Play interactive tour

Edit tour

Analysis Report https://docs.google.com/document/d/e/2PACX-1vRAHP7hrvpDz9KQUwv-UGYQwMoqaq4CogO-Ounm_Bj43rDT7FbutuHOxu--J36ilf9tiDQdTEuajLGO/pub

Overview

General Information

Sample URL:	https://docs.google.com/document/d/e/2PACX-1vRAHP7hrvpDz9KQUwv-UGYQwMoqaq4CogO-Ounm_Bj43rDT7FbutuHOxu--J36ilf9tiDQdTEuajLGO/pub
Analysis ID:	433028
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected HtmlPhish10

Classification

Process Tree

System is w10x64

iexplore.exe (PID: 6368 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 6472 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6368 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\NV6588123[1].htm	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for URL or domain

Show sources

Source: https://funfid.com/.ae/en/NV6588123/

SlashNext: Label: Internet Scam type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish10

Show sources

Source: Yara match	File source: 849224.0.links.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\NV6588123[1].htm, type: DROPPED

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.79.236:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.79.236:443 -> 192.168.2.4:49756 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: lh4.googleusercontent.com

Source: bootstrap[1].css.4.dr	String found in binary or memory: http://getbootstrap.com)
Source: {A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://docs.google.com/
Source: pub[1].htm.4.dr	String found in binary or memory: https://docs.google.com/abuse?id=AKkXjoxHU2Ro_M6x9yL_8xIK15El_49QE3ABJ-SEzZ4BuKp2mHKNF18S31OH5BVEvdW
Source: {A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr, ~DF6D99441CB1FA02B4.TMP.2.dr	String found in binary or memory: https://docs.google.com/document/d/e/2PACX-1vRAHP7hrvpDz9KQUwv-UGYQwMoqaq4CogO-Ounm_Bj43rDT7FbutuHOx
Source: css[1].css0.4.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: pub[1].htm.4.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Google
Source: pub[1].htm.4.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto
Source: css[1].css0.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: {A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://funfid.com/.ae
Source: url[1].htm.4.dr	String found in binary or memory: https://funfid.com/.ae/en/
Source: {A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://funfid.com/.ae/en/&sa=D&source=editors&ust=1623393681163000&usg=AOvVaw1EVQHT19sUbRoot
Source: {A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://funfid.com/.ae/en/&sa=D&source=editors&ust=1623393681163000&usg=AOvVaw1EVQHT19sUbqCGwqho_dPr
Source: {A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://funfid.com/.ae/en/NV6588123/
Source: {A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://funfid.com/.ae/en/NV6588123/FPayTabs
Source: imagestore.dat.4.dr	String found in binary or memory: https://funfid.com/.ae/en/NV6588123/files/favicon.png
Source: ~DF6D99441CB1FA02B4.TMP.2.dr	String found in binary or memory: https://funfid.com/.ae/en/NV6588123/unfid.com/.ae/en/&sa=D&source=editors&ust=1623393681163000&usg=A
Source: bootstrap[1].css.4.dr	String found in binary or memory: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css
Source: bootstrap[1].css.4.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: NV6588123[1].htm.4.dr	String found in binary or memory: https://mci.gov.sa/
Source: imagestore.dat.4.dr, pub[1].htm.4.dr	String found in binary or memory: https://ssl.gstatic.com/docs/documents/images/kix-favicon7.ico
Source: imagestore.dat.4.dr	String found in binary or memory: https://ssl.gstatic.com/docs/documents/images/kix-favicon7.ico~
Source: {A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://www.google.com
Source: imagestore.dat.4.dr	String found in binary or memory: https://www.google.com/favicon.ico
Source: imagestore.dat.4.dr	String found in binary or memory: https://www.google.com/favicon.ico~
Source: {A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://www.google.com/url?q=https://funfid.com/.ae/en/&sa=D&source=editors&ust=1623393681163000&usg
Source: {A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	String found in binary or memory: https://www.google.comm/document/d/e/2PACX-1vRAHP7hrvpDz9KQUwv-UGYQwMoqaq4CogO-Ounm_Bj43rDT7FbutuHOx
Source: NV6588123[1].htm.4.dr	String found in binary or memory: https://www.paytabs.com/terms_conditions

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756

Source: unknown	HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.180.225:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.79.236:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.79.236:443 -> 192.168.2.4:49756 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@3/35@2/2

