Play interactive tour

Edit tour

Analysis Report https://buidlideayour.herokuapp.com/?2bde25e384khgvadfsgvjhdgwegwfvlyfutljgdyrtugot86u87r765968js4dcbccc16d&hadams@stinsons.com#8236787/7b69698354072f79f8eeb523a63

Overview

General Information

Sample URL:	https://buidlideayour.herokuapp.com/?2bde25e384khgvadfsgvjhdgwegwfvlyfutljgdyrtugot86u87r765968js4dcbccc16d&hadams@stinsons.com#8236787/7b69698354072f79f8eeb523a63
Analysis ID:	433414
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish10

Yara detected HtmlPhish44

HTML body contains low number of good links

HTML title does not match URL

URL contains potential PII (phishing indication)

Classification

Process Tree

System is w10x64

iexplore.exe (PID: 5252 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 4772 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5252 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\secondfile[1].HTML	JoeSecurity_HtmlPhish_44	Yara detected HtmlPhish_44	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: https://buidlideayour.herokuapp.com/?2bde25e384khgvadfsgvjhdgwegwfvlyfutljgdyrtugot86u87r765968js4dcbccc16d&hadams@stinsons.com#8236787/7b69698354072f79f8eeb523a63

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish10

Show sources

Source: Yara match

File source: 377142.pages.csv, type: HTML

Yara detected HtmlPhish44

Show sources

Source: Yara match

File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\secondfile[1].HTML, type: DROPPED

Source: https://firebasestorage.googleapis.com/v0/b/wteyrp.appspot.com/o/secondfile.HTML?alt=media&token=a1b11045-693b-4060-ba9c-b06b17cbfcf5#hadams@stinsons.com	HTTP Parser: Number of links: 0
Source: https://firebasestorage.googleapis.com/v0/b/wteyrp.appspot.com/o/secondfile.HTML?alt=media&token=a1b11045-693b-4060-ba9c-b06b17cbfcf5#hadams@stinsons.com	HTTP Parser: Number of links: 0

Source: https://firebasestorage.googleapis.com/v0/b/wteyrp.appspot.com/o/secondfile.HTML?alt=media&token=a1b11045-693b-4060-ba9c-b06b17cbfcf5#hadams@stinsons.com	HTTP Parser: Title: Logln does not match URL
Source: https://firebasestorage.googleapis.com/v0/b/wteyrp.appspot.com/o/secondfile.HTML?alt=media&token=a1b11045-693b-4060-ba9c-b06b17cbfcf5#hadams@stinsons.com	HTTP Parser: Title: Logln does not match URL

Source: https://buidlideayour.herokuapp.com/?2bde25e384khgvadfsgvjhdgwegwfvlyfutljgdyrtugot86u87r765968js4dcbccc16d&hadams@stinsons.com#8236787/7b69698354072f79f8eeb523a63

Sample URL: PII: 2bde25e384khgvadfsgvjhdgwegwfvlyfutljgdyrtugot86u87r765968js4dcbccc16d&hadams@stinsons.com

Source: https://firebasestorage.googleapis.com/v0/b/wteyrp.appspot.com/o/secondfile.HTML?alt=media&token=a1b11045-693b-4060-ba9c-b06b17cbfcf5#hadams@stinsons.com	HTTP Parser: No <meta name="author".. found
Source: https://firebasestorage.googleapis.com/v0/b/wteyrp.appspot.com/o/secondfile.HTML?alt=media&token=a1b11045-693b-4060-ba9c-b06b17cbfcf5#hadams@stinsons.com	HTTP Parser: No <meta name="author".. found

Source: https://firebasestorage.googleapis.com/v0/b/wteyrp.appspot.com/o/secondfile.HTML?alt=media&token=a1b11045-693b-4060-ba9c-b06b17cbfcf5#hadams@stinsons.com	HTTP Parser: No <meta name="copyright".. found
Source: https://firebasestorage.googleapis.com/v0/b/wteyrp.appspot.com/o/secondfile.HTML?alt=media&token=a1b11045-693b-4060-ba9c-b06b17cbfcf5#hadams@stinsons.com	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 52.72.98.175:443 -> 192.168.2.3:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.72.98.175:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.3:49735 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: buidlideayour.herokuapp.com

Source: popper.min[1].js.3.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: {F403229A-CB23-11EB-90E4-ECF4BB862DED}.dat.2.dr, ~DF7AD2B7996D24E2A7.TMP.2.dr	String found in binary or memory: https://buidlideayour.herokuapp.com/?2bde25e384khgvadfsgvjhdgwegwfvlyfutljgdyrtugot86u87r765968js4dc
Source: ~DF7AD2B7996D24E2A7.TMP.2.dr	String found in binary or memory: https://firebasestorage.googleapis.com/v0/b/wteyrp.appspot.com/o/secondfile.HTML?alt=media&token=a1b
Source: {F403229A-CB23-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://firebasestoragherokuapp.com/?2bde25e384khgvadfsgvjhdgwegwfvlyfutljgdyrtugot86u87r765968js4dc
Source: free.min[1].css.3.dr	String found in binary or memory: https://fontawesome.com
Source: free.min[1].css.3.dr	String found in binary or memory: https://fontawesome.com/license/free
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v12/tss0ApVBdCYD5Q7hcxTE1ArZ0bbwiXo.woff)
Source: bootstrap.min[1].css.3.dr, bootstrap.min[1].js.3.dr	String found in binary or memory: https://getbootstrap.com)
Source: bootstrap.min[1].js0.3.dr	String found in binary or memory: https://getbootstrap.com/)
Source: bootstrap.min[1].css.3.dr, bootstrap.min[1].js.3.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap.min[1].js.3.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: 585b051251[1].js.3.dr	String found in binary or memory: https://ka-f.fontawesome.com
Source: 585b051251[1].js.3.dr	String found in binary or memory: https://kit.fontawesome.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734

