.fontawesome.com","detectConflictsUntil":null,"iconUploads":{},"id":132286382,"license":"free","method":"css","minify":{"enabled":true},"token":"585b051251","v4FontFaceShim":{"enabled":false},"v4shim":{"enabled":true},"version":"5.15.3"};.!function(t){"function"==typeof define&&define.amd?define("kit-loader",t):t()}((function(){"use strict";function t(e){return(t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t})(e)}function e(t,e,n){return e in t?Object.defineProperty(t,e,{value:n,enumerable:!0,configurable:!0,writable:!0}):t[e]=n,t}function n(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter((function(e){return Object.g

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	211
Entropy (8bit):	5.026484232218891
Encrypted:	false
SSDEEP:	6:0IFFwKh+56ZRWHMqh7izlpdBEoKOEEJTONin:jFWmO6ZRoMqt6p3EondOY
MD5:	04F7435B2672FBE66984EA436E7087C6
SHA1:	44896875E69B297EB979CC0D3E8522D872656BA8
SHA-256:	F9088C15A062F0C7708C3864C5E261A2E4961DFEB0F150DF744FAEC2E3B74AD6
SHA-512:	9A1D01A7FAC3D6B205CFA37C05A93AFA9D903D4D35DCB16E31D3A31D19CD65B8DE5D66E626BC7F70D07841C779E20CD2C2DD6254824F96DE0E8E576E156F1C7D
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.googleapis.com/css?family=Yellowtail&display=swap
Preview:	@font-face {. font-family: 'Yellowtail';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/yellowtail/v11/OZpGg_pnoDtINPfRIlLohlvHxw.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery-3.1.1.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
Reputation:	low
IE Cache URL:	https://code.jquery.com/jquery-3.1.1.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery-3.2.1.slim.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	69597
Entropy (8bit):	5.369216080582935
Encrypted:	false
SSDEEP:	1536:qNhEyjjTikEJO4edXXe9J578go6MWX2xkjVe4c4j2ll2Ac7pK3F71QDU8CuT:Exc2yjq4j2uYnQDU8CuT
MD5:	5F48FC77CAC90C4778FA24EC9C57F37D
SHA1:	9E89D1515BC4C371B86F4CB1002FD8E377C1829F
SHA-256:	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
SHA-512:	CAB8C4AFA1D8E3A8B7856EE29AE92566D44CEEAD70C8D533F2C98A976D77D0E1D314719B5C6A473789D8C6B21EBB4B89A6B0EC2E1C9C618FB1437EBC77D3A269
Malicious:	false
Reputation:	low
IE Cache URL:	https://code.jquery.com/jquery-3.2.1.slim.min.js
Preview:	/! jQuery v3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-event/ajax,-effects,-effects/Tween,-effects/animatedSelector \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_e

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\011[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5
Entropy (8bit):	1.5219280948873621
Encrypted:	false
SSDEEP:	3:hn:h
MD5:	FDA44910DEB1A460BE4AC5D56D61D837
SHA1:	F6D0C643351580307B2EAA6A7560E76965496BC7
SHA-256:	933B971C6388D594A23FA1559825DB5BEC8ADE2DB1240AA8FC9D0C684949E8C9
SHA-512:	57DDA9AA7C29F960CD7948A4E4567844D3289FA729E9E388E7F4EDCBDF16BF6A94536598B4F9FF8942849F1F96BD3C00BC24A75E748A36FBF2A145F63BF904C1
Malicious:	false
Reputation:	low
Preview:	0....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\8[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, big-endian, direntries=12, height=709, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1200], baseline, precision 8, 1200x646, frames 3
Category:	downloaded
Size (bytes):	161118
Entropy (8bit):	7.5594351594508185
Encrypted:	false
SSDEEP:	3072:WucfAcwuKGuN2q/gSsqnk4br5XUGpppLqfmazv7l04J:OMuKbYOF355XEuAv7lnJ
MD5:	F17B5B1163EFB6D2D47DE6BAE6D3A9CD
SHA1:	6D6964B34BC44C6D2B106ADE1AE675985B96D012
SHA-256:	7829F065E0E10C8466F3D57766E0719421B7B652F6A1082F21B98702F1B28A30
SHA-512:	7C0CBEF1D3CAE66A18C74544E593803C2EEC56817E762A385D54437BC7D597B2598886B0C0EDF72C6E934E9F146CEFC89392A492DB5425A1071E61CA1F156855
Malicious:	false
Reputation:	low
IE Cache URL:	https://nicklaussglen.buzz/011/images/8.jpg
Preview:	......Exif..MM.*.......................................................................................................(...........1.....".....2..........i.............$............'.......'.Adobe Photoshop CC 2015 (Windows).2020:01:21 13:41:42.............0221...................................................................r...........z.(.................................%.......H.......H..........Adobe_CM......Adobe.d.................................................................................................................................................V...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......q..KJG..x.."....]..TX...[^.m...R.......X.5..j?p.A.RI%0...MN.$..@.4