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A4953543-CA77-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF1E12EB6036C3D8D3.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6368 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6368 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://docs.google.com/document/d/e/2PACX-1vRAHP7hrvpDz9KQUwv-UGYQwMoqaq4CogO-Ounm_Bj43rDT7FbutuHOxu--J36ilf9tiDQdTEuajLGO/pub	1%	Virustotal		Browse
https://docs.google.com/document/d/e/2PACX-1vRAHP7hrvpDz9KQUwv-UGYQwMoqaq4CogO-Ounm_Bj43rDT7FbutuHOxu--J36ilf9tiDQdTEuajLGO/pub	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://funfid.com/.ae/en/NV6588123/	100%	SlashNext	Internet Scam type: Phishing & Social Engineering
https://funfid.com/.ae	0%	Avira URL Cloud	safe
https://funfid.com/.ae/en/NV6588123/files/favicon.png	0%	Avira URL Cloud	safe
https://funfid.com/.ae/en/&sa=D&source=editors&ust=1623393681163000&usg=AOvVaw1EVQHT19sUbqCGwqho_dPr	0%	Avira URL Cloud	safe
http://getbootstrap.com)	0%	Avira URL Cloud	safe
https://mci.gov.sa/	0%	Avira URL Cloud	safe
https://funfid.com/.ae/en/	0%	Avira URL Cloud	safe
https://funfid.com/.ae/en/&sa=D&source=editors&ust=1623393681163000&usg=AOvVaw1EVQHT19sUbRoot	0%	Avira URL Cloud	safe
https://funfid.com/.ae/en/NV6588123/FPayTabs	0%	Avira URL Cloud	safe
https://funfid.com/.ae/en/NV6588123/unfid.com/.ae/en/&sa=D&source=editors&ust=1623393681163000&usg=A	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
googlehosted.l.googleusercontent.com	142.250.180.225	true	false	high
funfid.com	104.21.79.236	true	false	unknown
lh4.googleusercontent.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://funfid.com/.ae/en/NV6588123/	true	SlashNext: Internet Scam type: Phishing & Social Engineering	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://funfid.com/.ae	{A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	false	Avira URL Cloud: safe	unknown
https://funfid.com/.ae/en/NV6588123/files/favicon.png	imagestore.dat.4.dr	true	Avira URL Cloud: safe	unknown
https://funfid.com/.ae/en/&sa=D&source=editors&ust=1623393681163000&usg=AOvVaw1EVQHT19sUbqCGwqho_dPr	{A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	false	Avira URL Cloud: safe	unknown
http://getbootstrap.com)	bootstrap[1].css.4.dr	false	Avira URL Cloud: safe	low
https://github.com/twbs/bootstrap/blob/master/LICENSE)	bootstrap[1].css.4.dr	false		high
https://mci.gov.sa/	NV6588123[1].htm.4.dr	false	Avira URL Cloud: safe	unknown
https://funfid.com/.ae/en/NV6588123/	{A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	true	SlashNext: Internet Scam type: Phishing & Social Engineering	unknown
https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css	bootstrap[1].css.4.dr	false		high
https://funfid.com/.ae/en/	url[1].htm.4.dr	false	Avira URL Cloud: safe	unknown
https://www.paytabs.com/terms_conditions	NV6588123[1].htm.4.dr	false		high
https://funfid.com/.ae/en/&sa=D&source=editors&ust=1623393681163000&usg=AOvVaw1EVQHT19sUbRoot	{A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	false	Avira URL Cloud: safe	unknown
https://funfid.com/.ae/en/NV6588123/FPayTabs	{A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat.2.dr	true	Avira URL Cloud: safe	unknown
https://funfid.com/.ae/en/NV6588123/unfid.com/.ae/en/&sa=D&source=editors&ust=1623393681163000&usg=A	~DF6D99441CB1FA02B4.TMP.2.dr	true	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.180.225	googlehosted.l.googleusercontent.com	United States		15169	GOOGLEUS	false
104.21.79.236	funfid.com	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	433028
Start date:	11.06.2021
Start time:	07:40:31
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 2m 49s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://docs.google.com/document/d/e/2PACX-1vRAHP7hrvpDz9KQUwv-UGYQwMoqaq4CogO-Ounm_Bj43rDT7FbutuHOxu--J36ilf9tiDQdTEuajLGO/pub
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@3/35@2/2
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://www.google.com/url?q=https://funfid.com/.ae/en/&sa=D&source=editors&ust=1623393681163000&usg=AOvVaw1EVQHT19sUbqCGwqho_dPr
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, svchost.exe, UsoClient.exe Excluded IPs from analysis (whitelisted): 104.43.193.48, 92.122.145.220, 104.43.139.144, 88.221.62.148, 172.217.19.110, 142.250.180.234, 172.217.18.67, 142.250.201.195, 40.88.32.150, 142.250.180.196, 20.50.102.62, 152.199.19.161 Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, docs.google.com, fonts.googleapis.com, ssl.gstatic.com, fonts.gstatic.com, ie9comview.vo.msecnd.net, store-images.s-microsoft.com-c.edgekey.net, skypedataprdcolcus16.cloudapp.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, arc.msn.com, skypedataprdcolcus15.cloudapp.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, e12564.dspb.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, www.google.com, arc.trafficmanager.net, watson.telemetry.microsoft.com, cs9.wpc.v0cdn.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A4953543-CA77-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8539374716173322
Encrypted:	false
SSDEEP:	192:r3ZYZC2pWetHifDw6zMb3CBb/8Db46sfbc4wDjX:rp4hYeg+bqb2bqbU
MD5:	B7D0AE53D16FF146D042D8FF559C74D2
SHA1:	19F94102E5FE8C1E08C0594C13D9D21D047BEC52
SHA-256:	AA91B5E60D3334EC49129EAB4745D1495E5F4656F6A9F03EA3FE98F50D0DCF40
SHA-512:	FC8B9288C9E991A9813334F79A3C923C742D9D3F903B3E5C05FB369801478DAE449FEA1FB7F10AAD7EC400224A5544242AC3233366E748E537F27119939AF7DE
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4953545-CA77-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	43060
Entropy (8bit):	2.269323059550684
Encrypted:	false
SSDEEP:	192:rxZOQS6+k3jZ2DWvMzPNV5HyvztENR1bwHj6VbLqRx4LEHjL6IEHKAA0EIhCY4g:r3L9fzoak7xhgOwLSH60kE
MD5:	5C422D12ECA3A3ACAFE72237C0EA0A1C
SHA1:	779E1679F5709F4F44237B5FBAFA34C62A304D82
SHA-256:	2A99025482FFA6C4466DF32AB6B3D08991DDCC62A0F7935B749A9BE8C1626D70
SHA-512:	A7F112DCCD64D97728CF51E6ABFD09DA3CA94A4FE0DF4D81D5BE25A780D6682402BC8677AC79093CEE3A2DF5B82BA5BB7984C72101085E959AF8BCDEAD54D8A2
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4953546-CA77-11EB-90EB-ECF4BBEA1588}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5661110061033996
Encrypted:	false
SSDEEP:	48:IwUGcprJGwpa1gG4pQnSGrapbSKGQpK8G7HpR6TGIpG:rIZjQ1A6nUBSyAXT+A
MD5:	F15B57CC660F537B68563BB0747F03C0
SHA1:	D27E5BFF32052DF7E1879A8B220E51B500AC39BD
SHA-256:	B1FE8C6FD80482DE8F16BFECA974BDF6B569E65F5CF184604F7B1D7F7C10A745
SHA-512:	30BEFA1F00FEFF35FA51D50F3034C6F37C9D58B3ABDCFE472D2A820DB12C431E19622511600AF7037476FD253941E311C4E60ACF7DA7E3F4B2433F811A577A8B
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	modified
Size (bytes):	31813
Entropy (8bit):	3.0664255473778135
Encrypted:	false
SSDEEP:	96:Bz6zmzoze8rTrulvIJct+cP47v+rcqlBPG9rpiy:BGiUXPsvI6t9PqWceBPGH
MD5:	F5C7075D5A478085E7E49656F72F567C
SHA1:	D7DE83394FECDF7A961F3AE42819CEA1CF37637C
SHA-256:	1E4D05718474B8B7CA1B48648C066A19A1BCBFB39AB10776B2E806DF5C29AED7
SHA-512:	758FE129D7E6DEE36F25A1385E8DEF73637768E454333827F5901502C082F852DA08532889CC882276D34D98BF95E9572E6BB266C7F05BA5805F17D2C4B7CB8E
Malicious:	false
Reputation:	low
Preview:	>.h.t.t.p.s.:././.s.s.l...g.s.t.a.t.i.c...c.o.m./.d.o.c.s./.d.o.c.u.m.e.n.t.s./.i.m.a.g.e.s./.k.i.x.-.f.a.v.i.c.o.n.7...i.c.o.~............... .h.......(....... ..... ...........................Db.B..B..B..B..B..B..B..B..B..B..B..B..B..B..Da.B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..........................B..B..B..B..B..B..B..B..B..B..........................B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..........................................B..B..B..B..B..B..........................................B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..........................................B..B..B..B..B..B.............................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\4UaGrENHsxJlGDuGo1OIlL3Owpg[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 26228, version 1.1
Category:	downloaded
Size (bytes):	26228
Entropy (8bit):	7.98323449413518
Encrypted:	false
SSDEEP:	768:DBOEuz6T0146JY/J6unqhOYK0GJenzOoyo6:DBHuea4j/vnqo304enzUo6
MD5:	6DD4AD69D53830BDF5232A13482BD50D
SHA1:	6FFF1079D7E5D02A2259CB5D7833E790239E01CF
SHA-256:	5CE48D9E9D748AD4686094D3CC33F5AE1E272A5B618F5C6D146C4D12EF02E4A6
SHA-512:	FC91E8C4EAE384D38667E330C5A5E4BF82EBAC9A23AB88439D7C22CCDD125DE7F1371DD953F18DEE60EF68B680DF49A32F684157D90F20E1DAC3BFFC9DF84118
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff
Preview:	wOFF......ft.......`........................GDEF.......\.......RGPOS.......#..+..P.LGSUB................OS/2.......U...`h...cmap...........~n..cvt .......y........fpgm...$.......uo..gasp................glyf......=...m..N..head..Z....6...6..'.hhea..[.... ...$.0.6hmtx..[<.........})9loca..]....z.....&..maxp..`p... ... .>..name..`........r.i6Ppost..a<........O...prep..e....p..... ..x.U....Q.F..=#.`ZD.@@<..... "...Zp....+.c.f...).>Z.bm.Om..?...\\.zi.f.^b...[y/.........x..Z.......%......033333333...e....r......U..u.r.....sV..Z..^..c..>v..p7.x...w.i...Y.....X...N<.k...0...kc];.u......4.j...@....y."......,....#.;..........9...1....q..b..c...{....i2.H..g..:.....du.FX.].w3...{y...G....E.....~..RdX.\|.\..U.^.x!....e.\|.:.RX.Wxg....&.5....2n.Q...5.{..2....Ia.Vb%....:.Yn..QI.Z...x..Z.6..?........G..W.^#.e..#\|l2p.S+.?'.<E..<....M.H..".>..d....>n%.(..."....<"........U/z.%..=...Le.cL3.4..4..znxgX!JD%.....s....&.a..z1._....O+..g.dm.?.9Vj.1...B...8..S........ ._.E.... .[#_..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\loading_payment[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 220 x 19
Category:	downloaded
Size (bytes):	10819
Entropy (8bit):	7.887782926913774
Encrypted:	false
SSDEEP:	192:+1I+c3Va7frt67FhQ0NFg9iKCqv6/WU5UL8biGeQX9za5ZGXffWuj:sIpazkn1NFmDCW6/WU6UN9iZGPJ
MD5:	B83976A85230EC557F4FB9815FC630B0
SHA1:	5A74801D8507CF1F2822D9548058C01325236FED
SHA-256:	5432B59DECDE382EAE206CBE12DEE7DD05CA9DCACB67F027A59B6A97A4379F07
SHA-512:	ACBF966E9CF5AD76C03906F83E6CAA662B7FA0511EEAA7A215B9472CFC47C0055C04D997F8E6B71A307865FA130FF444D75BD3B9CEC04D0A753C8E66DB085A70
Malicious:	false
Reputation:	low
IE Cache URL:	https://funfid.com/.ae/en/NV6588123/files/loading_payment.gif
Preview:	GIF89a.......Qd....<J.4A.1=.:H.8F.?N.DU.>M.CS.FV.GX.HY.8E.;J.I[.K\.@O.M_.M`.AQ.N`.?M.BQ.K].DT.=L.6B.Oa.3>./;.!..NETSCAPE2.0.....!..Created with ajaxload.info.!.......,........... .di.h..l.p,.tm.x..\|....pH.....r.l:..tJ.Z..v:.......(....z.......H....x.h..h\|{~.z..x.k.w..u.ys.............t`f.^+]d................dpn..........p.............................,.................................;x/!A....{.....N....F...}\...H....\....:....YE.....r..0...V8w........<:...G...T..U.>...Z.r..jW.+..X.A.-ZpSY.K..vpg.;.n^.....w/_....E\8.`.q..&.Y.]....Y.b.-.E.B-...,.,Jk....;....u...]....,.e...\|7..y...\........s_W.t..-.m.........`.......~~z..../......v_].x..x.p..f.1....v.o.N.Z..bH...I.!..YX.......?.8...Yh...A..o.5U.S.t.a..).cs;.h\.8.x.TBGc...i......L..&.P.......^...a.W&~`JI..bn.Xo^..Wh....`4.....F.}>.'..N.gj....g...h.+....H:...M.........j.].........j.'...!.......,........... .di.h..l.p,.tm.x..\|....pH.....r.l:..tJ.Z..v:.......(.6...ap...z.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\opensans[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1164
Entropy (8bit):	5.267050206749011
Encrypted:	false
SSDEEP:	24:pMOYso8AQJBwy9+DGSSfFMOYUTo9pe88wy9+DGSSfFMOYN7ov+8Cwy9+DGSSf7:iOLo81bNkoOOxTo9c88NkoOOCov+8CNH
MD5:	3EE62F3A76340D0253B1A8B678164547
SHA1:	288DEC4638AA41FF81CC786D623983E3E05CC97C
SHA-256:	E981A7D8F07E0A8C1955D960A85F511FB9D77325C58346D3A84C60925204EA70
SHA-512:	82DD621F7DFBD4E0C0ECB797E6F5F6DFCBF736468BC7037922C74F4F87EC50A719D728D8BB3A6F96D28B32254268695B4E8AF0D72BB16C3F31C9AE00CC7CE143
Malicious:	false
Reputation:	low
IE Cache URL:	https://funfid.com/.ae/en/NV6588123/files/opensans.css
Preview:	./* latin /.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. src: local('Open Sans Regular'), local('OpenSans-Regular'), url(mem8YaGs126MiZpBA-UFVZ0b.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;.}../ latin /.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 600;. src: local('Open Sans SemiBold'), local('OpenSans-SemiBold'), url(mem5YaGs126MiZpBA-UNirkOUuhp.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;.}../ latin */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 700;. src: local('Open Sans Bold'), local('OpenSans-Bold'), url(mem5YaGs126MiZpBA-UN7rgOUuhp.woff2) format('woff2');. unicode-ran