Source: unknown	HTTPS traffic detected: 52.72.98.175:443 -> 192.168.2.3:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.72.98.175:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.18.94:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.10.207:443 -> 192.168.2.3:49735 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@3/18@7/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF459A0EB644286CDD.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5252 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5252 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://buidlideayour.herokuapp.com/?2bde25e384khgvadfsgvjhdgwegwfvlyfutljgdyrtugot86u87r765968js4dcbccc16d&hadams@stinsons.com#8236787/7b69698354072f79f8eeb523a63	0%	Avira URL Cloud	safe
https://buidlideayour.herokuapp.com/?2bde25e384khgvadfsgvjhdgwegwfvlyfutljgdyrtugot86u87r765968js4dcbccc16d&hadams@stinsons.com#8236787/7b69698354072f79f8eeb523a63	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://getbootstrap.com)	0%	Avira URL Cloud	safe
https://buidlideayour.herokuapp.com/?2bde25e384khgvadfsgvjhdgwegwfvlyfutljgdyrtugot86u87r765968js4dc	0%	Avira URL Cloud	safe
https://firebasestoragherokuapp.com/?2bde25e384khgvadfsgvjhdgwegwfvlyfutljgdyrtugot86u87r765968js4dc	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
buidlideayour.herokuapp.com	52.72.98.175	true	false	unknown
stackpath.bootstrapcdn.com	104.18.10.207	true	false	high
cdnjs.cloudflare.com	104.16.18.94	true	false	high
maxcdn.bootstrapcdn.com	104.18.10.207	true	false	high
ka-f.fontawesome.com	unknown	unknown	false	high
code.jquery.com	unknown	unknown	false	high
kit.fontawesome.com	unknown	unknown	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://fontawesome.com	free.min[1].css.3.dr	false		high
https://github.com/twbs/bootstrap/blob/master/LICENSE)	bootstrap.min[1].css.3.dr, bootstrap.min[1].js.3.dr	false		high
https://kit.fontawesome.com	585b051251[1].js.3.dr	false		high
https://github.com/twbs/bootstrap/graphs/contributors)	bootstrap.min[1].js.3.dr	false		high
http://opensource.org/licenses/MIT).	popper.min[1].js.3.dr	false		high
https://getbootstrap.com)	bootstrap.min[1].css.3.dr, bootstrap.min[1].js.3.dr	false	Avira URL Cloud: safe	low
https://getbootstrap.com/)	bootstrap.min[1].js0.3.dr	false		high
https://ka-f.fontawesome.com	585b051251[1].js.3.dr	false		high
https://fontawesome.com/license/free	free.min[1].css.3.dr	false		high
https://buidlideayour.herokuapp.com/?2bde25e384khgvadfsgvjhdgwegwfvlyfutljgdyrtugot86u87r765968js4dc	{F403229A-CB23-11EB-90E4-ECF4BB862DED}.dat.2.dr, ~DF7AD2B7996D24E2A7.TMP.2.dr	false	Avira URL Cloud: safe	unknown
https://firebasestoragherokuapp.com/?2bde25e384khgvadfsgvjhdgwegwfvlyfutljgdyrtugot86u87r765968js4dc	{F403229A-CB23-11EB-90E4-ECF4BB862DED}.dat.2.dr	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
52.72.98.175	buidlideayour.herokuapp.com	United States	14618	AMAZON-AESUS	false
104.18.10.207	stackpath.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
104.16.18.94	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	433414
Start date:	11.06.2021
Start time:	19:13:57
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://buidlideayour.herokuapp.com/?2bde25e384khgvadfsgvjhdgwegwfvlyfutljgdyrtugot86u87r765968js4dcbccc16d&hadams@stinsons.com#8236787/7b69698354072f79f8eeb523a63
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@3/18@7/3
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, ielowutil.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 52.147.198.201, 13.88.21.125, 88.221.62.148, 142.250.180.234, 142.250.180.202, 104.18.23.52, 104.18.22.52, 172.64.203.28, 172.64.202.28, 69.16.175.42, 69.16.175.10, 172.217.20.10, 20.82.210.154, 184.30.20.56, 152.199.19.161, 2.20.142.210, 2.20.142.209, 93.184.221.240 Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, cds.s5x3j6q5.hwcdn.net, ka-f.fontawesome.com.cdn.cloudflare.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, wu.azureedge.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, wu.wpc.apr-52dd2.edgecastdns.net, au-bg-shim.trafficmanager.net, firebasestorage.googleapis.com, www.bing.com, kit.fontawesome.com.cdn.cloudflare.net, fonts.googleapis.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ajax.googleapis.com, ie9comview.vo.msecnd.net, wu.ec.azureedge.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, skypedataprdcoleus16.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus15.cloudapp.net, cs9.wpc.v0cdn.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F4032298-CB23-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.858575217845274
Encrypted:	false
SSDEEP:	192:rJZOZ/2FW5tH/5fa8/N/sM4/F/cH///mA/Df88/M/cX:r/au8rBHf+Gl
MD5:	CAB5E98278DE52D83264B48B01DD8036
SHA1:	F774C9BEF3E4C447BE04343114AD2864AF3AE35C
SHA-256:	DCE8873903C2A0C8E692F81D92E4C65166CE1DD1A72747E0B17CACC740C420ED
SHA-512:	EBEF7D39901C1C283D81969BDC530B297C77E0AF0C8812C62BD60FBEED0DA592D3A2789252340CBFC7355E34E54C31C047EE1008CA46E22AAB73943F0E4004A0
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F403229A-CB23-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	42024
Entropy (8bit):	2.336519542028589
Encrypted:	false
SSDEEP:	192:rDZwQo6qkfjh2NWLMbnRrWA7bdDH8GFl8IJ+FxvFhWIJePf+EauI5TvzmgxD:rFJzDbQk4bH9Fkl5Eqx
MD5:	A6926E3FED5486F8818F11438D19C174
SHA1:	899F72C83EE2C1A97C2E2C45D1DEFEC60530083B
SHA-256:	9DD32992FC15CC5D8CA817918F51BDF50C0F695EB6228D495982131E5478416A
SHA-512:	6441D47C9DAD484625B346E86CE5A169BC921A0D34C0ABF29D18ED98A07DBD877F9B3BA07F4D5351F2036F20FA7A3C3975588A62BEE93BAFBCF5116486483E69
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FA919954-CB23-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5647737074363652
Encrypted:	false
SSDEEP:	48:IwKGcprzGwpaxG4pQFGrapbScGQpK6G7HpR22TGIpG:ruZtQj61BS0AVTnA
MD5:	7138D69FAAB0689DB40F3A529CD6CD36
SHA1:	2520149B912A7251596FACEB8C5F6C4674B87518
SHA-256:	5636247E72F86D81E2CD410EB4165B0FDE4FF7298B32DE1D5C3DCFA7CC41D1B8
SHA-512:	6EF9964B99058E801813B2EDDC8AD297AC5B2870362FF5CF69D34B163FBE3D7360A7E390064FDA4C53421A13FF799F7438509E704A6415F97FA64565EB5EC2B1
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\bootstrap.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	144877
Entropy (8bit):	5.049937202697915
Encrypted:	false
SSDEEP:	1536:GcoqwrUPyDHU7c7TcDEBi82NcuSELL4d/+oENM6HN26Q:VoPgPard2oENM6HN26Q
MD5:	450FC463B8B1A349DF717056FBB3E078
SHA1:	895125A4522A3B10EE7ADA06EE6503587CBF95C5
SHA-256:	2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
SHA-512:	93BF1ED5F6D8B34F53413A86EFD4A925D578C97ABC757EA871F3F46F340745E4126C48219D2E8040713605B64A9ECF7AD986AA8102F5EA5ECF9228801D962F5D
Malicious:	false
Reputation:	low
IE Cache URL:	https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Preview:	/!. Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors. * Copyright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). /:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace},::after,::before{box-sizing:border-box}html{font-family:sans