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bootstrap.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	144877
Entropy (8bit):	5.049937202697915
Encrypted:	false
SSDEEP:	1536:GcoqwrUPyDHU7c7TcDEBi82NcuSELL4d/+oENM6HN26Q:VoPgPard2oENM6HN26Q
MD5:	450FC463B8B1A349DF717056FBB3E078
SHA1:	895125A4522A3B10EE7ADA06EE6503587CBF95C5
SHA-256:	2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
SHA-512:	93BF1ED5F6D8B34F53413A86EFD4A925D578C97ABC757EA871F3F46F340745E4126C48219D2E8040713605B64A9ECF7AD986AA8102F5EA5ECF9228801D962F5D
Malicious:	false
Reputation:	low
IE Cache URL:	https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Preview:	/!. Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors. * Copyright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). /:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace},::after,::before{box-sizing:border-box}html{font-family:sans

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\gmail[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	66743
Entropy (8bit):	7.712342056984168
Encrypted:	false
SSDEEP:	1536:FxqKcVqezl0vLoYxEuKoYk5LHjGkT3b1mQOEj0+R+EH:FsK2qezl0zoYxEuKo7CYrOb+Rb
MD5:	DCE2F2B0E50CB1DBB0246D152791CB46
SHA1:	D0A69C159304EDC08DB005163E7A0DAF5A1E98A6
SHA-256:	ACF087C1757F08B0CFD53D59066544D7EF0BFCC50999E77C5813739CD9DC1479
SHA-512:	91054B36EF1673B24E4FE3DC324CBE339F4E9EB72785A6A4C355C7B2A11A9A7C6E188FF9BF5B34FFDD2805D4BBED71EF6CA4975EE3E330FD8D8E383ED64B28EE
Malicious:	false
Reputation:	low
IE Cache URL:	https://nicklaussglen.buzz/011/images/gmail.png
Preview:	.PNG........IHDR.....................sBIT....\|.d.....pHYs............/....tEXtSoftware.www.inkscape.org..<... .IDATx...{x.u.....I.sS..9Q(..J.L&.$..V\|........#.."...Zw.eEQv.Q..U.A]9Vh..I8...H2)`....i.....).....f.y....L.pu...{n..........................................................................................................................................................................................................................................................................................................................................................................................................@Is..... mj=...X<65....U.l.b.t.U...mR...e..P.i.$.i2U..@N1.f...i.s...cf.../....2ev.`..%.\|.o...s..j..l.B....V&..s;b..Pfg......!...:..5....$.@...I0.=.lY.......a...B.4g... T.9Wif..R..o.R.t'.0...?G.9i...L...*..&..s.Vgnkhn...;p[.0.5.........$......P......^".HL.M...@.p..;04....9.&.(i....9.sK..=&.'$m........f..1..'...f2.Uww......PH....@..xq....k.2..l.Luf..s5..`.\|

