Play interactive tour

Edit tour

Analysis Report $108,459.00.shtml

Overview

General Information

Sample Name:	$108,459.00.shtml (renamed file extension from shtml to html)
Analysis ID:	384937
MD5:	244f3030958bcfe1db9bb77edd6ecaf3
SHA1:	95ebb217144ec973ce3b9c0ebaa9b4fde83be41d
SHA256:	fb2b7bf2039d05913895b5ec2ef8ea20ba02ebbc00e1596d7468074410525b2b
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Yara detected HtmlPhish10

HTML body contains low number of good links

HTML title does not match URL

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Suspicious form URL found

Classification

Startup

System is w10x64

iexplore.exe (PID: 4436 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 5264 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4436 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
$108,459.00.html	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for URL or domain

Show sources

Source: https://cdshgvjs.ygto.com/leo/action.php	Avira URL Cloud: Label: phishing
Source: https://mayhutsuahanoi.com/wp-admin/images/bg.png	Avira URL Cloud: Label: phishing

Multi AV Scanner detection for domain / URL

Show sources

Source: https://cdshgvjs.ygto.com/leo/action.php

Virustotal: Detection: 10%

Perma Link

Phishing:

Yara detected HtmlPhish10

Show sources

Source: Yara match	File source: $108,459.00.html, type: SAMPLE
Source: Yara match	File source: 377142.pages.csv, type: HTML

Source: file:///C:/Users/user/Desktop/$108,459.00.html	HTTP Parser: Number of links: 0
Source: file:///C:/Users/user/Desktop/$108,459.00.html	HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/Desktop/$108,459.00.html	HTTP Parser: Title: login_popup does not match URL
Source: file:///C:/Users/user/Desktop/$108,459.00.html	HTTP Parser: Title: login_popup does not match URL

Source: file:///C:/Users/user/Desktop/$108,459.00.html	HTTP Parser: Has password / email / username input fields
Source: file:///C:/Users/user/Desktop/$108,459.00.html	HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/$108,459.00.html	HTTP Parser: Form action: https://cdshgvjs.ygto.com/leo/action.php
Source: file:///C:/Users/user/Desktop/$108,459.00.html	HTTP Parser: Form action: https://cdshgvjs.ygto.com/leo/action.php

Source: file:///C:/Users/user/Desktop/$108,459.00.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/$108,459.00.html	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/$108,459.00.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/$108,459.00.html	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 146.59.152.166:443 -> 192.168.2.3:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 146.59.152.166:443 -> 192.168.2.3:49707 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 146.59.152.166 146.59.152.166
Source: Joe Sandbox View	IP Address: 103.221.222.30 103.221.222.30

Source: Joe Sandbox View

JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x7e9d5c75,0x01d72e44</date><accdate>0x7e9d5c75,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x7e9d5c75,0x01d72e44</date><accdate>0x7e9d5c75,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x7e9fbeda,0x01d72e44</date><accdate>0x7e9fbeda,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x7e9fbeda,0x01d72e44</date><accdate>0x7e9fbeda,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x7ea22123,0x01d72e44</date><accdate>0x7ea22123,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x7ea22123,0x01d72e44</date><accdate>0x7ea22123,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: i.ibb.co

Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: $108,459.00.html	String found in binary or memory: https://cdshgvjs.ygto.com/leo/action.php
Source: $108,459.00.html	String found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat:100
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v15/JTUQjIg1_i6t8kCHKm45_QpRyS7g.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_ZpC3gnD-A.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_aZA3gnD-A.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_bZF3gnD-A.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_c5H3gnD-A.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_cJD3gnD-A.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_dJE3gnD-A.woff)
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v15/JTUSjIg1_i6t8kCHKm459WlhzQ.woff)
Source: $108,459.00.html	String found in binary or memory: https://i.ibb.co/9nnrtWy/login02-popup.png
Source: $108,459.00.html	String found in binary or memory: https://mayhutsuahanoi.com/wp-admin/images/bg.png

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: unknown	HTTPS traffic detected: 146.59.152.166:443 -> 192.168.2.3:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 146.59.152.166:443 -> 192.168.2.3:49707 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.winHTML@3/25@2/2

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFC8580DDF3DAC5A07.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4436 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4436 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information1	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
mayhutsuahanoi.com	1%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
https://cdshgvjs.ygto.com/leo/action.php	11%	Virustotal		Browse
https://cdshgvjs.ygto.com/leo/action.php	100%	Avira URL Cloud	phishing
https://mayhutsuahanoi.com/wp-admin/images/bg.png	2%	Virustotal		Browse
https://mayhutsuahanoi.com/wp-admin/images/bg.png	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
mayhutsuahanoi.com	103.221.222.30	true	false	1%, Virustotal, Browse	unknown
i.ibb.co	146.59.152.166	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/$108,459.00.html	true		low

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.wikipedia.com/	msapplication.xml6.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.amazon.com/	msapplication.xml.1.dr	false		high
http://www.nytimes.com/	msapplication.xml3.1.dr	false		high
http://www.live.com/	msapplication.xml2.1.dr	false		high
http://www.reddit.com/	msapplication.xml4.1.dr	false		high
http://www.twitter.com/	msapplication.xml5.1.dr	false		high
http://www.youtube.com/	msapplication.xml7.1.dr	false		high
https://cdshgvjs.ygto.com/leo/action.php	$108,459.00.html	true	11%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://mayhutsuahanoi.com/wp-admin/images/bg.png	$108,459.00.html	true	2%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://i.ibb.co/9nnrtWy/login02-popup.png	$108,459.00.html	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
146.59.152.166	i.ibb.co	Norway		16276	OVHFR	false
103.221.222.30	mayhutsuahanoi.com	Viet Nam		18403	FPT-AS-APTheCorporationforFinancingPromotingTechnolo	false

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	384937
Start date:	10.04.2021
Start time:	13:01:26
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	$108,459.00.shtml (renamed file extension from shtml to html)
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	39
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.winHTML@3/25@2/2
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 104.42.151.234, 13.88.21.125, 104.43.139.144, 104.83.120.32, 172.217.168.10, 52.147.198.201, 216.58.215.227, 104.43.193.48, 40.88.32.150, 20.50.102.62, 168.61.161.212, 23.10.249.26, 23.10.249.43, 152.199.19.161, 92.122.144.200, 20.54.26.129, 23.54.113.53, 52.155.217.156, 20.82.210.154 Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcoleus15.cloudapp.net, e12564.dspb.akamaiedge.net, go.microsoft.com, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, consumerrp-displaycatalog-aks2eap.md.mp.microsoft.com.akadns.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, fonts.googleapis.com, fs.microsoft.com, fonts.gstatic.com, ie9comview.vo.msecnd.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus16.cloudapp.net, skypedataprdcolwus15.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, cs9.wpc.v0cdn.net

