ID: 430968 Cookbook: browseurl.jbs Time: 09:43:29 Date: 08/06/2021 Version: 32.0.0 Black Diamond Table of Contents
Table of Contents 2 Analysis Report https://isolate.menlosecurity.com/1/3735927188/https:/documentservices.blob.core.windows.net/document/IRDTaxReturn.img Overview 33 General Information 3 Detection 3 Signatures 3 Classification 3 Process Tree 3 Malware Configuration 3 Yara Overview 3 Sigma Overview 3 Signature Overview 3 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 4 Thumbnails 4 Antivirus, Machine Learning and Genetic Malware Detection 5 Initial Sample 5 Dropped Files 5 Unpacked PE Files 5 Domains 5 URLs 6 Domains and IPs 6 Contacted Domains 6 Contacted URLs 6 URLs from Memory and Binaries 6 Contacted IPs 6 Public 6 General Information 6 Simulations 7 Behavior and APIs 7 Joe Sandbox View / Context 7 IPs 7 Domains 7 ASN 7 JA3 Fingerprints 7 Dropped Files 7 Created / dropped Files 7 Static File Info 23 No static file info 23 Network Behavior 23 Network Port Distribution 23 TCP Packets 23 UDP Packets 23 DNS Queries 23 DNS Answers 23 HTTPS Packets 24 Code Manipulations 26 Statistics 26 Behavior 26 System Behavior 26 Analysis Process: iexplore.exe PID: 3848 Parent PID: 800 26 General 26 File Activities 26 Registry Activities 27 Analysis Process: iexplore.exe PID: 660 Parent PID: 3848 27 General 27 File Activities 27 Registry Activities 27 Disassembly 27
Copyright Joe Security LLC 2021 Page 2 of 27 Analysis Report https://isolate.menlosecurity.com/1/3735…927188/https:/documentservices.blob.core.windows.net/document/IRDTaxReturn.img
Overview
General Information Detection Signatures Classification
Sample URL: https://isolate.menlos ecurity.com/1/3735927188 HHTTMLL bbooddyy ccoonntttaaiiinnss lllooww nnuumbbeerrr oofff … /https:/documentservices.b IIHInnTvvaMallliiLidd bllliiinonkdksys ffcfooouunnntdadins low number of lob.core.windows.net/docu ment/IRDTaxReturn.img Invalid links found
Analysis ID: 430968 Ransomware
Infos: Miner Spreading
mmaallliiiccciiioouusss Most interesting Screenshot: malicious Evader Phishing
sssuusssppiiiccciiioouusss
suspicious
cccllleeaann
clean
Exploiter Banker
Spyware Trojan / Bot
Adware
Score: 1 Range: 0 - 100 Whitelisted: false Confidence: 80%
Process Tree
System is w10x64 iexplore.exe (PID: 3848 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 660 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3848 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup
Malware Configuration
No configs have been found
Yara Overview
No yara matches
Sigma Overview
No Sigma rule has matched
Signature Overview
Click to jump to signature section
Copyright Joe Security LLC 2021 Page 3 of 27 There are no malicious signatures, click here to show all signatures .
Mitre Att&ck Matrix
Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Windows Path Process Masquerading 1 OS File and Remote Data from Exfiltration Encrypted Eavesdrop on Remotely Modify Accounts Management Interception Injection 1 Credential Directory Services Local Over Other Channel 2 Insecure Track Device System Instrumentation Dumping Discovery 1 System Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Process LSASS Application Remote Data from Exfiltration Non- Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Injection 1 Memory Window Desktop Removable Over Application Redirect Phone Wipe Data Lockout Initialization Initialization Discovery Protocol Media Bluetooth Layer Calls/SMS Without Scripts Scripts Protocol 1 Authorization Domain At (Linux) Logon Script Logon Obfuscated Files Security Query SMB/Windows Data from Automated Application Exploit SS7 to Obtain Delete Accounts (Windows) Script or Information Account Registry Admin Shares Network Exfiltration Layer Track Device Device Device (Windows) Manager Shared Protocol 2 Location Cloud Data Drive Backups
Behavior Graph
Hide Legend Legend: Process Signature Created File Behavior Graph
ID: 430968 DNS/IP Info URL: https://isolate.menlosecuri... Is Dropped Startdate: 08/06/2021 Architecture: WINDOWS Is Windows Process Score: 1 Number of created Registry Values
Number of created Files
nlb-sv-pd02770033-812ca3bb98735b86.elb.eu-central-1.amazonaws.com isolate.menlosecurity.com 02770033-view.menlosecurity.com V i s sutaartel dB a s ic Delphi
Java iexplore.exe .Net C# or VB.NET
C, C++ or other language 1 51 Is malicious
In t e rsntaertetd
iexplore.exe
2 74
nlb-sv-pd02770033-812ca3bb98735b86.elb.eu-central-1.amazonaws.com 52.59.184.119, 443, 49714, 49715 52.59.184.117, 443, 49712, 49713 AMAZON-02US 5 other IPs or domains AMAZON-02US United States United States
Screenshots
Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Copyright Joe Security LLC 2021 Page 4 of 27 Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Source Detection Scanner Label Link 0% Avira URL Cloud safe https://isolate.menlosecurity.com/1/3735927188/https:/documentservices.blob.core.windows.net/docume nt/IRDTaxReturn.img
Dropped Files
No Antivirus matches
Unpacked PE Files
No Antivirus matches
Domains
No Antivirus matches
Copyright Joe Security LLC 2021 Page 5 of 27 URLs
Source Detection Scanner Label Link https://isolate.menlos 0% Avira URL Cloud safe https://isolate.menlosectrue 0% Avira URL Cloud safe
Domains and IPs
Contacted Domains
Name IP Active Malicious Antivirus Detection Reputation nlb-sv-pd02770033-812ca3bb98735b86.elb.eu- 52.59.184.117 true false high central-1.amazonaws.com xhr-eu-central-1-02770033-view.menlosecurity.com unknown unknown false high isolate.menlosecurity.com unknown unknown false high eu-central-1-02770033-view.menlosecurity.com unknown unknown false high
Contacted URLs
Name Malicious Antivirus Detection Reputation https://isolate.menlosecurity.com/account/ false high https://isolate.menlosecurity.com/account/reset_mfa false high https://isolate.menlosecurity.com/account/reset false high https://isolate.menlosecurity.com/account/register false high https://isolate.menlosecurity.com/account/login?form false high
URLs from Memory and Binaries
Contacted IPs
Public
IP Domain Country Flag ASN ASN Name Malicious 52.59.184.117 nlb-sv-pd02770033- United States 16509 AMAZON-02US false 812ca3bb98735b86.elb.eu- central-1.amazonaws.com 52.59.184.119 unknown United States 16509 AMAZON-02US false
General Information
Joe Sandbox Version: 32.0.0 Black Diamond Analysis ID: 430968 Start date: 08.06.2021 Start time: 09:43:29 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 3m 39s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs Sample URL: https://isolate.menlosecurity.com/1/3735927188/h ttps:/documentservices.blob.core.windows.net/documen t/IRDTaxReturn.img Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 Number of analysed new started processes analysed: 3 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Copyright Joe Security LLC 2021 Page 6 of 27 Number of injected processes analysed: 0 Technologies: EGA enabled AMSI enabled Analysis Mode: default Analysis stop reason: Timeout Detection: CLEAN Classification: clean1.win@3/47@4/2 Cookbook Comments: Adjust boot time Enable AMSI Browsing link: https://isolate .menlosecurity.com/account/reset Browsing link: https://isolate .menlosecurity.com/account/reset_mfa Browsing link: https://isolate .menlosecurity.com/account/ Browsing link: https://isolate .menlosecurity.com/account/register Warnings: Show All
Simulations
Behavior and APIs
No simulations
Joe Sandbox View / Context
IPs
No context
Domains
No context
ASN
No context
JA3 Fingerprints
No context
Dropped Files
No context
Created / dropped Files
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{55A2BD09-C82D-11EB-90EB-ECF4BBEA1588}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 30296 Entropy (8bit): 1.853120105240957 Encrypted: false SSDEEP: 192:rhZaZy2DW7tMif+RdjzM2rBtIRDHsfqd6jX:rnGx65hjqWy3 MD5: AA71E698DF002520AA2B073CA0833830
Copyright Joe Security LLC 2021 Page 7 of 27 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{55A2BD09-C82D-11EB-90EB-ECF4BBEA1588}.dat SHA1: BF81D168E77BFABC0709EA82196D0E5614CF4FC4 SHA-256: 8A81DAED9986C141A3DFE705879AFE25A721A10862114F80F08F564F94A14EB7 SHA-512: 915C412764AA4E2FA27501A575F86A9F6417B80334A48CEE6D2B81A65AC8B3C0E055F0F3800534DA9D40D1B25072BB26E18C402DADE1A3DB69BE5127F3E0DA8 2 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{55A2BD0B-C82D-11EB-90EB-ECF4BBEA1588}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 108667 Entropy (8bit): 2.631264748410425 Encrypted: false SSDEEP: 384:rqW9RFzLGZrwN8l01ADKZi55Ioi5yuUJkXUo0xIZ2dpYGSjpFt/BuXS1Dgj1LfWO:37oVs3i MD5: A4A557354C46CA299F00B200403A8FAF SHA1: B36DE323371EDE027AB63CA3E94251308362BC25 SHA-256: F9E66CABE23B3FE6CCC68FA47648B8C0EB23D7F006E9FB2BEC3A228229896E1D SHA-512: 389BBB65B75F20CA59A32232DF49CD51DDAAEFC21424E167A42A180B73364A6DF825434062567CAB824509779E48A4AA8B29F13E6B28493874E0F47CCA5FACE8 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{55A2BD0C-C82D-11EB-90EB-ECF4BBEA1588}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 16984 Entropy (8bit): 1.5659748359152483 Encrypted: false SSDEEP: 48:IwrGcpriGwpaEG4pQMGrapbSAGQpKCG7HpRVTGIpG:rxZKQ06KBSoAtTDA MD5: 1D768C6DF50838ABB99EDCAEF9F4D7A4 SHA1: 2F3CE69B7126228BACC6A67756819AED6960BF15 SHA-256: 3E5F61EEC6A7DDC3770D2E3BC859DDE7881B2210AA6FAF8934EBD5F69C2C3B5E SHA-512: 8FB0C5561C6B7D4D3B8B1F312C0E40D46747F6C38529ED660BFDF30985EFB2F81033093D594388E2F0BCDECDB164EC4A6FA819B75DCDA025CFEFE41E1650A50 A Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: data Category: dropped Size (bytes): 15482 Entropy (8bit): 2.5287751589394003 Encrypted: false SSDEEP: 192:3x59NdFNxhRB+OddUaqgHKl/Rdshawl16DOlRSQl/:tFNPdd0SKl/RdOaA1+OlRzl/ MD5: 15E4111328E894A7CE64101CD496A1E4 SHA1: 07D490E8D76239F475BC7FA08D5E602FDD510747 SHA-256: B53B4C5B01DA36C5E7D2AFA45931F9800FD8D015EF395726269FC73D477B7BCC SHA-512: 92CB019ADA1C02856A1B3C4162E6B6F0FB3F8B79E49ACB86B911898F6F35C5A216FE4CA90D591638D9744670AF8CA781C9245A88E901B56F155FC3EA4ADB4A77 Malicious: false Reputation: low
Copyright Joe Security LLC 2021 Page 8 of 27 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat Preview: -.h.t.t.p.s.:././.i.s.o.l.a.t.e...m.e.n.l.o.s.e.c.u.r.i.t.y...c.o.m./.f.a.v.i.c.o.n...i.c.o..%...... 00...... %...... (...0...`...... $...... E4#%E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#}E4#...... E4#.E4#.E4#.E4#.E4 #.E4#.E4#.E4#.E4#.E4#.E4#.E4#...... E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#. E4#.E4#.E4#...... E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#...... E4#.E4#.E4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\IRDTaxReturn[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines Category: dropped Size (bytes): 25362 Entropy (8bit): 5.783365249614929 Encrypted: false SSDEEP: 768:kMLBC3lVsTqlwY4BIB5ALlKhvfT5Zk3r7/hNkRGw:k8BC08 MD5: 59FC41A61497102CD2858B9A91420AC9 SHA1: 29E6391AFC14F2EB802703823B634498B8520A81 SHA-256: C0EAA261A4DBBB760EFE162BF138E54CE03305215F1F4AF29A1E1F6D1A6551BF SHA-512: 61966E90C15E37F557AD1E16D0C55A1E1A9F119D76CFC0A14D82DA6A8FE2810FCF580E9C652B919C24DFCAE2F1A4CC7AA6B9EC5B768DF152100FBCB94F8D3B 33 Malicious: false Reputation: low Preview: ....