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jquery.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
IE Cache URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\adobe[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x400, frames 3
Category:	downloaded
Size (bytes):	30925
Entropy (8bit):	7.75667128400845
Encrypted:	false
SSDEEP:	768:nuowBuvTpjgz+wqrPZ2qh8fmyjlX6RqnxgYqwNL:nuPOpjgzPqrPZRYZGnYqYL
MD5:	BE5274AF7D8BD25B8148A190FF515399
SHA1:	B8D0850FD92EE935287E17988B89E53607808C8C
SHA-256:	26C62DBDF527B8DCBF378EA62F129CBBBA3B244730687909BA21ECD729C9D2E6
SHA-512:	64893C625BE72783088575E36EF26FF4573243F32601BDA754EDA72B7515063B5E4E4831697D16AC663529C910AE12CCD145BEC530F2A9BAE4D9324301C65667
Malicious:	false
Reputation:	low
IE Cache URL:	https://nicklaussglen.buzz/011/images/adobe.jpg
Preview:	......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..g........\|?....".+......_.......4...R...'..q..~...n.7...........QXJ<...=...^.V'@U..E..5....Uz........IE.PTe.}/p.y.......T.<...-T..\|...b.=.#IU..~....{O/...b..E..............X...G...?........\|......._....M..g.................T~g.......<.....T~g......3$.=._..IU.K..^.E...=.#U.._[X.R..=W...1..........QTr.\....*.7..?..6.9K..^.E.Ps.\...........%W..y...g)s[KX)<......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\free-v4-shims.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	26701
Entropy (8bit):	4.829823522211244
Encrypted:	false
SSDEEP:	192:dP6hT1bIl4w0QUmQ10PwKLaAu5CwWavpHo4O6wgLPbJVR8XD7mycP:0hal4w0QK+PwK05eavpmgPPeXD7mycP
MD5:	8A99CE81EC2F89FBCA03F2C8CF1A3679
SHA1:	58F9EF32D12A5DA52CBAB7BD518BCC998FC59EF9
SHA-256:	362DAEAF1F7E05FEE9A609E549F148AACBE518C166FBD96EAD69057E295742AF
SHA-512:	930F28449365FAED13718BB8F332625DB110ABB08C3778DC632FDF00A0187A61A086B5EB4765FFC1923B64E2584C02592A213914B024DE6890FF3DBFC3A12FE5
Malicious:	false
Reputation:	low
IE Cache URL:	https://ka-f.fontawesome.com/releases/v5.15.3/css/free-v4-shims.min.css?token=585b051251
Preview:	/!. Font Awesome Free 5.15.3 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.fa.fa-glass:before{content:"\f000"}.fa.fa-meetup{font-family:"Font Awesome 5 Brands";font-weight:400}.fa.fa-star-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-star-o:before{content:"\f005"}.fa.fa-close:before,.fa.fa-remove:before{content:"\f00d"}.fa.fa-gear:before{content:"\f013"}.fa.fa-trash-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-trash-o:before{content:"\f2ed"}.fa.fa-file-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-file-o:before{content:"\f15b"}.fa.fa-clock-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-clock-o:before{content:"\f017"}.fa.fa-arrow-circle-o-down{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-arrow-circle-o-down:before{content:"\f358"}.fa.fa-arrow-circle-o-up{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-arro

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\free.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	60351
Entropy (8bit):	4.728641238865369
Encrypted:	false
SSDEEP:	768:0Uh31IPiyXNq4YxBowbgJlkwF//zMQyYJYX9Bft6VSz8:0U0PxXE4YXJgndFTfy9lt5Q
MD5:	390B4210E10C744C3C597500BCF0B31A
SHA1:	2600C7C2F25D7DBCBC668231601E426010DC6489
SHA-256:	C2819CA1F7AD1AF7BA53C4EDFDFD395C547BCB16D29892A234D7860C689ED929
SHA-512:	E8A7E466BE8CC092E12994B51A6A8A39E2FBB66DD48221BCF499BB89365B4004D73C1909F8FE0BBBBF13907D5901D76FFE127D92FDD7493853646F83F5985CBE
Malicious:	false
Reputation:	low
IE Cache URL:	https://ka-f.fontawesome.com/releases/v5.15.3/css/free.min.css?token=585b051251
Preview:	/!. Font Awesome Free 5.15.3 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pul

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\hover[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	114697
Entropy (8bit):	4.9296726009523
Encrypted:	false
SSDEEP:	1536:67O7EesvXIPRX4PT8aZv8qoXIoqbTFaFeTxvyAZ+D7M71D:qXIPRX4PT3
MD5:	FAC4178C15E5A86139C662DAFC809501
SHA1:	EF1481841399156A880EC31B07DDA9CFAA1ACE39
SHA-256:	BB88454962767EB6F2DDB1AABAAF844D8A57DE7E8F848D7F6928F81B54998452
SHA-512:	0902219B6E236FBF9D8173D1D452C8733C1BF67B0EB906CC9866EA0C27C2D08F6DA556D01475E9B54E2C6CE797B230BFBD5F39055CE0C71EA4D3E36872C378D9
Malicious:	false
Reputation:	low
IE Cache URL:	https://nicklaussglen.buzz/011/css/hover.css
Preview:	/!. Hover.css (http://ianlunn.github.io/Hover/). * Version: 2.3.2. * Author: Ian Lunn @IanLunn. * Author URL: http://ianlunn.co.uk/. * Github: https://github.com/IanLunn/Hover.. * Hover.css Copyright Ian Lunn 2017. Generated with Sass.. /./ 2D TRANSITIONS /./ Grow /..hvr-grow {. display: inline-block;. vertical-align: middle;. -webkit-transform: perspective(1px) translateZ(0);. transform: perspective(1px) translateZ(0);. box-shadow: 0 0 1px rgba(0, 0, 0, 0);. -webkit-transition-duration: 0.3s;. transition-duration: 0.3s;. -webkit-transition-property: transform;. transition-property: transform;.}..hvr-grow:hover, .hvr-grow:focus, .hvr-grow:active {. -webkit-transform: scale(1.1);. transform: scale(1.1);.}../ Shrink */..hvr-shrink {. display: inline-block;. vertical-align: middle;. -webkit-transform: perspective(1px) translateZ(0);. transform: perspective(1px) translateZ(0);. box-shadow: 0 0 1px rgba(0, 0, 0, 0);. -webkit-transition-duration: 0.3s;. transition-

