Play interactive tour

Edit tour

Analysis Report https://gabriellarodriguezart.com/Dr

Overview

General Information

Sample URL:	https://gabriellarodriguezart.com/Dr
Analysis ID:	432837
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Phishing site detected (based on shot template match)

Yara detected HtmlPhish10

Yara detected HtmlPhish7

Phishing site detected (based on various OCR indicators)

HTML body contains low number of good links

HTML title does not match URL

Classification

Process Tree

System is w10x64

iexplore.exe (PID: 6828 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 6908 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6828 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Dr[1].htm	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Dr[1].htm	JoeSecurity_HtmlPhish_7	Yara detected HtmlPhish_7	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: https://gabriellarodriguezart.com/Dr

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Antivirus detection for URL or domain

Show sources

Source: https://gabriellarodriguezart.com/Dr/

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Phishing site detected (based on shot template match)

Show sources

Source: https://gabriellarodriguezart.com/Dr/

Matcher: Template: outlook matched

Yara detected HtmlPhish10

Show sources

Source: Yara match	File source: 642294.pages.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Dr[1].htm, type: DROPPED

Yara detected HtmlPhish7

Show sources

Source: Yara match	File source: 642294.pages.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Dr[1].htm, type: DROPPED

Phishing site detected (based on various OCR indicators)

Show sources

Source: Screenshots	OCR Text: (@)@e O gabrie\|\|arodrigu=rt.com x [I - [I X - X\|'earh...JO-Grtk@ <9 =>e httpsWgabriellarodrigu=rt.com/Dr/ e Share Point Onlinex [I' C Search... d'- Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. Sign in with Outlook Sign in with Office365 OO Sign in with Other Mail Select your email provider to view Document CopyRight 2020 Adobe. X JO-GjCUC1
Source: Screenshots	OCR Text: d'- Adobe Document Cloud To read the document, please enter with the valid email credentials that this file was sent to. Sign in with Outlook Sign in with Office365 OO Sign in with Other Mail Select your email provider to view Document CopyRight 2020 Adobe.

Source: https://gabriellarodriguezart.com/Dr/	HTTP Parser: Number of links: 0
Source: https://gabriellarodriguezart.com/Dr/	HTTP Parser: Number of links: 0

Source: https://gabriellarodriguezart.com/Dr/	HTTP Parser: Title: Share Point Online does not match URL
Source: https://gabriellarodriguezart.com/Dr/	HTTP Parser: Title: Share Point Online does not match URL

Source: https://gabriellarodriguezart.com/Dr/	HTTP Parser: No <meta name="author".. found
Source: https://gabriellarodriguezart.com/Dr/	HTTP Parser: No <meta name="author".. found

Source: https://gabriellarodriguezart.com/Dr/	HTTP Parser: No <meta name="copyright".. found
Source: https://gabriellarodriguezart.com/Dr/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: unknown	HTTPS traffic detected: 162.241.114.112:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.114.112:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.114.112:443 -> 192.168.2.4:49770 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: gabriellarodriguezart.com

Source: hover[1].css.3.dr	String found in binary or memory: http://ianlunn.co.uk/
Source: hover[1].css.3.dr	String found in binary or memory: http://ianlunn.github.io/Hover/)
Source: popper.min[1].js.3.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: Dr[1].htm0.3.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: Dr[1].htm0.3.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: Dr[1].htm0.3.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: Dr[1].htm0.3.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: Dr[1].htm0.3.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: free.min[1].css.3.dr	String found in binary or memory: https://fontawesome.com
Source: free.min[1].css.3.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: Dr[1].htm0.3.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Yellowtail&display=swap
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/yellowtail/v11/OZpGg_pnoDtINPfRIlLohlvHxw.woff)
Source: ~DF5FAEF6CCA28DFD69.TMP.1.dr	String found in binary or memory: https://gabriellarodriguezart.com/Dr/
Source: ~DF5FAEF6CCA28DFD69.TMP.1.dr	String found in binary or memory: https://gabriellarodriguezart.com/Dr/$Share
Source: {5E5D766A-CA19-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://gabriellarodriguezart.com/Dr/Root
Source: ~DF5FAEF6CCA28DFD69.TMP.1.dr	String found in binary or memory: https://gabriellarodriguezart.com/Dr/l
Source: bootstrap.min[1].css.3.dr, bootstrap.min[1].js.3.dr	String found in binary or memory: https://getbootstrap.com)
Source: hover[1].css.3.dr	String found in binary or memory: https://github.com/IanLunn/Hover
Source: bootstrap.min[1].css.3.dr, bootstrap.min[1].js.3.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js.3.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: 585b051251[1].js.3.dr	String found in binary or memory: https://ka-f.fontawesome.com
Source: 585b051251[1].js.3.dr	String found in binary or memory: https://kit.fontawesome.com
Source: Dr[1].htm0.3.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: Dr[1].htm0.3.dr	String found in binary or memory: https://login.microsoftonline.com/common/login
Source: Dr[1].htm0.3.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: Dr[1].htm0.3.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756

Source: unknown	HTTPS traffic detected: 162.241.114.112:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.114.112:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.11.207:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.241.114.112:443 -> 192.168.2.4:49770 version: TLS 1.2

Source: classification engine

Classification label: mal84.phis.win@3/25@7/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5E5D7668-CA19-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF4C0C6A7F8B5D7714.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6828 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6828 CREDAT:17410 /prefetch:2