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
146.59.152.166	fileshare.doc	Get hash	malicious	Browse
	a40c51565228f1fef2028b90fd49051372828871d8eeb.dll	Get hash	malicious	Browse
	e7a6e48e93a3d286568161e52e0aaeb945de463505fdc.dll	Get hash	malicious	Browse
	2020 Tax .doc	Get hash	malicious	Browse
	sgs-Investment974041-xlsx.Html	Get hash	malicious	Browse
	redwirespace-invoice-982323_xls.HtMl	Get hash	malicious	Browse
	prismcosec-invoice-647718_xls.HtMl	Get hash	malicious	Browse
	leaseplan-invoice-831008_xls2.HtMl	Get hash	malicious	Browse
103.221.222.30	https://m.box.com/file/702493360747/download?shared_link=https%3A%2F%2Flinbeck.app.box.com%2Fs%2F8yjolj91ewomp9vmklwuluiunx8d5sox	Get hash	malicious	Browse	vayvontinchap5s.com/createsends/simplebusinesscreators.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
i.ibb.co	fileshare.doc	Get hash	malicious	Browse	146.59.152.166
	Invoice 880121.html	Get hash	malicious	Browse	145.239.131.55
	$108,459.00.html	Get hash	malicious	Browse	145.239.131.51
	$108,459.00.html	Get hash	malicious	Browse	145.239.131.55
	billykang_payment-advice.htm	Get hash	malicious	Browse	145.239.131.51
	WSSG INV RECON _ 302456_10920.HTML	Get hash	malicious	Browse	145.239.131.51
	Payment-Advise-smktb-Xerox.html	Get hash	malicious	Browse	145.239.131.55
	a40c51565228f1fef2028b90fd49051372828871d8eeb.dll	Get hash	malicious	Browse	146.59.152.166
	dechert-Investment078867-xlsx.Html	Get hash	malicious	Browse	145.239.131.51
	e7a6e48e93a3d286568161e52e0aaeb945de463505fdc.dll	Get hash	malicious	Browse	146.59.152.166
	HSBC_payment_advice_Xls.html	Get hash	malicious	Browse	145.239.131.60
	#Ud83d#Udcde giusi.infantino@mise.gov.it @ 433 PM 433 PM.pff.HTM	Get hash	malicious	Browse	145.239.131.60
	2020 Tax .doc	Get hash	malicious	Browse	146.59.152.166
	murexltd-Investment_265386-xlsx.html	Get hash	malicious	Browse	145.239.131.60
	sgs-Investment974041-xlsx.Html	Get hash	malicious	Browse	146.59.152.166
	roccor-invoice-648133_xls.HtMl	Get hash	malicious	Browse	145.239.131.55
	redwirespace-invoice-982323_xls.HtMl	Get hash	malicious	Browse	146.59.152.166
	prismcosec-invoice-647718_xls.HtMl	Get hash	malicious	Browse	146.59.152.166
	WSSG INV RECON _ 302456_10920.HTML	Get hash	malicious	Browse	145.239.131.55
	1076897 (1).HTML	Get hash	malicious	Browse	145.239.131.51
mayhutsuahanoi.com	$108,459.00.html	Get hash	malicious	Browse	103.221.222.30
	Payment-Advise-smktb-Xerox.html	Get hash	malicious	Browse	103.221.222.30
	INVOICE.html	Get hash	malicious	Browse	103.221.222.30

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
FPT-AS-APTheCorporationforFinancingPromotingTechnolo	$108,459.00.html	Get hash	malicious	Browse	103.221.222.30
	$108,459.00.html	Get hash	malicious	Browse	103.221.222.30
	Payment-Advise-smktb-Xerox.html	Get hash	malicious	Browse	103.221.222.30
	RFQ 6300306423.doc	Get hash	malicious	Browse	210.245.95.88
	Debt-Details-1078370504-03052021.xls	Get hash	malicious	Browse	42.112.30.25
	Debt-Details-1078370504-03052021.xls	Get hash	malicious	Browse	42.112.30.25
	Payment_receipt-jpg.exe	Get hash	malicious	Browse	210.245.8.137
	Purchase_Order-Documents.exe	Get hash	malicious	Browse	210.245.86.30
	urgent_quotation_24_02_2021.exe	Get hash	malicious	Browse	210.245.86.30
	quotation.exe	Get hash	malicious	Browse	210.245.8.133
	DES_ Holdings Ltd - products list.exe	Get hash	malicious	Browse	210.245.86.30
	UBL e-statement.exe	Get hash	malicious	Browse	210.245.90.208
	vJHWQgfJ23.exe	Get hash	malicious	Browse	118.69.133.4
	http://bocnemdanang.com/alfacgiapi/olnMao0HGVTkRYOSSKlIa0ON2G3priKh0GZSfwkFqddkyJ9kyDINr80Aps0e/	Get hash	malicious	Browse	103.221.220.216
	RFQ 00068643 New Order Shipment to Jebel Ali Port UAE.exe	Get hash	malicious	Browse	210.245.8.133
	SKM_C3350191107102300.exe	Get hash	malicious	Browse	210.245.8.133
	TvY5gkbW.exe	Get hash	malicious	Browse	183.80.182.27
	Payment form-976107909.doc	Get hash	malicious	Browse	210.245.90.209
	INVOICE.html	Get hash	malicious	Browse	103.221.222.30
	idWMSrWvoE.exe	Get hash	malicious	Browse	118.69.11.81
OVHFR	LtfVNumoON.exe	Get hash	malicious	Browse	144.217.30.204
	giATspz5dw.exe	Get hash	malicious	Browse	142.4.204.181
	SecuriteInfo.com.__vbaHresultCheckObj.21994.exe	Get hash	malicious	Browse	149.202.83.171
	SecuriteInfo.com.Variant.Johnnie.321295.17359.exe	Get hash	malicious	Browse	91.121.140.167
	fileshare.doc	Get hash	malicious	Browse	188.165.245.148
	SecuriteInfo.com.Variant.Bulz.421173.18141.exe	Get hash	malicious	Browse	51.89.77.2
	R1210322PIR-2FQUOTATION(P21C00285).exe	Get hash	malicious	Browse	51.38.214.75
	Notice of change schedule for CID_ CMA CGM AMBER 0QA8FS1NC 0QA8GN1NC - 1st Rev.pdf.exe	Get hash	malicious	Browse	51.195.53.221
	Notice of change schedule for CID_ CMA CGM AMBER 0QA8FS1NC 0QA8GN1NC - 1st Rev.pdf_1.exe	Get hash	malicious	Browse	51.195.53.221
	Purchase Order No.10056.exe	Get hash	malicious	Browse	51.195.53.221
	Quotation_pdf.exe	Get hash	malicious	Browse	51.195.53.221
	0L2qr7kJMh40sxq.exe	Get hash	malicious	Browse	66.70.204.222
	One.exe	Get hash	malicious	Browse	94.23.66.110
	ORDER-02188.exe	Get hash	malicious	Browse	178.33.222.243
	DHL Shipping doc & Shipment tracking details.docx	Get hash	malicious	Browse	213.186.33.5
	CWlXbVUJab.exe	Get hash	malicious	Browse	149.56.235.225
	IMG_102-05_78_6.doc	Get hash	malicious	Browse	149.56.235.225
	Calt7BoW2a.exe	Get hash	malicious	Browse	213.186.33.5
	8sxgohtHjM.exe	Get hash	malicious	Browse	91.121.60.23
	C7SRTTLgsn.exe	Get hash	malicious	Browse	54.36.27.31

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
9e10692f1b7f78228b2d4e424db3a98c	Alexandra38.docx	Get hash	malicious	Browse	146.59.152.166
	Tmd7W7qwQw.dll	Get hash	malicious	Browse	146.59.152.166
	9R5WtLGEAy.dll	Get hash	malicious	Browse	146.59.152.166
	ghnrope2.dll	Get hash	malicious	Browse	146.59.152.166
	mail_6512365134_7863_202104108.html	Get hash	malicious	Browse	146.59.152.166
	mapdata.dll	Get hash	malicious	Browse	146.59.152.166
	#Ud83d#Udcde973.htm	Get hash	malicious	Browse	146.59.152.166
	#U266b SecuredMessage.htm	Get hash	malicious	Browse	146.59.152.166
	Offline_record_ON-035107.htm	Get hash	malicious	Browse	146.59.152.166
	Fax-Message-4564259.html	Get hash	malicious	Browse	146.59.152.166
	Enclosed Updated Project Proposal From Robert Nilsson robert@lindstromundertak.se.html	Get hash	malicious	Browse	146.59.152.166
	nicoleta.fagaras-DHL_TRACKING_1394942.html	Get hash	malicious	Browse	146.59.152.166
	Signed pages of agreement copy.html	Get hash	malicious	Browse	146.59.152.166
	ensono8639844766FAXMESSAGE.HTM	Get hash	malicious	Browse	146.59.152.166
	Payment Report.html	Get hash	malicious	Browse	146.59.152.166
	receipt-xxxx.htm	Get hash	malicious	Browse	146.59.152.166
	Mortgagor Request719350939.html	Get hash	malicious	Browse	146.59.152.166
	Receipt779G0D675432.html	Get hash	malicious	Browse	146.59.152.166
	PaymentAdvice-copy.htm	Get hash	malicious	Browse	146.59.152.166
	agmz0F8LbA.dll	Get hash	malicious	Browse	146.59.152.166