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\outlook1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	771
Entropy (8bit):	7.682244426935498
Encrypted:	false
SSDEEP:	24:74yiH9yQmOntihdLl00qDeu1BcaDa0oljZG0:omOntO7v/uJDYG0
MD5:	C3FC46C5799C76F9107504028F39190F
SHA1:	519096AD3F03410CF9CE3C9B9FCCA6B439D97B23
SHA-256:	57898461712A639D119BDF88B7145919DCC8956C7A271D2E4A1084B29EAE6785
SHA-512:	DF4A0A2F78B2013035FB738BF405119B275D4CFEC31A23071EB9AF499D5F31FDC4BE22754CE791C975D7D417E908B5CAD16F962B0ADD3DFDCDE19844D74F6678
Malicious:	false
Reputation:	low
IE Cache URL:	https://nicklaussglen.buzz/011/images/outlook1.png
Preview:	.PNG........IHDR..............JL.....bKGD..............IDATH....k.A..k6.b.F1..H@...j@.aQ...(.. .. ........ .A..D...I......E......1...W...;;.Y.d.}].U5]..x"3?....!..A..y..+R2\...m.NX.=..p.0...d.^.3......J.Z.X.).....P\..x1.3.M.0....m.........F....?...n.......l.Fo)x._ R\|.s..a.T?...?.=.9.Y..u....z..\|.....Wz...h..<..P.. ...$.Y......k`/4.y/......L.C......."....U....7....G...'h.....1j1E..%t.....@..a.......b.ED-.Tn.<..o.D...o..(.{1l>........".4a.:k.I./.7t./.Q-'..>.. ......'3eb..d.@=4...C....A...;..N.X3.(.......,v...+...S...W..l...@,...j.).u<..@u..0...V&.b.yp.....0..o.?..V..B =.~&m"r(...6;EP.T.......h.m".[f.U)\|t..2.Q.....g.cP.W...D..[.O>..d;.yI.{/..#v.._..$.Q.......t\E..5i.q._.."/n...v.w..Uo ...#..S....^.....F..+._??.r.......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\011[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5
Entropy (8bit):	1.5219280948873621
Encrypted:	false
SSDEEP:	3:hn:h
MD5:	FDA44910DEB1A460BE4AC5D56D61D837
SHA1:	F6D0C643351580307B2EAA6A7560E76965496BC7
SHA-256:	933B971C6388D594A23FA1559825DB5BEC8ADE2DB1240AA8FC9D0C684949E8C9
SHA-512:	57DDA9AA7C29F960CD7948A4E4567844D3289FA729E9E388E7F4EDCBDF16BF6A94536598B4F9FF8942849F1F96BD3C00BC24A75E748A36FBF2A145F63BF904C1
Malicious:	false
Reputation:	low
Preview:	0....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\bootstrap.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	48944
Entropy (8bit):	5.272507874206726
Encrypted:	false
SSDEEP:	768:9VG5R15WbHVKZrycEHSYro34CrSLB6WU/6DqBf4l1B:9VIRuo53XiwWTvl1B
MD5:	14D449EB8876FA55E1EF3C2CC52B0C17
SHA1:	A9545831803B1359CFEED47E3B4D6BAE68E40E99
SHA-256:	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
SHA-512:	00D9069B9BD29AD0DAA0503F341D67549CCE28E888E1AFFD1A2A45B64A4C1BC460D81CFC4751857F991F2F4FB3D2572FD97FCA651BA0C2B0255530209B182F22
Malicious:	false
Reputation:	low
IE Cache URL:	https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Preview:	/!. Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function r(){return(r=Object.assign\|\|function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&e.hasOwnProperty("default")?e.default:e,n=n&&n.hasOwnProp