....base64,iVBORw 0KGgo="/>...C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\exo2-bolditalic[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Exo 20 family Category: downloaded Size (bytes): 28193 Entropy (8bit): 7.969833636801697 Encrypted: false SSDEEP: 768:Jl6ov4wrPLEA3yNX4g2zDMLrwy5iiN5h/hb:n6ov4ERez2GEoLpb MD5: 72206DB7D8757524BF5AD175D738D4D9 SHA1: 21F6351D142BC865663F8718B2AB4C64EAC43374 SHA-256: 0A05640A2D57E60176F38D9F3713022F3A4DA71ACBCA0CAC4F1880994381A460 SHA-512: 83121FBA3C178BAEA879AA57805FEBBDD3EC481349C5319595199DE6A6D323885EC734B96423F209D156214BB297FB9C3276826AA020E9832E6061A5000698F4 Malicious: false Reputation: low IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-static/fonts/exo2-bolditalic.eot? Preview: !n...l...... LP...... o...... E.x.o. .2.0.....B.o.l.d. .I.t.a.l.i.c...x.V.e.r.s.i.o.n. .1...0.0.1.;.P.S. .0.0.1...0.0.1.;.h.o.t.c.o.n.v. .1...0...7.0.;.m.a.k.e.o.t.f. ..l.i.b.2...5...5.8.3.2.9...$.E.x.o. .2.0. .B.o.l.d. .I.t.a.l.i.c.....BSGP...... \.K..K..R.....xZg.icyR..&c..4o4F..w....[.N...... H.b...].....r....v...rr...q.....j.V^D]..6.8...... \.)..i%L.tv... I....5.e.f....$..WU...Q....~...L.@H`7....|.....?....CCC....i.b...!..4.8...I...... `.V+ln...... f...... ;...... ^<...0.....K...... 9e...jm"..].....JR..9..b%.Y.)...Q&....$-....C..E.DU=.).....C...{..pX...J^...... z..B...... $.$.`\...8p.F.....]..).D.b...... 48...:..^..:..3..U.2.....v...".z`...)..0_...... :.([email protected]...... A....~....s{.....J.p.[...... +...3c.f.`.#...... 3....+qnNz....=.....G.0...... ab..Yq. ../..r..s.y;.z....`.9x.G#....D..8#.B. .Pl.gz.F...R.Ah1....s.6..W...&[..q.....t4.5bwH..1...B..H...f..$=.J.th.lPN...r6.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\exo2-semibold-italic[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Exo 20 Semi Bold family Category: downloaded Size (bytes): 28468 Entropy (8bit): 7.970467194479931 Encrypted: false SSDEEP: 384:+2SqtFC7FT6kvQR1pFCYfGBmfl3gc8KiW9l6LMxI+feH8J8SassxKbqIxrt3:KquoltcGGYRTiWQM1fF4ssuxrx MD5: 6916B15300698A1E123FC35A50399F23 SHA1: DF487980692A557D34D5F6898862D23E218081F7 SHA-256: A2AE6B34B9708E82BF9F36051309581A8A080B18A588F29AA512FC800E512E3B SHA-512: 973894775AFE932B4B68C3BCFCBD5729E173A13C141865DFEDF6931EB849D992DFF332BA62546BBE6A513DBFFEE8BE4DF453DFFCF58F055D627DE5234D7D016 F Malicious: false Reputation: low IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-static/fonts/exo2-semibold-italic.eot? Preview: 4o...m...... X.....LP...... F^/~...... E.x.o. .2.0. .S.e.m.i. .B.o.l.d.....I.t.a.l.i.c...x.V.e.r.s.i.o.n. .1...0.0.1.;.P.S. .0.0.1...0.0.1.;.h.o.t.c.o.n.v. .1...0... 7.0.;.m.a.k.e.o.t.f...l.i.b.2...5...5.8.3.2.9.....E.x.o. .2.0. .S.e.m.i. .B.o.l.d. .I.t.a.l.i.c.....BSGP...... K..K..R.....xZg.icyR..&c..4o4F..w....[.N...... H.]...].....r....v...j.9j.J8...... /".. ..X.[.M...p.m.y..W,..o:;.S...&.Q...... p..x.~..^.X..5.c.l.8..$...... }V....O.+..Dxy.c.\E..#...... R .."[email protected].._....G..#.4^8.D.0.B.....w/.^.0..xJ.....(.ZJK..},0..C.. .L d.\..o...... 6. .l...&.hG....c...),..L.8..x..u../F....T...d..9.Z..J..rMa.0.2...).L.H.)I.gM..j...~....g,.O.....2..4)h.K...9=.PU.!.ty(.c.}P....z^V..H..x.IhOF..L.3.....''YT(...... Q....W9]...... C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\httpErrorPagesScripts[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators Category: downloaded Size (bytes): 12105 Entropy (8bit): 5.451485481468043 Encrypted: false SSDEEP: 192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f MD5: 9234071287E637F85D721463C488704C SHA1: CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152 SHA-256: 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649 SHA-512: 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384 Malicious: false Reputation: low IE Cache URL: res://ieframe.dll/httpErrorPagesScripts.js Copyright Joe Security LLC 2021 Page 10 of 27 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\httpErrorPagesScripts[1] Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.su bstring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var pound Index = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild( bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ie-extras-min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 12020 Entropy (8bit): 5.3757993407701345 Encrypted: false SSDEEP: 192:rdFY9BTmEDjhIz3zKdp4Z8eVJm/3U51hjKGVa3v1NchEGzVXkaZ5QvrLrMW:rCTmEyjrZkSjKGVa3v1Nc9kaIvrLrz MD5: 7074DDA35403970BB3F8D3D2F5322C87 SHA1: B6C1F31C9502579B70A3D5912116457E68742C46 SHA-256: 4061658A40104AF6ACC8CDCA88A582B3460571707B60F862B75D422F3D0FE877 SHA-512: F0497CFA615060EDB3EF48E0C2D703CAE1CDF07FECEA7CA1A93E00830D0D1792C5EE0FC400D8823BFBEBEF05C29EB87B5A8D8EAD3CBF8D3CD029CE4A04C7 3474 Malicious: false Reputation: low IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-static/scripts/ie-extras-min.js?v=2.77.0-58-1-gb154d92eba Preview: !function(e){var a=function(){"use strict";var e="s",s={DAY:864e5,HOUR:36e5,MINUTE:6e4,SECOND:1e3,BASELINE_YEAR:2014,MAX_SCORE:864e6,AMBIGUITIES: {"America/Denver":["America/Mazatlan"],"Europe/London":["Africa/Casablanca"],"America/Chicago":["America/Mexico_City"],"America/Asuncion":["America/Campo_G rande","America/Santiago"],"America/Montevideo":["America/Sao_Paulo","America/Santiago"],"Asia/Beirut":["Asia/Amman","Asia/Jerusalem","Europe/Helsinki","Asia/Da mascus","Africa/Cairo","Asia/Gaza","Europe/Minsk"],"Pacific/Auckland":["Pacific/Fiji"],"America/Los_Angeles":["America/Santa_Isabel"],"America/New_York":["Ameri ca/Havana"],"America/Halifax":["America/Goose_Bay"],"America/Godthab":["America/Miquelon"],"Asia/Dubai":["Asia/Yerevan"],"Asia/Jakarta":["Asia/Krasnoyarsk"],"As ia/Shanghai":["Asia/Irkutsk","Australia/Perth"],"Australia/Sydney":["Australia/Lord_Howe"],"Asia/Tokyo":["Asia/Yakutsk"],"Asia/Dhaka":["Asia/Omsk"],"Asia/Baku":["Asia/Yer evan"],"Australia/Brisbane":["Asia/Vladivostok"]," C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\jquery.cookie-1.4.1[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: downloaded Size (bytes): 3121 Entropy (8bit): 5.078590661266263 Encrypted: false SSDEEP: 96:GhItyVx2cgHppvb6LhoBIN0/ZljDKVQpF:GKyjvgHK+1ZsSF MD5: D5528DDE0006C78BE04817327C2F9B6F SHA1: 31E1BCC4CF805A2C2FEE21F48DED1E598F64A2A8 SHA-256: B84161C9FBF7520CD14E7019F92120BD87A928A074156E91A992EBA9FC9436E8 SHA-512: 69484BDB1382AE92C4B860F97FAB601DB2D8117469619F06E720FE5A516B5EB3F2D88AD6065BBA6E28790BD1FAA86B20AA753A9A0C7A2AD53C4EB787A404A9A F Malicious: false Reputation: low IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-static/lib/jquery.cookie-1.4.1.js?v=2.77.0-58-1-gb154d92eba Preview: /*!. * jQuery Cookie Plugin v1.4.1. * https://github.com/carhartl/jquery-cookie. *. * Copyright 2013 Klaus Hartl. * Released under the MIT license. */.(function (factory) {..if (ty peof define === 'function' && define.amd) {...// AMD...define(['jquery'], factory);..} else if (typeof exports === 'object') {...// CommonJS...factory(require('jquery'));..} else {...// Browser globals...factory(jQuery);..}.}(function ($) {...var pluses = /\+/g;...function encode(s) {...return config.raw ? s : encodeURIComponent(s);..}...function decode(s) { ...return config.raw ? s : decodeURIComponent(s);..}...function stringifyCookieValue(value) {...return encode(config.json ? JSON.stringify(value) : String(value));..}...function parseCookieValue(s) {...if (s.indexOf('"') === 0) {....// This is a quoted cookie as according to RFC2068, unescape...... s = s.slice(1, -1).replace(/\\"/g, '"').replace(/\\\\/g, '\\ ');...}....try {....// Replace server-side written pluses with spaces.....