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\bootstrap.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	51039
Entropy (8bit):	5.247253437401007
Encrypted:	false
SSDEEP:	768:E9Yw7GuJM+HV0cen/7Kh5rM7V4RxCKg8FW/xsXQUd+FiID65r48Hgp5HRl+:E9X7PMIM7V4R5LFAxTWyuHHgp5HRl+
MD5:	67176C242E1BDC20603C878DEE836DF3
SHA1:	27A71B00383D61EF3C489326B3564D698FC1227C
SHA-256:	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
SHA-512:	9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A
Malicious:	false
Reputation:	low
IE Cache URL:	https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Preview:	/!. Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enum

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\popper.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	19188
Entropy (8bit):	5.212814407014048
Encrypted:	false
SSDEEP:	384:+CbuG4xGNoDic2UjKPafxwC5b/4xQviOJU7QzxzivDdE3pcGdjkd/9jt3B+Kb964:zb4xGmiJfaf7gxQvVU7eziv+cSjknZ3f
MD5:	70D3FDA195602FE8B75E0097EED74DDE
SHA1:	C3B977AA4B8DFB69D651E07015031D385DED964B
SHA-256:	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
SHA-512:	51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Preview:	/. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. /(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode\|\|e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto\|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\free-v4-shims.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	26701
Entropy (8bit):	4.829823522211244
Encrypted:	false
SSDEEP:	192:dP6hT1bIl4w0QUmQ10PwKLaAu5CwWavpHo4O6wgLPbJVR8XD7mycP:0hal4w0QK+PwK05eavpmgPPeXD7mycP
MD5:	8A99CE81EC2F89FBCA03F2C8CF1A3679
SHA1:	58F9EF32D12A5DA52CBAB7BD518BCC998FC59EF9
SHA-256:	362DAEAF1F7E05FEE9A609E549F148AACBE518C166FBD96EAD69057E295742AF
SHA-512:	930F28449365FAED13718BB8F332625DB110ABB08C3778DC632FDF00A0187A61A086B5EB4765FFC1923B64E2584C02592A213914B024DE6890FF3DBFC3A12FE5
Malicious:	false
Reputation:	low
IE Cache URL:	https://ka-f.fontawesome.com/releases/v5.15.3/css/free-v4-shims.min.css?token=585b051251
Preview:	/!. Font Awesome Free 5.15.3 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.fa.fa-glass:before{content:"\f000"}.fa.fa-meetup{font-family:"Font Awesome 5 Brands";font-weight:400}.fa.fa-star-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-star-o:before{content:"\f005"}.fa.fa-close:before,.fa.fa-remove:before{content:"\f00d"}.fa.fa-gear:before{content:"\f013"}.fa.fa-trash-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-trash-o:before{content:"\f2ed"}.fa.fa-file-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-file-o:before{content:"\f15b"}.fa.fa-clock-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-clock-o:before{content:"\f017"}.fa.fa-arrow-circle-o-down{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-arrow-circle-o-down:before{content:"\f358"}.fa.fa-arrow-circle-o-up{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-arro

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\free.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	60351
Entropy (8bit):	4.728641238865369
Encrypted:	false
SSDEEP:	768:0Uh31IPiyXNq4YxBowbgJlkwF//zMQyYJYX9Bft6VSz8:0U0PxXE4YXJgndFTfy9lt5Q
MD5:	390B4210E10C744C3C597500BCF0B31A
SHA1:	2600C7C2F25D7DBCBC668231601E426010DC6489
SHA-256:	C2819CA1F7AD1AF7BA53C4EDFDFD395C547BCB16D29892A234D7860C689ED929
SHA-512:	E8A7E466BE8CC092E12994B51A6A8A39E2FBB66DD48221BCF499BB89365B4004D73C1909F8FE0BBBBF13907D5901D76FFE127D92FDD7493853646F83F5985CBE
Malicious:	false
Reputation:	low
IE Cache URL:	https://ka-f.fontawesome.com/releases/v5.15.3/css/free.min.css?token=585b051251
Preview:	/!. Font Awesome Free 5.15.3 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pul

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jquery-3.2.1.slim.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	69597
Entropy (8bit):	5.369216080582935
Encrypted:	false
SSDEEP:	1536:qNhEyjjTikEJO4edXXe9J578go6MWX2xkjVe4c4j2ll2Ac7pK3F71QDU8CuT:Exc2yjq4j2uYnQDU8CuT
MD5:	5F48FC77CAC90C4778FA24EC9C57F37D
SHA1:	9E89D1515BC4C371B86F4CB1002FD8E377C1829F
SHA-256:	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
SHA-512:	CAB8C4AFA1D8E3A8B7856EE29AE92566D44CEEAD70C8D533F2C98A976D77D0E1D314719B5C6A473789D8C6B21EBB4B89A6B0EC2E1C9C618FB1437EBC77D3A269
Malicious:	false
Reputation:	low
IE Cache URL:	https://code.jquery.com/jquery-3.2.1.slim.min.js
Preview:	/! jQuery v3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-event/ajax,-effects,-effects/Tween,-effects/animatedSelector \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_e

