C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\KlavikaWebBasicMediumItalic[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), . family Size (bytes): 26790 Entropy (8bit): 7.975264020845449 Encrypted: false MD5: 43019E4C22DDF9C5F517D9CF2A8C97E1 SHA1: A93F13AF2DBE6F52A9F795312AF85833AE67D499 SHA-256: B52F7A107C70E7B7A0DC0A8D4A9723A38D6BA22F153EE2E851CF6BD8BB2ABB2A SHA-512: B94583C8445FF4A1F4448E562341AC3D886269DB1CE7B6DA781DE03C9693DF5E5277CB0C37F201D8CDB0561A31AD51FE989F0DDF19DA9BC0A5013AF6D3FBA1E 7 Malicious: false Reputation: low Preview: .h...h...... LP....J .P...... ,...... V.e.r.s.i.o.n. .2...0.0.1...... BSGP...... O..O..T.....c.g.i9.A.C...R./.,U...... m...... D8.....5i.R.{...... A.v.Ehqi91...... '(~y....-..:..j..;..=.D.(Fa...... *+n)n..%.B.Q.&MU.lf...... 3..O.|hk...Ww^...5..)...z%z..%kH.*.&<.(..b.. .qM...|.7...... FJ...... A[!...B..t0....1F...... q.5M..m]x..PkYX....V6...4...#...\[email protected] ...*I.?.n]>%.2.$.|...v.A....w.-.F.j$fj"Gf."F. .2%.tB...... 4..S[..R.)N...... C...C ..2X/...... ?..K P2M0..:..!a...B..!.t..K...... I...... $9..L..g.dW...."..6.uG.#j..EI"e!.h.vw"..6.B..t....Wv..CM.J...6...W..f...... F..-..Ov...0.n.Q..u.IR.;...6J.hr....U.;q'$."F..8n...>2x_..7.C.m4.....A.koY... v..7?r ....[J..y..a...K.W.q'_.H:o7.G?.a.0>.P-f_t.y>.....B.y....CO.x..._`..}..#$.2.....E.G...... X...hD..^..N ...H..,..H..Z-.j".6.u@.!...D..2pcq.Fi..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\css[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Size (bytes): 486 Entropy (8bit): 5.227354540008541 Encrypted: false MD5: AE73DC44864AEBF69D074B3F3A270F7F SHA1: 8065D0C2F0AA3E01736FD666C7FBC33BE3EDA76F SHA-256: A38C72A6DE560913D4F20F633A4FCDAE890887EF17492315088EF3B61412A0CC SHA-512: 9ED6BE4B0587C187080DEA52F10EE01DF47B237B1495E0A3C7C549EC6ED8F60725453776D322B0759D3F9408C0E575A70A66CB887FD2AC855CF4659DB95DE3B0 Malicious: false Reputation: low Preview: @font -face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 400;. src: local('Montserrat Regular'), local('Montserrat-Regular'), url(https://fonts.gstatic.com/s /montserrat/v13/JTUSjIg1_i6t8kCHKm459WlhzQ.woff) format('woff');.}.@font-face {. font-family: 'Open Sans ';. font-style: normal;. font-weight: 400;. src: local('Open S ans Regular'), local('OpenSans-Regular'), url(https://fonts.gstatic.com/s/opensans/v16/mem8YaGs126MiZpBA-UFVZ0d.woff) format('woff');.}.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\fa-brands-400[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Font Awesome 5 Brands Regular family Size (bytes): 129916 Entropy (8bit): 6.258102242144604 Encrypted: false MD5: 72721167AEA128F7DDAC301C15DAB835 SHA1: EFB380B2F7F832CCB3FD4F8F45B6738791316C50 SHA-256: 41435FE3DB03BE7E3170324B29D1E4E0A1E2A2AC5B5D68FCA7596FDC6567F445 SHA-512: 97D5FBF849028C0862A1C08C69B71A1B53BDA5AC6942177FBCCC00A4143C056A15316A3B2372618129896AFE253741E21622DAD1A16D9CC4658D13EA681A4100 Malicious: false Reputation: low Preview: |...L...... LP...... F.wU...... :.F.o.n.t. .A.w.e.s.o.m.e. .5. .B.r.a.n.d.s. .R.e.g.u.l.a.r.....R.e.g.u.l.a.r...J.3.2.9...7.2.9. .