// If we can't decode the C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\reset[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text Category: downloaded Size (bytes): 1796 Entropy (8bit): 4.980412670452921 Encrypted: false SSDEEP: 24:h5ON1OSUN1zGz+N1U8vgN1R35cSTbI0NvzXmPN6dwY557u9HRoN:WN1O7N1qqN1dgN1vZXBNvD/n5C5RoN MD5: 85AA9C7E7BD7D8CA5003E040E0678BAD SHA1: 66784E63417DABB656959F40299B9494AA7A0976 SHA-256: 2AED54C9591198440E6A87DF1F0456E5517B9064E785CFFB84B9813C767663F5 SHA-512: 9C9553D1CEFFAEBB126AC0C19E633D22B3D6ED884699874F9938315A2A89A581727E6B41AFE01F98001DCB001AB371560EDEC6208174FF287757EC909A3DC179 Malicious: false Copyright Joe Security LLC 2021 Page 11 of 27 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\reset[1].htm Reputation: low IE Cache URL: https://isolate.menlosecurity.com/account/reset Preview: ... C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\reset_mfa[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: downloaded Size (bytes): 1186 Entropy (8bit): 4.685206871045238 Encrypted: false SSDEEP: 24:DsweH0od8yBegCyJZJZcd/qqnYarl2i2Yf2HsWZwI7:DswAegCyrfcdCCnp2YfTWZw8 MD5: 7F31F2B850F578D2EEF1374FF0F5D4B4 SHA1: 6C88D7E2ACFA8F57075CFB4964F1AB7A4B53A2D7 SHA-256: 7D0573CFEDDAEFA92078BABDFB7EC8C24AF4FABD413D1D9BDB26086323D128A5 SHA-512: 0EBD1E946739DE481C4E87A3E67BA593A9DF3453332B270DD760F018D64855F0827A7DBCD4DD68F894C79BA22FF964A1F392C7A857A522E415E1236BD385C552 Malicious: false Reputation: low IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-static/scripts/reset_mfa.js?v=2.77.0-58-1-gb154d92eba Preview: 'use strict';..function doResetXHR(data) {. $('.form .messages .processing').show();. $('.form input.button').attr('disabled', 'disabled');. $.ajax({. url : '/safeview-auth- server/reset_mfa',. type : 'POST',. dataType : 'json',. data : JSON.stringify(data),. success : function (resp_data, textStatus, jqXHR) {. $('#reset _mfa_form').hide();. $('#check_email').show();. },. error : function (resp_data, textStatus, jqXHR) {. if (resp_data.responseJSON) {. alert(res p_data.responseJSON.msg);. } else {. alert('Failed to communicate with the server.');. }. },. complete: function () {. $('.form .messages .processing').hide();. $('.form input.button').removeAttr('disabled');. }. });.}..$(document).ready(function() {. $('#check_email').hide();. $('#username').focus();.. $('#reset_mfa_form').on('submit', function(event) {. var arr = $(this).serializeArra C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\thin-client-min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 794796 Entropy (8bit): 5.413114989741166 Encrypted: false SSDEEP: 24576:svCB/n/E59tlwKcIGn+ejRQ2Hf2VxVXhoLHZ2JcDRuZ7yofsbIxY9BDLdjmCj5Ow:svCB/n/E59tlwKcIGn+ejRQ2Hf2VxVXM MD5: 084EB33B9B8AF03B101F8DDB103F5EE3 SHA1: 8BAFF13BBCFDA83677D37FCE980FDA6BE9C3977A SHA-256: EBBAE6A2D3CD43958E9F041625A984A80FB92608D11EC06626141212CDE782E7 SHA-512: B144E765435C191F9A901B97FECFCDEB70E6AC6B8B041A18378DC9718B060C553ADA0D84A0252A15E3E671E2D414B7EEC036F951EEB7DDBBBE1E338283E519 15 Malicious: false Reputation: low IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-static/scripts/thin-client-min.js?v=2.77.0-58-1-gb154d92eba Preview: /*! jQuery v1.7.2 jquery.com | jquery.org/license */.(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cu(a){i f(!cj[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ck||(ck=c.createElement("iframe"),ck.frameBorder=ck.width =ck.height=0),b.appendChild(ck);if(!cl||!ck.createElement)cl=(ck.contentWindow||ck.contentDocument).document,cl.write((f.support.boxModel?"":"")+" C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\ErrorPageTemplate[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators Category: downloaded Size (bytes): 2168 Entropy (8bit): 5.207912016937144 Encrypted: false SSDEEP: 24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6 MD5: F4FE1CB77E758E1BA56B8A8EC20417C5 SHA1: F4EDA06901EDB98633A686B11D02F4925F827BF0 SHA-256: 8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F SHA-512: 62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436 Copyright Joe Security LLC 2021 Page 12 of 27 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\ErrorPageTemplate[1] Malicious: false Reputation: low IE Cache URL: res://ieframe.dll/ErrorPageTemplate.css Preview: .body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...ma rgin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_grad ient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...back ground-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bullet[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 15 x 15, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 447 Entropy (8bit): 7.304718288205936 Encrypted: false SSDEEP: 12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R MD5: 26F971D87CA00E23BD2D064524AEF838 SHA1: 7440BEFF2F4F8FABC9315608A13BF26CABAD27D9 SHA-256: 1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D SHA-512: C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15 Malicious: false Reputation: low IE Cache URL: res://ieframe.dll/bullet.png Preview: .PNG...... IHDR...... ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...... [email protected]..~.....9..:.....A ..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M...... z`....#tRNS...... /,....mIDATx^..C..`...... S....y'...05...|..k.X...... *`.F.K....JQ..u.<.}.. .. [U..m....'r%...... yn.`.7F..).5..b..rX.T.....IEND.B`. C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\cof_frame[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text Category: downloaded Size (bytes): 338 Entropy (8bit): 5.220453842655573 Encrypted: false SSDEEP: 6:hxuJUJWaTsGFWXqSKszErwWbaDR/N1CQO29RyQVT6dm0/aNAEd0GL:hYsTNSKDcN1R3VT6Q0/XEdjL MD5: F781A8D373ADF19EAD761CF2126B0733 SHA1: 5EF6D265DAE5A79569156DDE314E4E57A057B780 SHA-256: A57DA4B24B45BDFB9C3B4383E84776366A6D8389D11718D556A6762DA7FAEF9F SHA-512: E75E5BC6033B40F3FE1B67AD594BD5FDBC44105F10F2B11D10FBABB87D364F29AAB07BB97F883B31A614956C1B3F39F3A54C0D19E067B46C83F7371AE707A40 7 Malicious: false Reputation: low IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-template/cof_frame.html?v=2.77.0-58-1-gb154d92eba Preview: .. C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\exo2-italic[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Exo 20 family Category: downloaded Size (bytes): 28292 Entropy (8bit): 7.965832849192004 Encrypted: false SSDEEP: 768:zs7TOydgAiPyuSkwyRcwe8YmHUjiYZ/pQnclutfIXPyC+c1R29:mpiPmkzemHUjt/iclutfIXR3R29 MD5: FCB9120708DCCC9121AAF217B1C56230 SHA1: 49ACE2CA2A0EA3FFDE549B59F8807765E57CD1C4 SHA-256: 6BEF723FA984610D094FC7DA99416E84AB9335DA96B4F16CF534650529950796 SHA-512: CA3D6682EE6F4AB1E49070B54AEE51643EB0BAA92E922994AB0D1E667AEFD5D6CBBCA1D30B82E84AB15D49B563889FF6566ADF383DD80E14C5048CC343EF35 55 Malicious: false Reputation: low IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-static/fonts/exo2-italic.eot? Copyright Joe Security LLC 2021 Page 13 of 27 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\exo2-italic[1].eot Preview: .n..bm...... LP...... =.8...... E.x.o. .2.0.....I.t.a.l.i.c...x.V.e.r.s.i.o.n. .1...0.0.1.;.P.S. .0.0.1...0.0.1.;.h.o.t.c.o.n.v. .1...0...7.0.;.m.a.k.e.o.t.f...l.i.b.2. ..5...5.8.3.2.9.....E.x.o. .2.0. .I.t.a.l.i.c.....BSGP...... JZ.J`.S.....xZg.icyR..&c..4o4F..w....[.N...... H..Z..ulc...c.Xp.>.7...... $<.:.R...s-.Y.qs98.ib..!..v|...4.7. -..."N..U..u .R.Q..+.@o.{....R..h.ZtzBB...... L.*5sxY).x..+..Q[..(...... %.Ej..r.S...#.Q.iY.0i...... =c.(..i.jK...p:.0X+..!#...... q....i#...... @v..@...... T.P.._+.VI.)....eC|A.1...... -!...I.YW ..v3~i.)XM...."6+...8p..l..J\-..9....a.C##..y.b.=&p...}..X...03-!9.u<...6.#...... 3K#....0..?-.cP.(...,"...U.h...... zf...#.....G..=s..G.o.F.U.d...... J.|...\..i.BRxSE....;...... '.z3.7...7q..."+>.s .2..|v.pLA9.`.)[email protected].(.3!.m.t"Q."L...z.y....#D.1...X.....&.C.j...W....lw...... 0.`....d... z}...... n...i...$...U@.~.j.%...._,..%.(.K...... d... C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\exo2-regular[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Exo 20 family Category: downloaded Size (bytes): 27914 Entropy (8bit): 7.967767013332253 Encrypted: false SSDEEP: 384:m60hsT1bLj8buWijb6OSkJ5kgJTRgzGVcudSNtPBok81Fq6Y4utS5xL2eAMIFNIr:F0hsTFjduxkLRO3ASNtPo1J3RJAMANIr MD5: E287DE04A8EE59EC61AC8AA3F40CD721 SHA1: 26189A99A3709170AF38E4EB5027BC57C76A735B SHA-256: AAA9D55E7EF659BD2BA3DCDCFFABD7ADF71563118C54DD47AC4900B845B879B8 SHA-512: 5D3AB6648974DE6D94BCCFEAF82DF8417C06428D0F74E24E9AB779F37A3EA2314E8CAF406695B75EF67253A5085681A10D8A92A0597AA51B49A369BADA3CCDF C Malicious: false Reputation: low IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-static/fonts/exo2-regular.eot? Preview: .m...k...... LP...... VH.H...... E.x.o. .2.0.....R.e.g.u.l.a.r...x.V.e.r.s.i.o.n. .1...0.0.1.;.P.S. .0.0.1...0.0.1.;.h.o.t.c.o.n.v. .1...0...7.0.;.m.a.k.e.o.t. f...l.i.b.2...5...5.8.3.2.9.....E.x.o. .2.0. .R.e.g.u.l.a.r.....BSGP...... GS.GY.N\....xZg.icyR..