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\secondfile[1].HTML Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	18972
Entropy (8bit):	3.936633505842757
Encrypted:	false
SSDEEP:	192:Ea/af1voYS8jUU/6ylbE1+6QgThkt8VsVoE1H1rTt0vrubiOYMxT:1i1iRU/RpW28aVoE13Wki5Mh
MD5:	0894B3B16F6A01A8C47F686B2F4D3DED
SHA1:	2DECCB1C27D9C5479439CC560379F12D570A7273
SHA-256:	B459113F479D0B87A81F62ED3DE76265C6B3781C4B45820CF90BD03AAF4F28DC
SHA-512:	8AB0D5733A20111AA52BA71D81731D35C8CE46DFFBE9E6CA902C52133EFE3FA4A0FFCE70DFD34BB3A7BDC0384A2E7D8FA8533EA176557B648FD3A1FF10C954C7
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_44, Description: Yara detected HtmlPhish_44, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\secondfile[1].HTML, Author: Joe Security
Reputation:	low
IE Cache URL:	https://firebasestorage.googleapis.com/v0/b/wteyrp.appspot.com/o/secondfile.HTML?alt=media&token=a1b11045-693b-4060-ba9c-b06b17cbfcf5
Preview:	<script>.. ..document.write(unescape("%3C%21DOCTYPE%20html%3E%0A%3Chtml%20lang%3D%22en%22%3E%0A%0A%3Chead%3E%0A%20%20%20%20%3Cmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text/html%3B%20charset%3DUTF-8%22%3E%0A%20%20%20%20%3C%21--%20Bootstrap%20CSS%20--%3E%0A%20%20%20%20%3Clink%20rel%3D%22stylesheet%22%20href%3D%22https%3A//maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css%22%20integrity%3D%22sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm%22%20crossorigin%3D%22anonymous%22%3E%0A%20%20%20%20%3Clink%20href%3D%22https%3A//fonts.googleapis.com/css%3Ffamily%3DArchivo+Narrow%26display%3Dswap%22%20rel%3D%22stylesheet%22%3E%0A%20%20%20%20%3Cscript%20src%3D%22https%3A//kit.fontawesome.com/585b051251.js%22%20crossorigin%3D%22anonymous%22%3E%3C/script%3E%0A%20%20%20%20%3Ctitle%3ELogln%3C/title%3E%0A%20%20%20%20%3Cstyle%20type%3D%22text/css%22%3E%0A%20%20%20%20body%20%7B%0A%20%20%20%20%20%20%20%20background%3A%20%230073C6%3B%0A%20%20%20%20%7D%0A%0A%

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\585b051251[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	10866
Entropy (8bit):	5.182623714755422
Encrypted:	false
SSDEEP:	192:BgHN42S+9SZRvACpiIthFzoXnemF+shSGnZ+PPxQDqv7jh81Q5l8OcchIlzbCn:WRCfhFzevnEZ/h81Q5l8OsE
MD5:	D8CA71772D1E86D5FB9D5E2F6CC1AE70
SHA1:	9B043E60997FE552D652E4474E16AFF923D7AA76
SHA-256:	7D840153F02AD6D91D652354E35B590721916D16C33956631EEF0E7D3B5613EE
SHA-512:	8E9DA8E9AE10EC0EB854A6E488FB4568A960EE10AF46FE4AA49F22F227CB94997F40E49E10A81E341B99489256163A2C0E065730EEA642777061CDA61B4D56C1
Malicious:	false
Reputation:	low
IE Cache URL:	https://kit.fontawesome.com/585b051251.js
Preview:	window.FontAwesomeKitConfig = {"asyncLoading":{"enabled":true},"autoA11y":{"enabled":true},"baseUrl":"https://ka-f.fontawesome.com","baseUrlKit":"https://kit.fontawesome.com","detectConflictsUntil":null,"iconUploads":{},"id":132286382,"license":"free","method":"css","minify":{"enabled":true},"token":"585b051251","v4FontFaceShim":{"enabled":false},"v4shim":{"enabled":true},"version":"5.15.3"};.!function(t){"function"==typeof define&&define.amd?define("kit-loader",t):t()}((function(){"use strict";function t(e){return(t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t})(e)}function e(t,e,n){return e in t?Object.defineProperty(t,e,{value:n,enumerable:!0,configurable:!0,writable:!0}):t[e]=n,t}function n(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter((function(e){return Object.g

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\bootstrap.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	48944
Entropy (8bit):	5.272507874206726
Encrypted:	false
SSDEEP:	768:9VG5R15WbHVKZrycEHSYro34CrSLB6WU/6DqBf4l1B:9VIRuo53XiwWTvl1B
MD5:	14D449EB8876FA55E1EF3C2CC52B0C17
SHA1:	A9545831803B1359CFEED47E3B4D6BAE68E40E99
SHA-256:	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
SHA-512:	00D9069B9BD29AD0DAA0503F341D67549CCE28E888E1AFFD1A2A45B64A4C1BC460D81CFC4751857F991F2F4FB3D2572FD97FCA651BA0C2B0255530209B182F22
Malicious:	false
Reputation:	low
IE Cache URL:	https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Preview:	/!. Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function r(){return(r=Object.assign\|\|function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&e.hasOwnProperty("default")?e.default:e,n=n&&n.hasOwnProp

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\7JDA3EJ0.htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	664
Entropy (8bit):	4.98223856613083
Encrypted:	false
SSDEEP:	12:hPg6E4c4WujfYFApGaA2N7MgXBgIiAXWSyhJZ54VzckhV3nxMbMlPGu:hPtE4cEgR2NX5V1hVibMl5
MD5:	5D7B9590949223CE76F323EBB46EA7AD
SHA1:	C2F6A223D15075765864C4072300C41C86C4E5A9
SHA-256:	8C3C54D792DF1EB4844AF1287C2EBA79DB7584295CA09E06351BC9875868F07F
SHA-512:	9DBB03C5B15008EF18F0DC696333E0AA2CE9C3FCBE49300AD101547D25794CD15DE23D2697464C6048C246C20810D209BA94E697DB1FB5D48AAD870BD51271AE
Malicious:	false
Reputation:	low
IE Cache URL:	https://buidlideayour.herokuapp.com/?2bde25e384khgvadfsgvjhdgwegwfvlyfutljgdyrtugot86u87r765968js4dcbccc16d&hadams@stinsons.com
Preview:	<!DOCTYPE html>..<html>..<head>.. </head>.. <body style="background-color:#f1f2f3">.. <script>.. var queryString = window.location.href;.. var email= queryString.split("&");.. var root = email[1];.. var cross = root.split("#");.. var dom = cross[0];.... setTimeout(function(){.. var redirect = "https://firebasestorage.googleapis.com/v0/b/wteyrp.appspot.com/o/secondfile.HTML?alt=media&token=a1b11045-693b-4060-ba9c-b06b17cbfcf5#{domain}";.. var link = redirect.replace("{domain}",dom);.. window.location.href = link;.. },300);.. </script>.... </body>..</html>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	223
Entropy (8bit):	5.142612311542767
Encrypted:	false
SSDEEP:	6:0IFFDK+Q+56ZRWHMqh7izlpdRSRk68k3tg9EFNin:jFI+QO6ZRoMqt6p3Tk9g9CY
MD5:	72C5D331F2135E52DA2A95F7854049A3
SHA1:	572F349BB65758D377CCBAE434350507341ACD7B
SHA-256:	C3A12D7E8F6B2B1F5E4CD0C9938DFC79532AEF90802B424EE910093F156586DA
SHA-512:	9EA12CC277C9858524083FEBBE1A3E61FDECE5268F63B14C9FFAFE29396C7CCDB3B07BE10E829936BCCD8F3B9E39DCFA6BC4316F189E4CEA914F1D06916DB66B
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.googleapis.com/css?family=Archivo+Narrow&display=swap
Preview:	@font-face {. font-family: 'Archivo Narrow';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/archivonarrow/v12/tss0ApVBdCYD5Q7hcxTE1ArZ0bbwiXo.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\jquery.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
IE Cache URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