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\office3651[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 187 x 188, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	18025
Entropy (8bit):	3.011161251318808
Encrypted:	false
SSDEEP:	96:2S+WvkiqJq6Uq7NXrNG+GHhsc5yeFZV9D2Ydcx/NTV0K0VFDsCmm:2SJkiOq6Uq75shDs1kFP
MD5:	FE22440D79FFA34950F512EF4A718B2A
SHA1:	0E147E59544EE6580D3095353D4420849FA5EB8A
SHA-256:	A2F26B68A6C8810C1AEB4048C938F835A86BA83756A7A440F989B967E78F3BA8
SHA-512:	64218ECD4140DC05E50EB7BA4C9813794B8B5A4310C8308244205BA6ADA8EE7C2D1840121730A00800E41775241D8AFA02125A966064CD0EB2CC7D3E4605B81C
Malicious:	false
Reputation:	low
IE Cache URL:	https://nicklaussglen.buzz/011/images/office3651.png
Preview:	.PNG........IHDR............. .......pHYs...............<eiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2015 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2020-01-18T21:49:38+05:00</xmp:CreateDate>. <xmp:MetadataDate>2020-01-21T14:30:14+05:00</xmp:MetadataDate>. <x

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\other1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 190 x 187, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	21882
Entropy (8bit):	4.268463452779894
Encrypted:	false
SSDEEP:	192:ESCkiDw7e9Mg/wio0EYm9FWyo2XdJfXoOZdEDfmiIJQdiRVi/WTanY:DBiDw7eAdq+FWyo2/fXoZbDIJ0ci/BnY
MD5:	6843A244E12FAB158AA189680B5E7049
SHA1:	0E1C691F87CC4FA35C88344974F2829C40176B70
SHA-256:	3A9B144D6482B78AFC4E0A940A1D3C22240F14FA535B808CF4DAB9635339569F
SHA-512:	145010C45B6B83EA4005EB367C0507959FF0817E482F19E9973504081ACAE1B7827CBD1172CEC7732B13F4E0CEC058271BD6700444FBCF61FB6A3C068A3744C4
Malicious:	false
Reputation:	low
IE Cache URL:	https://nicklaussglen.buzz/011/images/other1.png
Preview:	.PNG........IHDR..............$.... cHRM..z&..............u0...`..:....p..Q<....sRGB.........gAMA......a.....pHYs...............:.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2015 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2020-01-18T21:59:57+05:00</xmp:CreateDate>. <

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\popper.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	19188
Entropy (8bit):	5.212814407014048
Encrypted:	false
SSDEEP:	384:+CbuG4xGNoDic2UjKPafxwC5b/4xQviOJU7QzxzivDdE3pcGdjkd/9jt3B+Kb964:zb4xGmiJfaf7gxQvVU7eziv+cSjknZ3f
MD5:	70D3FDA195602FE8B75E0097EED74DDE
SHA1:	C3B977AA4B8DFB69D651E07015031D385DED964B
SHA-256:	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
SHA-512:	51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Preview:	/. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. /(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode\|\|e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto\|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio