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A0169C33-9A37-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8583794334098378
Encrypted:	false
SSDEEP:	48:IwOGcprzGwpLZG/ap8cGIpcw2FKGvnZpvw2FKeGosEqp9w2FKAPGo4wjMpmw2YK7:rSZtZ92sWRJtRMfRsRMRyRORIfR5MX
MD5:	EC3382D6D37C4454712C10D8427BABD7
SHA1:	E102259EF2312C060D05DA5B84E6D203209DC079
SHA-256:	1D3D833ACAB87714EA906F30AFCC66DA8423888A5523A4F4F04DFEFA5EC9947D
SHA-512:	3B4F55E76FCDDB01A27E27218CFD1C69905AFE6F6617F5EA15F3A87326F956B3DA26EB540E5BED791D0600950FB9CB32CB0BF26D16CF53FAFA402E7ADF56A4B8
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A0169C35-9A37-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	28256
Entropy (8bit):	1.919469095334236
Encrypted:	false
SSDEEP:	96:rqZxQ96TBSQbj12ISWYMxGvd0Fo5kcPVNr:rqZxQ96Tk8j12FWYMMvd0FMkeNr
MD5:	835BFA2857628494F1CE1A4BA072AAED
SHA1:	FFF318E660E8431455BC2470911896BDA63B71AB
SHA-256:	F9AECD102A9F1AA8EF6F3A04AC34E6B0F7B5B60D9FC7402B054955CA6AFD34F9
SHA-512:	49C0DFD1ACFD52437240A9D6EF42D7852ABB17B7F180B1FA6EAF34BFDAFB9BD25E11A9074CD0456FAADE1D9D79176121E0365C2031D8B1AC3997A1DAD75F5ACA
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AA46E742-9A37-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5655869156646576
Encrypted:	false
SSDEEP:	48:IwFGcprwGwpapG4pQ9GrapbSjGQpKpG7HpR68TGIpG:rbZYQr6dBSdAITxA
MD5:	716A6805DF408B203F382CEDCCA0B639
SHA1:	F5104916855A8E2170C459F5F968A7C5A0183DE9
SHA-256:	BBD9DFD60E6785C5A4ADEA5EFE115CCA6C40488DEAEC6E5D40B7A7170F414DED
SHA-512:	3DF0077AB3EAC5D98828312A3F61371C998C5E8DB3F0D2EC1035F3B2A2F4CDFDB8B8F0078E6AF077DAB45AE723EF83FD3DEE805557D2F505D74DD7746216DCEE
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.0832986415111545
Encrypted:	false
SSDEEP:	12:TMHdNMNxOEpJ7nWimI002EtM3MHdNMNxOEpJ7nWimI00ObVbkEtMb:2d6NxOKJ7SZHKd6NxOKJ7SZ76b
MD5:	2C08A9F20F2D95CDC1178AD470E3E513
SHA1:	E1133011C067888F85DB438237826E70E9862A0D
SHA-256:	E2BCAB4F221A2865D1502AB4F42031B319EACF10B88FC5B639F5F0C653B9B066
SHA-512:	9A1F5DC38EEE64BD5FBAC470E6A9BD27BC05061EB8FC85470C66F3B1CE293DD557E79CE67FC96CF35A995224652D099E7FFCAAD14E60B3364F7B0A01681BB9B5
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x7e9fbeda,0x01d72e44</date><accdate>0x7e9fbeda,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x7e9fbeda,0x01d72e44</date><accdate>0x7e9fbeda,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.091751322475796
Encrypted:	false
SSDEEP:	12:TMHdNMNxe2knnWimI002EtM3MHdNMNxe2knnWimI00Obkak6EtMb:2d6Nxr2SZHKd6Nxr2SZ7Aa7b
MD5:	23A9DA9CA253629DF663FE3B5236CD7B
SHA1:	38309FF2E8788C87AFAC98EC17A38B583EA13485
SHA-256:	5D277CF6AFFF560D1C26A6626BE53605AF1F50C07A518CD3689413977EBB9D08
SHA-512:	53E14815D72BE3A8B6978625BA9FAA5B9D7E0EE908EBFE391E899387C3F0125BBA0B00A6648217A0064F08903FF455DABC29F144F03E8B256AE608E0F66AE5A3
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x7e9afa1a,0x01d72e44</date><accdate>0x7e9afa1a,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x7e9afa1a,0x01d72e44</date><accdate>0x7e9afa1a,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	662
Entropy (8bit):	5.10843420151675
Encrypted:	false
SSDEEP:	12:TMHdNMNxvLpJ7nWimI002EtM3MHdNMNxvLpN/nWimI00ObmZEtMb:2d6NxvNJ7SZHKd6NxvNBSZ7mb
MD5:	E0D515B224A92B7878DE43EDA13A9EF3
SHA1:	1C43EE4ABBD7E315B4963A0506C038C533F88302
SHA-256:	6C56444D5C27BFBA273DC2A18127AC95DF202FD3CA7F8BA815211B989487DECA
SHA-512:	27F66A14C95A32EB4039C8A54B57BDEEC054F07759E33BD243F3D538297BA096CF9F963812A00F67F81BAC103F416356F7839D4BC074D345A3A99BD6EDBD0ED9
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x7e9fbeda,0x01d72e44</date><accdate>0x7e9fbeda,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x7e9fbeda,0x01d72e44</date><accdate>0x7ea22123,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	647
Entropy (8bit):	5.117383842169873
Encrypted:	false
SSDEEP:	12:TMHdNMNxibnWimI002EtM3MHdNMNxibnWimI00Obd5EtMb:2d6NxESZHKd6NxESZ7Jjb
MD5:	8761BD8BACB2BB7997884880CCB7DB97
SHA1:	67C4760C6A5474598C917D2FDC73BECC0FC46F53
SHA-256:	42F4F55316EBA5F528C7B4F1E1942139C4091A8AE880F2DB42D43D616A17D6AE
SHA-512:	908FE0D87A6D2CE6A72A68D0AA4FDCE3DE80C07F8AFFFCCF1589F04B978F49E9C6008F1433326E834359C6C94F691738A71703477F8B17FAF3D64F449980355A
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x7e9d5c75,0x01d72e44</date><accdate>0x7e9d5c75,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x7e9d5c75,0x01d72e44</date><accdate>0x7e9d5c75,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.117211645964045
Encrypted:	false
SSDEEP:	12:TMHdNMNxhGwtx/nWimI002EtM3MHdNMNxhGwtx/nWimI00Ob8K075EtMb:2d6NxQ6SZHKd6NxQ6SZ7YKajb
MD5:	ABED19F4A0906A04B623A6A9A1F26814
SHA1:	56EDB3F1261A08F054229F1C244DE3925D3DAD27
SHA-256:	4AA7B51C5B271237ACA7E02CCBC78777DB5D36F832ACB4B6DD9E2CF704D587FE
SHA-512:	01829B7CCCFD3AD40B59A84A3936DFD57159ED9A84C076C68DB761953E3BA4F9C9801B1EAD5B4265A75BED2F9B38FD6DCB2DC29DD47E80A30506B79A47456A74
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x7ea22123,0x01d72e44</date><accdate>0x7ea22123,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x7ea22123,0x01d72e44</date><accdate>0x7ea22123,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.083986499338378
Encrypted:	false
SSDEEP:	12:TMHdNMNx0npJ7nWimI002EtM3MHdNMNx0npJ7nWimI00ObxEtMb:2d6Nx0pJ7SZHKd6Nx0pJ7SZ7nb
MD5:	07BDE04237EBDE78303E6AF3B91A49C5
SHA1:	1737A2561B2280A9398062C84F9FCB088F5C9913
SHA-256:	AAD65279B143CD2AE8F5B733435CE4BAD6B52A3CF67E8DF43E8E2416C663670D
SHA-512:	90997F5C75EB9A612EC7D599AB083A66937C3C25BAE6CB286BCC8E21106AC76339997A399386F8081F42039152F97E4D0CF86EAE10FC069D5C7929E2FE019EC5
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x7e9fbeda,0x01d72e44</date><accdate>0x7e9fbeda,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x7e9fbeda,0x01d72e44</date><accdate>0x7e9fbeda,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.123722342781851
Encrypted:	false
SSDEEP:	12:TMHdNMNxxpJ7nWimI002EtM3MHdNMNxxpJ7nWimI00Ob6Kq5EtMb:2d6Nx7J7SZHKd6Nx7J7SZ7ob
MD5:	F8AA51FEBE8501BB8C3742D87C96B1A9
SHA1:	F39BEAE6DA220E738851691BE752C1B144D1931E
SHA-256:	3A869AC411695B84B9488118182AAF15816D94D85B567FD74161CC930005246B
SHA-512:	16E53C86A9E7A242E9F05E8F66DC116875B57334FEB8693A4EC399E976FCAF0CF789912A3E7DDBAAC7629700DA282B70D93907AC30324432B8F3F8ACEF929A91
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x7e9fbeda,0x01d72e44</date><accdate>0x7e9fbeda,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x7e9fbeda,0x01d72e44</date><accdate>0x7e9fbeda,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	659
Entropy (8bit):	5.122257149380387
Encrypted:	false
SSDEEP:	12:TMHdNMNxcbnWimI002EtM3MHdNMNxcbnWimI00ObVEtMb:2d6NxGSZHKd6NxGSZ7Db
MD5:	76D7C4910D136D24CE97EB4D04D09988
SHA1:	30D4AEA1D29205AE91499BBDB190E652CAEDD26D
SHA-256:	55C46BB0788D84C3BCAAD545BC790C53E0D4F571E476007CC4CA362A14DF7840
SHA-512:	4DCD7A732284608ABDBCDEF05A2861DA2A56C1D469140801775DD2D930442AE40A38CE992D3E06BABA754D817E31DA6396A2A0C3BD1F2966DFD597D313140D4D
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x7e9d5c75,0x01d72e44</date><accdate>0x7e9d5c75,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x7e9d5c75,0x01d72e44</date><accdate>0x7e9d5c75,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.102989887663238
Encrypted:	false
SSDEEP:	12:TMHdNMNxfnbnWimI002EtM3MHdNMNxfnbnWimI00Obe5EtMb:2d6NxDSZHKd6NxDSZ7ijb
MD5:	8BF84A93108AA99A63E28FFACA534A8A
SHA1:	C8338CAC3F40D82092BD381FE6926D9394ED2997
SHA-256:	FE14F3579B83208BAFF368C7B39ADA597F6C2FB40DE1D3BBE4CA880C40098D47
SHA-512:	98FBE088CDB10F86EC332667D5C87AF325924F40BC62F2D09DE78176A065F2624A85048E3188C794DCD0E0A652205118150947E28CD8B43A4CFAC498C8345E15
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x7e9d5c75,0x01d72e44</date><accdate>0x7e9d5c75,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x7e9d5c75,0x01d72e44</date><accdate>0x7e9d5c75,0x01d72e44</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\JTURjIg1_i6t8kCHKm45_aZA3gnD-A[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 23276, version 1.1
Category:	downloaded
Size (bytes):	23276
Entropy (8bit):	7.978722054298751
Encrypted:	false
SSDEEP:	384:boRxPu4aCGTJO87w6QBiPmWZRAtkRc44kjix7m8bRWca7ztugWPwV:bktu4aCF87mBibZRfRcVkOx5bRVa7ztp
MD5:	1FC98E126A3D152549240E6244D7E669
SHA1:	F77707F0EEB7086952F287C45E0FBA4FC01F1C53
SHA-256:	94221B9AB3055AB8D736B35D9D1573B89BB1EF89A37D4EDC395404E2EA5E4701
SHA-512:	B921DDAF4DEEE17899E67973F49E9EC0C45E50158180F794A115B386BA52CC0CE0DFA961E433624EB2E5F672AD94532F770CA355AB4B942FFA6C5B49C283B0C3
Malicious:	false
Reputation:	moderate, very likely benign file
IE Cache URL:	https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_aZA3gnD-A.woff
Preview:	wOFF......Z........l........................GDEF.......G...X.g.^GPOS.......P..2....hGSUB.............,.OS/2.......L...`S..Ecmap...(..........h.cvt .......\....-P.mfpgm...H...F...mM$.\|gasp................glyf......3...]R...head..Q....6...6.5._hhea..Q.... ...$....hmtx..R........>...nloca..T(... ...(....maxp..VH... ... .h.Zname..Vh........-ZG.post..WX........D.z.prep..Z0.........K..x.%....P......@:D...$.. ]!....h.....2/.$.....D.^.F..ua.].N....%>./...x...p[Y...'...$.%..43.2333333.,...3.4wW..q.cw...r.J...T.Ug.....H....sA...w.{&.r....%_.5.B....~.-?..s.B. .R].:..?....s.?:..qoe...A.....OS..A......hB\..DD7.':.!..j.T......?.s....<..!.A.b.\.N..r7Ib.=.d<O=......Q..@....9..l.6....x.-..<.98....e..zZ.........tjgXz.d(...h...(.N........e.i..[.%\RP.....r..,q..E...E..pR.Y.%....h...?...cQ.O.Z.T..31......._...J4.k.............y..YTx...mb...5.C..N..8..%.#j<&..(.(...^....b=..0G.(.%.8*F..c...../.....Xd.....8'r..I......a<..Q..........1v.5...{b/.dq..hG.ft....SBe.P#W-.o...I.X.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\JTUSjIg1_i6t8kCHKm459WlhzQ[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 23480, version 1.1
Category:	downloaded
Size (bytes):	23480
Entropy (8bit):	7.981253427621622
Encrypted:	false
SSDEEP:	384:lEfDbJfERirQIhTVId2GTJO8Z84zUE8EW3md2T0LuYXDbMdK3OLmvTHc5qawV:lEf3JPrQI8d2F8WDE9w0FLTbMdK+Cvj3
MD5:	8102C4838F9E3D08DAD644290A9CB701
SHA1:	5AF1938D1327395F47C84E57B6BA7756234D2262
SHA-256:	60CEBEA4C9183F51FBD323F14DD729E18768BE4F6395467013216AE36526CF9C
SHA-512:	E8A0D6B72163E407DE82170E4560044CAE90116D1DD3CFA20F140E4379C8AABDC5BEAC6DD965D0E925CA673E41C42A858975C47F1F8152637958569D239E91FC
Malicious:	false
Reputation:	moderate, very likely benign file
IE Cache URL:	https://fonts.gstatic.com/s/montserrat/v15/JTUSjIg1_i6t8kCHKm459WlhzQ.woff
Preview:	wOFF......[........8........................GDEF.......G...X.g.^GPOS..........2.....GSUB.............,.OS/2...\...N...`S..Ucmap..............h.cvt ...p...\..../R.Hfpgm.......F...mM$.\|gasp................glyf......3X..].,..$head..Rt...6...6.F.nhhea..R.... ...$....hmtx..R....%...>.x..loca..T........(..0maxp..W.... ... .h.Yname..W4........-5H.post..X$........D.z.prep..Z..........K..x.%....P......@:D...$.. ]!....h.....2/.$.....D.^.F..ua.].N....%>./...x..ut.I......e+..o...g.^..13333333333.-.e/.cgYAs....R.{.G..^.L......j.......R.z..D..o...~......$.`.BY.21.W.......9...f.C..(..M.!..D....1rT...w6cG.J....U.......]..>........q..jhT\l..;,M.zYK..x:.n.R...(........g)..~...Xl#`......-.#..T...]..Tw........k.7....I.....@..$..r....X.\..L......_.H.2".V... .1..."._d.#R..4c"...2> ..A..D;..e>".\|Tt.1..........8...._.K..+........Y~'r.A.....D.../..W..ob.....[.8K.8Gtq..0...\|....D.KE+.."..V.....\vr.._-.Se..=..A.1$...<.E.CL..%QB.8.9.....,.Jv.=,...%.i..:UV..U.b..]N.D..O..'...1.$.....<