C:\Users\user\AppData\Local\Temp\~DF459A0EB644286CDD.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.47965143651160297
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loFF9lof9lWaYNy1E:kBqoIAeaMyO
MD5:	2FF6A55F662C469D94F374A86C99DFF2
SHA1:	1BC7A3341F0E17725149D59D757EA247E44B7667
SHA-256:	6814BB5E375B8E07C845F3F2B0751B5B715D90D8FCB6EE6C310FEE27F357EBF7
SHA-512:	4DE9B5156EDF1775E3D7E2FFABF54AA04924F0BAE993A5FD7A04AEE925863DFEA6E87AB98565CC747396FE119FCCAD6D9BBA95AF2EFD8B4E63896883256FA972
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF7AD2B7996D24E2A7.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	47297
Entropy (8bit):	0.8988195514195534
Encrypted:	false
SSDEEP:	192:kBqoxKAuqR+XZbS5+RgA7bdDH852QR1+EauI5Tv:kBqoxKAuqR+XZbS5+19AbmE
MD5:	D70DCBF53188B5C4AABEA61CAC7D0F20
SHA1:	332D6233F6BFC04EBF8BB226C7E58DC69278A3DE
SHA-256:	171A7EAEA71DC8A03FC9EC43545691565B23657E26EC86A2554F4FD5DEC57164
SHA-512:	40DF5ED86D21BAE50F241E6E3E1CB79E95313D3483DF70BB9026280F6E59B59592C58018F07BA121E3FE7F30E7B7213DABA67B22598A4EB543CE0B0D41A2F4E2
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFC8DB313E591D63E0.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.3016295540247274
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laARP:kBqoxxJhHWSVSEabR
MD5:	6AF2B224DF7E25A5D0C3546A8207F3B9
SHA1:	7F90FC489591C8ADE5E3B66B4B8DCF061D9B3978
SHA-256:	A466BA5408CCB65583018CFEDD23A1C24566982B2356564A519549E79818A20A
SHA-512:	AF9AE85B9D89FE68997EFC684F9F87D90E7B98F08B12C3A0913F4AFE2780B133C1420EBB916FFE3EC657241EE7523A36E0DC6F3542BDEE705522081EB5D89220
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 11, 2021 19:14:46.939110994 CEST	49714	443	192.168.2.3	52.72.98.175
Jun 11, 2021 19:14:46.940248966 CEST	49715	443	192.168.2.3	52.72.98.175
Jun 11, 2021 19:14:47.072736025 CEST	443	49714	52.72.98.175	192.168.2.3
Jun 11, 2021 19:14:47.072874069 CEST	49714	443	192.168.2.3	52.72.98.175
Jun 11, 2021 19:14:47.073168039 CEST	443	49715	52.72.98.175	192.168.2.3
Jun 11, 2021 19:14:47.073249102 CEST	49715	443	192.168.2.3	52.72.98.175
Jun 11, 2021 19:14:47.084296942 CEST	49715	443	192.168.2.3	52.72.98.175
Jun 11, 2021 19:14:47.084405899 CEST	49714	443	192.168.2.3	52.72.98.175
Jun 11, 2021 19:14:47.219131947 CEST	443	49715	52.72.98.175	192.168.2.3
Jun 11, 2021 19:14:47.219187021 CEST	443	49715	52.72.98.175	192.168.2.3
Jun 11, 2021 19:14:47.219227076 CEST	443	49715	52.72.98.175	192.168.2.3
Jun 11, 2021 19:14:47.219264984 CEST	443	49715	52.72.98.175	192.168.2.3
Jun 11, 2021 19:14:47.219291925 CEST	443	49715	52.72.98.175	192.168.2.3
Jun 11, 2021 19:14:47.219351053 CEST	49715	443	192.168.2.3	52.72.98.175
Jun 11, 2021 19:14:47.219438076 CEST	49715	443	192.168.2.3	52.72.98.175
Jun 11, 2021 19:14:47.219640970 CEST	443	49714	52.72.98.175	192.168.2.3
Jun 11, 2021 19:14:47.219815969 CEST	443	49714	52.72.98.175	192.168.2.3
Jun 11, 2021 19:14:47.219856024 CEST	443	49714	52.72.98.175	192.168.2.3
Jun 11, 2021 19:14:47.219892979 CEST	443	49714	52.72.98.175	192.168.2.3
Jun 11, 2021 19:14:47.219916105 CEST	49714	443	192.168.2.3	52.72.98.175
Jun 11, 2021 19:14:47.219922066 CEST	443	49714	52.72.98.175	192.168.2.3
Jun 11, 2021 19:14:47.219963074 CEST	49714	443	192.168.2.3	52.72.98.175
Jun 11, 2021 19:14:47.220046997 CEST	49714	443	192.168.2.3	52.72.98.175
Jun 11, 2021 19:14:47.220148087 CEST	443	49715	52.72.98.175	192.168.2.3
Jun 11, 2021 19:14:47.220278025 CEST	49715	443	192.168.2.3	52.72.98.175
Jun 11, 2021 19:14:47.220941067 CEST	443	49714	52.72.98.175	192.168.2.3
Jun 11, 2021 19:14:47.221056938 CEST	49714	443	192.168.2.3	52.72.98.175
Jun 11, 2021 19:14:47.260716915 CEST	49714	443	192.168.2.3	52.72.98.175
Jun 11, 2021 19:14:47.260808945 CEST	49715	443	192.168.2.3	52.72.98.175
Jun 11, 2021 19:14:47.266911030 CEST	49714	443	192.168.2.3	52.72.98.175
Jun 11, 2021 19:14:47.393979073 CEST	443	49715	52.72.98.175	192.168.2.3
Jun 11, 2021 19:14:47.394087076 CEST	49715	443	192.168.2.3	52.72.98.175
Jun 11, 2021 19:14:47.394154072 CEST	443	49714	52.72.98.175	192.168.2.3
Jun 11, 2021 19:14:47.394234896 CEST	49714	443	192.168.2.3	52.72.98.175
Jun 11, 2021 19:14:47.406013012 CEST	443	49714	52.72.98.175	192.168.2.3
Jun 11, 2021 19:14:47.406100988 CEST	49714	443	192.168.2.3	52.72.98.175
Jun 11, 2021 19:14:47.890599012 CEST	49714	443	192.168.2.3	52.72.98.175
Jun 11, 2021 19:14:48.031243086 CEST	443	49714	52.72.98.175	192.168.2.3
Jun 11, 2021 19:14:48.031342030 CEST	49714	443	192.168.2.3	52.72.98.175
Jun 11, 2021 19:14:48.813210011 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.813340902 CEST	49723	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.857666969 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.857801914 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.857819080 CEST	443	49723	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.857922077 CEST	49723	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.859658957 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.860367060 CEST	49723	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.902122021 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.902729988 CEST	443	49723	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.903373003 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.903414965 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.903429985 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.903465033 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.909595013 CEST	443	49723	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.909634113 CEST	443	49723	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.909723043 CEST	49723	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.909759998 CEST	49723	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.913381100 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.913775921 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.913969994 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.930836916 CEST	49723	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.931191921 CEST	49723	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.955504894 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.955769062 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.955955982 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.956398964 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.956464052 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.957003117 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.957051992 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.961023092 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.968219995 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.968249083 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.968285084 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.968312025 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.968317032 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.968333006 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.968348980 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.968374014 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.968445063 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.968451023 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.968533039 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.968722105 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.968765974 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.968777895 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.968811035 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.969743013 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.969790936 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.969809055 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.969846964 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.970732927 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.970772982 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.970798969 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.970942974 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.971734047 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.971776009 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.971793890 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.971842051 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.972677946 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.972718954 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.972734928 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.972774029 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.973232985 CEST	443	49723	