C:\Users\user\AppData\Local\Temp\~DF3B2F4095378D9A2A.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.47929066277830873
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9louF9loS9lW/EQgmdUde:kBqoINL/HgmdUde
MD5:	BE6460E3176CBFE7238553F38CF72740
SHA1:	650D2CAD1874608E04DA66847FD58BB04F78DBA2
SHA-256:	77B7FA378307533DFC644805E39A9A31E30716B133E448BFF34C017E2C7D5F0F
SHA-512:	3F406041E1B1F51DF246480E82FBE81CEEDB5AA6958BFE459147FCA027B70593B1D34CBACC21CFB3A70BBAC295E19084CA0A16AC990EB0F203F50A0851324A36
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF4835BC9D9DDAD3A2.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	35099
Entropy (8bit):	0.45445961432724474
Encrypted:	false
SSDEEP:	48:kBqoxKAuvScS+MqwRdIdkXWFvWwFfGFWwFDFdFGFw0b:kBqoxKAuvScS+MqwRa2ib+FZXiJb
MD5:	4EAFB7D28BAA15E477D83065667408B5
SHA1:	E274DAFFBE9A03F21777C72034713B188B04B2D0
SHA-256:	4F9397E98D8EDD62265ED524284ED295C07A4B4A9146F7F02DB88F19D1DB1354
SHA-512:	EEB25C4707E7C798E79571B3CDA103E08BAFEB1F62FBE6DDC2551113A0EE503B4779F298B144C35402470CF92586216E08DF475DCD9C461E03C943FAC76035F5
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF4A49C1F6EF59D352.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.27918767598683664
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
MD5:	AB889A32AB9ACD33E816C2422337C69A
SHA1:	1190C6B34DED2D295827C2A88310D10A8B90B59B
SHA-256:	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
SHA-512:	BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 10, 2021 00:17:15.984282017 CEST	49710	80	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:15.984293938 CEST	49711	80	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.002224922 CEST	80	49710	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.002259970 CEST	80	49711	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.002331018 CEST	49710	80	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.002419949 CEST	49711	80	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.003499031 CEST	49710	80	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.021168947 CEST	80	49710	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.029452085 CEST	80	49710	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.029572964 CEST	49710	80	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.042804956 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.060600996 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.060759068 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.067353964 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.084999084 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.089323044 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.089364052 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.089488983 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.089534998 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.129630089 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.136203051 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.136312008 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.148046017 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.148324966 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.148351908 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.148468971 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.148507118 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.149488926 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.154613018 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.154792070 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.154886007 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.167464018 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.369358063 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.369434118 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.369561911 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.369606018 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.375473976 CEST	49710	80	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.393640041 CEST	80	49710	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.397280931 CEST	80	49710	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.397521019 CEST	49710	80	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.403372049 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.461899042 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.630280018 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.630326986 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.630345106 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.630377054 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.630403996 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.630429029 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.630456924 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.630565882 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.630620956 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.730027914 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.732824087 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.736169100 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.740959883 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.741964102 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.744318008 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.747507095 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.750747919 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.753582954 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.756658077 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.756685019 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.756726027 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.756764889 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.756787062 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.756791115 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.756836891 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.756844044 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.756849051 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.757497072 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.757538080 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.757560968 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.757579088 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.757602930 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.757616997 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.757639885 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.757678032 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.758167982 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.758235931 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.758307934 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.758351088 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.758372068 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.758389950 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.758419991 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.758450031 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.759058952 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.759103060 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.759140968 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.759145021 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.759179115 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.759180069 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.759221077 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.759237051 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.759855986 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.759912968 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.759928942 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.759951115 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.759968042 CEST	49712	443	192.168.2.3	104.21.95.21
Apr 10, 2021 00:17:16.759991884 CEST	443	49712	104.21.95.21	192.168.2.3
Apr 10, 2021 00:17:16.760010004 CEST	49712	443	192.168.2.3	104.21.95.21