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://gabriellarodriguezart.com/Dr	0%	Avira URL Cloud	safe
https://gabriellarodriguezart.com/Dr	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://gabriellarodriguezart.com/Dr/	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering
http://ianlunn.github.io/Hover/)	0%	Virustotal		Browse
http://ianlunn.github.io/Hover/)	0%	Avira URL Cloud	safe
https://gabriellarodriguezart.com/Dr/$Share	0%	Avira URL Cloud	safe
https://gabriellarodriguezart.com/Dr/l	0%	Avira URL Cloud	safe
https://getbootstrap.com)	0%	Avira URL Cloud	safe
http://ianlunn.co.uk/	0%	URL Reputation	safe
http://ianlunn.co.uk/	0%	URL Reputation	safe
http://ianlunn.co.uk/	0%	URL Reputation	safe
https://gabriellarodriguezart.com/Dr/Root	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
gabriellarodriguezart.com	162.241.114.112	true	false	unknown
cdnjs.cloudflare.com	104.16.18.94	true	false	high
maxcdn.bootstrapcdn.com	104.18.11.207	true	false	high
ka-f.fontawesome.com	unknown	unknown	false	high
code.jquery.com	unknown	unknown	false	high
kit.fontawesome.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://gabriellarodriguezart.com/Dr/	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://fontawesome.com	free.min[1].css.3.dr	false		high
https://kit.fontawesome.com	585b051251[1].js.3.dr	false		high
http://ianlunn.github.io/Hover/)	hover[1].css.3.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/twbs/bootstrap/graphs/contributors)	bootstrap.min[1].js.3.dr	false		high
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	Dr[1].htm0.3.dr	false		high
https://gabriellarodriguezart.com/Dr/$Share	~DF5FAEF6CCA28DFD69.TMP.1.dr	true	Avira URL Cloud: safe	unknown
https://gabriellarodriguezart.com/Dr/l	~DF5FAEF6CCA28DFD69.TMP.1.dr	true	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com/common/login	Dr[1].htm0.3.dr	false		high
https://getbootstrap.com)	bootstrap.min[1].css.3.dr, bootstrap.min[1].js.3.dr	false	Avira URL Cloud: safe	low
https://ka-f.fontawesome.com	585b051251[1].js.3.dr	false		high
https://code.jquery.com/jquery-3.2.1.slim.min.js	Dr[1].htm0.3.dr	false		high
https://code.jquery.com/jquery-3.1.1.min.js	Dr[1].htm0.3.dr	false		high
http://ianlunn.co.uk/	hover[1].css.3.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://gabriellarodriguezart.com/Dr/	~DF5FAEF6CCA28DFD69.TMP.1.dr	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://github.com/twbs/bootstrap/blob/master/LICENSE)	bootstrap.min[1].css.3.dr, bootstrap.min[1].js.3.dr	false		high
https://github.com/IanLunn/Hover	hover[1].css.3.dr	false		high
http://opensource.org/licenses/MIT).	popper.min[1].js.3.dr	false		high
https://gabriellarodriguezart.com/Dr/Root	{5E5D766A-CA19-11EB-90EB-ECF4BBEA1588}.dat.1.dr	true	Avira URL Cloud: safe	unknown
https://kit.fontawesome.com/585b051251.js	Dr[1].htm0.3.dr	false		high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	Dr[1].htm0.3.dr	false		high
https://code.jquery.com/jquery-3.3.1.js	Dr[1].htm0.3.dr	false		high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css	Dr[1].htm0.3.dr	false		high
https://fontawesome.com/license/free	free.min[1].css.3.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.11.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
162.241.114.112	gabriellarodriguezart.com	United States	46606	UNIFIEDLAYER-AS-1US	false
104.16.18.94	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	432837
Start date:	10.06.2021
Start time:	20:25:42
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 2m 39s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://gabriellarodriguezart.com/Dr
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal84.phis.win@3/25@7/3
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): ielowutil.exe, backgroundTaskHost.exe, svchost.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 52.147.198.201, 104.42.151.234, 88.221.62.148, 69.16.175.42, 69.16.175.10, 142.250.180.202, 104.18.22.52, 104.18.23.52, 172.64.203.28, 172.64.202.28, 20.82.210.154, 20.72.88.19, 152.199.19.161 Excluded domains from analysis (whitelisted): kit.fontawesome.com.cdn.cloudflare.net, cds.s5x3j6q5.hwcdn.net, fonts.googleapis.com, ka-f.fontawesome.com.cdn.cloudflare.net, ajax.googleapis.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ie9comview.vo.msecnd.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, skypedataprdcoleus16.cloudapp.net, e11290.dspg.akamaiedge.net, eus2-consumerrp-displaycatalog-aks2aks-useast.md.mp.microsoft.com.akadns.net, iecvlist.microsoft.com, go.microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, cs9.wpc.v0cdn.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5E5D7668-CA19-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8519445073708543
Encrypted:	false
SSDEEP:	192:riZ5Zx2GHWGKtGiifGWwazMGjCBGG8DGnsfGrwTjX:revAG2GCGLG3G+GBGSGk
MD5:	8CFD78B987F70DE24279106ECC30FD5D
SHA1:	18711387EA29E74B7BA4104B5FAB15B428061546
SHA-256:	8A717F81B44DDAA879161DB55D43868F6517AD7DA0AA5A00872B28F4E8B97021
SHA-512:	B7F8837BDB459145A80C1FDEE06081161EA78E436B977F0C6B258243EA07C0D0EE85957F8645E65020053951818D578D3C031CF1A67A137D567DDE4BE98E3D18
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E5D766A-CA19-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	27410
Entropy (8bit):	1.770997795015822
Encrypted:	false
SSDEEP:	96:rnZEQ46uBS1jFX2FfWFGMFC03ZH3HSgbwr:rnZEQ46uk1jFX2FfWFGMFC03ZH3HSHr
MD5:	A58DBDF3DCB9A1A5EF15B00ED7E2874B
SHA1:	A75B95498B2C93AF256C542A5F602DC0A456D079
SHA-256:	7EA6C945CCE12A229C10F5004324AE9D20B696E0766F07FADE75796D712D7A94
SHA-512:	24FFB606EBCC8722979B2594C644A5968E330891CEA265F2903F55571D91D8386E0A44676EBA42039DF2307C6E5174241647A564F5814C475556F6B5BA3C055B
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E5D766B-CA19-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.563917014555442
Encrypted:	false
SSDEEP:	48:Iw6GcprDGwpaiG4pQWGrapbS3tGQpKlxG7HpRFTGIpG:r+ZdQS6YBS3XAlgTTA
MD5:	ABB8B868425AEC49D0438DA00D36498E
SHA1:	B64E3294D060FC48D5BD6199A4F2F47D901571CE
SHA-256:	CB3A7CA250F88A2A9F907BBDFA8EA4DB5F535B2667C9F64EEEC5A0AC1004D9FC
SHA-512:	3A0A134E32D9191C38C46AF38010238B7F850F58AAA382A1FB0463D336BE508F04F586702DAB28EA8F8EE489873F64D6A55CCAC9A6C52D457BB3969CC3A4FE61
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\585b051251[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	10866
Entropy (8bit):	5.182623714755422
Encrypted:	false
SSDEEP:	192:BgHN42S+9SZRvACpiIthFzoXnemF+shSGnZ+PPxQDqv7jh81Q5l8OcchIlzbCn:WRCfhFzevnEZ/h81Q5l8OsE
MD5:	D8CA71772D1E86D5FB9D5E2F6CC1AE70
SHA1:	9B043E60997FE552D652E4474E16AFF923D7AA76
SHA-256:	7D840153F02AD6D91D652354E35B590721916D16C33956631EEF0E7D3B5613EE
SHA-512:	8E9DA8E9AE10EC0EB854A6E488FB4568A960EE10AF46FE4AA49F22F227CB94997F40E49E10A81E341B99489256163A2C0E065730EEA642777061CDA61B4D56C1
Malicious:	false
Reputation:	low
IE Cache URL:	https://kit.fontawesome.com/585b051251.js
Preview:	window.FontAwesomeKitConfig = {"asyncLoading":{"enabled":true},"autoA11y":{"enabled":true},"baseUrl":"https://ka-f.fontawesome.com","baseUrlKit":"https://kit.fontawesome.com","detectConflictsUntil":null,"iconUploads":{},"id":132286382,"license":"free","method":"css","minify":{"enabled":true},"token":"585b051251","v4FontFaceShim":{"enabled":false},"v4shim":{"enabled":true},"version":"5.15.3"};.!function(t){"function"==typeof define&&define.amd?define("kit-loader",t):t()}((function(){"use strict";function t(e){return(t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t})(e)}function e(t,e,n){return e in t?Object.defineProperty(t,e,{value:n,enumerable:!0,configurable:!0,writable:!0}):t[e]=n,t}function n(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter((function(e){return Object.g