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\p1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 50 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2968
Entropy (8bit):	7.693286289929487
Encrypted:	false
SSDEEP:	48:/kNNn2kDkQtJ3uij8iHNDBgYo0ZoDgJe69LbVRPeEpk0DdZmobytIEvoxg0MS2rk:sf2e88NlgYoA6Se69lRPdqmdKogUUeR
MD5:	CFB32CF945039630B7C9D6B8D520A3AB
SHA1:	637F36C5606302054DD8F77E95E4904730757404
SHA-256:	8A67AF5B95D4B4FF29B868B7D5FF794DB7F269DFA67E43249F1053A874385B6E
SHA-512:	7BD59778020BEFEA9D4EC684794B2752CA036CAE6BE5B07102CCF98A8D0BBEDD61AF924224FEFC12A5E0BE75BA80D78E93976FC6C1A5257DE2CC1C90DCE282CB
Malicious:	false
Reputation:	low
IE Cache URL:	https://funfid.com/.ae/en/NV6588123/files/p1.png
Preview:	.PNG........IHDR...2... .....P!+!....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Macintosh)" xmpMM:InstanceID="xmp.iid:6AAD0279173C11E8A053BA8AD4902CA2" xmpMM:DocumentID="xmp.did:6AAD027A173C11E8A053BA8AD4902CA2"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6AAD0277173C11E8A053BA8AD4902CA2" stRef:documentID="xmp.did:6AAD0278173C11E8A053BA8AD4902CA2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>r.};....IDATx...PT........e..E....P....#M".$MZ..5h(u...b..!.I..6j..8.#.&.M..N.NM.M.:.QP.. ......]v.{.....Y..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\pub[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	22805
Entropy (8bit):	5.504597462301341
Encrypted:	false
SSDEEP:	384:dXSF67vEYiwyMdCMHbuhdoUB7wCoC8S3HHJ4rzF/kIepK3BsDweo2ImB:dXSF8CfMvHbYrB7Bo1MWnF/jRmhJImB
MD5:	A13F0FCB56331EF5730996B60AB2D2AD
SHA1:	4DC4FF09B9DBDE478F7BA61D1CC639DCC2F5D24F
SHA-256:	2F0F3FA244C73326FB4A9DBD694472DFDCAADF18B5E74024CE4A088F44F2FAA9
SHA-512:	07A463BFC55F6CF295EB0159290C1E270110D05885182932FFEEB909A4141FDB7CCBDAD7BB10D8FDB93B1EC672FCA2E1530D8DDC1D6E19717D472B58B1B1EE90
Malicious:	false
Reputation:	low
IE Cache URL:	https://docs.google.com/document/d/e/2PACX-1vRAHP7hrvpDz9KQUwv-UGYQwMoqaq4CogO-Ounm_Bj43rDT7FbutuHOxu--J36ilf9tiDQdTEuajLGO/pub
Preview:	<!DOCTYPE html><html><head><title>You have a parcel pending delivery</title><link rel="shortcut icon" href="https://ssl.gstatic.com/docs/documents/images/kix-favicon7.ico"><meta name="referrer" content="origin"><style type="text/css" nonce="lL4Jzwk+pezVl5ka1HA9Vw">. @import url("https://fonts.googleapis.com/css?family=Google+Sans");. @import url("https://fonts.googleapis.com/css?family=Roboto");.. body {. font-family: Roboto, arial, sans, sans-serif;. margin: 0;. }.. iframe {. border: 0;. frameborder: 0;. height: 100%;. width: 100%;. }.. #header {. align-items: center;. background: white;. border-bottom: 1px #ccc solid;. display: flex;. height: 60px;. justify-content: space-between;. position: fixed;. top: 0;. width: 100%;. z-index: 100;. }.. #header #title {. font-family: 'Google Sans';. font-size: large;. mar