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 10, 2021 00:17:08.601862907 CEST	64938	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:08.615231037 CEST	53	64938	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:09.337903976 CEST	60152	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:09.351531029 CEST	53	60152	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:10.425553083 CEST	57544	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:10.438942909 CEST	53	57544	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:11.045741081 CEST	55984	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:11.058773994 CEST	53	55984	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:12.411380053 CEST	64185	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:12.424478054 CEST	53	64185	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:13.125421047 CEST	65110	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:13.138593912 CEST	53	65110	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:13.882462025 CEST	58361	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:13.895211935 CEST	53	58361	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:14.588515043 CEST	63492	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:14.601453066 CEST	53	63492	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:14.924166918 CEST	60831	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:14.941849947 CEST	53	60831	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:15.901992083 CEST	60100	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:15.914664030 CEST	53	60100	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:15.947616100 CEST	53195	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:15.974951982 CEST	53	53195	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:16.685595036 CEST	50141	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:16.686876059 CEST	53023	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:16.698905945 CEST	53	53023	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:16.699733973 CEST	53	50141	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:16.725142002 CEST	49563	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:16.728542089 CEST	51352	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:16.741470098 CEST	53	51352	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:16.744553089 CEST	59349	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:16.754240990 CEST	57084	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:16.755388021 CEST	53	49563	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:16.763444901 CEST	53	59349	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:16.767327070 CEST	53	57084	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:17.069026947 CEST	58823	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:17.089916945 CEST	53	58823	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:17.456768036 CEST	57568	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:17.469834089 CEST	53	57568	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:19.250731945 CEST	50540	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:19.262767076 CEST	53	50540	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:19.911346912 CEST	54366	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:19.923731089 CEST	53	54366	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:20.566735983 CEST	53034	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:20.579533100 CEST	53	53034	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:21.513093948 CEST	57762	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:21.526026011 CEST	53	57762	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:22.507426977 CEST	55435	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:22.520308018 CEST	53	55435	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:23.774375916 CEST	50713	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:23.788073063 CEST	53	50713	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:24.474343061 CEST	56132	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:24.486455917 CEST	53	56132	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:32.311511040 CEST	58987	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:32.348990917 CEST	53	58987	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:40.768899918 CEST	56579	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:40.782361031 CEST	53	56579	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:43.015077114 CEST	60633	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:43.033801079 CEST	53	60633	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:44.910641909 CEST	61292	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:44.926364899 CEST	53	61292	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:45.596895933 CEST	63619	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:45.610358000 CEST	53	63619	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:45.914288044 CEST	61292	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:45.926647902 CEST	53	61292	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:46.533019066 CEST	64938	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:46.559047937 CEST	53	64938	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:46.586165905 CEST	63619	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:46.599109888 CEST	53	63619	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:46.929933071 CEST	61292	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:46.942768097 CEST	53	61292	8.8.8.8	192.168.2.3
Apr 10, 2021 00:17:47.601984978 CEST	63619	53	192.168.2.3	8.8.8.8
Apr 10, 2021 00:17:47.614890099 CEST	53	63619	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Apr 10, 2021 00:17:15.947616100 CEST	192.168.2.3	8.8.8.8	0x7918	Standard query (0)	nicklaussglen.buzz	A (IP address)	IN (0x0001)
Apr 10, 2021 00:17:16.686876059 CEST	192.168.2.3	8.8.8.8	0xbad3	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)
Apr 10, 2021 00:17:16.725142002 CEST	192.168.2.3	8.8.8.8	0x7f41	Standard query (0)	maxcdn.bootstrapcdn.com	A (IP address)	IN (0x0001)
Apr 10, 2021 00:17:16.744553089 CEST	192.168.2.3	8.8.8.8	0x7e27	Standard query (0)	kit.fontawesome.com	A (IP address)	IN (0x0001)
Apr 10, 2021 00:17:16.754240990 CEST	192.168.2.3	8.8.8.8	0x44e5	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)
Apr 10, 2021 00:17:17.069026947 CEST	192.168.2.3	8.8.8.8	0x5129	Standard query (0)	ka-f.fontawesome.com	A (IP address)	IN (0x0001)
Apr 10, 2021 00:17:32.311511040 CEST	192.168.2.3	8.8.8.8	0x9836	Standard query (0)	nicklaussglen.buzz	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Apr 10, 2021 00:17:15.974951982 CEST	8.8.8.8	192.168.2.3	0x7918	No error (0)	nicklaussglen.buzz		104.21.95.21	A (IP address)	IN (0x0001)
Apr 10, 2021 00:17:15.974951982 CEST	8.8.8.8	192.168.2.3	0x7918	No error (0)	nicklaussglen.buzz		172.67.169.45	A (IP address)	IN (0x0001)
Apr 10, 2021 00:17:16.698905945 CEST	8.8.8.8	192.168.2.3	0xbad3	No error (0)	code.jquery.com	cds.s5x3j6q5.hwcdn.net		CNAME (Canonical name)	IN (0x0001)
Apr 10, 2021 00:17:16.755388021 CEST	8.8.8.8	192.168.2.3	0x7f41	No error (0)	maxcdn.bootstrapcdn.com		104.18.11.207	A (IP address)	IN (0x0001)
Apr 10, 2021 00:17:16.755388021 CEST	8.8.8.8	192.168.2.3	0x7f41	No error (0)	maxcdn.bootstrapcdn.com		104.18.10.207	A (IP address)	IN (0x0001)
Apr 10, 2021 00:17:16.763444901 CEST	8.8.8.8	192.168.2.3	0x7e27	No error (0)	kit.fontawesome.com	kit.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Apr 10, 2021 00:17:16.767327070 CEST	8.8.8.8	192.168.2.3	0x44e5	No error (0)	cdnjs.cloudflare.com		104.16.19.94	A (IP address)	IN (0x0001)
Apr 10, 2021 00:17:16.767327070 CEST	8.8.8.8	192.168.2.3	0x44e5	No error (0)	cdnjs.cloudflare.com		104.16.18.94	A (IP address)	IN (0x0001)
Apr 10, 2021 00:17:17.089916945 CEST	8.8.8.8	192.168.2.3	0x5129	No error (0)	ka-f.fontawesome.com	ka-f.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Apr 10, 2021 00:17:32.348990917 CEST	8.8.8.8	192.168.2.3	0x9836	No error (0)	nicklaussglen.buzz		104.21.95.21	A (IP address)	IN (0x0001)
Apr 10, 2021 00:17:32.348990917 CEST	8.8.8.8	192.168.2.3	0x9836	No error (0)	nicklaussglen.buzz		172.67.169.45	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