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Dr[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	245
Entropy (8bit):	5.108410272788199
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwol6hEr6VX16hu9nPbTvT8OR+KqD:J0+ox0RJWWPnL8zT
MD5:	8303D52E9315425F58AEE965D469C11D
SHA1:	5F1CA9BC12AA97C9D139AC4F16552819B96733F3
SHA-256:	6ED6D06A696254FAE109940AED4455A6497B264091AF58B6B368D6E0149CC531
SHA-512:	61EE88284C89F5541D50D5BA00A9A27A3A72BD5DE27045E4D6CCEE4709BA5794D2F46EEBCC70131FFB26E995E3FBD66670D423ACF4B8C2CC1EAC511F6DBADE42
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Dr[1].htm, Author: Joe Security Rule: JoeSecurity_HtmlPhish_7, Description: Yara detected HtmlPhish_7, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Dr[1].htm, Author: Joe Security
Reputation:	low
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="https://gabriellarodriguezart.com/Dr/">here</a>.</p>.</body></html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\free-v4-shims.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	26701
Entropy (8bit):	4.829823522211244
Encrypted:	false
SSDEEP:	192:dP6hT1bIl4w0QUmQ10PwKLaAu5CwWavpHo4O6wgLPbJVR8XD7mycP:0hal4w0QK+PwK05eavpmgPPeXD7mycP
MD5:	8A99CE81EC2F89FBCA03F2C8CF1A3679
SHA1:	58F9EF32D12A5DA52CBAB7BD518BCC998FC59EF9
SHA-256:	362DAEAF1F7E05FEE9A609E549F148AACBE518C166FBD96EAD69057E295742AF
SHA-512:	930F28449365FAED13718BB8F332625DB110ABB08C3778DC632FDF00A0187A61A086B5EB4765FFC1923B64E2584C02592A213914B024DE6890FF3DBFC3A12FE5
Malicious:	false
Reputation:	low
IE Cache URL:	https://ka-f.fontawesome.com/releases/v5.15.3/css/free-v4-shims.min.css?token=585b051251
Preview:	/!. Font Awesome Free 5.15.3 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.fa.fa-glass:before{content:"\f000"}.fa.fa-meetup{font-family:"Font Awesome 5 Brands";font-weight:400}.fa.fa-star-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-star-o:before{content:"\f005"}.fa.fa-close:before,.fa.fa-remove:before{content:"\f00d"}.fa.fa-gear:before{content:"\f013"}.fa.fa-trash-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-trash-o:before{content:"\f2ed"}.fa.fa-file-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-file-o:before{content:"\f15b"}.fa.fa-clock-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-clock-o:before{content:"\f017"}.fa.fa-arrow-circle-o-down{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-arrow-circle-o-down:before{content:"\f358"}.fa.fa-arrow-circle-o-up{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-arro

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\free.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	60351
Entropy (8bit):	4.728641238865369
Encrypted:	false
SSDEEP:	768:0Uh31IPiyXNq4YxBowbgJlkwF//zMQyYJYX9Bft6VSz8:0U0PxXE4YXJgndFTfy9lt5Q
MD5:	390B4210E10C744C3C597500BCF0B31A
SHA1:	2600C7C2F25D7DBCBC668231601E426010DC6489
SHA-256:	C2819CA1F7AD1AF7BA53C4EDFDFD395C547BCB16D29892A234D7860C689ED929
SHA-512:	E8A7E466BE8CC092E12994B51A6A8A39E2FBB66DD48221BCF499BB89365B4004D73C1909F8FE0BBBBF13907D5901D76FFE127D92FDD7493853646F83F5985CBE
Malicious:	false
Reputation:	low
IE Cache URL:	https://ka-f.fontawesome.com/releases/v5.15.3/css/free.min.css?token=585b051251
Preview:	/!. Font Awesome Free 5.15.3 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pul