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\sadad-en-2016[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 179 x 64, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	5228
Entropy (8bit):	7.944256532467386
Encrypted:	false
SSDEEP:	96:ZXBy4lvbe9/AeAj2iKSoOfmdethgJpxpbiguktgxlWxQ2qSrYDGrVYQL:ZX/zr5ajOfyjpxpDgu3qOYDGx
MD5:	EBED64EB972C6AEEB7B70E00A0BDFF2E
SHA1:	81F71E9A4032495521E02E16E2364C8FBD3C0C86
SHA-256:	95CA2AECFD0C06C7C138910CD402DEB49C713BEFD6E335E7270D8877B18BD125
SHA-512:	EA88E1C1794BA22452CC49B35276E5B2B7722D693A393B2EA2F23CABF1E682DC9988D560B5AD9B74408C8C49CC5E7B6618BB12D461C2D59F8C551AD2420622BB
Malicious:	false
Reputation:	low
IE Cache URL:	https://funfid.com/.ae/en/NV6588123/files/sadad-en-2016.png
Preview:	.PNG........IHDR.......@.....Q.FD....sRGB.........gAMA......a.....pHYs..........+......tEXtSoftware.Adobe ImageReadyq.e<....IDATx^..\|T...3...).^$.....t.(.OA.'...=...>}.(...t...4Ex^......A..B.........I.......)...9..!..9g.s.^{..Fc%....X,...*..........=4......jAxx..../%..Vc.W...FTT....a..//.Qw.k..R..P.y7#-m/"""......_..2..r#...O+....... S51.LHH..S..nY}V..z=.......v1n..f.Ri...eNK...p....r???...I.JC.-sz.~..+QUU.^.z.Jc.g-.K..O.......T..1.9##....2U...i....U.&>k...8 ..`..G..Ri,..e>u...8.......G.T..>.....Cpp.L.].6m..Jc.'-sf.i...`...&.Ril..2._XX.L..R.v.&S...Rfv1...f..]...0.3>....((.w2\|]......(sjj.C.....U.V.J.....V?.K...6.....@.......<.9).z.-..AAA..~<\|...!C..=.VN.....M9..A.........=..w...x.v.....4.m..OJ......KA..{.@...u#77..V.Bdd...$??..'O..J.B.x[..+.S.........1/!t.\...'`e...aH^.]\$4.@h.......mh.tm:.r..r...b(.gw...p6\|.J^WE........;e..6(....,.[......4^Uf...@..4.a......&..\|...{..)S.c...[...*Kx,4.....[.......s%.....U.Jy...b.../....Oa...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\62617_1589791686[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, big-endian, direntries=4], baseline, precision 8, 825x465, frames 3
Category:	downloaded
Size (bytes):	38428
Entropy (8bit):	7.20026687281385
Encrypted:	false
SSDEEP:	768:HY3fcHyuN250jOgWHeFVczIPP0URtBahZT61Mk8le5Nod:HY3foX2qj0+FVc5GUZIM7lU2d
MD5:	AD74C8959F4A9651FBAF3AF7F35F55B2
SHA1:	BD46A444D9655F09248CA846C407490A8F9028F3
SHA-256:	E79140657AF3945F233195C2ACE4E3D37B895F54EBD9A85EC85924A9C77B5949
SHA-512:	2A14AFDE8BF7E341C988F7C3A719AD9E4675FD0F5C74BF5E420CEDC9990159058B89E69C9A4CBB0D88A79D0EEA1B7F47604AA2083DD528C8CDD28C7D96D34D35
Malicious:	false
Reputation:	low
IE Cache URL:	https://funfid.com/.ae/en/NV6588123/files/62617_1589791686.jpg
Preview:	......JFIF..............Exif..MM.*.......;.........J.i.........^.......&...............>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bootstrap[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	137067
Entropy (8bit):	5.014456213406037
Encrypted:	false
SSDEEP:	1536:z8MvyIUZjy6XC/+B2wWT8ghUdPPT6JxTG/JP9IZp+YJ23KsOKeh:zPUZO+Cw2ggeluJxK/JP9IZp+YJ23Y
MD5:	D2AB08DE4855F3F73D2ECEC6DA794293
SHA1:	0B53E330C67CD6F8551B7DC12E033B31E4AB1BDB
SHA-256:	A60A31E4E77B8FB6360B986653AC24762DB5249892D8907099B7109D2194110C
SHA-512:	F8A2D691F5C8015CC06CB1C5217F795488B481B7287CA7E74CB27FBC8CB73DCDB8410DB396809841127081A87EFCBB220B4F18AA45B5ECEF52D24F61D9852A96
Malicious:	false
Reputation:	low
IE Cache URL:	https://funfid.com/.ae/en/NV6588123/files/bootstrap.css
Preview:	/!. Bootstrap v3.3.1 (http://getbootstrap.com). * Copyright 2011-2014 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). /../! normalize.css v3.0.2 \| MIT License \| git.io/normalize */.html {. font-family: sans-serif;. -webkit-text-size-adjust: 100%;. -ms-text-size-adjust: 100%;.}.body {. margin: 0;.}.article,.aside,.details,.figcaption,.figure,.footer,.header,.hgroup,.main,.menu,.nav,.section,.summary {. display: block;.}.audio,.canvas,.progress,.video {. display: inline-block;. vertical-align: baseline;.}.audio:not([controls]) {. display: none;. height: 0;.}.[hidden],.template {. display: none;.}.a {. background-color: transparent;.}.a:active,.a:hover {. outline: 0;.}.abbr[title] {. border-bottom: 1px dotted;.}.b,.strong {. font-weight: bold;.}.dfn {. font-style: italic;.}.h1 {. margin: .67em 0;. font-size: 2em;.}.mark {. color: #000;. background: #ff0;.}.small {. font-size: 80%;.}.sub,.sup {. position: relative;.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\cards[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 79 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4579
Entropy (8bit):	7.9296058081675564
Encrypted:	false
SSDEEP:	96:DSDZ/I09Da01l+gmkyTt6Hk8nTE+TShTsJydqmvXQ9Gc:DSDS0tKg9E05T/UsJBmvA9Gc
MD5:	9A1B7E5D4FCAB2C7732ED39EC5C33D63
SHA1:	9166E614276E7174A7F1687C8EFD68B9D7CEF5BD
SHA-256:	0D38C2901F916ED13747352B787D6335DED7FA0096B030577E753111F24F337F
SHA-512:	25C386A462FF2F5719A6B108FF9AED7FC95C46156D18545B46A64AB73B91ADE1D6EFD6636C132EDAA58842183C73DC79A3BC631AA5D4D8D9C73675DBA49A9472
Malicious:	false
Reputation:	low
IE Cache URL:	https://funfid.com/.ae/en/NV6588123/files/cards.png
Preview:	.PNG........IHDR...O.........W.".....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	256
Entropy (8bit):	5.0467196072933
Encrypted:	false
SSDEEP:	6:U+4OUr940FF/5+56ZRWHTizlpdAqoSENin:UJO6940FF5O6ZRoT6pWqoSEY
MD5:	B32DCA61F65F0FBBB5C2BAFFFA93DEC6
SHA1:	8A003419BFC888A206D39568184924AE04132779
SHA-256:	104B5902DA8676DD427E84A0C0D78B98A0DABA5A889BD39FF20776A8B802E502
SHA-512:	2CA56DF9F7C13D390E50A83718918B0C0B2CC729E780E44A686AC454F3C7762DB79310DCE2E8545001E8EF5B6D166C7185F1A3A29481A2DB856B8BD70ED37D13
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.googleapis.com/css?family=Google+Sans
Preview:	/. See: https://fonts.google.com/license/googlerestricted. */.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\custom[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	assembler source, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	11157
Entropy (8bit):	5.130825977812296
Encrypted:	false
SSDEEP:	192:mKVmqw8tuJXxJZTAgOIUlctyScRFJzkne4tVbiBaUZ+uI:xVmqtuJXxJZUx3MeMVOBjZ+b
MD5:	1F0D5FD0263401DD0E2A1BCE43228D40
SHA1:	4B57130A8384AEFB48A0A07056B1C8E1B42FE709
SHA-256:	8CAB535899226D06D469729EC985B9E6C3D02839580011DD3F2BC2496CB95217
SHA-512:	499E21426C904B7CB8A2C182B010C02331CFFE31EF2E79CAC6B8FB239C1DE200C1DEC5C4414345919ECD7C904F7A031EBEF766CB0C70C990DC5527E2F1CD49E6
Malicious:	false
Reputation:	low
IE Cache URL:	https://funfid.com/.ae/en/NV6588123/files/custom.css
Preview:	@charset "utf-8";../* CSS Document */..body{...background:#ececec;...font-family: 'Open Sans', sans-serif;...color:#555;...font-size:15px;..}..header{...text-align:center;..}...header{...background:#fff;..}...header-logo{...padding:0 0 15px;...background:#fff;..}...header-logo img{...margin:5px;.. width: auto;..}...header-title, h3{...padding:5px 0;...background:#185ba9;...font-size:17px;...font-weight:700;...color:#fff;...margin:0;.. text-align: center;.. border-radius: 5px 5px 0 0;..}...text-nav, .text-nav a{...text-align:right;...font-size:14px;...color:#666;...text-decoration:underline;...padding:5px 0;..}...text-nav, .text-nav a:hover{...text-decoration:none !important;..}...form-wrap{...background:#fff;...display:block;...padding:20px;...border-radius:5px;...margin-bottom:15px;...margin-top:5px;...text-align:left;...-webkit-box-shadow: 0px 3px 0px 0px rgba(0,0,0,0.14);..-moz-box-shadow: 0px 3px 0px 0px rgba(0,0,0,0.14);..box-shadow: 0px 3px 0px 0px rgba(0,0,0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\express-checkout[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 85 x 34, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	5794
Entropy (8bit):	7.889946897010348
Encrypted:	false
SSDEEP:	96:CY2wGUXhdZNQDr37jceJWFoX0QZdB4yJ0M+7y/3xrFz+GCdmvNRR+V0:C4HXgrfJiCJ0x7y/OGCWNRX
MD5:	2B514CF107B7E0202B3E505E0F260147
SHA1:	E4860E54E93C105A2CBB54CA4B0D26550490842D
SHA-256:	24659C763D595A3C543648ECCE68060E3D9C6AF0100991017278498D66AD8D6D
SHA-512:	98A738E1F5FA9567467279D3C8278159B8C0146B7CD7E18ABAFD5D4CDE90F4A83599F3CEA2153EF381C0ED667F70824882903D5C16BA1DE0AEB7E92559711829
Malicious:	false
Reputation:	low
IE Cache URL:	https://funfid.com/.ae/en/NV6588123/files/express-checkout.png
Preview:	.PNG........IHDR...U...".......#....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:F5F0C7D49A4B11E48718F49A9A3DE8C5" xmpMM:DocumentID="xmp.did:F5F0C7D59A4B11E48718F49A9A3DE8C5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F5F0C7D29A4B11E48718F49A9A3DE8C5" stRef:documentID="xmp.did:F5F0C7D39A4B11E48718F49A9A3DE8C5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.z3.....IDATx..Z.tUU..n..M.@h!..".t..!]EP)..oD...<..q,..."..(**.....6..Ez..$...Frssss...}....8.y.Y.;k..9g......}M..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\kix-favicon7[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
Category:	downloaded
Size (bytes):	24838
Entropy (8bit):	2.2699128030598548
Encrypted:	false
SSDEEP:	12:vqUaRqwaRQnaRgnaRqwaRSC2mxiUkatcQaxbgdUeZeZY8rTrivkqoeZhcEay:CUODTuXC2mxTgxCV8rTruBHhSy
MD5:	833F495423709EE4A2C87EE1E4C2A7AA
SHA1:	E2CB41D31524366260AE3DA9A6A33ED67D2514FF
SHA-256:	D40E9376B2F8C8FA5E0372C3DDACB5F6044539CF1D264BBCBEE8057DAF71ED96
SHA-512:	BE6843273049316C87962417FBE97719DFDF1C81B1B1CD9A3AA41DA3A4DB2EDFB8843A261DB7D11FD6B7493763845D1883F4749BE9566D6F2ED836EA9C2042D3
Malicious:	false
Reputation:	low
IE Cache URL:	https://ssl.gstatic.com/docs/documents/images/kix-favicon7.ico
Preview:	............ .h...F......... ......... .... .....6...@@.... .(B......(....... ..... ...........................Db.B..B..B..B..B..B..B..B..B..B..B..B..B..B..Da.B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..........................B..B..B..B..B..B..B..B..B..B..........................B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..........................................B..B..B..B..B..B..........................................B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..........................................B..B..B..B..B..B..........................................B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\emirates-post-group-1200px-logo[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1200x250, frames 3
Category:	downloaded
Size (bytes):	45157
Entropy (8bit):	7.908739618863057
Encrypted:	false
SSDEEP:	768:0f4GJhgzOvKRI4LsVvrnFw+zOAZn88khqx08uycuE2F3by1M/iKMcvnIaU4sQOrM:vTa74LsVrS+zd18ZU6BuVry1jtcAjEn3
MD5:	2AF01D18D9E883EA0882CE181E42D238
SHA1:	171166E450024E7BBDC6BA4BF0CBC11D90C10E93
SHA-256:	454565D343D2BFDDC8F17AB2E1D93916CFDA14C10A3A9F1C274E6019CCA2104B
SHA-512:	2B966DDBC1494087331F3FACB79BF821EA494BDD9D9BD3B964FC3055F46B5F85E7D41F29388672E297E21B4FD819687FE9D9D293EE404E4AB4DAB5754DFEAF74
Malicious:	false
Reputation:	low
IE Cache URL:	https://lh4.googleusercontent.com/AHYPnGScsTY508Z_bpdRkj1Brj99eHO3oWLRg7aOnfdt2EmrRPa4NKUUHPEYARwTkFX1MTpf8LAFaZh56SLPSvG36JOyKAoXkraNfwhOI_EwyRuBESI6sogVvZ7Yqb8gaA
Preview:	......JFIF...........................................................................................................................................................".........................................b.............................!.."#12AB3CQRUabcq.......STrs........$4.....D......dt....5..%e..E..................................C..........................2."BR..!1Sb..#Ar$3Qa...q........CD..4cs............?..0...............................>..<.H.Q.xGM2.....,.&gy..2.[....E.m<...D:y6.\..xGJ..y.).q.H...,.....M..}0...:...{....L[..^........I...:..{....O...H.l...W...dl.>.;M..n<#.....xd.h..c.1.).l..N%m.l.'.!..V.....C...Ly..m.$.!F........V.=..\|D...#.....K.R[.G:/.......$%z7....W........{..X...5.......................................................................................................................................................................................dZ.b....K.c.?Y3..P.z.yc.y.T.b..y..Z..qT..xu.<2].w...h.....s^.%.Y...UO'@..^...1......N/....I..:..0'...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 42 x 43, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	517
Entropy (8bit):	7.42666832450517
Encrypted:	false
SSDEEP:	12:6v/79cr6qK0OhTc9Q85gQvx8Z0seIsuhs0sfFW2p7ak:KqK0ychbvx81suWfI2v
MD5:	6224F54A05B79C1E390C66C3789F0F3A
SHA1:	271DC2B7A5654989E92A181375F2C68BD3DBA87A
SHA-256:	A9C7A47EAD1CC155CCF66F0C8E1FA24B1802E7BA7FBC31B4B2DEEF2CE2599CD3
SHA-512:	46BEF815801E8B5E86B252B149E2147C8DFCAD5C0B3AB39566BEEB693A32924FB2F4537816181DEC3B1CAE5EF8ED86BEBF2E390E8ADBBD6C6BCC14CF65D8A182
Malicious:	false
Reputation:	low
IE Cache URL:	https://funfid.com/.ae/en/NV6588123/files/favicon.png
Preview:	.PNG........IHDR......+.............pHYs...........~.....IDATX...m.0..?...A..J7H$.@'(LP..Ny.T....`.t.F`.f...TMC...M..{.l....;.......(qH..r@?.1..}.v.3...3.!=.....-}....&j5...V]#....h..^..%.`..Ub....LJ.@.._.q.d.z.k..%s^.I..G`......H.....o.Z..,."u......m....[A....;...ROK..d......W..;............t^ .}Z[....xsf.p6)......x.C./L..nAO.r..=A..l.l.z..g.,.Y..I..'.....e.._...z.=....(..st{.....j..%.lk=....>h..?.w...Q..~!}z....%e.....6(..,h[./...4....E.5.D..T#@.1..R,RI.%...."......~..&qD........IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\logo[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 123 x 33, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2678
Entropy (8bit):	7.647834715888431
Encrypted:	false
SSDEEP:	48:U5wqQNn2xVuvJ3fdL7Y30d426kD+Ki09xyltBXrw/Y9lZPCXNUdlzqDMB9:U3Y23uNdL7Y3wD5Dh9x8Bc/YVPqKzqDI
MD5:	C921932ADE66FA46352075B0F052F86F
SHA1:	06953FE18E6AB163ED447A2528B342E39E211FBF
SHA-256:	A5CA036A508C4C10C3B1D0C1AA0BFD155CCFFE2A63ED248FC1B22AABA1399A39
SHA-512:	E60F490FBCD03C05BEB92077EFD1EEA4EE7552B14E86E1583711110D126CB0E157F30247EDB41F31D65F047440F88DC255494C56F79E494FB55F52F7701B762B
Malicious:	false
Reputation:	low
IE Cache URL:	https://funfid.com/.ae/en/NV6588123/files/logo.png
Preview:	.PNG........IHDR...{...!.............tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:9AABCE7F9EBD11E3BB8F89967BF548AA" xmpMM:DocumentID="xmp.did:9AABCE809EBD11E3BB8F89967BF548AA"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9AABCE7D9EBD11E3BB8F89967BF548AA" stRef:documentID="xmp.did:9AABCE7E9EBD11E3BB8F89967BF548AA"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.;.<....IDATx..[.lUU.}-.J-.Ye.p.T0*hD.E.b5......b..A....T\b..R.Q).JQ..b..........U..&.`...\|g.yq.......[.$'}.}..{...y.1.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\master-card-icon[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 36 x 21, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2052
Entropy (8bit):	7.470990654376672
Encrypted:	false
SSDEEP:	48:Z6wqQNn2xMJ37TUS5F3AOEr0Wc53mmUl0iHY+QehEcSDB1:QY2mTUuwOEr0WA2+i4TwA/
MD5:	A319B9A8EEBF55AB7FCA42B257F27520
SHA1:	329E86AADAFA184806D3678725212DC1702A0038
SHA-256:	4F5CB44EAF44171C773DB823B43D2F71B143AB0CCD73DAFE2D4DA75A9B527FBA
SHA-512:	172C9C016A4C1CD4F5AE91F81EA0B4267D664E2EB6FF2271C9F3F5C11639AB54E092F1A032796BB5A73FCB2BB5F1A4B41A4A08F26FC6331382656473B17D190F
Malicious:	false
Reputation:	low
IE Cache URL:	https://funfid.com/.ae/en/NV6588123/files/master-card-icon.png
Preview:	.PNG........IHDR...$..........&L.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:EBD2A6EE9A0F11E3A721980657E6C249" xmpMM:DocumentID="xmp.did:EBD2A6EF9A0F11E3A721980657E6C249"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EBD2A6EC9A0F11E3A721980657E6C249" stRef:documentID="xmp.did:EBD2A6ED9A0F11E3A721980657E6C249"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.HC....xIDATx..]lTE.......m..V...Z.(".j(.q.(...4...b...E.5...O..'}Pc5..EPH.b..DQj.j+im.\|.{.........J....{.sg.7.9..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\rotate-device[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 161 x 179, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2612
Entropy (8bit):	7.398161125086221
Encrypted:	false
SSDEEP:	48:V1wqQNn2xXJ31xa1EB4L7M1EaHdfEb2Ae5yUQStJw4NJzN:VDY2xxaGxma6Le5pfbZ
MD5:	84C27EEDBC4B11F4D072FDDFE1C1B6EA
SHA1:	524817B0CFD7A62CCDB40391760D6393A83DB6E5
SHA-256:	A6C46C09291B11B56EC8272F62213A7E29ED57AD13E943A61A7588A029BD65FA
SHA-512:	04576EB60B3C74E01D2AEEBF9E0FB832C256F69D6713F935EA124740560E54F888E5C6A7E636A7A89AA0B3498F7AA4456CED0926112C1EF674C730E606BE4E6E
Malicious:	false
Reputation:	low
IE Cache URL:	https://funfid.com/.ae/en/NV6588123/files/rotate-device.png
Preview:	.PNG........IHDR..............O\|&....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:182B879F066911E484FFAA0EA7970212" xmpMM:DocumentID="xmp.did:182B87A0066911E484FFAA0EA7970212"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:182B879D066911E484FFAA0EA7970212" stRef:documentID="xmp.did:182B879E066911E484FFAA0EA7970212"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..~....IDATx..{.TU......U\|..S(..S......e!..@$.....2++"...D{B...a.iO... ..(.J7_k.c...ga.....{.3..\|p.gF......{m.>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\style[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	assembler source, ASCII text
Category:	downloaded
Size (bytes):	1684
Entropy (8bit):	4.926705225301264
Encrypted:	false
SSDEEP:	24:DaQFZgu9I2mF2FivIPhiVZgu9wP9wqJZl4TKsN1oBuCNTONRba/9:D4F2FiPiP9wqJARDoMYsRq
MD5:	1C5F56EA8C25A23A31DF9B7DDA47859D
SHA1:	832ADE4F3FFF84B4C6BF96C5FCCF895150C8EA91
SHA-256:	FD420BD53AFB73813EFE037EFBE844409D1323B9652A6C7FE784F19757E15B24
SHA-512:	9B52D71C40CFFBEC94DD8BC78A1144B9FB2F09E66B21B481003E4175E9DFE29A4DEB1976DECC86C81EE1BA3D3C0584C10182DF3240317A2E638A540B3756BCE0
Malicious:	false
Reputation:	low
IE Cache URL:	https://funfid.com/.ae/en/NV6588123/files/style.css
Preview:	.typeahead,..tt-query,..tt-hint {. width: 396px;. height: 30px;. padding: 8px 12px;. line-height: 30px;. border: 2px solid #ccc;. -webkit-border-radius: 8px;. -moz-border-radius: 8px;. border-radius: 8px;. outline: none;.}...typeahead {. background-color: #fff;.}...typeahead:focus {. border: 2px solid #0097cf;.}...tt-query {. -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075);. -moz-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075);. box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075);.}...tt-hint {. color: #999.}..twitter-typeahead.{..width:100%;.}..tt-menu {. width: 422px;. margin: 12px 0;. padding: 8px 0;. background-color: #fff;. border: 1px solid #ccc;. border: 1px solid rgba(0, 0, 0, 0.2);. -webkit-border-radius: 8px;. -moz-border-radius: 8px;. border-radius: 8px;. -webkit-box-shadow: 0 5px 10px rgba(0,0,0,.2);. -moz-box-shadow: 0 5px 10px rgba(0,0,0,.2);. box-shadow: 0 5px 10px rgba(0,0,0,.2);.}...tt-sugges