(.F.o.n.t. .A.w.e.s.o.m.e. .v. e.r.s.i.o.n.:. .5...8...1.)...:.F.o.n.t. .A.w.e.s.o.m.e. .5. .B.r.a.n.d.s. .R.e.g.u.l.a.r...... PFFTM...... 0....GDEF.*...... OS/2B.....X...`cmap...... h...zgasp...... glyfW. )....@[email protected] [...... 6hhea.6...... $hmtx,...... loca=3...... \maxp...O...8... name.{o$...... postn...... I..Uw.F_.<...... #...... ,...... L.'...... @...... L.f...G.L.f...... PfEd.....@...... T...... :...... @...... @...... p...... @...... @...... @......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\header_huca34863c0a6a1c35013259d5cf9fcb96_94613_358x180_fit_bo x_2[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Copyright Joe Security LLC 2019 Page 16 of 34 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\header_huca34863c0a6a1c35013259d5cf9fcb96_94613_358x180_fit_bo x_2[1].png File Type: PNG image data, 344 x 180, 8-bit/color RGB, non-interlaced Size (bytes): 23370 Entropy (8bit): 7.969534723831183 Encrypted: false MD5: 404FC043DFB0893D298513EF65C50F6F SHA1: 87B292DB1E2DC05560177F56A57523C9A75AA917 SHA-256: 5A27F20D7B8ACEAB126B3F20AB2BB55DCBCC8A56C1D7463D5A6080E2C6547D5C SHA-512: D4FD30BDAD84ACC6B236F3C991DAF68D98E397EEE0B9BD4B7BA481B2977D44B4239C1EA4280EA162CFFC0486365A5B5776A32A3F4E1E443D83F0A5FB211D92 DB Malicious: false Reputation: low Preview: .PNG...... IHDR...X...... ^..Z..[.IDATx...|...... d2..F...B.W..."E....V.h...... }...V[[email protected] .}.@...... 'sp.!..BB.|?..d.y.9.d...... Q.!. A..7.h. A...OB.$H. !..$H.....$..P.=...y.!D .=..a...h.(A....P.(...*[email protected] !.BQ..^..hTU....!...... $I.V...k0..b.. A.....>.e9...... $)I...,...%.. .H.D..4-."...... A0...... $.yGEQ.>@UUI.H.$.BU..m.4=.u.A.(j..J.`\2..._A.$"...... @.4 B./...... $Ir..ye..,[email protected] . .Q.%I.Z...... [email protected] ...... U.\.(..'.(.2.L.,+...R.E...<.(.,. p.g0.x.....X..H.LJJ.....Q.C..(.f..a.. ..qe..QU5..r...... &\[email protected] ..,...&..h.Z%.V.UU..V .5.Lx~..WZ,&.....,....ah...t.Ea.c.).....?.8..W..,.z....!...... 6FP...`.p...$I....>EQ,...eA8...a..V{..<.....M.&...... ~Q....B.....3.B..eY...... h.>..v.l6Y.EQdY6.VH0...... n..'I..]xQ..B.B...q.. PU.H$..B.+.L.A.O.4..".$I.F.6.-~..2"....x<.`...$I.!.a4...(~.....D.....f...... HH.....^l..$y...+....t:...h(.B.i4..^.q....i.m...... [{..t8...2.n...... $I..{I.\...l.(.O...... (._#..A.8..M....w ...... wT1.f.8E.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\header_hufc27ab132906a505d6d1b330eb87030d_18566_358x180_fit_bo x_2[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 358 x 180, 8-bit/color RGB, non-interlaced Size (bytes): 16674 Entropy (8bit): 7.961451875769327 Encrypted: false MD5: D55782C47878F0DA42F9B46D2E891CB0 SHA1: 2C188BEC4ACCBFAF3C0D44FA6C45469CCBCCE45B SHA-256: 3AF597EE5338EF385F013493F205D1FD70228AD98C713787CD52430EEFFF26F4 SHA-512: B108D71805DB31C8AF42A67AC554AE33D6719BD22CDE49C5F163A8668ED9D161FABCBBC10EB595B30428F1FDF1C162F97A1237583229FE522532B1F4A35E768A Malicious: false Reputation: low Preview: .PNG...... IHDR...f...... ([email protected] R#R..".