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\outlook1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	771
Entropy (8bit):	7.682244426935498
Encrypted:	false
SSDEEP:	24:74yiH9yQmOntihdLl00qDeu1BcaDa0oljZG0:omOntO7v/uJDYG0
MD5:	C3FC46C5799C76F9107504028F39190F
SHA1:	519096AD3F03410CF9CE3C9B9FCCA6B439D97B23
SHA-256:	57898461712A639D119BDF88B7145919DCC8956C7A271D2E4A1084B29EAE6785
SHA-512:	DF4A0A2F78B2013035FB738BF405119B275D4CFEC31A23071EB9AF499D5F31FDC4BE22754CE791C975D7D417E908B5CAD16F962B0ADD3DFDCDE19844D74F6678
Malicious:	false
Reputation:	low
IE Cache URL:	https://gabriellarodriguezart.com/Dr/images/outlook1.png
Preview:	.PNG........IHDR..............JL.....bKGD..............IDATH....k.A..k6.b.F1..H@...j@.aQ...(.. .. ........ .A..D...I......E......1...W...;;.Y.d.}].U5]..x"3?....!..A..y..+R2\...m.NX.=..p.0...d.^.3......J.Z.X.).....P\..x1.3.M.0....m.........F....?...n.......l.Fo)x._ R\|.s..a.T?...?.=.9.Y..u....z..\|.....Wz...h..<..P.. ...$.Y......k`/4.y/......L.C......."....U....7....G...'h.....1j1E..%t.....@..a.......b.ED-.Tn.<..o.D...o..(.{1l>........".4a.:k.I./.7t./.Q-'..>.. ......'3eb..d.@=4...C....A...;..N.X3.(.......,v...+...S...W..l...@,...j.).u<..@u..0...V&.b.yp.....0..o.?..V..B =.~&m"r(...6;EP.T.......h.m".[f.U)\|t..2.Q.....g.cP.W...D..[.O>..d;.yI.{/..#v.._..$.Q.......t\E..5i.q._.."/n...v.w..Uo ...#..S....^.....F..+._??.r.......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\adobe[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x400, frames 3
Category:	downloaded
Size (bytes):	30925
Entropy (8bit):	7.75667128400845
Encrypted:	false
SSDEEP:	768:nuowBuvTpjgz+wqrPZ2qh8fmyjlX6RqnxgYqwNL:nuPOpjgzPqrPZRYZGnYqYL
MD5:	BE5274AF7D8BD25B8148A190FF515399
SHA1:	B8D0850FD92EE935287E17988B89E53607808C8C
SHA-256:	26C62DBDF527B8DCBF378EA62F129CBBBA3B244730687909BA21ECD729C9D2E6
SHA-512:	64893C625BE72783088575E36EF26FF4573243F32601BDA754EDA72B7515063B5E4E4831697D16AC663529C910AE12CCD145BEC530F2A9BAE4D9324301C65667
Malicious:	false
Reputation:	low
IE Cache URL:	https://gabriellarodriguezart.com/Dr/images/adobe.jpg
Preview:	......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..g........\|?....".+......_.......4...R...'..q..~...n.7...........QXJ<...=...^.V'@U..E..5....Uz........IE.PTe.}/p.y.......T.<...-T..\|...b.=.#IU..~....{O/...b..E..............X...G...?........\|......._....M..g.................T~g.......<.....T~g......3$.=._..IU.K..^.E...=.#U.._[X.R..=W...1..........QTr.\....*.7..?..6.9K..^.E.Ps.\...........%W..y...g)s[KX)<......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\hover[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	114697
Entropy (8bit):	4.9296726009523
Encrypted:	false
SSDEEP:	1536:67O7EesvXIPRX4PT8aZv8qoXIoqbTFaFeTxvyAZ+D7M71D:qXIPRX4PT3
MD5:	FAC4178C15E5A86139C662DAFC809501
SHA1:	EF1481841399156A880EC31B07DDA9CFAA1ACE39
SHA-256:	BB88454962767EB6F2DDB1AABAAF844D8A57DE7E8F848D7F6928F81B54998452
SHA-512:	0902219B6E236FBF9D8173D1D452C8733C1BF67B0EB906CC9866EA0C27C2D08F6DA556D01475E9B54E2C6CE797B230BFBD5F39055CE0C71EA4D3E36872C378D9
Malicious:	false
Reputation:	low
IE Cache URL:	https://gabriellarodriguezart.com/Dr/css/hover.css
Preview:	/!. Hover.css (http://ianlunn.github.io/Hover/). * Version: 2.3.2. * Author: Ian Lunn @IanLunn. * Author URL: http://ianlunn.co.uk/. * Github: https://github.com/IanLunn/Hover.. * Hover.css Copyright Ian Lunn 2017. Generated with Sass.. /./ 2D TRANSITIONS /./ Grow /..hvr-grow {. display: inline-block;. vertical-align: middle;. -webkit-transform: perspective(1px) translateZ(0);. transform: perspective(1px) translateZ(0);. box-shadow: 0 0 1px rgba(0, 0, 0, 0);. -webkit-transition-duration: 0.3s;. transition-duration: 0.3s;. -webkit-transition-property: transform;. transition-property: transform;.}..hvr-grow:hover, .hvr-grow:focus, .hvr-grow:active {. -webkit-transform: scale(1.1);. transform: scale(1.1);.}../ Shrink */..hvr-shrink {. display: inline-block;. vertical-align: middle;. -webkit-transform: perspective(1px) translateZ(0);. transform: perspective(1px) translateZ(0);. box-shadow: 0 0 1px rgba(0, 0, 0, 0);. -webkit-transition-duration: 0.3s;. transition-

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\jquery-3.1.1.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
Reputation:	low
IE Cache URL:	https://code.jquery.com/jquery-3.1.1.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\jquery-3.2.1.slim.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	69597
Entropy (8bit):	5.369216080582935
Encrypted:	false
SSDEEP:	1536:qNhEyjjTikEJO4edXXe9J578go6MWX2xkjVe4c4j2ll2Ac7pK3F71QDU8CuT:Exc2yjq4j2uYnQDU8CuT
MD5:	5F48FC77CAC90C4778FA24EC9C57F37D
SHA1:	9E89D1515BC4C371B86F4CB1002FD8E377C1829F
SHA-256:	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
SHA-512:	CAB8C4AFA1D8E3A8B7856EE29AE92566D44CEEAD70C8D533F2C98A976D77D0E1D314719B5C6A473789D8C6B21EBB4B89A6B0EC2E1C9C618FB1437EBC77D3A269
Malicious:	false
Reputation:	low
IE Cache URL:	https://code.jquery.com/jquery-3.2.1.slim.min.js
Preview:	/! jQuery v3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-event/ajax,-effects,-effects/Tween,-effects/animatedSelector \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_e