&c..4o4F..w....[.N...... H..Z...]...... rr...p.^;....T....nV.B.[.M..I..HD7W C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\exo2-semibold[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Exo 20 Semi Bold family Category: downloaded Size (bytes): 28420 Entropy (8bit): 7.968560249053301 Encrypted: false SSDEEP: 768:sudt5UWwALW3DEYE213ZLLnVqZvpyBLndF:suj5U3AL6IYE2nLVqBurdF MD5: B79C7C09CFB68E0324D07136E3E18DBF SHA1: 2EBB9D612CA61FE659EF8FB85219D7CDB98275EE SHA-256: ECD645892A303D17964EDFA01E4BE3DBF2F70A63C009239EDF95CDB2DC1C6803 SHA-512: 2E7D96393986FCE11F2C4DF2BB5F9C19F06B440F24667E466C3193FA39A6BFD30ED54DEFBBA3E863098F71290E1B17A98B0B19A99E7A0A9550CFC7B0DCD98A1 8 Malicious: false Reputation: low IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-static/fonts/exo2-semibold.eot? Preview: .o...m...... X.....LP...... E.x.o. .2.0. .S.e.m.i. .B.o.l.d.....R.e.g.u.l.a.r...x.V.e.r.s.i.o.n. .1...0.0.1.;.P.S. .0.0.1...0.0.1.;.h.o.t.c.o.n.v. .1...0.. .7.0.;.m.a.k.e.o.t.f...l.i.b.2...5...5.8.3.2.9...0.E.x.o. .2.0. .S.e.m.i. .B.o.l.d. .R.e.g.u.l.a.r.....BSGP...... I>.ID.Q\....xZg.icyR..&c..4o4F..w....[.N...... H.9Z..ulc.f.c.Xr|X.7..U.. PJQ.x.<.:.R.w.q..X.qt99>i..B%..*..X/M.t....Ap.N..M.....-.o.{.R...H.*L.x..{4.-:=!!A.-..S.U....&..9...... f.K...... @O.I`.C.....c...h.s2F.....i>O..]..2..M....LJ8.D.,.._B...... J.%q2.H..>w" .r...... P...{...b..)Q.sP.*~.*..j.f..!.o..y./xL...I1.)j....._.@..?..DF}J#=e.h^..6)..).$..#...X..y."}#R."y...Z.d.j.~..L.9G...X<.j.S.n.....Zx"2iaN..M...DP.*[email protected]@{.j'.K>q..u..g.j."...J..... {/...... C.A.vU.S...... PeP.L;...... ;..."*.?7.....H.Y.H....E...*E.Zp..6VM8(A]z..p..B...VB..F....z...2....j.*[email protected]...,h...1...... %.i".v!7..{..&.....`.....|..[ C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\fonts[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with CRLF line terminators Category: downloaded Size (bytes): 3575 Entropy (8bit): 4.953468004203319 Encrypted: false SSDEEP: 96:nVPtvnCEV+doNfHlzBN1qNCzDN2lNDziNa:VhCckwvlzr1WCzB2XDzua MD5: 9B51A63C63B1E09BA405DC9FBC930AB1 SHA1: 921A4D682F939FDA8D78B3BC42396C9744E32025 SHA-256: 2B799F12D81ACA84213022ED8C7BB4C909AB6B33FB9EE6515E9CD21585D793CA SHA-512: B98C5C3D65482AA8C317959781194673A914AD881DE3E84B90C14BADB4AC01BEE82E8B2705FB1BC2EA9BFEE3B0B75BBCA76D69B65D9D63C995C6BC8E12E54 9E1 Malicious: false Reputation: low IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-static/css/fonts.css?v=2.77.0-58-1-gb154d92eba Copyright Joe Security LLC 2021 Page 14 of 27 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\fonts[1].css Preview: @font-face {.. font-family: "Yanone Kaffeesatz";...font-style: normal;...font-weight: 400;.. src: url('../fonts/yanonekaffeesatz-regular.eot');.. src: url('../fonts/yanone kaffeesatz-regular.eot?#iefix') format('embedded-opentype'),.. url('../fonts/yanonekaffeesatz-regular.woff2') format('woff2'),.. url('../fonts/yanonekaffeesatz-regu lar.woff') format('woff'),.. url('../fonts/yanonekaffeesatz-regular.ttf') format('truetype'),.. url('../fonts/yanonekaffeesatz-regular.svg#yanone_kaffeesatzregular') format('svg');..}..@font-face {.. font-family: "Yanone Kaffeesatz";...font-style: normal;...font-weight: 700;.. src: url('../fonts/yanonekaffeesatz-bold.eot');.. src: url('../font s/yanonekaffeesatz-bold.eot?#iefix') format('embedded-opentype'),.. url('../fonts/yanonekaffeesatz-bold.woff2') format('woff2'),.. url('../fonts/yanonekaffeesatz-bo ld.woff') format('woff'),.. url('../fonts/yanonekaffeesatz-bold.ttf') format('true C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\logo-signin[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 800 x 140, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 6960 Entropy (8bit): 7.80400154386751 Encrypted: false SSDEEP: 192:XAF1OWKcfCenxHiN0+xXpIY7f14EMmX45NctJTgHI5dG5Q:XaenOM2Yuhwg5Q MD5: CEE147AF59B01E2266B4A529DF5427CD SHA1: 66C0B5D517528C621C5F2DC25ADCFD7E9CCB5D9B SHA-256: 49C3B15BB6E1A7813B33B23CEBBF0CEB8267AA9F51099121601B3547813E53EB SHA-512: 35481FDDE66B68FE24D6B0FBDA93397D2980C4F53FA7A599C9034E22A8A5DC45AD86D4309CC4AB3EEA99AC2B7EF833FFE3D2121D3AD36FDC1B99615EF974B3 F7 Malicious: false Reputation: low IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-static/img/logo-signin.png Preview: .PNG...... IHDR...... F.`....tEXtSoftware.Adobe ImageReadyq.e<....IDATx....u.J..qy.~.O.=[@..B*.\AH..W....7.v*.[.N....V`R...O..'y.Q...H3....st...b.yy4oI...... Y. .N....0.!G..o.cp.M~|.....-...... 6....8?...... )?.5p...... G....A.)...... @{,l..c..C 2"...... >F.A...... $P1..P.m.,.o@...... |..... &...6....%...... x.t...`...2C 2.j...... |,B.....dh.A....pf....OK>...... a...,.q...... ?...... U~.+...4ofG...... bJ....>4p&1.<...... X8..9.]...j.....v.HI!.....U.R....s.=...... K.!=4.C4..^..2].|G.t.1..y....l.? $/].....|+..c....c...... m...u..T...9\.j.K.A..-....WY.i...>...}....c...j..=.CR.'.O2...m.2O1.u:v~.. ...a.b...... e..%.5.f....K.:.....2....G.=...... aR.\)..@.=.._. .A.... C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\register[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: downloaded Size (bytes): 1615 Entropy (8bit): 4.567223535660905 Encrypted: false SSDEEP: 24:DqXYOu4/muMxlJrJl/z+kBYM7PGn2HsHs6zPqn8xfzGqtXPWzw8qmu4X77:DssmmuMnBXKkBhrGnTHscqzqD8qef MD5: 4C4A7692B0906112100162CDB59BA7C2 SHA1: B9C570B4EBE1AD599E0DC53094FC3DC1EA29538C SHA-256: 5C358C680E83F87842C19CFA051684009E410D56B3F03CA246E5EB8F965FFD7B SHA-512: EB40ECB985E01DDD6AD00BA94D1FD07CFD35453C0D4BB8EE806E624E32B14DD18252AF997C8A8361D29B0A63DECB9B9CA5532DB5CB608ACE15B3A46494A41 22C Malicious: false Reputation: low IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-static/scripts/register.js?v=2.77.0-58-1-gb154d92eba Preview: 'use strict';..function doRegisterXHR(data) {. $.ajax({url : '/safeview-auth-server/register',. type : 'POST',. dataType : 'json',. data : JSON.stringify(data ),. success : function (resp_data, textStatus, jqXHR) {. $('#registration_form').hide();. $('#registration_complete').show();. },. error : function (resp_data, textStatus, jqXHR) {. if (resp_data.responseJSON) {. alert(resp_data.responseJSON.msg);. } else {. alert($ ('safeview-info').attr('comm_failed'));. }. }. });.}..$(document).ready(function() {. $('#firstname_input').focus();. $('#registration_complete').hide();.. $('#registration_form').on('submit', function(event) {. var nameRegex = /^[a-zA-Z0-9._-]+$/;. var arr = $(this).serializeArray(),. data = {};. event.prev entDefault();. for (var i = 0; i < arr.length; i++) {. C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\reset_password[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: downloaded Size (bytes): 1201 Entropy (8bit): 4.6931733973019805 Encrypted: false SSDEEP: 24:DsweH0od8bNlBeVCyJZJZcd/qqnYarl2i2Xf2HsWZwI7:DswbNPeVCyrfcdCCnp2XfTWZw8 MD5: 1AE4C616EEBEADBA1F450C1020A5FBC6 SHA1: 03CBBC4C0957AECA4EE1C11E434CBD9E06807327 SHA-256: BD77A60BB2C53B9E37FD5E5CCB08D1CB565C9D5B8C292548ECC150E11EAF1980 SHA-512: D8AC0FE4D1102A338F48A12D53DEE987289B5A421F133BB0D2AF75E58205428F16B8205AB25E48EE5AF83D3A3F9AABA838027076C06C258C899800ECCDE49A40 Malicious: false Reputation: low IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-static/scripts/reset_password.js?v=2.77.0-58-1-gb154d92eba Copyright Joe Security LLC 2021 Page 15 of 27 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\reset_password[1].js Preview: 'use strict';..function doResetXHR(data) {. $('.form .messages .processing').show();. $('.form input.button').attr('disabled', 'disabled');. $.ajax({. url : '/safeview-auth- server/reset_password',. type : 'POST',. dataType : 'json',. data : JSON.stringify(data),. success : function (resp_data, textStatus, jqXHR) {. $('# reset_password_form').hide();. $('#check_email').show();. },. error : function (resp_data, textStatus, jqXHR) {. if (resp_data.responseJSON) {. alert(resp_data.responseJSON.msg);. } else {. alert('Failed to communicate with the server.');. }. },. complete: function () {. $('.form .messag es .processing').hide();. $('.form input.button').removeAttr('disabled');. }. });.