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\JTURjIg1_i6t8kCHKm45_c5H3gnD-A[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 23872, version 1.1
Category:	downloaded
Size (bytes):	23872
Entropy (8bit):	7.9789410515218915
Encrypted:	false
SSDEEP:	384:WCPZ9khezoAK1PfDV/cGTJO8gpFu2KobVfXpH2h1AdWJ8OjcmB2SrOFbYvaUP5KR:WCPUwzj0jV/cF8CFubobVf5WEdCjvBFw
MD5:	9A9BEFCF50D64F9D2D19D8B1D1984ADD
SHA1:	1DAD9D9EFE7BC0B3BA089BE10B8F9741A02312A3
SHA-256:	2849C719C361F2EC1A04BF5B262BCBEDD3DF46BF35F5B4CAE8F75EA0AC500111
SHA-512:	5EC89892CC2453CBC6B9F64C3A261491B3EFF35EA65586B65200D8F3FFB31A727A4F7592D4BD86519EED54FDA35D6A79799300CB2537E5602D5D5AC908C56391
Malicious:	false
IE Cache URL:	https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_c5H3gnD-A.woff
Preview:	wOFF......]@.......l........................GDEF.......G...X.g.^GPOS..........2..=.GSUB.............,.OS/2.......O...`U6..cmap..............h.cvt .......e....56..fpgm.......F...mM$.\|gasp...D............glyf...L..4...aZ-...head..S....6...6.t..hhea..T0... ...$....hmtx..TP...%...><..Eloca..Vx.......(y...maxp..X.... ... .[.Mname..X.........+.G.post..Y.........D.z.prep..\..........K..x.%....P......@:D...$.. ]!....h.....2/.$.....D.^.F..ua.].N....%>./...x...p#.......c....L..33333333. .....y...T.u.Og.Y0t..rMY.s.......c. ..<......'Rz..^.J._..7..[..0#.R_.>!.W........B.l.yRmD.B.P..ap.Y.v.S....bC6m.m..YBd....m..6..W.@..Q....C..Uq.2.;.HH..N..@.]D...Pb...... .. ..[o'...{..x.&uf.W.$@...U`.b.!..........W.=i.....T......0.3V...)Q.S.`..{?....u\.0.....&$.."`X.9&2. .L..."........z>(.\|H...........V>.z....G"....v~....S.."....Q.L..Y...9.".,.../.Xd.Td.\t.....[..W..'../Z8 .9(Z8$.....2....T...c....0)b..iL...,P.. ..0.Y...6.eZ....Ln..l;.D.BhU..k.O...... .by1..*.F.g..M.]...M...!.n.-.;.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\JTURjIg1_i6t8kCHKm45_cJD3gnD-A[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 23256, version 1.1
Category:	downloaded
Size (bytes):	23256
Entropy (8bit):	7.977753236160612
Encrypted:	false
SSDEEP:	384:2gMWysI22L2wL/yhGTJO87uvLzyBFvQ3dol9ET1Em9FOgBhkIkYaUpIJ8eQ0iUiJ:2gMWX12LvDyhF87GzUvSCjYD9FOgvsYl
MD5:	8DC95FAB9CF98D02CA8D76E97D3DFF60
SHA1:	FA51AFC9A31F67078FAA9124BEF881655DF4317B
SHA-256:	25F8F00A6FE95DED91A8E33E70154AEE1562760D0D969368D4BAD84BFE85F8D0
SHA-512:	992131CBE01D3DC13831557DD59368B6870BEE453D0C753A5814D001B11327DB60CDEB8D71E4B579E1A5C0238F08E07DF1267CB645738C96197C808E24443A4D
Malicious:	false
IE Cache URL:	https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_cJD3gnD-A.woff
Preview:	wOFF......Z........@........................GDEF.......G...X.g.^GPOS..........2....yGSUB.............,.OS/2...L...O...`S6.Mcmap..............h.cvt ...`...b.....:.Gfpgm.......F...mM$.\|gasp................glyf......2...[H.xz.head..Q....6...6.<.ehhea..Q.... ...$....hmtx..R........>....loca..T........(.J.-maxp..V8... ... .h.Zname..VX........)!Etpost..WD........D.z.prep..Z..........K..x.%....P......@:D...$.. ]!....h.....2/.$.....D.^.F..ua.].N....%>./...x...p[I...'=..3[.G._..........WpL....... `.#o.)g9g........2._=..==._.D@..x......o....~.....{..)N$.0.Q...M...?..OQ.X..xo.i..Z...s...n".hI.K.%.a...m..U..l.......6...s...6..<...Z....@myrT...q.${....@.Sl1.@.......N/...k=`?...X..3G$.Z.@=^WK.....c..[a..@[hG.T.I...jF...NVqB..V..+....(...7h.^.i.rB.k.`'{.>.W....B..B.n!.W.h.F.'.=a...r.@.....?.j..0...3....."?..s.....dW.1Ws..\+d.N........n....[h.V!.6!........+.._..".h.e.TV.....X%4.Zh.]hf.PO..g#.4~.0.2]w.u..".....$......-Q.%4...C....hf>........6"..A.)S.....dK...N...._X.G....3.....*.uA