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\8[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, big-endian, direntries=12, height=709, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1200], baseline, precision 8, 1200x646, frames 3
Category:	downloaded
Size (bytes):	161118
Entropy (8bit):	7.5594351594508185
Encrypted:	false
SSDEEP:	3072:WucfAcwuKGuN2q/gSsqnk4br5XUGpppLqfmazv7l04J:OMuKbYOF355XEuAv7lnJ
MD5:	F17B5B1163EFB6D2D47DE6BAE6D3A9CD
SHA1:	6D6964B34BC44C6D2B106ADE1AE675985B96D012
SHA-256:	7829F065E0E10C8466F3D57766E0719421B7B652F6A1082F21B98702F1B28A30
SHA-512:	7C0CBEF1D3CAE66A18C74544E593803C2EEC56817E762A385D54437BC7D597B2598886B0C0EDF72C6E934E9F146CEFC89392A492DB5425A1071E61CA1F156855
Malicious:	false
Reputation:	low
IE Cache URL:	https://gabriellarodriguezart.com/Dr/images/8.jpg
Preview:	......Exif..MM.*.......................................................................................................(...........1.....".....2..........i.............$............'.......'.Adobe Photoshop CC 2015 (Windows).2020:01:21 13:41:42.............0221...................................................................r...........z.(.................................%.......H.......H..........Adobe_CM......Adobe.d.................................................................................................................................................V...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......q..KJG..x.."....]..TX...[^.m...R.......X.5..j?p.A.RI%0...MN.$..@.4

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\bootstrap.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	144877
Entropy (8bit):	5.049937202697915
Encrypted:	false
SSDEEP:	1536:GcoqwrUPyDHU7c7TcDEBi82NcuSELL4d/+oENM6HN26Q:VoPgPard2oENM6HN26Q
MD5:	450FC463B8B1A349DF717056FBB3E078
SHA1:	895125A4522A3B10EE7ADA06EE6503587CBF95C5
SHA-256:	2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
SHA-512:	93BF1ED5F6D8B34F53413A86EFD4A925D578C97ABC757EA871F3F46F340745E4126C48219D2E8040713605B64A9ECF7AD986AA8102F5EA5ECF9228801D962F5D
Malicious:	false
Reputation:	low
IE Cache URL:	https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Preview:	/!. Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors. * Copyright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). /:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace},::after,::before{box-sizing:border-box}html{font-family:sans

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\bootstrap.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	48944
Entropy (8bit):	5.272507874206726
Encrypted:	false
SSDEEP:	768:9VG5R15WbHVKZrycEHSYro34CrSLB6WU/6DqBf4l1B:9VIRuo53XiwWTvl1B
MD5:	14D449EB8876FA55E1EF3C2CC52B0C17
SHA1:	A9545831803B1359CFEED47E3B4D6BAE68E40E99
SHA-256:	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
SHA-512:	00D9069B9BD29AD0DAA0503F341D67549CCE28E888E1AFFD1A2A45B64A4C1BC460D81CFC4751857F991F2F4FB3D2572FD97FCA651BA0C2B0255530209B182F22
Malicious:	false
Reputation:	low
IE Cache URL:	https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Preview:	/!. Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function r(){return(r=Object.assign\|\|function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&e.hasOwnProperty("default")?e.default:e,n=n&&n.hasOwnProp

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\jquery.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
IE Cache URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Dr[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	11777
Entropy (8bit):	4.8159515725639555
Encrypted:	false
SSDEEP:	192:K2FI5vEJKnYmrDfG4RywAOT+UY/t4IdtWPtY:1nmRnAKyt48tZ
MD5:	6D1D3C4FD92B63CC534BE0EDF3AF18DC
SHA1:	5F5442FEB5BE60239F185E969C45050A7DBADE2A
SHA-256:	65ADCB045AEFB4D0028A6AF36EC9D42BBD4DAE9AFF2CF85810BB4A6F44D4B25C
SHA-512:	2D42684CF0A44E262C958172C2446974A4AE9B8D17F7208A5FCB690964EE0D56FEB157B9AB6166B8F94FBDCBA027271C36B66784655E8FD96CE0B5522FE71AA2
Malicious:	false
Reputation:	low
IE Cache URL:	https://gabriellarodriguezart.com/Dr/
Preview:	...<!doctype html>..<html lang="en">..<head>.. <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>.. <script src="https://code.jquery.com/jquery-3.1.1.min.js">.. <script src="https://code.jquery.com/jquery-3.3.1.js" integrity="sha256-2Kok7MbOyxpgUVvAk/HJ2jigOSYS2auK4Pfzbm7uH60=" crossorigin="anonymous"></script>.. Required meta tags -->.. <meta charset="utf-8">.. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.... Bootstrap CSS -->.. <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">.. <link href="https://fonts.googleapis.com/css?family=Yellowtail&display=swap" rel="stylesheet">.. <script src="https://kit.fontawesome.com/585b051251.js" crossorigin="anonymous"></script>.. <title>Share Point Online</title>.. <link

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	211
Entropy (8bit):	5.026484232218891
Encrypted:	false
SSDEEP:	6:0IFFwKh+56ZRWHMqh7izlpdBEoKOEEJTONin:jFWmO6ZRoMqt6p3EondOY
MD5:	04F7435B2672FBE66984EA436E7087C6
SHA1:	44896875E69B297EB979CC0D3E8522D872656BA8
SHA-256:	F9088C15A062F0C7708C3864C5E261A2E4961DFEB0F150DF744FAEC2E3B74AD6
SHA-512:	9A1D01A7FAC3D6B205CFA37C05A93AFA9D903D4D35DCB16E31D3A31D19CD65B8DE5D66E626BC7F70D07841C779E20CD2C2DD6254824F96DE0E8E576E156F1C7D
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.googleapis.com/css?family=Yellowtail&display=swap
Preview:	@font-face {. font-family: 'Yellowtail';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/yellowtail/v11/OZpGg_pnoDtINPfRIlLohlvHxw.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\gmail[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 1280 x 1280, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	66743
Entropy (8bit):	7.712342056984168
Encrypted:	false
SSDEEP:	1536:FxqKcVqezl0vLoYxEuKoYk5LHjGkT3b1mQOEj0+R+EH:FsK2qezl0zoYxEuKo7CYrOb+Rb
MD5:	DCE2F2B0E50CB1DBB0246D152791CB46
SHA1:	D0A69C159304EDC08DB005163E7A0DAF5A1E98A6
SHA-256:	ACF087C1757F08B0CFD53D59066544D7EF0BFCC50999E77C5813739CD9DC1479
SHA-512:	91054B36EF1673B24E4FE3DC324CBE339F4E9EB72785A6A4C355C7B2A11A9A7C6E188FF9BF5B34FFDD2805D4BBED71EF6CA4975EE3E330FD8D8E383ED64B28EE
Malicious:	false
Reputation:	low
IE Cache URL:	https://gabriellarodriguezart.com/Dr/images/gmail.png
Preview:	.PNG........IHDR.....................sBIT....\|.d.....pHYs............/....tEXtSoftware.www.inkscape.org..<... .IDATx...{x.u.....I.sS..9Q(..J.L&.$..V\|........#.."...Zw.eEQv.Q..U.A]9Vh..I8...H2)`....i.....).....f.y....L.pu...{n..........................................................................................................................................................................................................................................................................................................................................................................................................@Is..... mj=...X<65....U.l.b.t.U...mR...e..P.i.$.i2U..@N1.f...i.s...cf.../....2ev.`..%.\|.o...s..j..l.B....V&..s;b..Pfg......!...:..5....$.@...I0.=.lY.......a...B.4g... T.9Wif..R..o.R.t'.0...?G.9i...L...*..&..s.Vgnkhn...;p[.0.5.........$......P......^".HL.M...@.p..;04....9.&.(i....9.sK..=&.'$m........f..1..'...f2.Uww......PH....@..xq....k.2..l.Luf..s5..`.\|