}..$(document).ready(function() {. $('#check_email').hide();. $('#username').fo cus();.. $('#reset_password_form').on('submit', function(event) {. var arr = $(this C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\auth-new-vdi[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with CRLF line terminators Category: downloaded Size (bytes): 798 Entropy (8bit): 5.066677835667458 Encrypted: false SSDEEP: 12:ziquXMNOqk9E6hqfn6orJ4iquXMNOqk+2EGNE6hqf2HYdNdjekdYXcsQeslL:GF1hcxrJzF73jhcaYzZVYXczzL MD5: CF3B7346DB7E7CDE4D8CC3EA33D5F73C SHA1: 8D33D84150DB4B8E7576CDAE4A18FD940277F6BB SHA-256: 97AE4F89D743304E6901A988F0FBFC812DA5C3C796FACA2A45D0565E30A4D329 SHA-512: CC73E10E7DB698D3723D72D2FF61A6CD224E86A3997A61A5ED3F9563E41E6C52E2D6C93F7E5C2D0F6BDAB1C22F0A47053F515C2D5103ED9F1940CFFD433684D 1 Malicious: false Reputation: low IE Cache URL: https://isolate.menlosecurity.com/safeview-static/css/auth-new-vdi.css Preview: body, h1, h2, h3, input, input[type=text], input[type=password], input[type=number], input[type=email], input[type=tel], input[type=submit], input[type=button], select, .box .title, .footer .logo {...font-family:Calibri, Candara, Segoe, "Segoe UI", Tahoma, Arial, sans-serif;..}..body, p, label, input, input[type=text], input[type=password], input[t ype=number], input[type=email], input[type=tel], select {...font-size:15px;..}..input[type=submit], input[type=button] {...font-size:24px;...font-weight:bold;..}..label {...font-we ight:bold;..}..h1 {...font-size:40px;..}..h2 {...font-size:24px;..}..h3 {...font-size:20px;..}...box .title {...font-size:40px;...line-height:70px;..}...box .links p {...font-size:13px;..}.. .footer .logo {...font-size:14px;...font-weight:normal;...line-height:32px;..} C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\client-side-redirect[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text Category: downloaded Size (bytes): 1035 Entropy (8bit): 4.917946773793463 Encrypted: false SSDEEP: 24:AN75BBeR6RFFft0MwXw1KwoRgSrsR4KRdT6d/cznVWOGbYNiv:AN75RFYVfrKRdTIcfGksv MD5: C6705F7655E2FF1209776AF3C088A1F7 SHA1: 32EF811F835AF59010B82E314C7FC1AD28CC010A SHA-256: C7F571523FB6D6AF312369709DA87456E21EE689FA751635CCAFFEF22F79AAAB SHA-512: 63517116F2783FD7F9820FAF2E42B33E7503A28A546F6B09621CA4D4041EE9D348974736B2D482413AB6D3E8347A726503F71767EBDEE4070CC1544FAF52CA4D Malicious: false Reputation: low IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-static/scripts/client-side-redirect.js?v=2.77.0-58-1-gb154d92eba Preview: // Outlook on iOS does not honour window.location change or iframe.src loading.// so this work-around rewrites the window's document with a form that.// automatically submits to the required url...function clientSideRedirect(url, doc) {.. if (!doc) doc = document;.. var a = url.indexOf('?');. var action = a > -1 ? url.substring(0,a) : url;. var query = a > -1 ? url.substring(a+1) : '';. var pairs = query.split('&');. var hidden = [];. for (var i=0; i C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\down[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 15 x 15, 8-bit colormap, non-interlaced Category: downloaded Size (bytes): 748 Entropy (8bit): 7.249606135668305 Encrypted: false SSDEEP: 12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE MD5: C4F558C4C8B56858F15C09037CD6625A SHA1: EE497CC061D6A7A59BB66DEFEA65F9A8145BA240 SHA-256: 39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781 SHA-512: D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44 Malicious: false Reputation: low IE Cache URL: res://ieframe.dll/down.png Copyright Joe Security LLC 2021 Page 16 of 27 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\down[1] Preview: .PNG...... IHDR...... ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U...... W..W.!Y.#Z.$\.']. C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\errorPageStrings[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators Category: downloaded Size (bytes): 4720 Entropy (8bit): 5.164796203267696 Encrypted: false SSDEEP: 96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk MD5: D65EC06F21C379C87040B83CC1ABAC6B SHA1: 208D0A0BB775661758394BE7E4AFB18357E46C8B SHA-256: A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F SHA-512: 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E Malicious: false Reputation: low IE Cache URL: res://ieframe.dll/errorPageStrings.js Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts ";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet conn ection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website \u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the web site you are trying to visit.";..var L C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\jquery-1.11.0.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 96381 Entropy (8bit): 5.38156916982579 Encrypted: false SSDEEP: 1536:EPpEy5BMibZGOj/bEe8v+/UWf4IhvAuCh/jqkODZ2D5N9Rag0MOIdSZAgtgoX5Yn:bIO/e2D5c4LgtImLja98HrK MD5: 8FC25E27D42774AEAE6EDBC0A18B72AA SHA1: B66ED708717BF0B4A005A4D0113AF8843EF3B8FF SHA-256: B294E973896F8F874E90A8EB1A8908AC790980D034C4C4BDF0FC3D37B8ABF682 SHA-512: 87D90A665C15D71AC872BD8BC003D9863964C7EC7ADA6370B902B93C0BBD7770FE25730D946C7C6A465BAA95EFA74BC0E78AF3F83AEA615AF35060CC8702A6 C1 Malicious: false Reputation: low IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-static/lib/jquery-1.11.0.min.js?v=2.77.0-58-1-gb154d92eba Preview: /*! jQuery v1.11.0 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports =a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window: this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k="".trim,l={},m="1.11.0",n=function(a,b){return new n.fn.init( a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",lengt h:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);r eturn b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,functio C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\login[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text Category: dropped Size (bytes): 6503 Entropy (8bit): 4.6972640673516555 Encrypted: false SSDEEP: 96:C0PdkUknqk/k8+T2xB5wBf+GKIKpJNmnwxmhG+NY7:C0PdkUkqk/k8ZxEBf9KlJNmxPY7 MD5: 871EC9F707631631BED5F2A917471F69 SHA1: 097841CA327F24F9F1C2F73BF10B40183B3393AB SHA-256: DBD709BE3B711AED45C3538859305A365D6074B23B8A11B71AF80A4806969A6C SHA-512: D1D845C2666C6936EA669B17D159BE36EACDD735B6BE8B58066CBBD87C053530AEC62092284F736BD6D590C1D2BDFCEBE34BFFA76BF145406E6BC74469F8FF 41 Malicious: false Reputation: low Copyright Joe Security LLC 2021 Page 17 of 27 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\login[1].htm Preview: ...... C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\yanonekaffeesatz-regular[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Yanone Kaffeesatz family Category: downloaded Size (bytes): 29530 Entropy (8bit): 7.968026218358671 Encrypted: false SSDEEP: 768:ZCJgwsRBRQADdec8BoSEQHU1EvIJ/MyUb9B4DGiO:8JBsRDQA38+pQ01EvS0yi9cy MD5: 6E2158218968BCEBF9AD01EA70FA00F3 SHA1: 9FC9FB1F1DEE265EE997712D549E81BAC9123CD8 SHA-256: 5CA2D9803623C731CBD78B19D76A9CAB8AA03EC86B4BFB275BDBBECA393BB84C SHA-512: E687F07383714CB1D9D5E0BE1599D8C4E7E1DB7E7EFB11D0DA1FCE65F8EACBC93FB829669420FA2CFDC725C21CC93969363EF14214B37B96B2C1A7FE7DD090 A0 Malicious: false Reputation: low Copyright Joe Security LLC 2021 Page 18 of 27 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\yanonekaffeesatz-regular[1].eot IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-static/fonts/yanonekaffeesatz-regular.eot? Preview: Zs...q...... LP...... jx...... ".Y.a.n.o.n.e. .K.a.f.f.e.e.s.a.t.z.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...1.0.0.;.P.S. .0.0.1...1.0.0.;.h.o.t.c.o.n.v. .1...0 ...7.0.;.m.a.k.e.o.t.f...l.i.b.2...5...5.8.3.2.9. .D.E.V.E.L.O.P.M.E.N.T...2.Y.a.n.o.n.e. .K.a.f.f.e.e.s.a.t.z. .R.e.g.u.l.a.r.....BSGP...... T.KV.K\.C*....xZg.icyR..