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\login02-popup[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 85 x 91, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	6814
Entropy (8bit):	7.955540757983621
Encrypted:	false
SSDEEP:	192:cQk/Uaeo9OwYofHP7afr9L5wJwX2fpewJKjVuolk7:tkv9Z3fHP7K5McdwJIVTla
MD5:	4471AF82137EBFF6EA410E89494B26CD
SHA1:	2F096294635A945E92C04C033879558C5AEBF425
SHA-256:	466A3C3DE2F7C452C01308B5DB8A1532FB14E8372F3EE44D9B2EE4F991249B4C
SHA-512:	F27D6694DFE85926F03296A958F26C812FEB8CC2C12001E8BA22E4CA29BE3C70F455C2DB251E954B4E9DCC9CCC39AAABF661864E7AF236D57F279750DDDD737D
Malicious:	false
IE Cache URL:	https://i.ibb.co/9nnrtWy/login02-popup.png
Preview:	.PNG........IHDR...U...[...........eIDATx^..t.U..3//...P..%.H.f.......(.....V.=(...z.....Y...,,,.......r(.DQz ....@z....\|of...W.%.-...N.{w.......-....f..,..4...;?..w...}.$I.6....K...zu.9..>...%.5}T....M6..%.,.?a.]..g..C.....KR....>J..6...S.L)..`.6....z....8q.(...c.<?.UW.........#&&..,k.P.<...."XXz.....S.....V_.gz.6k....-....n...Rk(.."..^.....hJk.V....RKj]...I.&.E...g(...b.>}......].%h.{...M.z..Y^^~....mz...#.....z..../.....9.)--ENN.M.5O].....)S.{..K[.z.QQpX,u^.i.PQQ.C..!;;....0.LZ>.N.s..>.S h...6...@5.Z.<...._.1...._.@.o...>........0U.G.......<.t....'...5....Ng.O.....;...k...F.}Cz..Zz.V.%.;..3.P.b.)h.I.....PY?...l.../I.a..<t.......t..%._$....?.TU...p)?}....].u..]..p...Q.......`....._...i...<...v.....~T...I.zO.81'.....^..j.e....M.*T...?0./.......K..SR..]&......WG.>..c....{/..={...#..&M..U0.....\.C=.GXD....J..iv..3PQ.L?..+.J..-].(..3...[0r.H]..x."...........y..R$.{.}z._...R/._NI...Q...5?9./^...!...n.......::.u.FM....%$.!O=...;...].]..`....p..^.9.W