^.....^."..E...F..4.P.j.t ...M..O.?.'..Fr.*...... 9.s.{.yg.I...@ [email protected] @ ...L..p.m.@ ...... o.z...@ .'.*[email protected] [email protected] ..$I.m... . (.. I...... n.`.E;{a{...... O..[zA.....l...... [email protected] .{.xz.E...._N...pw.t...(.6.N).1_W1... .A..ZErV]..."y.....f3....u.....M..!...d.A...K...[fMY.J.".rY.E.(.0.w.-O+h..8.b. .}. .Bg.u..a.R.k..zq$..hzuc.....d.v%./.nz.....;sN_....m..@..{.Vgp.\.I._...3e.....V.8x...u....x.rM....;I.....r.@.{.w/g."m.....An...[.,Q...... P..<.a...... |...... {..k...G..U.....lP.Xq.Li.p.+...q..G..4.. ..R2k*..W..4...... U..W./....x...... oM...... n.e ...... U....,6....V.?.{.RN..g...."....DL....VN/.h{...U...'.\)..}..|~#]W..z.Z.7...o6....B../Wn9U\)W...M...wh....g.lA.T.5.K..hV[....7..#..Z.-...E c...7..9Vp<..>]M.f_ZeC...Vq.X..(....q8...... k...... [.Q{h...[.j1..o.L.....:.Rk.<&.V.l?[z....f..l.b...... \...... _...2H...9.?...b../....8.S..o.?.s..20.....t
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\style.min.da902094c76a979e1f92977045b7b3bfbaee983d2368f3ded500 f832d61eac11[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 205542 Entropy (8bit): 5.06752526555691 Encrypted: false MD5: E0EF11F5CF200FA88C8CFC8C4B590E53 SHA1: 3647B6EE259D4084CC57DC50BF7205B1AA4CDD0A SHA-256: 582CCA913E70C8D86DDB4720A447AC7C65703BFBE888799BB146557AFD0CC3B3 SHA-512: 6321D3BD313789B7749F2645F7346643D9E6697F144DBDAC82B089CD7A932F153F39F105D632EBCBC9AC394967C2EA55ED450288443A7E3D6AEA35DFF919C2E5 Malicious: false Reputation: low Preview: @import "https://fonts.googleapis.com/css?family=IBM+Plex+Mono|IBM+Plex+Sans:300,400";:root{--blue: #007bff;--indigo: #6610f2;--purple: #6f42c1;--pink: #e83e8c;--red: #dc3545;--orange: #fd7e14;--yellow: #ffc107;--green: #28a745;--teal: #20c997;--cyan: #17a2b8;--white: #fff;--gray: #6c757d;--gray-dark: #343a40;--primary: #0072cb;-- secondary: #414156;--success: #28a745;--info: #17a2b8;--warning: #ffc107;--danger: #dc3545;--light: #f8f9fa;--dark: #343a40;--breakpoint-xs: 0;--breakpoint-sm: 576px;-- breakpoint-md: 768px;--breakpoint-lg: 992px;--breakpoint-xl: 1200px;--font-family-sans-serif: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto , "Helvetica Neue", Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";--font-family-monospace: "IBM Plex Mono", Menlo, Monaco, Consolas, "Courier New", monos pace}*,*::before,*::after{box-sizing:border-box}html{font-family:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:sc
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\KlavikaWebBasicLight[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), . family Size (bytes): 26275 Entropy (8bit): 7.977860216755032 Encrypted: false MD5: 5386C517848285F6920C752E37E7D583 SHA1: BF3ED62E12B690FB913F2BB31ECEEF121E44156A SHA-256: F481064F9BB3B6437E3525ACE59CF22B9CDC862A84116BC788ACBA828D38F1C3 SHA-512: 6A13196444C47306575EE811C1F9B8984B6EC23947174BDEE666F3F8AB13849AFB4B95E44A5467ACE2DA96652FB5BA7F998A8AA88E0291B162B7E4BF24030C85 Malicious: false Reputation: low