&c..4o4F..w. ...[.N...... H..6.1.V.).'s...!...Lz.NZ.R...... *.p...>.[.M.."".$"...T.H.7...."...G..C..QN".$.dsM..ZxA..d{../Y.qiQ&I...... had./...... i.Q...;<3I.di.w...I.....w<...dT..{bR.m...... 7..]...... #.r....0 ...... 9....x)f.....d..j..Dx.~..KZ.*.d.....|....)....UT.q.,.q.'2&.!.E...g.IQ...... ^5...Trh!.*.@.\0.SWC.P1....Z.. ly!..."6R.T..1.2.Zd...D.K.%...... k..Dzc.&,5..K.aJ.q9D..X.fi2{.qRh...N,..7 .....HK ....H.nP...#..B..6....[...}...:.h....vCV+.UY...l/N...z...{..H.6.....)...!..r;5B...._..H...n.>..3.....g..1..x=...... 6.UV..l..[w...\.+..."..uUU4.Kr..rC,.^g..G4Q....H. C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\auth-new[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 19141 Entropy (8bit): 5.544839220734452 Encrypted: false SSDEEP: 192:OIqNLeU+n+v58T7tnxb1W49eBWt2KB35etnkfWmw4FFt/F/mj2/ZnwqGCkY9YUwN:aNN+9K8Fm2/nDgNoJAyRCRngC4G MD5: E5EFDB1EE178EE4DF931B9BE76D1970B SHA1: 4A39FEBDD8178C33B9BBD452B007088C756F85CE SHA-256: E019D17FB9A22079FDAE482C1B5CD89C3389072DEC2BA57373271592DB85E02F SHA-512: 072ECFB4A1E2FDBD8F86AC703B6BF1286443ABD206EDF9C6E163B075B944A9DFCD5282375310E05827B988707DC80409CD5EFA94AC49B69BC18885ECB7C1903 B Malicious: false Reputation: low IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-static/css/auth-new.css?v=2.77.0-58-1-gb154d92eba Preview: html, body, div, span, h1, h2, h3, h4, h5, h6, p, blockquote, a, fieldset, font, img, dl, dt, dd, ol, ul, li, form, label, input, textarea, legend, table, tbody, tr, th, td {. margin: 0px;. padding: 0px;. border: 0;. outline: 0;. font-weight: inherit;. font-style: inherit;. list-style: none;.}.::-moz-selection {. background:#2d95bf;. color:#fff;. text-sh adow:none;.}.::selection {. background: #2d95bf;. color: #fff;. text-shadow: none;.}.body, html {. height: 99%;. margin: 0;. padding: 0;.}.body {. background: #edeff0;. font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;. color: #595959;. font-size: 14px;. line-height: 17px;. -webkit-font-smoothing: antialiased; .}..login_body {. display: none;.}.h1 {. font-family: "Yanone Kaffeesatz", Arial, Helvetica, sans-serif;. font-size: 52px;. font-weight: 700;. line-height: 68px;. color: #2e363f;.}.h2 {. margin: 0;. padding: 0 0 20px;. font-family: "Lucida Sans Unicode", "Lucida C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\favicon[1].ico Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel Category: downloaded Size (bytes): 15086 Entropy (8bit): 2.4590632817494664 Encrypted: false SSDEEP: 192:jCx59NdFNxhRB+OddUaqgHPRdshawl16DdSd:jeFNPdd0SPRdOaA1+di MD5: 2EA89AAF6FB2E957E1ED2336762C2D68 SHA1: CCE19DF8980CD3A14758A3C75658FFA90733CC69 SHA-256: BD337071ACABD51437E9AB2F68537934487E546F2247AA1CD9BE940AE4EDA011 SHA-512: 07FB1B75086251C7209670D72F72BB8490A7EDE4C7EFB47EDB494B7FD3E1FC6BB3194CDE3E7438728B007F986DA2FA4FDC6B15BCC7D20EB593FA4DC0E058F7 85 Malicious: false Reputation: low IE Cache URL: https://isolate.menlosecurity.com/favicon.ico Preview: ...... 00...... %..6...... %...... h....6..(...0...`...... $...... E4#%E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#}E4#...... E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#...... E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#...... E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#...... E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#.E4#...... C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\font_smoothing[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: downloaded Size (bytes): 1038 Entropy (8bit): 4.728952259878315 Encrypted: false SSDEEP: 24:0lBvCujSQrQ9QwRWE3P0Nc0xjRoKNy/TpYk++T:0zFSUctwkP0c6NoKNy/9F+g MD5: 566EE033FF87892CA23C972461DD1E17 SHA1: 14AA1916023625522E780744BD140F919C790115 SHA-256: 1261D3A7FD4F8886C3FF1AC3E08B0B005E6167FAFAB81EE2DA4974E60782FB64 SHA-512: 9EA3EC98B332AF7D41DC7A5673382DAE64F53CF0BFE198A6FA40D606B37CAA4B87F204D631A670B5B8B36E327D6DAE688FA6B0FE33BFD6F90FCC6E3D329C22 94 Malicious: false Reputation: low Copyright Joe Security LLC 2021 Page 19 of 27 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\font_smoothing[1].js IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-static/scripts/font_smoothing.js?v=2.77.0-58-1-gb154d92eba Preview: 'use strict';..(function () {. function hasWinIn(string) {. return string.lastIndexOf('Win') != -1;. }.. function appendCss(cssFile) {. var newlink = document.creat eElement("link");. newlink.setAttribute("rel", "stylesheet");. newlink.setAttribute("type", "text/css");. newlink.setAttribute("href", cssFile);.. document.getE lementsByTagName("head").item(0).appendChild(newlink);. }.. /**. * platform won't work in newer browser versions since it is deprecated. * checks if there is a platform and it contains Win on it and the user. * agent also contains Win on it.. */. function isWindows() {. var nav_platform = window.navigator.platform,. u ser_agent = window.navigator.userAgent,. platform = !nav_platform || hasWinIn(nav_platform);.. return platform && hasWinIn(user_agent);. }.. document.add EventListener("DOMContentLoaded", function(event) {. if (isWindows()) {. appendCss('/safeview-static/css/au C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\http_404[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators Category: downloaded Size (bytes): 6495 Entropy (8bit): 3.8998802417135856 Encrypted: false SSDEEP: 48:up4d0yV4VkBXvLutC5N9J/1a5TI7kZ3GUXn3GFa7K083GJehBu01kptk7KwyBwpM:uKp6yN9JaKktZX36a7x05hwW7RM MD5: F65C729DC2D457B7A1093813F1253192 SHA1: 5006C9B50108CF582BE308411B157574E5A893FC SHA-256: B82BFB6FA37FD5D56AC7C00536F150C0F244C81F1FC2D4FEFBBDC5E175C71B4F SHA-512: 717AFF18F105F342103D36270D642CC17BD9921FF0DBC87E3E3C2D897F490F4ECFAB29CF998D6D99C4951C3EABB356FE759C3483A33704CE9FCC1F546EBCBBC 7 Malicious: false Reputation: low IE Cache URL: res://ieframe.dll/http_404.htm Preview: ......... C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\info_48[1] Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 4113 Entropy (8bit): 7.9370830126943375 Encrypted: false SSDEEP: 96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL MD5: 5565250FCC163AA3A79F0B746416CE69 SHA1: B97CC66471FCDEE07D0EE36C7FB03F342C231F8F SHA-256: 51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859 SHA-512: E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC13 4 Malicious: false Reputation: low IE Cache URL: res://ieframe.dll/info_48.png Preview: .PNG...... IHDR.../...0...... #.....IDATx^...pUU..{....KB...... !....F...... jp.Q...... Vg.F..m.Q....{...,[email protected]...&$d!.<..}....s..K9.....{...... [./<..T..I.I..JR)).9.k.N.%.E.W^}....Po...... X..;.=.P...... /...+...9./..s.....9..|...... *.7v.`..V.....-^.$S[[[...... K..z...... 3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....|....t...... N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."...... }l$....^.re..'^X..*}.?.^U.G...... 30...X...... f[.l0.P`..KC...[..[..6....~..i..Q.|;x..T ...... s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a... .N,,.h...... 5...f*.y...}...BX{.G^...?.c...... s^..P.(..G...t.0.:.X.DCs.....]vf...py)...... x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x...... R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a )..t..e.j.W...... C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b...... M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg..*.. C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\input-icons[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 40 x 120, 8-bit/color RGBA, non-interlaced Category: downloaded Size (bytes): 15926 Entropy (8bit): 2.1930236858467818 Encrypted: false SSDEEP: 48:P/69SN+k29W8sEvyxN+Y95zkYVkNBCkg4LJCbsc5Na7K1bGof1eQvQk/S2o59oP:PS4skEWRHxNXHsc5aKJGoTRSTq MD5: F6484801BA029A9445BF58335B0ED81F SHA1: A7B04C32B85D34B8B8CC4A03BCFBB7CF80D69568 SHA-256: 389E61C168AF86B17A7A3BD6A1398C734D37BA8A6DFC9C16B9D0CF4820A72144 SHA-512: 8DC8E3C546AFF1FA13E9CBCA6C7318AEEDF4F8F798B4BABB065A2FA0D2B66784260D07E2A3FC3DE3D13ADA859A62A8DEF94595FAD0AB07D1E8B5F4E807B74 8CC Malicious: false Copyright Joe Security LLC 2021 Page 20 of 27 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\input-icons[1].png Reputation: low IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-static/img/input-icons.png Preview: .PNG...... IHDR...