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\JTUQjIg1_i6t8kCHKm45_QpRyS7g[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 22500, version 1.1
Category:	downloaded
Size (bytes):	22500
Entropy (8bit):	7.977478630884967
Encrypted:	false
SSDEEP:	384:qF14bCC33a2W8VT2+GTJO86XMfb0kqRQ6o7aaxESXN22ujw6lYkkjt9UwV:qF142Cy8VT2+F86XiwkoQNaaxLA2u0tt
MD5:	370318464551D5F25B0F0A78F374FAAC
SHA1:	20F4EC409A5E86EA89FE26BE42FDABFD11DC867C
SHA-256:	0B89EA33174D7ACB702309A88B66B3422189BDDC0BB5961A90116A21A98E848A
SHA-512:	B15A41753EF3AEB7355C647C5A40D30A65FBE9F347EFEAE9505D7C789B9447F2A58168F14F0BBC2CC8204274FF317F2305C35075833021C1308707796566FB24
Malicious:	false
IE Cache URL:	https://fonts.gstatic.com/s/montserrat/v15/JTUQjIg1_i6t8kCHKm45_QpRyS7g.woff
Preview:	wOFF......W.................................GDEF.......G...X.g.^GPOS.......2..1..7.GSUB.............,.OS/2.......L...`S..@cmap..............h.cvt .......\....,...fpgm...,...F...mM$.\|gasp...t............glyf...\|..21.._.=.V.head..N....6...6.0.Yhhea..N.... ...$....hmtx..O........>...]loca..Q$.......(>RU$maxp..SD... ... .h.\name..Sd........)JD.post..TP........D.z.prep..W(.........K..x.%....P......@:D...$.. ]!....h.....2/.$.....D.^.F..ua.].N....%>./...x...l$...F..mw...=`.L/..13333333333.2.O...\|:.`yW~..O...)U.ny<^.....J......d.'S....H.g.../d......s.U.^.\E<P.)Sy..^.b...@..Zo.<..ThV.#'R.....,].........jo....r`.....b...5....#.....]..}5........N...s>.R..t.O]Z.((R...N.......r..R-..s._s..6e."tR)./.V.tm.z..W.. ..k..../...e%q.9"f=.4^b..X........rQ..b....\..r]..y"W.H....;.C.30...yw`....yo`....x.`;..l.{.2...L..@...c2~....@...2~.h..@..5c.&P.6..LpB`+'..rJ`..s&......@.y.&..F. .d!0..2.......$K.I...&...+.%...;..B.?.g.JY).I...H.zI..Kz...n.uk....{..U..] '.X....Z..Y..(7W...?.9.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\JTURjIg1_i6t8kCHKm45_bZF3gnD-A[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 23628, version 1.1
Category:	downloaded
Size (bytes):	23628
Entropy (8bit):	7.97652223541331
Encrypted:	false
SSDEEP:	384:aWXmwssTJH1/G6rbr24Jln5GTJO8XWSN2OyyW/nGGxnslEYe3cB68HOeHS9AVqmT:aW2wdx1/HPCQln5F8XL2frP5pMB68H/N
MD5:	7C839D15A6F54E7025BA8C0C4B333E8F
SHA1:	09FC9F1CA6B859952A3641EDBFB1424E1C873F5D
SHA-256:	46226ABFCDE5DB2598FED8FD0DE77AF9B96C8242DC0E72242971F0BBCF566A38
SHA-512:	239EDDCB1FE723077F1FDC76B265A3D5E6F946F5258C968B15AB99CDD817D0D67D85248DA13820D9EBF0EA256F1E29ADB975894707E1901BCBDB0C2908ABC8C2
Malicious:	false
IE Cache URL:	https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_bZF3gnD-A.woff
Preview:	wOFF......\L................................GDEF.......G...X.g.^GPOS..........2....!GSUB.............,.OS/2...\|...M...`Ti.mcmap..............h.cvt .......d....2...fpgm.......F...mM$.\|gasp...<............glyf...D..4..._.F.1.head..S....6...6.Z..hhea..S@... ...$....hmtx..S`...$...>...loca..U....!...(N.e.maxp..W.... ... .h.Wname..W.........+.FOpost..X.........D.z.prep..[..........K..x.%....P......@:D...$.. ]!....h.....2/.$.....D.^.F..ua.].N....%>./...x...p.I....RK..Z-...m.-.= .a.........1.0..n.........-h....C!.......Wm.F3....J~/..\|........._]F....Y.x.._......s.w!.S...'..9d...(...5.).O.z.>...OQ..7J'....>...J.:..K$a6. .._P.lXP."....6....Ie.sY5.n.t'".C..-..5.2...4.}..H.P....w.......OX.....)8....7?..H..I.@\|.....R.'..#R.:....{C}....V.%.i...v.L9K..C......N".r.P.../..7.UN..'..0...-.Q..M..o.6......-.&l..B.w..x.....e>....CB....&........&..P.S....3..Y...Q>/..e...B.+..\|.o0..I.#L.]a...../................&..gLz....J...g!.,$..4#...2L..>.P...gF.67.@.}...IX.&....?Vi....ORR

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\JTURjIg1_i6t8kCHKm45_ZpC3gnD-A[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 23576, version 1.1
Category:	downloaded
Size (bytes):	23576
Entropy (8bit):	7.979995638545985
Encrypted:	false
SSDEEP:	384:evykH+9E9B49CndLoAUlGTJO8OzoRb1Jrb7ZlZ/EYh93e1rRykMKAZir2k4lyPmo:eqP9sC2dXUlF8Ozc5JrbNr/EM93eZRhl
MD5:	8B763220218FFC11C57C84DDB80E7B26
SHA1:	E85E6898C8FD8B095BD694B3F1350342C7BB3F35
SHA-256:	299E5F2B6E651BFD7B4C74AA12B06BB10A1200757CC4EBD1FC4C0D9D1AAFA00D
SHA-512:	4A93693CDE6B4BAEAD17A78C6B3FF7BD9F7489D20E5BE3815751B4A1E4E034E7BB54249DEF7F8E06B3ADE41E4333F45FDB232E67971C1817F66151F1440BDE32
Malicious:	false
IE Cache URL:	https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_ZpC3gnD-A.woff
Preview:	wOFF......\.................................GDEF.......G...X.g.^GPOS..........2....GSUB.............,.OS/2...l...O...`T..acmap..............h.cvt .......b....0...fpgm.......F...mM$.\|gasp...,............glyf...4..3...\.)...head..R....6...6.P.xhhea..S.... ...$....hmtx..S,...'...>"...loca..UT.......(...maxp..Wt... ... .h.Wname..W..........EIpost..X.........D.z.prep..[\.........K..x.%....P......@:D...$.. ]!....h.....2/.$.....D.^.F..ua.].N....%>./...x..ex#......<..d.e.-.1..33333333..y...T.`.V^p.m._.{..9...z..z..5... .<....\|...<.-.}9./..._....f.P.J?F......d...b..DzFm......&b...!...H..;a.XI.=6gEB..6N......]6.I...J..w.hU\6...I.uei..@..J.n. .2.D3.. .(ay.......<..j>....s@.n.....Z.U.H@.v..e......!..s.`wW...u4.8P...x.r...z4...h.....H@.;.g.....,1..)..E.}".S.5..X.{E....._.....".D...=\|D..Q...D7...q>.\ .\.E.s.Hp.Hr...r.....+..f..q...\+:.Q..,Bn...g#.l..l..l.i..&v.4;E..D=...I......R.O.1-.fDDA.1+j8...A.D...?M..w.\|.&F.f..1..z....j-o9.V.y.em...vRO.^..-.S..f.q.....j...c....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\JTURjIg1_i6t8kCHKm45_dJE3gnD-A[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 23836, version 1.1
Category:	downloaded
Size (bytes):	23836
Entropy (8bit):	7.979463633723131
Encrypted:	false
SSDEEP:	384:1JCJnpTwnH5O+5hR1GTJO8Ir7BxLJMmel49Ryt+3qiixubNtKBG2DWmkahwV:1w56nZO+5hbF8I5xLJ649MabNCpDkCwV
MD5:	80F10BD382F0DF1CD650FEC59F3C9394
SHA1:	46F6D60D4AC25FC1AA385513C42A58D89BAB45BA
SHA-256:	2A5AFDAC758F2E6A3FD3709719001951708D9F27E7E55ADF9C33B69814A4CD50
SHA-512:	0597EDDF1926C95D792772D3797646AA1E6A294BF023B179CDA1396690AB8B7EAB5394FC896D49A77C161B59D45AB69C53269D869EF40AE83812AC03AA6593B2
Malicious:	false
IE Cache URL:	https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_dJE3gnD-A.woff
Preview:	wOFF......].................................GDEF.......G...X.g.^GPOS..........2....GSUB.............,.OS/2...l...O...`T.Ycmap..............h.cvt .......e....3..=fpgm.......F...mM$.\|gasp...0............glyf...8..4..._...qhead..S....6...6.i..hhea..T.... ...$....hmtx..T8...&...>37.hloca..V`.......(Wjn.maxp..X.... ... .[.Mname..X.........SE.post..Y.........D.z.prep..\`.........K..x.%....P......@:D...$.. ]!....h.....2/.$.....D.^.F..ua.].N....%>./...x...p.I.E_..z.-....4f........!.0..i.ye...5..l+.j.n..p.f.y.....UuK.6....^B.Q.y.(....x.....w...D.f>+.E...{.....S[ ...g...Q...v.ap.......&....Q.T..[...v.]o.v....P......? K..l.\|.HD........e.Q....Yl.i...D, ........n.OR.\|.[....p+.PF}....D@D3.{.....l..'Mv.bE.L.....E.0.......HI.....~P+R.....Np.s..KH.."...9!r...=..^..U\|B..b....\|Z...(.Y1...\|^.......,~.B~./).+..k~C...1..<..:...\"....h.r.q.....kE..E....:.N....nQ....^..>.H.hb....!.S.(..1.'D-gD.Y..#f.+j.d.. .......AtW.whb..`...M..Rb..Fo......:..*.['y.y._.n...w....m...P..EV..I6..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1538
Entropy (8bit):	5.212336098192914
Encrypted:	false
SSDEEP:	48:nOOS7iOOJEOOW+HEOOLVOOgauOOxTkOOCLOOw6W:nOOS7iOOJEOOW+HEOOLVOOgauOOxTkOG
MD5:	539812A7B7DC64066B13E481FC603497
SHA1:	0CF448BFE27BE46DEB47A88D6C02B18703B3E0AA
SHA-256:	BE2D1095FCBD9D62862AAA227171B2DF700A625F13226136D0C114269C01711B
SHA-512:	B2A1BBE42F4CC4E8B18CBB5E9122E8964E5F89DCF603B63BB54134112E0468C2DD343F52A2177784FAFBD9AEEA637B080D39881AEECA13F8038B7472B1C731DC
Malicious:	false
Preview:	@font-face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 100;. src: url(https://fonts.gstatic.com/s/montserrat/v15/JTUQjIg1_i6t8kCHKm45_QpRyS7g.woff) format('woff');.}.@font-face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 200;. src: url(https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_aZA3gnD-A.woff) format('woff');.}.@font-face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 300;. src: url(https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_cJD3gnD-A.woff) format('woff');.}.@font-face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/montserrat/v15/JTUSjIg1_i6t8kCHKm459WlhzQ.woff) format('woff');.}.@font-face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 500;. src: url(https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_ZpC3gnD-A.woff) format('woff');.}.@font-face {. font-family: 'Montserrat';