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\url[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	334
Entropy (8bit):	5.224011511622039
Encrypted:	false
SSDEEP:	6:wBzkrQWR0iYBtqW3kUWPq2JlKIOWuS7xk7uRCuSm71QrizYWuS17P:4krY1trWPqfor9QrpyT
MD5:	2075D589BDB8519E8325639D9BECF665
SHA1:	4D3259461E17DAFA403547DD63FF4EC0542D5692
SHA-256:	F58B866297D2185465F86BE28528E07F67309C0DA3AFD753F3441392C5FC07EB
SHA-512:	70AED0CB9C5C5D7584B4A3F46CCAB20607CB8BD0A9EE4DC5C854BF310C2BC9B4CDE9EA25EA769792C35B617CF0163199FA77DB6AEDF99809AFF7F93FF96BCD53
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/url?q=https://funfid.com/.ae/en/&sa=D&source=editors&ust=1623393681163000&usg=AOvVaw1EVQHT19sUbqCGwqho_dPr
Preview:	<HTML><HEAD>.<meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>Redirecting</TITLE>.<META HTTP-EQUIV="refresh" content="1; url=https://funfid.com/.ae/en/">.</HEAD>.<BODY onLoad="location.replace('https://funfid.com/.ae/en/'+document.location.hash)">.Redirecting you to https://funfid.com/.ae/en/</BODY></HTML>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\KFOmCnqEu92Fr1Mu4mxM[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 20332, version 1.1
Category:	downloaded
Size (bytes):	20332
Entropy (8bit):	7.970235088150752
Encrypted:	false
SSDEEP:	384:U0iwaxoOUPVkOJJSu6SsCKTIRDqG9oHKwZh98OSv+MsgkAOY:75mlUmOSu1guh+fZhLSxkAr
MD5:	DC3E086FC0C5ADDC09702E111D2ADB42
SHA1:	B1138B84FF19EAC5F43C4202297529D389BD09B7
SHA-256:	EA50AC7FDDB61A5CE248A7F8B3A31A98FE16285E076B16E6DA6B4E10910724BB
SHA-512:	10123C785C396CF0844751A014413ECF4D058AD0C00CAAEF5F8FFEF504C370F03EACD0B3C2A49211EEE0877B7AE7D0EF6E01264F04FC910C2660584B5E943BE0
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff
Preview:	wOFF......Ol.......x........................GDEF.......G...d....GPOS...............!GSUB................OS/2...L...P...`t...cmap...............#cvt .......T...T+...fpgm.......5....w.`.gasp...@............glyf...L..;...m.&.x.hdmx..H....m....'/./head..H....6...6.j.zhhea..H.... ...$....hmtx..H...........]uloca..Kp..........m,maxp..Mp... ... .4..name..M........t.U9.post..N`....... .m.dprep..Nt.......I.f..x...1..P......PB..U.=l.@..C)..N4C.\.51.3.......q.q.qu.O...OjC.cA......R.x...l\..F..3...N..q)..a\|.....^..33..c......p"y.iT....<Gg...!.3...T1...{.g0.u.y........m.\|.k..NF......mox.;...7&.Y..C.R_[.T.c..-.=...9:...aj.G...............O.Q".6...>...(?...~...._.2:..K4....S%...jbr).........e.U..-..X.3.ILQ....z..!.f:...<.W.#...e.c=...&6...lc;;..3<.s<....H.i2..N..t..)Ns...#`..".).[...._.T..T.....+l..=..O.....Z..F...r..eM.f.Y.....-...r.\.s6.r..,...:.<$..#.l..F.$.2#.e..].[.....yR...e.\|{..O..`)..U.0.e.50.Z.b../cM..i.&O._..+.Y.W...;z....j.p._.o..[CL.)n'.UGx..>).X..MJ..Fr..v