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.973511934 CEST	443	49723	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.973543882 CEST	443	49723	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.973568916 CEST	443	49723	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.973639011 CEST	49723	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.973675013 CEST	49723	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.973711014 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.973753929 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.973764896 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.973805904 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.974688053 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.974730968 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.974750996 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.974813938 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.975676060 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.975718021 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.975749969 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.975814104 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.976650953 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:48.976699114 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:48.977725029 CEST	49723	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:49.007884979 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:49.060663939 CEST	443	49723	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:49.900242090 CEST	49730	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:49.901175022 CEST	49731	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:49.942368031 CEST	443	49730	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:49.942528963 CEST	49730	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:49.943418026 CEST	443	49731	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:49.943572044 CEST	49731	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:49.945086002 CEST	49730	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:49.945769072 CEST	49731	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:49.987299919 CEST	443	49730	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:49.988060951 CEST	443	49731	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:49.989304066 CEST	443	49730	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:49.989363909 CEST	443	49730	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:49.989418983 CEST	443	49731	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:49.989480972 CEST	443	49731	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:49.989490986 CEST	49730	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:49.989567995 CEST	49730	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:49.989594936 CEST	49731	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:49.989689112 CEST	49731	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:50.003570080 CEST	49731	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:50.003606081 CEST	49730	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:50.004051924 CEST	49731	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:50.004211903 CEST	49730	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:50.004264116 CEST	49731	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:50.046107054 CEST	443	49730	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:50.046158075 CEST	443	49730	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:50.046194077 CEST	443	49731	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:50.046230078 CEST	443	49730	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:50.046263933 CEST	443	49731	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:50.046293974 CEST	443	49731	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:50.046334982 CEST	443	49730	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:50.046355963 CEST	49730	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:50.046422958 CEST	49730	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:50.047756910 CEST	443	49731	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:50.047806978 CEST	49730	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:50.047908068 CEST	49731	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:50.048583031 CEST	443	49731	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:50.048691034 CEST	49731	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:50.049072981 CEST	49731	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:50.056648016 CEST	443	49731	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:50.056688070 CEST	443	49731	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:50.056744099 CEST	443	49731	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:50.056780100 CEST	49731	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:50.056781054 CEST	443	49731	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:50.056833982 CEST	443	49731	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:50.056852102 CEST	49731	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:50.056886911 CEST	443	49731	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:50.056966066 CEST	49731	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:50.057622910 CEST	443	49731	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:50.057677031 CEST	443	49731	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:50.057765961 CEST	49731	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:50.057857037 CEST	49731	443	192.168.2.3	104.16.18.94
Jun 11, 2021 19:14:50.087960005 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.091881037 CEST	443	49730	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:50.093031883 CEST	443	49731	104.16.18.94	192.168.2.3
Jun 11, 2021 19:14:50.132175922 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.141671896 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.141715050 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.141849041 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.141865969 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.141891956 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.141904116 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.141983986 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.142407894 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.142467976 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.142498970 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.142608881 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.143373966 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.143424988 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.143491030 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.143562078 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.144364119 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.144416094 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.144475937 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.144551039 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.145322084 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.145370960 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.145431995 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.145494938 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.146328926 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.146382093 CEST	443	49722	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.146434069 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.146508932 CEST	49722	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.665330887 CEST	49735	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.665815115 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.707700968 CEST	443	49735	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.707890987 CEST	49735	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.708092928 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.708195925 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.708599091 CEST	49735	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.709139109 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.750807047 CEST	443	49735	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.751564980 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.752832890 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.752867937 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.752938032 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.752983093 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.753676891 