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\office3651[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 187 x 188, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	18025
Entropy (8bit):	3.011161251318808
Encrypted:	false
SSDEEP:	96:2S+WvkiqJq6Uq7NXrNG+GHhsc5yeFZV9D2Ydcx/NTV0K0VFDsCmm:2SJkiOq6Uq75shDs1kFP
MD5:	FE22440D79FFA34950F512EF4A718B2A
SHA1:	0E147E59544EE6580D3095353D4420849FA5EB8A
SHA-256:	A2F26B68A6C8810C1AEB4048C938F835A86BA83756A7A440F989B967E78F3BA8
SHA-512:	64218ECD4140DC05E50EB7BA4C9813794B8B5A4310C8308244205BA6ADA8EE7C2D1840121730A00800E41775241D8AFA02125A966064CD0EB2CC7D3E4605B81C
Malicious:	false
Reputation:	low
IE Cache URL:	https://gabriellarodriguezart.com/Dr/images/office3651.png
Preview:	.PNG........IHDR............. .......pHYs...............<eiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2015 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2020-01-18T21:49:38+05:00</xmp:CreateDate>. <xmp:MetadataDate>2020-01-21T14:30:14+05:00</xmp:MetadataDate>. <x

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\other1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 190 x 187, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	21882
Entropy (8bit):	4.268463452779894
Encrypted:	false
SSDEEP:	192:ESCkiDw7e9Mg/wio0EYm9FWyo2XdJfXoOZdEDfmiIJQdiRVi/WTanY:DBiDw7eAdq+FWyo2/fXoZbDIJ0ci/BnY
MD5:	6843A244E12FAB158AA189680B5E7049
SHA1:	0E1C691F87CC4FA35C88344974F2829C40176B70
SHA-256:	3A9B144D6482B78AFC4E0A940A1D3C22240F14FA535B808CF4DAB9635339569F
SHA-512:	145010C45B6B83EA4005EB367C0507959FF0817E482F19E9973504081ACAE1B7827CBD1172CEC7732B13F4E0CEC058271BD6700444FBCF61FB6A3C068A3744C4
Malicious:	false
Reputation:	low
IE Cache URL:	https://gabriellarodriguezart.com/Dr/images/other1.png
Preview:	.PNG........IHDR..............$.... cHRM..z&..............u0...`..:....p..Q<....sRGB.........gAMA......a.....pHYs...............:.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c067 79.157747, 2015/03/30-23:40:42 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2015 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2020-01-18T21:59:57+05:00</xmp:CreateDate>. <

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\popper.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	19188
Entropy (8bit):	5.212814407014048
Encrypted:	false
SSDEEP:	384:+CbuG4xGNoDic2UjKPafxwC5b/4xQviOJU7QzxzivDdE3pcGdjkd/9jt3B+Kb964:zb4xGmiJfaf7gxQvVU7eziv+cSjknZ3f
MD5:	70D3FDA195602FE8B75E0097EED74DDE
SHA1:	C3B977AA4B8DFB69D651E07015031D385DED964B
SHA-256:	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
SHA-512:	51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Preview:	/. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. /(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode\|\|e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto\|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio