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\NV6588123[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	30814
Entropy (8bit):	3.8049685390477475
Encrypted:	false
SSDEEP:	192:uHgAxcsyjCRgPInua+EdAx3XQpWaLLAlACrLpM2Ck3VK5ECBWYExvzRhoImxkmB0:uHgAx37lSZQsa4lACGDFmvVhol50
MD5:	1FEE90ADF0A2A17F71D8ADD680923CBB
SHA1:	EECD4AAFA23BBC92B4B96D2BB0A85BFC38D7AF4C
SHA-256:	7D2C7A9B77D207AD25453AFAE719922A0632E8867AFE78AF57D5DBE7E3C0FB83
SHA-512:	FD45F2A0A5E5CC9429409EEBA6DA4894B837BDC35B165312228AFF73CA79D3A2AB1FA86AD4F066A685950C03B273756C769E6419FB0F28672F37F0C241A73DFC
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\NV6588123[1].htm, Author: Joe Security
Reputation:	low
IE Cache URL:	https://funfid.com/.ae/en/NV6588123/
Preview:	<!DOCTYPE html>..<html lang="en" style="" class=" js flexbox flexboxlegacy canvas canvastext postmessage websqldatabase indexeddb hashchange history draganddrop websockets rgba hsla multiplebgs backgroundsize borderimage borderradius boxshadow textshadow opacity cssanimations csscolumns cssgradients cssreflections csstransforms csstransforms3d csstransitions fontface generatedcontent video audio localstorage sessionstorage webworkers applicationcache"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. .. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1">.. <meta name="robots" content="noindex, nofollow">.. <meta name="googlebot" content="noindex">.. <link rel="shortcut icon" href="./files/favicon.png">.. <title>PayTabs - Simple & Trusted Payments</title>.... Bootstrap -->.. <link href="./files/bootstrap.css" rel="styl

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\credit-cards[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 112 x 21, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3141
Entropy (8bit):	7.737321950223144
Encrypted:	false
SSDEEP:	48:OEwqQNn2xsJ3NFnYXkYskK8KxGynL63/jVdkPs63ZzHJ/xlH4IhCFDLVCZa4xl:OUY2YV0e8KUyLsjk19HTlYIYlajxl
MD5:	C87314CBA3DA81E4B10F49FFF411B4D1
SHA1:	E24C686F6FAE2A33C0D788E9BE89B742FF7721C4
SHA-256:	D5DCE38263F5759F49F991A2A50098A91AA82BA3CE5A2EB33A66EA2A29855FEB
SHA-512:	3C97525343C40E90ACA041C280968551C85133FB1AE0F49A01B71765DA1B3D8B5B3F3CA6357101EED7D5399AB390A5CA288C50FD87FC207F11C3192447DE48AD
Malicious:	false
Reputation:	low
IE Cache URL:	https://funfid.com/.ae/en/NV6588123/files/credit-cards.png
Preview:	.PNG........IHDR...p...........j.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:213FB4B5D6A011E4B97BF56D524F01B9" xmpMM:DocumentID="xmp.did:213FB4B6D6A011E4B97BF56D524F01B9"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:213FB4B3D6A011E4B97BF56D524F01B9" stRef:documentID="xmp.did:213FB4B4D6A011E4B97BF56D524F01B9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..K....IDATx..Z{PT....}.....@.(.M...h.....Vc.1...e.G...N_6.d..i..1....M.D........8...$..5.........Y....{...?.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	175
Entropy (8bit):	5.0522421646209255
Encrypted:	false
SSDEEP:	3:0SYWFFWlIYCzHRiRI5XwDKLRIHDfFRWdFTfqzrZqcdAqsKTCEIoENRgVoYARNin:0IFFli+56ZRWHTizlpdAxInVuNin
MD5:	C9B33444138B8312C889B87B157D7830
SHA1:	60CF82CB0DEF72CD46143D1BD562BE26BA874802
SHA-256:	8EB72810C473A7DBEAB9EA57FDBFAA004741DFFE2070CACCAC318052AF3B81A1
SHA-512:	93655BE7DE9E3EC1116810D442396C69456FB7EFE746003BE23A23BE5EBB927246EF3EBC9A68B7E11DF392714870D570F3C733CE2B7D73D895094FFAF7D680B8
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.googleapis.com/css?family=Roboto
Preview:	@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\p2[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 48 x 33, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3557
Entropy (8bit):	7.746726419206484
Encrypted:	false
SSDEEP:	96:N+f2vMpF8A+OqgjSPBldChOimYEKvcURrQj9:Nk87ZUAqOimYE2hRUj9
MD5:	B16526BE2CBE2BC6D622EA91C8F7DAE8
SHA1:	5DCD768E97E80D3426382083D9637116528EFF15
SHA-256:	704F42F2B8D5C2CF34161340102F38F70EAD0A89F3A616B6F2C3EC1F500DE3BD
SHA-512:	1BBC881D6356AAAC95C29058E12D39F3FD1194C62A0E7A0E3CEF8A91F60B05C07DF8BBE9A7D96950A0E5D29CAC90BAD2E0E1B607EED64C3FA6D2B4E33D63C68B
Malicious:	false
Reputation:	low
IE Cache URL:	https://funfid.com/.ae/en/NV6588123/files/p2.png
Preview:	.PNG........IHDR...0...!.......(.....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Macintosh)" xmpMM:InstanceID="xmp.iid:6AAD027D173C11E8A053BA8AD4902CA2" xmpMM:DocumentID="xmp.did:6AAD027E173C11E8A053BA8AD4902CA2"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6AAD027B173C11E8A053BA8AD4902CA2" stRef:documentID="xmp.did:6AAD027C173C11E8A053BA8AD4902CA2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..o....SIDATx..YiT......FeR&!a...... (.J.<.s@.<....Z.....OY*.<D..........."`..D&..!2...:I?.$P.U..+...../0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\p3[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 27 x 41, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2581
Entropy (8bit):	7.6182843023561455
Encrypted:	false
SSDEEP:	48:BkNNn2kZKZ/tJ3Rhj6RKZx/SditG0HRgo0dOvY3l/UDOhJ92zNdu7ph:Kf2bY6YdI/HRMOvY1cDOhzAdu7n
MD5:	81A562003C28AD9C4D6DC2EAE0EF5326
SHA1:	BD9D07C46CFA2B85B9128CA69E43080DECBA900A
SHA-256:	92EDA55CFCD4423DFA402B96EC7C4C4016E6299D06EF3F0393862C4216304D04
SHA-512:	4C21F12EC38DA1BB892D9DDA82FF163F354947D4C682C55E78CA38FA326520F602169A0F01030C6DA930887A035EA36906B9EA73EE504446187CB265D49E4C58
Malicious:	false
Reputation:	low
IE Cache URL:	https://funfid.com/.ae/en/NV6588123/files/p3.png
Preview:	.PNG........IHDR.......)......fR.....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2015 (Macintosh)" xmpMM:InstanceID="xmp.iid:5BF3B88C173D11E8A053BA8AD4902CA2" xmpMM:DocumentID="xmp.did:5BF3B88D173D11E8A053BA8AD4902CA2"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6AAD027F173C11E8A053BA8AD4902CA2" stRef:documentID="xmp.did:6AAD0280173C11E8A053BA8AD4902CA2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>+.....IDATx...LSW...-..Z*.2......U...T...'380@P..DE6A.......t.....f.F...8ujt....@....u.....9.i..5..{.s~..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\visa-icon[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 58 x 18, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2047
Entropy (8bit):	7.476041124999071
Encrypted:	false
SSDEEP:	24:By1he91Wwjx82lY2T3ouVEatyJ3V4TnUGFiypatfkiu5sOIaWQ3HU254ITwbDdbo:BwqQNn2xOBJ3B8ZpMu5MYY+wbJgED8
MD5:	C6B153B479713E3E849547A26CF24065
SHA1:	E96B599DB120C16EEC57774DE92B47706275F46B
SHA-256:	A7A929E9986FF28DAF0D6E93093CA394C33AABB143B6351A5E8EF6BC2A15F88A
SHA-512:	5E159B0B471A2173B654BB788A5656B4A82BBA22E9D32C051A260DFEDE3CD17B8F4F8CBD32042AA4E62001D7AD0AE66E3621729F008B5C7D6B27E3E19ED122CE
Malicious:	false
Reputation:	low
IE Cache URL:	https://funfid.com/.ae/en/NV6588123/files/visa-icon.png
Preview:	.PNG........IHDR...:..........D.s....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:CAE58BC89A0F11E38AD5A547E5D61C47" xmpMM:DocumentID="xmp.did:CAE58BC99A0F11E38AD5A547E5D61C47"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CAE58BC69A0F11E38AD5A547E5D61C47" stRef:documentID="xmp.did:CAE58BC79A0F11E38AD5A547E5D61C47"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>S.0:...sIDATx.W.l.E..=.....H....[.Rh.F"J!.p$ ., !.h.....aH..Q..#...,a#....m..H.T)%.@..h....j9.7..u......K..g.......