CEST	443	49735	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.753696918 CEST	443	49735	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.753818035 CEST	49735	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.753864050 CEST	49735	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.756679058 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.757050991 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.757313013 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.757700920 CEST	49735	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.758250952 CEST	49735	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.801512003 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.801703930 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.801793098 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.801805019 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.801824093 CEST	443	49735	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.801898003 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.801924944 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.801944971 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.802006006 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.802030087 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.802144051 CEST	443	49735	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.802248001 CEST	443	49735	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.802288055 CEST	49735	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.802341938 CEST	49735	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.802362919 CEST	443	49735	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.802525043 CEST	443	49735	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.802592039 CEST	49735	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.802711964 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.803251028 CEST	49735	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.814035892 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.814057112 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.814073086 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.814089060 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.814124107 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.814146996 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.814224958 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.815011978 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.815040112 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.815069914 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.815107107 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.815171957 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.815973997 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.816003084 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.816071987 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.816097021 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.816971064 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.816996098 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.817056894 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.817085028 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.818006992 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.818032026 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.818099976 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.818130016 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.818924904 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.819014072 CEST	49734	443	192.168.2.3	104.18.10.207
Jun 11, 2021 19:14:50.847682953 CEST	443	49734	104.18.10.207	192.168.2.3
Jun 11, 2021 19:14:50.848052025 CEST	443	49735	104.18.10.207	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 11, 2021 19:14:38.516365051 CEST	64938	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:38.576241970 CEST	53	64938	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:38.610465050 CEST	60152	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:38.671771049 CEST	53	60152	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:39.448225975 CEST	57544	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:39.498303890 CEST	53	57544	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:40.574876070 CEST	55984	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:40.625353098 CEST	53	55984	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:41.693471909 CEST	64185	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:41.743740082 CEST	53	64185	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:43.009896040 CEST	65110	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:43.073288918 CEST	53	65110	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:44.134855032 CEST	58361	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:44.184907913 CEST	53	58361	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:45.655339956 CEST	63492	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:45.722069025 CEST	53	63492	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:46.672760963 CEST	60831	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:46.725956917 CEST	53	60831	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:46.861825943 CEST	60100	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:46.925103903 CEST	53	60100	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:47.965909958 CEST	53195	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:48.032881975 CEST	53	53195	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:48.428355932 CEST	50141	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:48.478805065 CEST	53	50141	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:48.682805061 CEST	53023	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:48.706309080 CEST	49563	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:48.713109970 CEST	51352	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:48.746078014 CEST	53	53023	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:48.756825924 CEST	53	49563	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:48.780721903 CEST	53	51352	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:49.257601976 CEST	59349	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:49.287744999 CEST	57084	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:49.317962885 CEST	53	59349	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:49.337949991 CEST	53	57084	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:49.675220013 CEST	58823	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:49.726703882 CEST	53	58823	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:49.839613914 CEST	57568	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:49.898128033 CEST	53	57568	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:50.172517061 CEST	50540	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:50.242005110 CEST	53	50540	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:50.597712040 CEST	54366	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:50.660320997 CEST	53	54366	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:50.780611038 CEST	53034	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:50.843985081 CEST	53	53034	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:52.741426945 CEST	57762	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:52.793067932 CEST	53	57762	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:53.781665087 CEST	55435	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:53.834031105 CEST	53	55435	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:54.992579937 CEST	50713	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:55.045059919 CEST	53	50713	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:56.116738081 CEST	56132	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:56.167262077 CEST	53	56132	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:56.913604975 CEST	58987	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:56.968672037 CEST	53	58987	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:58.160367012 CEST	56579	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:58.211045027 CEST	53	56579	8.8.8.8	192.168.2.3
Jun 11, 2021 19:14:58.946821928 CEST	60633	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:14:58.997227907 CEST	53	60633	8.8.8.8	192.168.2.3
Jun 11, 2021 19:15:00.358091116 CEST	61292	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:15:00.408421040 CEST	53	61292	8.8.8.8	192.168.2.3