C:\Users\user\AppData\Local\Temp\~DF4C0C6A7F8B5D7714.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.4772217492480291
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9los9lo89lWGl/uCVp+Z+c:kBqoIXxGl/J6
MD5:	3AC22A525313CA286F313EC79B8D5FE3
SHA1:	1B7879E92E96D04B5DC4652E8BEBECFDBE32DFEC
SHA-256:	034603AF3236B995E46AEA11D49D7679BBE2A5BC47979E4ADA9926A44CFB0ADE
SHA-512:	62274C5EFFEAEB9B9C4FC7F461570807C5A68184D5744BF31B0A5B9D17A996E774D27E159A1CC27F0549FEDE3CAA749E4910BB943FE0503277C6FC57AA09CC49
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF5FAEF6CCA28DFD69.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	35171
Entropy (8bit):	0.46624779608721245
Encrypted:	false
SSDEEP:	48:kBqoxKAuvScS+FLFFFXF+FKIFKxm3KQmMW8mGWw8m4m+mFmr0b:kBqoxKAuvScS+FLFFFXF+FFFN3HSgb
MD5:	D288185627461842036D36F8BE0318CA
SHA1:	B4407DD8846884C6F3E3E424AA37BE945F43F595
SHA-256:	EF12273B41FD81C623267A58FA22E3E0650132CF37AEF6CD74A04A79B6723FC9
SHA-512:	1AD8A878B079D0FED73CC0335C8819BCD2C6D59A088AC44A007E0E3D4A8CACE3A03A936CEBFD234ED816137FFADD2525C341D5DA69C1EE2ECA80A3F2CD4D655A
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF726652DFE275AF17.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.6455439471718731
Encrypted:	false
SSDEEP:	48:kBqoxxJhHWSVSEabzMLAovx/5LglYIgpZnZ3jGft2UBup:kBqoxDhHWSVSE+Bvgfg
MD5:	2D3D4A8E41C033E42BB0E8647D626C80
SHA1:	97C10178F581A5561DF93DD57214DA4DDB34B281
SHA-256:	CD8F5BC72E12416D1371B7BF91436B63769EC0C99CB8C01A4505D91A8DDA0411
SHA-512:	DCE4E3ECE67B39401CB2F8D6479ED8373EE9F85350F46C26D928165D257B742C06B94F5AD597EEA7D10CCAA85B85576D3FFFB08D78B5163B7FBEA462E15245AF
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 10, 2021 20:26:29.542740107 CEST	49739	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:29.542952061 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:29.702141047 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:29.702362061 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:29.706263065 CEST	443	49739	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:29.706530094 CEST	49739	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:29.714993954 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:29.715179920 CEST	49739	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:29.874356031 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:29.878515959 CEST	443	49739	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:29.881892920 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:29.881939888 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:29.881978035 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:29.882030010 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:29.882108927 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:29.882188082 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:29.883374929 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:29.883512974 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:29.888727903 CEST	443	49739	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:29.888772011 CEST	443	49739	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:29.888808966 CEST	443	49739	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:29.888839006 CEST	443	49739	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:29.888839960 CEST	49739	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:29.888885975 CEST	49739	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:29.888984919 CEST	49739	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:29.890131950 CEST	443	49739	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:29.890239954 CEST	49739	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:29.922739029 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:29.922779083 CEST	49739	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:29.928152084 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.085990906 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.086105108 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.089946985 CEST	443	49739	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.090040922 CEST	49739	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.092348099 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.092437983 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.097620964 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.296725035 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.428174019 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.428245068 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.428287029 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.428325891 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.428339958 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.428364038 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.428376913 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.428384066 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.428388119 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.428410053 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.428411961 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.428446054 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.428469896 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.428487062 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.428510904 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.428527117 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.428535938 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.428566933 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.428606987 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.428620100 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.633641958 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.634651899 CEST	49739	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.645338058 CEST	49745	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.646145105 CEST	49746	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.646953106 CEST	49747	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.647757053 CEST	49748	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.649947882 CEST	49750	443	192.168.2.4	104.18.11.207
Jun 10, 2021 20:26:30.651329994 CEST	49751	443	192.168.2.4	104.18.11.207
Jun 10, 2021 20:26:30.692197084 CEST	443	49750	104.18.11.207	192.168.2.4
Jun 10, 2021 20:26:30.692297935 CEST	49750	443	192.168.2.4	104.18.11.207
Jun 10, 2021 20:26:30.693624973 CEST	443	49751	104.18.11.207	192.168.2.4
Jun 10, 2021 20:26:30.693743944 CEST	49751	443	192.168.2.4	104.18.11.207
Jun 10, 2021 20:26:30.793143034 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.806859970 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.806906939 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.806936979 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.806968927 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.806998968 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.807035923 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.807075024 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.807158947 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.807159901 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.807204008 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.807209969 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.807212114 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.807219028 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.807256937 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.807266951 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.807296038 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.807301998 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.807334900 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.807339907 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.807373047 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.807384014 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.807401896 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.807425976 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.807439089 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.807455063 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.807486057 CEST	49740	443	192.168.2.4	162.241.114.112
Jun 10, 2021 20:26:30.807487965 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.807531118 CEST	443	49740	162.241.114.112	192.168.2.4
Jun 10, 2021 20:26:30.807533026 CEST	49740	443	192.168.2.4	162.241.114.112