(...x...... p...... pHYs...... 9.iTXtXML:com.adobe.xmp...... C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\login[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: downloaded Size (bytes): 14887 Entropy (8bit): 4.634618799367551 Encrypted: false SSDEEP: 192:ztvcCAFDzNzql5bUjjohH8Y31oG8JozhY9IR5rqDKyCmQctJueRcHb25Z4OK2rWV:ztvcFzw5M05F/8MiEs1mA+ MD5: 2C0E8939DF38CCFE7B7A57047C5B440C SHA1: 2CF98D69A391E222BD75B82AF7CF0DBEC638DD23 SHA-256: EC7126DB0559EEEEAED2D3DDC12581C055A4F38EE2A19C926D33AEBF9AC290FC SHA-512: 852F91B138255C6E6A67BC4B63BA7D267F39291A91D827E275D82FA8A312227F103435814C44D1020633D252AC2859AC67BD413D54F1B02F6C16865570B23DE7 Malicious: false Reputation: low IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-static/scripts/login.js?v=2.77.0-58-1-gb154d92eba Preview: /*jslint nomen: true, browser: true, indent: 3*/./*global $, doIntegrityLevelLoginPost, doLoginXHR, loginPass, loginName,. tenantLookup, doLoginInfoXHR, doITokXHR */.'use strict';..var REGISTER_REDIRECT_COOKIE = 'register-redirect';..function getParam(param) {. return $('#param_' + param).val();.}..function formToObject(form) {. var obj = {};. /*jslint unparam: true*/. $.each($(form).serializeArray(),. function (ignore, field) {obj[field.name] = field.value || ''; });. /*jslint unparam: false*/. return obj;.}..function paramsToObject() {. return formToObject('#params');.}..function addToSearchComponent(url, search) {. var a = document.createElement('a');. a.href = url;. if (!a.search || a.search === '?') {. a.search = search;. } else {. a.search = search + '&' + a.search.substr(1);. }. return a.href;.}..function generatePn rURL(url, token) {. var search = '?_sc_token=' + encodeURIComponent(token);.. return addToSearchComponent(url, searc C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\register[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text Category: downloaded Size (bytes): 2842 Entropy (8bit): 4.864057997807058 Encrypted: false SSDEEP: 48:WN1O7N1qqN1dgN1Ig5vgszNw2XwnEUpY1V97nw2fGqrPhvYz:+0PdkIg5vZi2XTUW1V97eudC MD5: 6F5F946EDE1A713EBF1B9168BEEBD077 SHA1: EAA1840C48E6D6C692BC720D6503A6A1D66BD95D SHA-256: F5F34FA7A1C999D2A4A8095E7627CAA10F45A5794E78B7D44BC245B6D3455C42 SHA-512: E4AE56490410D74C67DB05C9D2817043785D50D4FDBA253EB2EC28C3C277F4054F8FEDA82E157D18C573FFA26931D318AFCAE29BAD71234F5D72E0F1151A98E A Malicious: false Reputation: low IE Cache URL: https://isolate.menlosecurity.com/account/register Preview: ... C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\yanonekaffeesatz-bold[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Yanone Kaffeesatz family Category: downloaded Size (bytes): 28577 Entropy (8bit): 7.967485126925634 Encrypted: false SSDEEP: 768:ToGuDFCdC6QRpmSu7s9oCnrdYfUzkyY8MStKJ8:8PFCdC6Q7mSuMnrUQkyY8eJ8 MD5: D6D93E7FFCEAA67D08CFBF3A4EEE674E SHA1: EABCEA3BBDEFF49DCF15B3662FE1F598EAE9CCB6 SHA-256: 9960397E20E3B6F44DB18797F5FA7F1536A470A3C9F0C417FAFDC7F7A49D452D SHA-512: 8BFEABEAB56260B10735F4BCEE32611455B3D97AE07299AF1272ECD57E3C203A96BF3A5B8EA367257427025DEBB2A50770A2B35B4DE507373E2A97F12823C5B 9 Malicious: false Reputation: low IE Cache URL: https://eu-central-1-02770033-view.menlosecurity.com/safeview-static/fonts/yanonekaffeesatz-bold.eot? Preview: .o..Cn...... LP...... j...... ".Y.a.n.o.n.e. .K.a.f.f.e.e.s.a.t.z.....B.o.l.d.....V.e.r.s.i.o.n. .1...1.0.0.;.P.S. .0.0.1...1.0.0.;.h.o.t.c.o.n.v. .1...0...7. 0.;.m.a.k.e.o.t.f...l.i.b.2...5...5.8.3.2.9. .D.E.V.E.L.O.P.M.E.N.T...,.Y.a.n.o.n.e. .K.a.f.f.e.e.s.a.t.z. .B.o.l.d.....BSGP...... IN.IT.CB....xZg.icyR..&c..4o4F..w....[.N...... H..6.1.V.).'s...!...Lz.NZ.R...... *.p...... l.|.j."...U.a.h...Q.]..~...$...... [..D..U]....6.VXl.8..$..k.K.Om.X...6.W....+.....b...... A.C.%.J....."[email protected].'..F.NP.(..q..m!a.'...... GB.....}.V.. ..@."Z.)..X.vM1..p....p.D..j...2|%..`.a.y..n=i&&4.RP!v.bq..Q.k.....E5.vgE....C.)h.....T...py!B...... *nT..F.jf2...L....[.r..K.h.x@A...#z..#.....F(..*!..h!...j./h.P...... f .C.Ki/.... .W.6.>.[I.8R.I..*...<.P.4...... #....ue...Q..W...r...B....0>.5..+.;v.Y..=..)..d$.2..2....7c&;"..q9....oV..<...^.kf..)..t./...... Z...... ;'?<.^l.f..B.!....GA.NJN.u....;.^.u2...... C:\Users\user\AppData\Local\Temp\~DF1DE6E81DBA437635.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Category: dropped Size (bytes): 25441 Entropy (8bit): 0.27918767598683664 Encrypted: false SSDEEP: 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab MD5: AB889A32AB9ACD33E816C2422337C69A SHA1: 1190C6B34DED2D295827C2A88310D10A8B90B59B SHA-256: 4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA SHA-512: BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6 Malicious: false Reputation: low Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(...... C:\Users\user\AppData\Local\Temp\~DF28D2E86CB21BD854.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Category: dropped Size (bytes): 13029 Entropy (8bit): 0.47522056095750514 Encrypted: false SSDEEP: 24:c9lLh9lLh9lIn9lIn9loY9loo9lWwlGGK+KICdCC:kBqoITFl MD5: 824AE34F3CA569BF03C45364F25514CA SHA1: 93A00616E3FF9258D5B3AF2EF0BDA85656B397B9 SHA-256: 8B2EDEBD01F308233C089D1C1C495490E331AB1C2F897ACAB98CD6E7BA5447B6 SHA-512: 7163B0F36C4B807B634AFDCA2D9D0D708B720A6670ACB1A5277F00CE2B9177A2F883485E64A4728943E875F5B46D78A1F5C7EF3A1998499DFC555A7B20BF88FD Malicious: false Reputation: low Copyright Joe Security LLC 2021 Page 22 of 27 C:\Users\user\AppData\Local\Temp\~DF28D2E86CB21BD854.TMP Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(...... C:\Users\user\AppData\Local\Temp\~DF8A65E23FB7017DED.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Category: dropped Size (bytes): 94637 Entropy (8bit): 1.4145745802913183 Encrypted: false SSDEEP: 384:kBqoxKAuqR+w2st2JJwN8l06nwN8l07rZi5bZi50b/i5WEuLeE1Ff9u+9M3A:iftQrrh MD5: 3713272BDCB868518F3F267FB377E5BD SHA1: 9CA1A090DB88261C993075A25F55F5F0F9E154B5 SHA-256: D00D9C9085A7D6BE79A4DB2B6079C3716BDE6C758791D45A31452FD391B61C54 SHA-512: 251D05ED4A4A4A68FCFCA3E01CD56037A3E45CC697F4AAAB80B98800CEF83F5AD47FFC5C5097FE76B153084DD1C2113177F291B25BA4817CEFB572B8D040FE E4 Malicious: false Reputation: low Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(...... Static File Info No static file info Network Behavior Network Port Distribution TCP Packets UDP Packets DNS Queries Timestamp Source IP Dest IP Trans ID OP Code Name Type Class Jun 8, 2021 09:44:22.384354115 CEST 192.168.2.4 8.8.8.8 0x6fc6 Standard query isolate.me A (IP address) IN (0x0001) (0) nlosecurity.com Jun 8, 2021 09:44:22.764281034 CEST 192.168.2.4 8.8.8.8 0xe1b4 Standard query eu-central-1- A (IP address) IN (0x0001) (0) 02770033- view.men losecurity.com Jun 8, 2021 09:44:23.135730028 CEST 192.168.2.4 8.8.8.8 0x5aa3 Standard query xhr-eu-central-1- A (IP address) IN (0x0001) (0) 02770033-view .menlosecu rity.com Jun 8, 2021 09:44:38.990278006 CEST 192.168.2.4 8.8.8.8 0xc445 Standard query isolate.me A (IP address) IN (0x0001) (0) nlosecurity.com DNS Answers Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Jun 8, 2021 8.8.8.8 192.168.2.4 0x6fc6 No error (0) isolate.me 02770033- CNAME IN (0x0001) 09:44:22.436050892 nlosecurity.com view.menlosecurity.com (Canonical CEST name) Copyright Joe Security LLC 2021 Page 23 of 27 Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Jun 8, 2021 8.8.8.8 192.168.2.4 0x6fc6 No error (0) 02770033-v nlb-sv-pd02770033- CNAME IN (0x0001) 09:44:22.436050892 iew.menlos 812ca3bb98735b86.elb.e (Canonical CEST ecurity.com u-central- name) 1.amazonaws.com Jun 8, 2021 8.8.8.8 192.168.2.4 0x6fc6 No error (0) nlb-sv-pd0 52.59.184.117 A (IP address) IN (0x0001) 09:44:22.436050892 2770033-81 CEST 2ca3bb9873 5b86.elb.eu- central- 1.amazonaw s.com Jun 8, 2021 8.8.8.8 192.168.2.4 0x6fc6 No error (0) nlb-sv-pd0 52.59.184.119 A (IP address) IN (0x0001) 09:44:22.436050892 2770033-81 CEST 2ca3bb9873 5b86.elb.eu- central- 1.amazonaw s.com Jun 8, 2021 8.8.8.8 192.168.2.4 0xe1b4 No error (0) eu-central-1- nlb-sv-pd02770033- CNAME IN (0x0001) 09:44:22.819711924 02770033- 