C:\Users\user\AppData\Local\Temp\~DF1E12EB6036C3D8D3.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.4781859100304385
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loi9loS9lWmVUuTKU:kBqoINL6UuTKU
MD5:	DDC10E39B1DB6091D23AD2C7A9F0C1E8
SHA1:	18B6CA8950DCFD3AF511C088663C54D5C3CF7DB8
SHA-256:	52E8BDF69033378FFF953FE19A01BFC03B05244AABA49D9D826C7CBEE25E4BF4
SHA-512:	814D4863975355B30CCA18F19D6DCE7FBB5232DF7B20F638500F81EF5A2B033754C1E771622FF84DD1E6F89DC262F6647260C1398E87E451C410424321920D33
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF6D99441CB1FA02B4.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	50469
Entropy (8bit):	0.7812739595978181
Encrypted:	false
SSDEEP:	192:kBqoxKAuqR+EiIZCdNNHyvztEQNbbI94IJ1biT0EIh:kBqoxKAuqR+EiIZCdjA1YzG0
MD5:	3D5FF773BE9A0DA5CF008E9CE21D90FD
SHA1:	E180202BFB2A5149344927DA8B9B12DDF5B9BCAD
SHA-256:	A6329956ECF185DAE68F19D6DA05E8B692CAE72DDB6479991CA829BAF9A25C6B
SHA-512:	3E17082EE69586824FA2562C958BB2C212FD6B8C4C826454320E6D7598B6C0B4D8218C8FC537E7B9ADEC035E410DD43DABEB39012122EEE01D8346BF1FE75936
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFA5F3CD9D61D5BB31.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.33733658539976796
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAupXYEAIm/:kBqoxxJhHWSVSEabupXT
MD5:	EC7809AC65A03C12EB633FDA761CB47D
SHA1:	521AA49733CFE1E7D7E8242977974028C129E8E1
SHA-256:	9CFC0E463ACCC32D9A0879D7CA53AE4B7BE84E569657819E0BDC081E6D7974CB
SHA-512:	C209F0088D6FB217CDAEE3085E35D0F5128DD47A817B8104C1D6609D24F51B70C20450AC3CDB000AEA83EA1061C0422A705DDBC79FE0B96AA5B515A94841C94C
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 11, 2021 07:41:21.512290955 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.513830900 CEST	49738	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.573673010 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.573777914 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.574431896 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.576072931 CEST	443	49738	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.576189995 CEST	49738	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.576798916 CEST	49738	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.635674953 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.639173031 CEST	443	49738	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.656225920 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.656272888 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.656312943 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.656322002 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.656351089 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.656352043 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.656369925 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.656382084 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.656410933 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.656423092 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.659768105 CEST	443	49738	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.659811020 CEST	443	49738	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.659851074 CEST	443	49738	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.659890890 CEST	443	49738	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.659898043 CEST	49738	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.659920931 CEST	443	49738	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.659953117 CEST	49738	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.659967899 CEST	49738	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.665165901 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.665566921 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.665865898 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.706984043 CEST	49738	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.707441092 CEST	49738	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.726622105 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.726672888 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.726701975 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.726717949 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.726753950 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.727762938 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.731689930 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.771703005 CEST	443	49738	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.771759033 CEST	443	49738	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.771897078 CEST	49738	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.771935940 CEST	49738	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.791081905 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.806536913 CEST	49738	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.873670101 CEST	443	49738	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.905407906 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.905467987 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.905509949 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.905549049 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.907505989 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.907552004 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.907591105 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.907629013 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.911834002 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.911880970 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.911904097 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.911942005 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.916110992 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.916158915 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.916220903 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.916259050 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.920443058 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.920510054 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.920522928 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.920564890 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.924706936 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.924762011 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.924834013 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.928951979 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.929016113 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.929048061 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.929068089 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.929090023 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.933331013 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.933368921 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.933464050 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.937602997 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.937640905 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.937752008 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.966650963 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.966689110 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.966798067 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.968758106 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.968790054 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.968838930 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.968869925 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.973092079 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.973129034 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.973161936 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.973192930 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.977392912 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.977422953 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.977497101 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.979060888 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.981676102 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.981700897 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.981758118 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.981795073 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.985963106 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.985984087 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.986032009 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.986068010 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.990377903 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.990411997 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.990472078 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.993526936 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.994612932 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.994636059 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.994712114 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:21.998920918 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.998955965 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:21.999046087 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:22.000814915 CEST	49737	443	192.168.2.4	142.250.180.225
Jun 11, 2021 07:41:22.062148094 CEST	443	49737	142.250.180.225	192.168.2.4
Jun 11, 2021 07:41:39.462832928 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.462905884 CEST	49756	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.505302906 CEST	443	49756	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.505337954 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.505479097 CEST	49756	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.505522013 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.515743017 CEST	49756	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.516211987 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.558221102 CEST	443	49756	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.558561087 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.563237906 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.563282013 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.563359976 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.563405037 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.567058086 CEST	443	49756	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.567100048 CEST	443	49756	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.567172050 CEST	49756	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.567209959 CEST	49756	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.581516981 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.581739902 CEST	49756	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.582204103 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.582487106 CEST	49756	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.582550049 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.624072075 CEST	443	49756	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.624123096 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.624152899 CEST	443	49756	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.624191046 CEST	443	49756	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.624253988 CEST	49756	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.624325037 CEST	49756	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.624499083 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.624556065 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.624581099 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.624660969 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.624687910 CEST	443	49756	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.624712944 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.624718904 CEST	443	49756	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.624748945 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.624795914 CEST	49756	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.625375986 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.625546932 CEST	49756	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.670239925 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.710553885 CEST	443	49756	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.748838902 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.748980999 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.751377106 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.793893099 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.831943035 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.831994057 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.832020998 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.832036018 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.832096100 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.832102060 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.832130909 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.832164049 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.832226992 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.832251072 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.832256079 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.832314968 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.832392931 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.832716942 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.832793951 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.851309061 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.852453947 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.852952003 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.853835106 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.854494095 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.855318069 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.856333971 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.857503891 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.859935045 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.860249043 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.860419989 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.860563993 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.860877037 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.861362934 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.862062931 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.862905025 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.864831924 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.896404028 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.897907019 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.899586916 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.901118040 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.901151896 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.901348114 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.901395082 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.901401043 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.901493073 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.902359009 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.902403116 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.902537107 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.903295994 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.903352022 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.903491974 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.904336929 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.904380083 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.904488087 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.905338049 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.905381918 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.905491114 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.906284094 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.906326056 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.906425953 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.906507015 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.907326937 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.907413960 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.907444954 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.907551050 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.908334017 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.908376932 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.908416033 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.908514977 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.909272909 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.909322023 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.909364939 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.909442902 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.910289049 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.910331011 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.910402060 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.910474062 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.911288023 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.911326885 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.911386013 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.911434889 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.912246943 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.912288904 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.912329912 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.912384033 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.913285971 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.913328886 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.913374901 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.913523912 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.914253950 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.914294958 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.914359093 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.914385080 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.915250063 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.915293932 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.915319920 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.915344954 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.916243076 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.916285992 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.916312933 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.916337013 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.917246103 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.917289019 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.917324066 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.917349100 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.943927050 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.943953037 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.944030046 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.944058895 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.944320917 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.944364071 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.944394112 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.944479942 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.945292950 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.945333004 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.945373058 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.945398092 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.946309090 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.946352005 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.946398973 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.946419001 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.947323084 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.947360992 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.947408915 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.947431087 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.948302031 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.948344946 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.948388100 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.948412895 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.949259043 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.949312925 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.949438095 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.949455976 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.950295925 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.950337887 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.950380087 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.950404882 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.951277971 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.951316118 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.951366901 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.951386929 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.952267885 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.952312946 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.952452898 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.952471018 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.953279018 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.953319073 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.953366041 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.953391075 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.954277039 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.954320908 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.954359055 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.954381943 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.955377102 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.955415010 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.955478907 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.955499887 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.956295013 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.956337929 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.956382036 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.956403017 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.957246065 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.957283974 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.957328081 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.957353115 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.958241940 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.958297014 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.958340883 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.958362103 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.959232092 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.959270954 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.959316969 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.959338903 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.960247993 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.960290909 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.960335970 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.961246014 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.961299896 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.961304903 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.961328030 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.961348057 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.962234974 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.962279081 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.962316036 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.962338924 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.963206053 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.963248968 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.963298082 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.963323116 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.964221001 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.964252949 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:39.964303017 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:39.964324951 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:40.553436995 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:40.600908041 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:40.600994110 CEST	443	49755	104.21.79.236	192.168.2.4
Jun 11, 2021 07:41:40.601047039 CEST	49755	443	192.168.2.4	104.21.79.236
Jun 11, 2021 07:41:40.601108074 CEST	49755	443	192.168.2.4	104.21.79.236