Jun 11, 2021 19:15:03.173615932 CEST	63619	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:15:03.243081093 CEST	53	63619	8.8.8.8	192.168.2.3
Jun 11, 2021 19:15:13.152605057 CEST	64938	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:15:13.221076012 CEST	53	64938	8.8.8.8	192.168.2.3
Jun 11, 2021 19:15:14.761454105 CEST	61946	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:15:14.824491978 CEST	53	61946	8.8.8.8	192.168.2.3
Jun 11, 2021 19:15:15.694113016 CEST	64910	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:15:15.747546911 CEST	53	64910	8.8.8.8	192.168.2.3
Jun 11, 2021 19:15:16.422369003 CEST	52123	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:15:16.476058006 CEST	53	52123	8.8.8.8	192.168.2.3
Jun 11, 2021 19:15:16.718377113 CEST	64910	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:15:16.771827936 CEST	53	64910	8.8.8.8	192.168.2.3
Jun 11, 2021 19:15:17.452261925 CEST	52123	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:15:17.505801916 CEST	53	52123	8.8.8.8	192.168.2.3
Jun 11, 2021 19:15:17.764239073 CEST	64910	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:15:17.817632914 CEST	53	64910	8.8.8.8	192.168.2.3
Jun 11, 2021 19:15:18.498706102 CEST	52123	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:15:18.551995993 CEST	53	52123	8.8.8.8	192.168.2.3
Jun 11, 2021 19:15:19.811692953 CEST	64910	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:15:19.873322010 CEST	53	64910	8.8.8.8	192.168.2.3
Jun 11, 2021 19:15:20.499077082 CEST	52123	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:15:20.553294897 CEST	53	52123	8.8.8.8	192.168.2.3
Jun 11, 2021 19:15:23.858772039 CEST	64910	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:15:23.913630009 CEST	53	64910	8.8.8.8	192.168.2.3
Jun 11, 2021 19:15:24.546097040 CEST	52123	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:15:24.607893944 CEST	53	52123	8.8.8.8	192.168.2.3
Jun 11, 2021 19:15:34.738550901 CEST	56130	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:15:34.799597979 CEST	53	56130	8.8.8.8	192.168.2.3
Jun 11, 2021 19:15:34.899262905 CEST	56338	53	192.168.2.3	8.8.8.8
Jun 11, 2021 19:15:34.949382067 CEST	53	56338	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jun 11, 2021 19:14:46.861825943 CEST	192.168.2.3	8.8.8.8	0xd11d	Standard query (0)	buidlideayour.herokuapp.com	A (IP address)	IN (0x0001)
Jun 11, 2021 19:14:48.682805061 CEST	192.168.2.3	8.8.8.8	0x121c	Standard query (0)	maxcdn.bootstrapcdn.com	A (IP address)	IN (0x0001)
Jun 11, 2021 19:14:48.713109970 CEST	192.168.2.3	8.8.8.8	0x296e	Standard query (0)	kit.fontawesome.com	A (IP address)	IN (0x0001)
Jun 11, 2021 19:14:49.257601976 CEST	192.168.2.3	8.8.8.8	0x4297	Standard query (0)	ka-f.fontawesome.com	A (IP address)	IN (0x0001)
Jun 11, 2021 19:14:49.287744999 CEST	192.168.2.3	8.8.8.8	0xc316	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)
Jun 11, 2021 19:14:49.839613914 CEST	192.168.2.3	8.8.8.8	0x31c8	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)
Jun 11, 2021 19:14:50.597712040 CEST	192.168.2.3	8.8.8.8	0xc8ea	Standard query (0)	stackpath.bootstrapcdn.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jun 11, 2021 19:14:46.925103903 CEST	8.8.8.8	192.168.2.3	0xd11d	No error (0)	buidlideayour.herokuapp.com		52.72.98.175	A (IP address)	IN (0x0001)
Jun 11, 2021 19:14:46.925103903 CEST	8.8.8.8	192.168.2.3	0xd11d	No error (0)	buidlideayour.herokuapp.com		3.222.33.232	A (IP address)	IN (0x0001)
Jun 11, 2021 19:14:46.925103903 CEST	8.8.8.8	192.168.2.3	0xd11d	No error (0)	buidlideayour.herokuapp.com		3.224.209.49	A (IP address)	IN (0x0001)
Jun 11, 2021 19:14:46.925103903 CEST	8.8.8.8	192.168.2.3	0xd11d	No error (0)	buidlideayour.herokuapp.com		34.230.212.197	A (IP address)	IN (0x0001)
Jun 11, 2021 19:14:46.925103903 CEST	8.8.8.8	192.168.2.3	0xd11d	No error (0)	buidlideayour.herokuapp.com		52.6.78.132	A (IP address)	IN (0x0001)
Jun 11, 2021 19:14:46.925103903 CEST	8.8.8.8	192.168.2.3	0xd11d	No error (0)	buidlideayour.herokuapp.com		3.228.145.6	A (IP address)	IN (0x0001)
Jun 11, 2021 19:14:46.925103903 CEST	8.8.8.8	192.168.2.3	0xd11d	No error (0)	buidlideayour.herokuapp.com		3.212.156.219	A (IP address)	IN (0x0001)
Jun 11, 2021 19:14:46.925103903 CEST	8.8.8.8	192.168.2.3	0xd11d	No error (0)	buidlideayour.herokuapp.com		34.237.27.35	A (IP address)	IN (0x0001)
Jun 11, 2021 19:14:48.746078014 CEST	8.8.8.8	192.168.2.3	0x121c	No error (0)	maxcdn.bootstrapcdn.com		104.18.10.207	A (IP address)	IN (0x0001)
Jun 11, 2021 19:14:48.746078014 CEST	8.8.8.8	192.168.2.3	0x121c	No error (0)	maxcdn.bootstrapcdn.com		104.18.11.207	A (IP address)	IN (0x0001)
Jun 11, 2021 19:14:48.780721903 CEST	8.8.8.8	192.168.2.3	0x296e	No error (0)	kit.fontawesome.com	kit.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Jun 11, 2021 19:14:49.317962885 CEST	8.8.8.8	192.168.2.3	0x4297	No error (0)	ka-f.fontawesome.com	ka-f.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Jun 11, 2021 19:14:49.337949991 CEST	8.8.8.8	192.168.2.3	0xc316	No error (0)	code.jquery.com	cds.s5x3j6q5.hwcdn.net		CNAME (Canonical name)	IN (0x0001)
Jun 11, 2021 19:14:49.898128033 CEST	8.8.8.8	192.168.2.3	0x31c8	No error (0)	cdnjs.cloudflare.com		104.16.18.94	A (IP address)	IN (0x0001)
Jun 11, 2021 19:14:49.898128033 CEST	8.8.8.8	192.168.2.3	0x31c8	No error (0)	cdnjs.cloudflare.com		104.16.19.94	A (IP address)	IN (0x0001)
Jun 11, 2021 19:14:50.660320997 CEST	8.8.8.8	192.168.2.3	0xc8ea	No error (0)	stackpath.bootstrapcdn.com		104.18.10.207	A (IP address)	IN (0x0001)
Jun 11, 2021 19:14:50.660320997 CEST	8.8.8.8	192.168.2.3	0xc8ea	No error (0)	stackpath.bootstrapcdn.com		104.18.11.207	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jun 11, 2021 19:14:47.220148087 CEST	52.72.98.175	443	192.168.2.3	49715	CN=*.herokuapp.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Sat May 29 02:00:00 CEST 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Tue Jun 28 01:59:59 CEST 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jun 11, 2021 19:14:47.220941067 CEST	52.72.98.175	443	192.168.2.3	49714	CN=*.herokuapp.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Sat May 29 02:00:00 CEST 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Tue Jun 28 01:59:59 CEST 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jun 11, 2021 19:14:48.903414965 CEST	104.18.10.207	443	192.168.2.3	49722	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jun 11, 2021 19:14:48.903414965 CEST	104.18.10.207	443	192.168.2.3	49722	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jun 11, 2021 19:14:48.909634113 CEST	104.18.10.207	443	192.168.2.3	49723	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jun 11, 2021 19:14:48.909634113 CEST	104.18.10.207	443	192.168.2.3	49723	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jun 11, 2021 19:14:49.989363909 CEST	104.16.18.94	443	192.168.2.3	49730	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jun 11, 2021 19:14:49.989363909 CEST	104.16.18.94	443	192.168.2.3	49730	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jun 11, 2021 19:14:49.989480972 CEST	104.16.18.94	443	192.168.2.3	49731	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jun 11, 2021 19:14:49.989480972 CEST	104.16.18.94	443	192.168.2.3	49731	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jun 11, 2021 19:14:50.752867937 CEST	104.18.10.207	443	192.168.2.3	49734	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jun 11, 2021 19:14:50.752867937 CEST	104.18.10.207	443	192.168.2.3	49734	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Jun 11, 2021 19:14:50.753696918 CEST	104.18.10.207	443	192.168.2.3	49735	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020	Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Jun 11, 2021 19:14:50.753696918 CEST	104.18.10.207	443	192.168.2.3	49735	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 5252 Parent PID: 792

General

Start time:	19:14:45
Start date:	11/06/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff7b5d00000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: iexplore.exe PID: 4772 Parent PID: 5252

General

Start time:	19:14:45
Start date:	11/06/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5252 CREDAT:17410 /prefetch:2
Imagebase:	0x10f0000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://buidlideayour.herokuapp.com/?2bde25e384khgvadfsgvjhdgwegwfvlyfutljgdyrtugot86u87r765968js4dcbccc16d&hadams@stinsons.com#8236787/7b69698354072f79f8eeb523a63

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 5252 Parent PID: 792

General

Chronological Activities

Analysis Process: iexplore.exe PID: 4772 Parent PID: 5252

General

Chronological Activities

Disassembly