Copyright Joe Security LLC 2019 Page 17 of 34 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\KlavikaWebBasicLight[1].eot Preview: .f...f...... ,.....LP....J .P...... F...... V.e.r.s.i.o.n. .2...0.0.1...... BSGP...... <.LD.LI.R.....c.g.i9.A.C...R./.,.h...... j...q..%.,v6..=.Rr.. .l.....,.4.r.\.DQ.0.L..h..wg{|..RpP.7...4.a...... N. ~!...... hx.%..GJ...>.....W.J8.R".ZX.....%Y_zU$>...TX!|..>....D....F...... <..j..Z./[email protected] .`...._$7.....B.g.A.l";.P.}.iq. .z [email protected] ...@&ABEG.D82...... d=V....+cv...... J.+.WJ...x....p+s.!.n....U..I.0...... *.L)k.4/.....|..../+...2!,T|.V..#...>X2:.0.....k..-.....P.4h...5...._.....4..4...c ....I..Ak...... /.1}O...8.^...I\..J.kOfC...... L.5..w..Rs...4....=.D...e"o....3po..`...G..2.3{.....1.}..M.|.d.z.cNj...[.E...t..-.n.....1Z.C)...o....'...... [email protected] '.l.g...\kF.QVq^j....|+8.....O..U. .'..&..$...... X..5x....-.].W..V..g...I.h....!....E..9...... v.H.?P...*....=Y@^.|{7Ov.EO.g.....]...@...... >...... D8.J.-..[.P..A....Y....vr.....^J...J...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\KlavikaWebBasicRegularItalic[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), . family Size (bytes): 27439 Entropy (8bit): 7.974556238743968 Encrypted: false MD5: 583153B0B92570A786FA6C4895E90143 SHA1: E682E5F0AD514E14621A3AC863D917C70EA655D6 SHA-256: 532BBCC80223DA8D5F70667EA457BFACD264B904CC5CFEF076525427ABC9FCF8 SHA-512: 43972E673DEC13D487B41F9FBB4700D0AB22DB39433BA4130B2AB18E6C04EEC63D8E8B252FCD8BCBFFCA4C7259F01DB7ACF4C03DB0AF2F5702C6B278DD16F 59E Malicious: false Reputation: low Preview: /k...j...... LP....J .P...... 2S...... V.e.r.s.i.o.n. .2...0.0.1...... BSGP...... 8.Q..Q..U.....c.g.i9.A.C...R./.,a.Dx.R.d.@g1.?.{Q.7..%. #+F)7...K. 4Q.dD.@ ...... _..`3Q.k0.,Y.>^yq.H...... %..,....@..&(b[.".+>s,..vUR...... 4t?.y..RDWd...!...... v[x1...w.".i.^^.t...... x...n.. .m.Mm....g...p...... 0P.L..). h..%[email protected] ".a.a.%."+*`...... n.U....rBUK'..D+...R.^..d/l4.<.....A.m.i.0S..=i....V.kP...q...`"w.F.ab.H.c.ms...c...&..U.D...NvE7.Yqd..?0.y.u....@.]...Q G.p..C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\KlavikaWebBasicRegular[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), . family Size (bytes): 29333 Entropy (8bit): 7.9758651276894845 Encrypted: false MD5: DC85FE4BAD14F1667015C33116AF180A SHA1: F3689186EFD1550DB250AFCD23E5D348AE4246AB SHA-256: DC285763042ED4194CA08AF3491D1F5CA8761877CB35D18188803C7575245A1F SHA-512: 873CFE209FE1F1BD1074B324E1A66DB2F4303B5AFD04A40346B5C72A5E206C949CCE36AE761C90BD44255CEA3F767DA136745B80778A790F1942ED33DF3275F0 Malicious: false Reputation: low Preview: .r...q...... LP....J .P...... \/.5...... V.e.r.s.i.o.n. .2...0.0.1...... BSGP...... L..M..Q~....c.g.i9.A.C...R./.,i4Dx.R.d..cD..{Q.7O.%.+F. [..!.)9j.J5.knFN.J.t9....)i.s.,g...Y..+.Bn.D.GG...Y.5z.bN..l..p.I.XQ..`..).<..?t.8....c.d\).0..(.. ...S.%.#...