C:\Users\user\AppData\Local\Temp\~DF5FEE7CA98A774557.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.27918767598683664
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
MD5:	AB889A32AB9ACD33E816C2422337C69A
SHA1:	1190C6B34DED2D295827C2A88310D10A8B90B59B
SHA-256:	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
SHA-512:	BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF7636CA86B2B9822B.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	36017
Entropy (8bit):	0.6039159153163438
Encrypted:	false
SSDEEP:	48:kBqoxKAuvScS+8aAhNINTf7Px3Y5G1x3zv0c0P:kBqoxKAuvScS+8aAhKV1o5kcP
MD5:	C8967957E0F973295681AE551741A195
SHA1:	EE8307C733CEC2D70EE5A4594AC0790A5789247C
SHA-256:	C9443BA46F84DAC3476977A4E7A11CD75A3D3F84B5EA72AFB91196D4B06DF552
SHA-512:	20A24AA650ABD85BF68E62FB9ABE0FBCEF63FBE2AE3A48C3FC65B854FA189A894391CFEA7B8026A89D1EA641B92A4040ED3F1F8D8418D9064757237AC681A015
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFC8580DDF3DAC5A07.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.4848620921538296
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loYF9log9lWvtrDftrBOr1Y:kBqoIrNvJDfJQ1Y
MD5:	C87147D5CCE03D3492A8D2B57F6DF843
SHA1:	3E526E0EE77245A40122F36F502228942C2A2EE9
SHA-256:	E4AC781A83BAF65956CB1F76B2107BFB42F5C5442499F7051CB9D9F1A5B70D03
SHA-512:	67CB59A6C4A802992E7C98892BC7CF3ECD231469C11D21B51D36E49F69C538727F6146F3EC46934497388DCB4B6B463DF365C428904AD87E2796E8E9AB87FE17
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General
File type:	HTML document, ASCII text, with very long lines, with CRLF line terminators
Entropy (8bit):	5.275090391167409
TrID:	HyperText Markup Language (11501/1) 33.82% HyperText Markup Language (11501/1) 33.82% HyperText Markup Language (11001/1) 32.35%
File name:	$108,459.00.html
File size:	6302
MD5:	244f3030958bcfe1db9bb77edd6ecaf3
SHA1:	95ebb217144ec973ce3b9c0ebaa9b4fde83be41d
SHA256:	fb2b7bf2039d05913895b5ec2ef8ea20ba02ebbc00e1596d7468074410525b2b
SHA512:	76c29ab8a82af275fdcd7b04c99a569df4ff54f13944057c657297b01da5b027ec0f2ca92fc620c24d5a0760f4175053d8f0475124fddabbaccfadb2dc528111
SSDEEP:	96:Mp8DVjrsU3lWhQ/IeQoP8iGVEp8xn7rhKH8g66H/1wZeCBk:qyvecIezP8iiw8xn7roueKBBk
File Content Preview:	<!doctype html>..<html>..<head>..<meta charset="utf-8">..<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0"/>..<link href="https://fonts.googleapis.com/css?family=Montserrat:100,200,300,400,500,600,700,80

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 10, 2021 13:02:09.511253119 CEST	49707	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.511396885 CEST	49708	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.538321018 CEST	443	49708	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.538537979 CEST	49708	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.540668011 CEST	49708	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.541670084 CEST	443	49707	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.541816950 CEST	49707	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.543874979 CEST	49707	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.567462921 CEST	443	49708	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.572561979 CEST	443	49707	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.579345942 CEST	443	49708	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.579402924 CEST	443	49708	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.579432011 CEST	443	49708	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.579478979 CEST	49708	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.579530001 CEST	49708	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.584259033 CEST	443	49707	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.584316969 CEST	443	49707	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.584347010 CEST	443	49707	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.584379911 CEST	49707	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.584470987 CEST	49707	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.747514009 CEST	49708	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.748112917 CEST	49708	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.748442888 CEST	49708	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.759809017 CEST	49707	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.763123989 CEST	49707	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.774353981 CEST	443	49708	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.774394035 CEST	443	49708	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.774532080 CEST	49708	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.774564981 CEST	49708	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.774952888 CEST	49708	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.775357008 CEST	443	49708	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.775448084 CEST	49708	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.775466919 CEST	443	49708	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.775505066 CEST	443	49708	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.775543928 CEST	443	49708	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.775551081 CEST	49708	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.775563955 CEST	49708	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.775569916 CEST	443	49708	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.775598049 CEST	49708	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.775649071 CEST	443	49708	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.775686026 CEST	443	49708	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.775705099 CEST	49708	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.775715113 CEST	443	49708	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.775717020 CEST	49708	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.775734901 CEST	49708	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.775774002 CEST	49708	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.788537025 CEST	443	49707	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.788574934 CEST	443	49707	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.788599014 CEST	49707	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.788633108 CEST	49707	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.791618109 CEST	443	49707	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.791695118 CEST	49707	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.799135923 CEST	49716	443	192.168.2.3	103.221.222.30
Apr 10, 2021 13:02:09.799357891 CEST	49717	443	192.168.2.3	103.221.222.30
Apr 10, 2021 13:02:09.799510956 CEST	49707	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:02:09.842993975 CEST	443	49708	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:09.870062113 CEST	443	49707	146.59.152.166	192.168.2.3
Apr 10, 2021 13:02:10.798196077 CEST	49717	443	192.168.2.3	103.221.222.30
Apr 10, 2021 13:02:10.813745022 CEST	49716	443	192.168.2.3	103.221.222.30
Apr 10, 2021 13:02:12.798314095 CEST	49717	443	192.168.2.3	103.221.222.30
Apr 10, 2021 13:02:12.814032078 CEST	49716	443	192.168.2.3	103.221.222.30
Apr 10, 2021 13:02:16.856935978 CEST	49718	443	192.168.2.3	103.221.222.30
Apr 10, 2021 13:02:17.861196995 CEST	49718	443	192.168.2.3	103.221.222.30
Apr 10, 2021 13:02:19.861284971 CEST	49718	443	192.168.2.3	103.221.222.30
Apr 10, 2021 13:03:58.931473970 CEST	49708	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:03:58.932003975 CEST	49707	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:03:58.958309889 CEST	443	49708	146.59.152.166	192.168.2.3
Apr 10, 2021 13:03:58.958421946 CEST	49708	443	192.168.2.3	146.59.152.166
Apr 10, 2021 13:03:58.960752964 CEST	443	49707	146.59.152.166	192.168.2.3
Apr 10, 2021 13:03:58.960817099 CEST	49707	443	192.168.2.3	146.59.152.166