812ca3bb98735b86.elb.e (Canonical CEST view.men u-central- name) losecurity.com 1.amazonaws.com Jun 8, 2021 8.8.8.8 192.168.2.4 0xe1b4 No error (0) nlb-sv-pd0 52.59.184.119 A (IP address) IN (0x0001) 09:44:22.819711924 2770033-81 CEST 2ca3bb9873 5b86.elb.eu- central- 1.amazonaw s.com Jun 8, 2021 8.8.8.8 192.168.2.4 0xe1b4 No error (0) nlb-sv-pd0 52.59.184.117 A (IP address) IN (0x0001) 09:44:22.819711924 2770033-81 CEST 2ca3bb9873 5b86.elb.eu- central- 1.amazonaw s.com Jun 8, 2021 8.8.8.8 192.168.2.4 0x5aa3 No error (0) xhr-eu-central-1- eu-central-1-safeview- CNAME IN (0x0001) 09:44:23.184659004 02770033-view prod- (Canonical CEST .menlosecu 02770033.menlosecurity. name) rity.com com Jun 8, 2021 8.8.8.8 192.168.2.4 0x5aa3 No error (0) eu-central-1- nlb-sv-pd02770033- CNAME IN (0x0001) 09:44:23.184659004 safeview-prod- 812ca3bb98735b86.elb.e (Canonical CEST 02770033.menl u-central- name) osecurity.com 1.amazonaws.com Jun 8, 2021 8.8.8.8 192.168.2.4 0x5aa3 No error (0) nlb-sv-pd0 52.59.184.119 A (IP address) IN (0x0001) 09:44:23.184659004 2770033-81 CEST 2ca3bb9873 5b86.elb.eu- central- 1.amazonaw s.com Jun 8, 2021 8.8.8.8 192.168.2.4 0x5aa3 No error (0) nlb-sv-pd0 52.59.184.117 A (IP address) IN (0x0001) 09:44:23.184659004 2770033-81 CEST 2ca3bb9873 5b86.elb.eu- central- 1.amazonaw s.com Jun 8, 2021 8.8.8.8 192.168.2.4 0xc445 No error (0) isolate.me 02770033- CNAME IN (0x0001) 09:44:39.035861015 nlosecurity.com view.menlosecurity.com (Canonical CEST name) Jun 8, 2021 8.8.8.8 192.168.2.4 0xc445 No error (0) 02770033-v nlb-sv-pd02770033- CNAME IN (0x0001) 09:44:39.035861015 iew.menlos 812ca3bb98735b86.elb.e (Canonical CEST ecurity.com u-central- name) 1.amazonaws.com Jun 8, 2021 8.8.8.8 192.168.2.4 0xc445 No error (0) nlb-sv-pd0 52.59.184.117 A (IP address) IN (0x0001) 09:44:39.035861015 2770033-81 CEST 2ca3bb9873 5b86.elb.eu- central- 1.amazonaw s.com Jun 8, 2021 8.8.8.8 192.168.2.4 0xc445 No error (0) nlb-sv-pd0 52.59.184.119 A (IP address) IN (0x0001) 09:44:39.035861015 2770033-81 CEST 2ca3bb9873 5b86.elb.eu- central- 1.amazonaw s.com HTTPS Packets Copyright Joe Security LLC 2021 Page 24 of 27 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Jun 8, 2021 52.59.184.117 443 192.168.2.4 49713 CN=*.menlosecurity.com, CN=DigiCert SHA2 Tue Apr Tue May 771,49196- 9e10692f1b7f78228b2d4e 09:44:22.548525095 OU=IT, O="Menlo Security, Secure Server CA, 21 31 49195-49200- 424db3a98c CEST Inc.", L=Palo Alto, O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- ST=California, C=US CN=DigiCert Global CEST CEST 49187-49192- CN=DigiCert SHA2 Secure Root CA, 2020 Fri 2022 49191-49162- Server CA, O=DigiCert Inc, OU=www.digicert.com, Mar 08 Wed 49161-49172- C=US O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23-24,0 CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Jun 8, 2021 52.59.184.117 443 192.168.2.4 49712 CN=*.menlosecurity.com, CN=DigiCert SHA2 Tue Apr Tue May 771,49196- 9e10692f1b7f78228b2d4e 09:44:22.549010992 OU=IT, O="Menlo Security, Secure Server CA, 21 31 49195-49200- 424db3a98c CEST Inc.", L=Palo Alto, O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- ST=California, C=US CN=DigiCert Global CEST CEST 49187-49192- CN=DigiCert SHA2 Secure Root CA, 2020 Fri 2022 49191-49162- Server CA, O=DigiCert Inc, OU=www.digicert.com, Mar 08 Wed 49161-49172- C=US O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23-24,0 CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Jun 8, 2021 52.59.184.119 443 192.168.2.4 49716 CN=*.menlosecurity.com, CN=DigiCert SHA2 Tue Apr Tue May 771,49196- 9e10692f1b7f78228b2d4e 09:44:22.914819956 OU=IT, O="Menlo Security, Secure Server CA, 21 31 49195-49200- 424db3a98c CEST Inc.", L=Palo Alto, O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- ST=California, C=US CN=DigiCert Global CEST CEST 49187-49192- CN=DigiCert SHA2 Secure Root CA, 2020 Fri 2022 49191-49162- Server CA, O=DigiCert Inc, OU=www.digicert.com, Mar 08 Wed 49161-49172- C=US O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23-24,0 CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Jun 8, 2021 52.59.184.119 443 192.168.2.4 49715 CN=*.menlosecurity.com, CN=DigiCert SHA2 Tue Apr Tue May 771,49196- 9e10692f1b7f78228b2d4e 09:44:22.915005922 OU=IT, O="Menlo Security, Secure Server CA, 21 31 49195-49200- 424db3a98c CEST Inc.", L=Palo Alto, O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- ST=California, C=US CN=DigiCert Global CEST CEST 49187-49192- CN=DigiCert SHA2 Secure Root CA, 2020 Fri 2022 49191-49162- Server CA, O=DigiCert Inc, OU=www.digicert.com, Mar 08 Wed 49161-49172- C=US O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23-24,0 CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Jun 8, 2021 52.59.184.119 443 192.168.2.4 49714 CN=*.menlosecurity.com, CN=DigiCert SHA2 Tue Apr Tue May 771,49196- 9e10692f1b7f78228b2d4e 09:44:22.915863991 OU=IT, O="Menlo Security, Secure Server CA, 21 31 49195-49200- 424db3a98c CEST Inc.", L=Palo Alto, O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- ST=California, C=US CN=DigiCert Global CEST CEST 49187-49192- CN=DigiCert SHA2 Secure Root CA, 2020 Fri 2022 49191-49162- Server CA, O=DigiCert Inc, OU=www.digicert.com, Mar 08 Wed 49161-49172- C=US O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23-24,0 CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Copyright Joe Security LLC 2021 Page 25 of 27 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Jun 8, 2021 52.59.184.119 443 192.168.2.4 49717 CN=*.menlosecurity.com, CN=DigiCert SHA2 Tue Apr Tue May 771,49196- 9e10692f1b7f78228b2d4e 09:44:23.314258099 OU=IT, O="Menlo Security, Secure Server CA, 21 31 49195-49200- 424db3a98c CEST Inc.", L=Palo Alto, O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- ST=California, C=US CN=DigiCert Global CEST CEST 49187-49192- CN=DigiCert SHA2 Secure Root CA, 2020 Fri 2022 49191-49162- Server CA, O=DigiCert Inc, OU=www.digicert.com, Mar 08 Wed 49161-49172- C=US O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23-24,0 CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Jun 8, 2021 52.59.184.117 443 192.168.2.4 49729 CN=*.menlosecurity.com, CN=DigiCert SHA2 Tue Apr Tue May 771,49196- 37f463bf4616ecd445d4a1 09:44:39.128582954 OU=IT, O="Menlo Security, Secure Server CA, 21 31 49195-49200- 937da06e19 CEST Inc.", L=Palo Alto, O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- ST=California, C=US CN=DigiCert Global CEST CEST 49187-49192- CN=DigiCert SHA2 Secure Root CA, 2020 Fri 2022 49191-49162- Server CA, O=DigiCert Inc, OU=www.digicert.com, Mar 08 Wed 49161-49172- C=US O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-23-65281,29- 23-24,0 CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Code Manipulations Statistics Behavior Click to jump to process System Behavior Analysis Process: iexplore.exe PID: 3848 Parent PID: 800 General Start time: 09:44:20 Start date: 08/06/2021 Path: C:\Program Files\internet explorer\iexplore.exe Wow64 process (32bit): false Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding Imagebase: 0x7ff6a9c40000 File size: 823560 bytes MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596 Has elevated privileges: true Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low File Activities Show Windows behavior Copyright Joe Security LLC 2021 Page 26 of 27 Registry Activities Show Windows behavior Analysis Process: iexplore.exe PID: 660 Parent PID: 3848 General Start time: 09:44:21 Start date: 08/06/2021 Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Wow64 process (32bit): true Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3848 CREDAT:17410 /prefetch:2 Imagebase: 0x3d0000 File size: 822536 bytes MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A Has elevated privileges: true Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low File Activities Show Windows behavior Registry Activities Show Windows behavior Disassembly Copyright Joe Security LLC Joe Sandbox Cloud Basic 32.0.0 Black Diamond Copyright Joe Security LLC 2021 Page 27 of 27Beyond Detection
-Beyond Detection
-->. .... Error title -->..
.. .. 
..