{.....9.'t..v.....3.4.U.?.....j...... oj&....h.....$..s6. ...Y.!a..%..h.!~....8e.NV..|.K..E\D.k..{P..{....5.9...$%...... B.z.E..r.A.V`.N....zH6..`@....+.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\bundle.min.7788c4bdac16b7a1e974a1a2b27e4e0a7e9e84df97ef50de015 21b0507be8b30[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 19816 Entropy (8bit): 5.3114288976268815 Encrypted: false MD5: 6C742CD6884C52529896E63246AF0086 SHA1: BAAA4A38A94FC84E0C372B73512148BC2AB24840 SHA-256: 7788C4BDAC16B7A1E974A1A2B27E4E0A7E9E84DF97EF50DE01521B0507BE8B30 SHA-512: 4567DE32AB4CD548DDE0BD4FBBE405150378F08B2C0D9BDBE9CFCECB017BBD4B8130B9278979B95B34AC2AB0F728C1F22F570F57EC1233FC86AB6DD6FDDDD 9CC Malicious: false Reputation: low Preview: /*!.* Lightbox for Bootstrap by @ashleydw.* https://github.com/ashleydw/lightbox.*.* License: https://github.com/ashleydw/lightbox/blob/master/LICENSE.*/+function($){'use strict';var _createClass=(function(){function defineProperties(target,props){for(var i=0;iC:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\css[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Size (bytes): 742 Entropy (8bit): 5.3614104416690695 Encrypted: false
Copyright Joe Security LLC 2019 Page 18 of 34 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\css[1].css MD5: 73155DC25E807C6EF17F9CBAB955E6D6 SHA1: 90EDA567358F36CBDFE35CB88F71D5CC328C9A26 SHA-256: C7CDF94EE3CBC8E38A03D5A0DA37CED4855CCB827EA9E5C256A167862BDD4795 SHA-512: 17FC77F73140197278AD98514A1BDAC942B5B0548C7F00C0E452EEB110F327ADCFB9C24553D7844F21FB5D719576834182EBFC3B11281F3F4267F2240B4C7D6C Malicious: false Reputation: low Preview: @font-face {. font-family: 'IBM Plex Mono';. font-style: normal;. font-weight: 400;. src: local('IBM Plex Mono'), local('IBMPlexMono'), url(https://fonts.gstatic.com/ s/ibmplexmono/v4/-F63fjptAgt5VM-kVkqdyU8n1i8q0Q.woff) format('woff');.}.@font-face {. font-family: 'IBM Plex Sans';. font-style: normal;. font-weight: 300;. src: loca l('IBM Plex Sans Light'), local('IBMPlexSans-Light'), url(https://fonts.gstatic.com/s/ibmplexsans/v6/zYX9KVElMYYaJe8bpLHnCwDKjXr8AIFscg.woff) format('woff');.}.@font- face {. font-family: 'IBM Plex Sans';. font-style: normal;. font-weight: 400;. src: local('IBM Plex Sans'), local('IBMPlexSans'), url(https://fonts.gstatic.com/s/ibmplexs ans/v6/zYXgKVElMYYaJe8bpLHnCwDKhdHeEw.woff) format('woff');.}.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\index[1].html Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text Size (bytes): 7174 Entropy (8bit): 5.213781776793789 Encrypted: false MD5: 8C4E3C800189536A4836731429CC7FF3 SHA1: E098BEAAA693912B224C9C4E3ED3D54E615633D6 SHA-256: A05920F533A3B0A9C213F905C3BE0984238FE7038F704352CAFEB5C1EC397C9F SHA-512: 4F6DAB5A7CB232243559DEB5EA466165FEB80C86564F958F916CE0A741D61629E0B65EB2137211E4723F378A33280A3D0EA768B719C938EAE7F7E5269AAD6FCD Malicious: false Reputation: low Preview: ..
. . . .Cyber Security Experts - Kryptos Logic . . . . . ....