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 10, 2021 13:02:00.813982964 CEST	50620	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:00.826781034 CEST	53	50620	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:01.751739025 CEST	64938	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:01.764539003 CEST	53	64938	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:04.851959944 CEST	60152	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:04.865453005 CEST	53	60152	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:05.879455090 CEST	57544	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:05.892316103 CEST	53	57544	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:06.648999929 CEST	55984	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:06.662122965 CEST	53	55984	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:07.468305111 CEST	64185	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:07.480976105 CEST	53	64185	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:08.129117012 CEST	65110	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:08.147484064 CEST	53	65110	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:08.395276070 CEST	58361	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:08.407871962 CEST	53	58361	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:09.401686907 CEST	63492	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:09.403151989 CEST	60831	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:09.414444923 CEST	53	63492	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:09.508507013 CEST	60100	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:09.509618044 CEST	53	60831	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:09.524418116 CEST	53	60100	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:09.570868015 CEST	53195	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:09.584747076 CEST	53	53195	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:09.764570951 CEST	50141	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:09.787821054 CEST	53	50141	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:19.181360960 CEST	53023	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:19.193502903 CEST	53	53023	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:20.111440897 CEST	49563	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:20.124113083 CEST	53	49563	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:21.336599112 CEST	51352	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:21.348439932 CEST	53	51352	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:23.685725927 CEST	59349	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:23.697952032 CEST	53	59349	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:26.737166882 CEST	57084	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:26.749989986 CEST	53	57084	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:27.734735966 CEST	58823	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:27.748217106 CEST	53	58823	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:28.865462065 CEST	57568	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:28.877502918 CEST	53	57568	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:30.369076014 CEST	50540	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:30.381269932 CEST	53	50540	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:31.163870096 CEST	54366	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:31.177104950 CEST	53	54366	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:32.439860106 CEST	53034	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:32.452445030 CEST	53	53034	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:35.500859976 CEST	57762	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:35.513592005 CEST	53	57762	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:37.750122070 CEST	55435	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:37.769124985 CEST	53	55435	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:38.132431030 CEST	50713	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:38.156382084 CEST	53	50713	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:38.932233095 CEST	56132	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:38.956337929 CEST	53	56132	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:39.146125078 CEST	50713	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:39.171008110 CEST	53	50713	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:39.941714048 CEST	56132	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:39.954583883 CEST	53	56132	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:40.159940004 CEST	50713	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:40.177725077 CEST	53	50713	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:41.360688925 CEST	56132	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:41.373492002 CEST	53	56132	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:42.246526003 CEST	50713	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:42.260066986 CEST	53	50713	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:43.363414049 CEST	56132	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:43.387171030 CEST	53	56132	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:45.563038111 CEST	58987	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:45.620554924 CEST	53	58987	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:46.254287958 CEST	50713	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:46.267823935 CEST	53	50713	8.8.8.8	192.168.2.3
Apr 10, 2021 13:02:47.379364967 CEST	56132	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:02:47.392380953 CEST	53	56132	8.8.8.8	192.168.2.3
Apr 10, 2021 13:03:07.959256887 CEST	56579	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:03:07.972640038 CEST	53	56579	8.8.8.8	192.168.2.3
Apr 10, 2021 13:03:10.684932947 CEST	60633	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:03:10.703409910 CEST	53	60633	8.8.8.8	192.168.2.3
Apr 10, 2021 13:03:42.590023041 CEST	61292	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:03:42.602401018 CEST	53	61292	8.8.8.8	192.168.2.3
Apr 10, 2021 13:03:50.152132988 CEST	63619	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:03:50.178229094 CEST	53	63619	8.8.8.8	192.168.2.3
Apr 10, 2021 13:03:51.590584040 CEST	64938	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:03:51.609529018 CEST	53	64938	8.8.8.8	192.168.2.3
Apr 10, 2021 13:04:35.436831951 CEST	61946	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:04:35.545624018 CEST	53	61946	8.8.8.8	192.168.2.3
Apr 10, 2021 13:04:36.142293930 CEST	64910	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:04:36.289470911 CEST	53	64910	8.8.8.8	192.168.2.3
Apr 10, 2021 13:04:36.644423962 CEST	52123	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:04:36.657089949 CEST	53	52123	8.8.8.8	192.168.2.3
Apr 10, 2021 13:04:36.884314060 CEST	56130	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:04:36.897986889 CEST	53	56130	8.8.8.8	192.168.2.3
Apr 10, 2021 13:04:36.991678953 CEST	56338	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:04:37.017554045 CEST	53	56338	8.8.8.8	192.168.2.3
Apr 10, 2021 13:04:37.286487103 CEST	59420	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:04:37.451858044 CEST	53	59420	8.8.8.8	192.168.2.3
Apr 10, 2021 13:04:38.021704912 CEST	58784	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:04:38.034679890 CEST	53	58784	8.8.8.8	192.168.2.3
Apr 10, 2021 13:04:38.634090900 CEST	63978	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:04:39.099571943 CEST	53	63978	8.8.8.8	192.168.2.3
Apr 10, 2021 13:04:39.597620010 CEST	62938	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:04:39.611128092 CEST	53	62938	8.8.8.8	192.168.2.3
Apr 10, 2021 13:04:40.431003094 CEST	55708	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:04:40.443756104 CEST	53	55708	8.8.8.8	192.168.2.3
Apr 10, 2021 13:04:41.055382013 CEST	56803	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:04:41.068912983 CEST	53	56803	8.8.8.8	192.168.2.3
Apr 10, 2021 13:04:41.380700111 CEST	57145	53	192.168.2.3	8.8.8.8
Apr 10, 2021 13:04:41.394032955 CEST	53	57145	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Apr 10, 2021 13:02:09.403151989 CEST	192.168.2.3	8.8.8.8	0xc8c	Standard query (0)	i.ibb.co	A (IP address)	IN (0x0001)
Apr 10, 2021 13:02:09.764570951 CEST	192.168.2.3	8.8.8.8	0x2d6a	Standard query (0)	mayhutsuahanoi.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Apr 10, 2021 13:02:09.509618044 CEST	8.8.8.8	192.168.2.3	0xc8c	No error (0)	i.ibb.co	146.59.152.166	A (IP address)	IN (0x0001)
Apr 10, 2021 13:02:09.509618044 CEST	8.8.8.8	192.168.2.3	0xc8c	No error (0)	i.ibb.co	145.239.131.51	A (IP address)	IN (0x0001)
Apr 10, 2021 13:02:09.509618044 CEST	8.8.8.8	192.168.2.3	0xc8c	No error (0)	i.ibb.co	145.239.131.55	A (IP address)	IN (0x0001)
Apr 10, 2021 13:02:09.509618044 CEST	8.8.8.8	192.168.2.3	0xc8c	No error (0)	i.ibb.co	145.239.131.60	A (IP address)	IN (0x0001)
Apr 10, 2021 13:02:09.509618044 CEST	8.8.8.8	192.168.2.3	0xc8c	No error (0)	i.ibb.co	146.59.152.166	A (IP address)	IN (0x0001)
Apr 10, 2021 13:02:09.787821054 CEST	8.8.8.8	192.168.2.3	0x2d6a	No error (0)	mayhutsuahanoi.com	103.221.222.30	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Apr 10, 2021 13:02:09.579402924 CEST	146.59.152.166	443	192.168.2.3	49708	CN=ibb.co CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Sun Apr 04 19:42:58 CEST 2021 Wed Oct 07 21:21:40 CEST 2020	Sat Jul 03 19:42:58 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 10, 2021 13:02:09.579402924 CEST	146.59.152.166	443	192.168.2.3	49708	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
Apr 10, 2021 13:02:09.584316969 CEST	146.59.152.166	443	192.168.2.3	49707	CN=ibb.co CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Sun Apr 04 19:42:58 CEST 2021 Wed Oct 07 21:21:40 CEST 2020	Sat Jul 03 19:42:58 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 10, 2021 13:02:09.584316969 CEST	146.59.152.166	443	192.168.2.3	49707	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 4436 Parent PID: 792

General

Start time:	13:02:07
Start date:	10/04/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff676950000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: iexplore.exe PID: 5264 Parent PID: 4436

General

Start time:	13:02:07
Start date:	10/04/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4436 CREDAT:17410 /prefetch:2
Imagebase:	0x290000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report $108,459.00.shtml

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Initial Sample

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 4436 Parent PID: 792

General

Chronological Activities

Analysis Process: iexplore.exe PID: 5264 Parent PID: 4436

General

Chronological Activities

Disassembly