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 10, 2021 20:26:21.355566978 CEST	49910	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:21.408986092 CEST	53	49910	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:22.184962988 CEST	55854	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:22.239917994 CEST	53	55854	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:23.065854073 CEST	64549	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:23.117048979 CEST	53	64549	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:23.862617970 CEST	63153	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:23.913207054 CEST	53	63153	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:24.986857891 CEST	52991	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:25.045701981 CEST	53	52991	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:26.440207958 CEST	53700	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:26.490453005 CEST	53	53700	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:27.551318884 CEST	51726	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:27.601592064 CEST	53	51726	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:28.425981998 CEST	56794	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:28.492743969 CEST	53	56794	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:28.716897964 CEST	56534	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:28.768173933 CEST	53	56534	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:29.460459948 CEST	56627	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:29.527601004 CEST	53	56627	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:29.581221104 CEST	56621	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:29.640022039 CEST	53	56621	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:30.560543060 CEST	63116	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:30.567945004 CEST	64078	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:30.583039045 CEST	64801	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:30.604825974 CEST	61721	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:30.617988110 CEST	53	64078	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:30.619196892 CEST	53	63116	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:30.641345978 CEST	53	64801	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:30.654016018 CEST	51255	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:30.666220903 CEST	53	61721	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:30.716372967 CEST	53	51255	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:30.860577106 CEST	61522	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:30.876419067 CEST	52337	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:30.913644075 CEST	53	61522	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:30.943485022 CEST	53	52337	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:31.386157990 CEST	55046	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:31.452528954 CEST	53	55046	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:32.905577898 CEST	49612	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:32.958571911 CEST	53	49612	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:33.766278982 CEST	49285	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:33.819644928 CEST	53	49285	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:34.829535961 CEST	50601	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:34.882571936 CEST	53	50601	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:35.656213999 CEST	60875	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:35.717899084 CEST	53	60875	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:36.660959005 CEST	56448	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:36.714251995 CEST	53	56448	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:37.763448954 CEST	59172	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:37.816840887 CEST	53	59172	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:38.553575993 CEST	62420	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:38.615458012 CEST	53	62420	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:39.679464102 CEST	60579	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:39.730909109 CEST	53	60579	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:40.532309055 CEST	50183	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:40.582474947 CEST	53	50183	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:46.217636108 CEST	61531	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:46.285185099 CEST	53	61531	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:50.632215977 CEST	49228	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:50.707304001 CEST	53	49228	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:57.056006908 CEST	59794	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:57.114852905 CEST	53	59794	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:58.014432907 CEST	55916	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:58.076520920 CEST	53	55916	8.8.8.8	192.168.2.4
Jun 10, 2021 20:26:58.434434891 CEST	52752	53	192.168.2.4	8.8.8.8
Jun 10, 2021 20:26:58.493432045 CEST	53	52752	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jun 10, 2021 20:26:29.460459948 CEST	192.168.2.4	8.8.8.8	0x96d7	Standard query (0)	gabriellarodriguezart.com	A (IP address)	IN (0x0001)
Jun 10, 2021 20:26:30.567945004 CEST	192.168.2.4	8.8.8.8	0x6553	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)
Jun 10, 2021 20:26:30.583039045 CEST	192.168.2.4	8.8.8.8	0x6905	Standard query (0)	maxcdn.bootstrapcdn.com	A (IP address)	IN (0x0001)
Jun 10, 2021 20:26:30.654016018 CEST	192.168.2.4	8.8.8.8	0xb704	Standard query (0)	kit.fontawesome.com	A (IP address)	IN (0x0001)
Jun 10, 2021 20:26:30.876419067 CEST	192.168.2.4	8.8.8.8	0xfc68	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)
Jun 10, 2021 20:26:31.386157990 CEST	192.168.2.4	8.8.8.8	0xbfe5	Standard query (0)	ka-f.fontawesome.com	A (IP address)	IN (0x0001)
Jun 10, 2021 20:26:46.217636108 CEST	192.168.2.4	8.8.8.8	0xfe4c	Standard query (0)	gabriellarodriguezart.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jun 10, 2021 20:26:29.527601004 CEST	8.8.8.8	192.168.2.4	0x96d7	No error (0)	gabriellarodriguezart.com		162.241.114.112	A (IP address)	IN (0x0001)
Jun 10, 2021 20:26:30.617988110 CEST	8.8.8.8	192.168.2.4	0x6553	No error (0)	code.jquery.com	cds.s5x3j6q5.hwcdn.net		CNAME (Canonical name)	IN (0x0001)
Jun 10, 2021 20:26:30.641345978 CEST	8.8.8.8	192.168.2.4	0x6905	No error (0)	maxcdn.bootstrapcdn.com		104.18.11.207	A (IP address)	IN (0x0001)
Jun 10, 2021 20:26:30.641345978 CEST	8.8.8.8	192.168.2.4	0x6905	No error (0)	maxcdn.bootstrapcdn.com		104.18.10.207	A (IP address)	IN (0x0001)
Jun 10, 2021 20:26:30.716372967 CEST	8.8.8.8	192.168.2.4	0xb704	No error (0)	kit.fontawesome.com	kit.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Jun 10, 2021 20:26:30.943485022 CEST	8.8.8.8	192.168.2.4	0xfc68	No error (0)	cdnjs.cloudflare.com		104.16.18.94	A (IP address)	IN (0x0001)
Jun 10, 2021 20:26:30.943485022 CEST	8.8.8.8	192.168.2.4	0xfc68	No error (0)	cdnjs.cloudflare.com		104.16.19.94	A (IP address)	IN (0x0001)
Jun 10, 2021 20:26:31.452528954 CEST	8.8.8.8	192.168.2.4	0xbfe5	No error (0)	ka-f.fontawesome.com	ka-f.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Jun 10, 2021 20:26:46.285185099 CEST	8.8.8.8	192.168.2.4	0xfe4c	No error (0)	gabriellarodriguezart.com		162.241.114.112	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jun 10, 2021 20:26:29.883374929 CEST	162.241.114.112	443	192.168.2.4	49740	CN=gabriellarodriguezart.com CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US	CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Sat Jun 05 23:13:12 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021	Fri Sep 03 23:13:12 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=R3, O=Let's Encrypt, C=US	CN=ISRG Root X1, O=Internet Security Research Group, C=US	Fri Sep 04 02:00:00 CEST 2020	Mon Sep 15 18:00:00 CEST 2025
					CN=ISRG Root X1, O=Internet Security Research Group, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Jan 20 20:14:03 CET 2021	Mon Sep 30 20:14:03 CEST 2024
Jun 10, 2021 20:26:29.890131950 CEST	162.241.114.112	443	192.168.2.4	49739	CN=gabriellarodriguezart.com CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US	CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Sat Jun 05 23:13:12 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021	Fri Sep 03 23:13:12 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=R3, O=Let's Encrypt, C=US	CN=ISRG Root X1, O=Internet Security Research Group, C=US	Fri Sep 04 02:00:00 CEST 2020	Mon Sep 15 18:00:00 CEST 2025
					CN=ISRG Root X1, O=Internet Security Research Group, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Jan 20 20:14:03 CET 2021	Mon Sep 30 20:14:03 CEST 2024
Jun 10, 2021 20:26:30.885916948 CEST	104.18.11.207	443	192.168.2.4	49751	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jun 10, 2021 20:26:30.885916948 CEST	104.18.11.207	443	192.168.2.4	49751	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jun 10, 2021 20:26:30.895909071 CEST	104.18.11.207	443	192.168.2.4	49750	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jun 10, 2021 20:26:30.895909071 CEST	104.18.11.207	443	192.168.2.4	49750	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jun 10, 2021 20:26:31.049500942 CEST	104.16.18.94	443	192.168.2.4	49757	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jun 10, 2021 20:26:31.049500942 CEST	104.16.18.94	443	192.168.2.4	49757	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jun 10, 2021 20:26:31.051317930 CEST	104.16.18.94	443	192.168.2.4	49756	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jun 10, 2021 20:26:31.051317930 CEST	104.16.18.94	443	192.168.2.4	49756	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jun 10, 2021 20:26:46.640929937 CEST	162.241.114.112	443	192.168.2.4	49770	CN=gabriellarodriguezart.com CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US	CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Sat Jun 05 23:13:12 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021	Fri Sep 03 23:13:12 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN=R3, O=Let's Encrypt, C=US	CN=ISRG Root X1, O=Internet Security Research Group, C=US	Fri Sep 04 02:00:00 CEST 2020	Mon Sep 15 18:00:00 CEST 2025
					CN=ISRG Root X1, O=Internet Security Research Group, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Jan 20 20:14:03 CET 2021	Mon Sep 30 20:14:03 CEST 2024

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 6828 Parent PID: 800

General

Start time:	20:26:27
Start date:	10/06/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff648790000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: iexplore.exe PID: 6908 Parent PID: 6828

General

Start time:	20:26:28
Start date:	10/06/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6828 CREDAT:17410 /prefetch:2
Imagebase:	0x180000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://gabriellarodriguezart.com/Dr

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 6828 Parent PID: 800

General

Analysis Process: iexplore.exe PID: 6908 Parent PID: 6828

General

Disassembly