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 11, 2021 07:41:12.351129055 CEST	49714	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:12.404556036 CEST	53	49714	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:13.107501984 CEST	58028	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:13.169392109 CEST	53	58028	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:13.308368921 CEST	53097	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:13.359900951 CEST	53	53097	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:14.311219931 CEST	49257	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:14.364248991 CEST	53	49257	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:15.230113029 CEST	62389	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:15.280883074 CEST	53	62389	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:16.258141994 CEST	49910	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:16.319968939 CEST	53	49910	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:17.204777002 CEST	55854	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:17.258605003 CEST	53	55854	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:18.203275919 CEST	64549	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:18.255939960 CEST	53	64549	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:18.796756029 CEST	63153	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:18.855557919 CEST	53	63153	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:19.256594896 CEST	52991	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:19.306701899 CEST	53	52991	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:20.467505932 CEST	53700	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:20.495939970 CEST	51726	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:20.536695957 CEST	53	53700	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:20.557188988 CEST	53	51726	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:21.357878923 CEST	56794	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:21.429254055 CEST	53	56794	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:21.430563927 CEST	56534	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:21.502249956 CEST	53	56534	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:21.902040958 CEST	56627	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:21.952291012 CEST	53	56627	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:22.470379114 CEST	56621	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:22.529448986 CEST	53	56621	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:22.565563917 CEST	63116	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:22.617320061 CEST	53	63116	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:23.498588085 CEST	64078	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:23.548755884 CEST	53	64078	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:24.393724918 CEST	64801	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:24.445274115 CEST	53	64801	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:25.287831068 CEST	61721	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:25.340758085 CEST	53	61721	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:26.222551107 CEST	51255	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:26.272789001 CEST	53	51255	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:27.105591059 CEST	61522	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:27.158735037 CEST	53	61522	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:28.443797112 CEST	52337	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:28.498522043 CEST	53	52337	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:29.337050915 CEST	55046	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:29.398794889 CEST	53	55046	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:30.439022064 CEST	49612	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:30.501857996 CEST	53	49612	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:36.810165882 CEST	49285	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:36.879833937 CEST	53	49285	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:38.985461950 CEST	50601	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:39.046994925 CEST	53	50601	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:39.392503023 CEST	60875	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:39.460644007 CEST	53	60875	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:44.927874088 CEST	56448	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:45.007571936 CEST	53	56448	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:48.788142920 CEST	59172	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:48.841710091 CEST	53	59172	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:49.755868912 CEST	62420	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:49.796494961 CEST	59172	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:49.818828106 CEST	53	62420	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:49.851402044 CEST	53	59172	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:50.765367031 CEST	62420	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:50.812675953 CEST	59172	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:50.827151060 CEST	53	62420	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:50.866120100 CEST	53	59172	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:51.765901089 CEST	62420	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:51.828222990 CEST	53	62420	8.8.8.8	192.168.2.4
Jun 11, 2021 07:41:52.828094006 CEST	59172	53	192.168.2.4	8.8.8.8
Jun 11, 2021 07:41:52.883270025 CEST	53	59172	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jun 11, 2021 07:41:21.430563927 CEST	192.168.2.4	8.8.8.8	0x7ae9	Standard query (0)	lh4.googleusercontent.com	A (IP address)	IN (0x0001)
Jun 11, 2021 07:41:39.392503023 CEST	192.168.2.4	8.8.8.8	0x59a2	Standard query (0)	funfid.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jun 11, 2021 07:41:21.502249956 CEST	8.8.8.8	192.168.2.4	0x7ae9	No error (0)	lh4.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Jun 11, 2021 07:41:21.502249956 CEST	8.8.8.8	192.168.2.4	0x7ae9	No error (0)	googlehosted.l.googleusercontent.com		142.250.180.225	A (IP address)	IN (0x0001)
Jun 11, 2021 07:41:39.460644007 CEST	8.8.8.8	192.168.2.4	0x59a2	No error (0)	funfid.com		104.21.79.236	A (IP address)	IN (0x0001)
Jun 11, 2021 07:41:39.460644007 CEST	8.8.8.8	192.168.2.4	0x59a2	No error (0)	funfid.com		172.67.150.9	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jun 11, 2021 07:41:21.656382084 CEST	142.250.180.225	443	192.168.2.4	49737	CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Mon May 17 04:58:56 CEST 2021 Thu Jun 15 02:00:42 CEST 2017	Mon Aug 09 04:58:55 CEST 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jun 11, 2021 07:41:21.656382084 CEST	142.250.180.225	443	192.168.2.4	49737	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Jun 11, 2021 07:41:21.659920931 CEST	142.250.180.225	443	192.168.2.4	49738	CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Mon May 17 04:58:56 CEST 2021 Thu Jun 15 02:00:42 CEST 2017	Mon Aug 09 04:58:55 CEST 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jun 11, 2021 07:41:21.659920931 CEST	142.250.180.225	443	192.168.2.4	49738	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Jun 11, 2021 07:41:39.563282013 CEST	104.21.79.236	443	192.168.2.4	49755	CN=*.funfid.com CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed May 19 05:43:44 CEST 2021 Wed Oct 07 21:21:40 CEST 2020	Tue Aug 17 05:43:44 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jun 11, 2021 07:41:39.563282013 CEST	104.21.79.236	443	192.168.2.4	49755	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
Jun 11, 2021 07:41:39.567100048 CEST	104.21.79.236	443	192.168.2.4	49756	CN=*.funfid.com CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed May 19 05:43:44 CEST 2021 Wed Oct 07 21:21:40 CEST 2020	Tue Aug 17 05:43:44 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jun 11, 2021 07:41:39.567100048 CEST	104.21.79.236	443	192.168.2.4	49756	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 6368 Parent PID: 800

General

Start time:	07:41:18
Start date:	11/06/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff7ac340000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: iexplore.exe PID: 6472 Parent PID: 6368

General

Start time:	07:41:19
Start date:	11/06/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6368 CREDAT:17410 /prefetch:2
Imagebase:	0x1000000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://docs.google.com/document/d/e/2PACX-1vRAHP7hrvpDz9KQUwv-UGYQwMoqaq4CogO-Ounm_Bj43rDT7FbutuHOxu--J36ilf9tiDQdTEuajLGO/pub

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 6368 Parent PID: 800

General

Chronological Activities

Analysis Process: iexplore.exe PID: 6472 Parent PID: 6368

General

Chronological Activities

Disassembly