nicklaussglen.buzz

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49710	104.21.95.21	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Apr 10, 2021 00:17:16.003499031 CEST	308	OUT	GET /011 HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: nicklaussglen.buzz Connection: Keep-Alive
Apr 10, 2021 00:17:16.029452085 CEST	309	IN	HTTP/1.1 301 Moved Permanently Date: Fri, 09 Apr 2021 22:17:16 GMT Transfer-Encoding: chunked Connection: keep-alive Cache-Control: max-age=3600 Expires: Fri, 09 Apr 2021 23:17:16 GMT Location: https://nicklaussglen.buzz/011 cf-request-id: 095a4f0deb00004a80f29ec000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=KJKL12t93w7KwytHwCl3p07oaN69EdqUZV20LxxRYF0drF2%2BLqoR4NtRoMnpvfzxFx%2BJqO%2FDVnarba4VZDX7RoXBRhjzZqds6484gFRzhuPN3b4%3D"}],"max_age":604800,"group":"cf-nel"} NEL: {"max_age":604800,"report_to":"cf-nel"} Vary: Accept-Encoding Server: cloudflare CF-RAY: 63d71ac31d294a80-FRA alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Apr 10, 2021 00:17:16.375473976 CEST	320	OUT	GET /011/ HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Connection: Keep-Alive Host: nicklaussglen.buzz
Apr 10, 2021 00:17:16.397280931 CEST	321	IN	HTTP/1.1 301 Moved Permanently Date: Fri, 09 Apr 2021 22:17:16 GMT Transfer-Encoding: chunked Connection: keep-alive Cache-Control: max-age=3600 Expires: Fri, 09 Apr 2021 23:17:16 GMT Location: https://nicklaussglen.buzz/011/ cf-request-id: 095a4f0f5f00004a80be32e000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PHV5%2BGQCdzsq7qN66EqJ6VSAuXbg44EijZfqP02bkD3uC4evqt9C7ac8%2BrcQs0CZZTVv1WLiyFd6EjnwV4%2F%2BwKMrltDF8ep0iuXnjIT%2FR63%2F9mQ%3D"}],"max_age":604800,"group":"cf-nel"} NEL: {"max_age":604800,"report_to":"cf-nel"} Vary: Accept-Encoding Server: cloudflare CF-RAY: 63d71ac568ac4a80-FRA alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Apr 10, 2021 00:17:16.089364052 CEST	104.21.95.21	443	192.168.2.3	49712	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Fri Apr 09 02:00:00 CEST 2021 Mon Jan 27 13:48:08 CET 2020	Sat Apr 09 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 10, 2021 00:17:16.089364052 CEST	104.21.95.21	443	192.168.2.3	49712	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Apr 10, 2021 00:17:16.844897985 CEST	104.16.19.94	443	192.168.2.3	49720	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 10, 2021 00:17:16.844897985 CEST	104.16.19.94	443	192.168.2.3	49720	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Apr 10, 2021 00:17:16.849229097 CEST	104.16.19.94	443	192.168.2.3	49719	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 10, 2021 00:17:16.849229097 CEST	104.16.19.94	443	192.168.2.3	49719	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Apr 10, 2021 00:17:16.869184971 CEST	104.18.11.207	443	192.168.2.3	49723	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 10, 2021 00:17:16.869184971 CEST	104.18.11.207	443	192.168.2.3	49723	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Apr 10, 2021 00:17:16.870007992 CEST	104.18.11.207	443	192.168.2.3	49724	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 10, 2021 00:17:16.870007992 CEST	104.18.11.207	443	192.168.2.3	49724	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Apr 10, 2021 00:17:32.396564960 CEST	104.21.95.21	443	192.168.2.3	49735	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Fri Apr 09 02:00:00 CEST 2021 Mon Jan 27 13:48:08 CET 2020	Sat Apr 09 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Apr 10, 2021 00:17:32.396564960 CEST	104.21.95.21	443	192.168.2.3	49735	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		37f463bf4616ecd445d4a1937da06e19

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 4600 Parent PID: 792

General

Start time:	00:17:13
Start date:	10/04/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff659270000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: iexplore.exe PID: 3924 Parent PID: 4600

General

Start time:	00:17:14
Start date:	10/04/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4600 CREDAT:17410 /prefetch:2
Imagebase:	0xb0000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report http://nicklaussglen.buzz/011

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 4600 Parent PID: 792

General

Analysis Process: iexplore.exe PID: 3924 Parent PID: 4600

General

Disassembly