.C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\js[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 64205 Entropy (8bit): 5.522089999243716 Encrypted: false MD5: 8F9C050B9088863771A4F6FDDDF153DB SHA1: BD90D228D99CEEEBAA409CE8AF1CF6B65A47A448 SHA-256: 362F8C24418209B8B9D9C64E4916AD73590F205110DC42F6AA4E3B130A6C5560 SHA-512: 308F5C92FD396035208047327DBBB0DDA45BAE65DB72D595BACCE83F0654D6E562AA5AADB1D9BF5DB3D1697AB6442EDBC296DBC60B3F392D2BC8F6D46564B 371 Malicious: false Reputation: low Preview: .// Copyright 2012 Google Inc. All rights reserved..(function(){..var data = {."resource": {. "version":"1",. "macros":[],. "tags":[],. "predicates":[],. "rules":[].},."runtime":[.[],[] .]...};.var aa,ca=this,da=/^[\w+/_-]+[=]{0,2}$/,ea=null;var fa=function(){},ha=function(a){return"function"==typeof a},ia=function(a){return"string"==typeof a},ja=function(a) {return"number"==typeof a&&!isNaN(a)},ka=function(a){return"[object Array]"==Object.prototype.toString.call(Object(a))},la=function(a,b){if(Array.prototype.indexOf){var c=a.indexOf(b);return"number"==typeof c?c:-1}for(var d=0;db)a=0,b=2147483647;return Math.floor(Math.random()*(b-a+1)+a)},pa=function(a,b){for(var c in a)Object.prototy pe.hasOwnProperty.call(a,c)&&b(c,a[c])},qa=function(a){return Math.round(Number(a))||0},ra=function(a){return"false"==String(a).to
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\style[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 11813 Entropy (8bit): 5.051476676685972 Encrypted: false MD5: 37E7076DA5A0B5DCB8D8F6EE55F7D875 SHA1: F56F8FBAED5B9185287FB13864E5F3B3F05D8831 SHA-256: E0B0BE038DDFD148E850ECD612606250F185444A150BC71EB298B0F88CBAE47E SHA-512: 1B7FF36E660F583D253ABD9928E6160668354309784619056D79680DE6C581115622A21BF4879246B781655352236DED7AB391583C181A1F4620CC14982F3724 Malicious: false Reputation: low Preview: @charset "UTF-8";@import url("https://fonts.googleapis.com/css?family=Montserrat|Open+Sans");html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockqu ote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,center,dl,dt,dd,ol,ul,li,fieldset,form,label,legend, table,caption,tbody,tfoot,thead,tr,th,td,article,aside,canvas,details,embed,figure,figcaption,footer,header,hgroup,menu,nav,output,ruby,section,summary,time,mark,audio,vi deo{margin:0;padding:0;border:0;font-size:100%;font:inherit;vertical-align:baseline;}article,aside,details,figcaption,figure,footer,header,hgroup,menu,nav,section,main{di splay:block;}body{line-height:1;}ol,ul{list-style:none;}blockquote,q{quotes:none;}blockquote:before,blockquote:after,q:before,q:after{content:'';content:none;}table{border- collapse:collapse;border-spacing:0;}html{font-size:62.5%;}body{background:#1F222E;font-family:"Open Sans","Helvetica Neue","Lucida Grande",Arial,Verdana,sans-
Copyright Joe Security LLC 2019 Page 19 of 34 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\JTUSjIg1_i6t8kCHKm459WlhzQ[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 23480, version 1.1 Size (bytes): 23480 Entropy (8bit): 7.981253427621622 Encrypted: false MD5: 8102C4838F9E3D08DAD644290A9CB701 SHA1: 5AF1938D1327395F47C84E57B6BA7756234D2262 SHA-256: 60CEBEA4C9183F51FBD323F14DD729E18768BE4F6395467013216AE36526CF9C SHA-512: E8A0D6B72163E407DE82170E4560044CAE90116D1DD3CFA20F140E4379C8AABDC5BEAC6DD965D0E925CA673E41C42A858975C47F1F8152637958569D239E91FC Malicious: false Reputation: low Preview: wOFF...... [...... 8...... GDEF...... G...X.g.^GPOS...... 2.....GSUB...... ,.OS/2...\...N...`S..Ucmap...... h.cvt ...p...\..../R.Hfpgm...... F...mM$.|gasp...... glyf...... 3X..].,..$head..Rt...6...6.F.nhhea..R...... $....hmtx..R....%...>.x..loca..T...... (..*0maxp..W...... h.Yname..W4...... -5H.post..X$...... D.z.prep..Z...... K..x.%.... P...... @:D...$.. ]!....h.....2/.$.....D.^.F..ua.].N....%>./...x..ut.I...... e+..o...g.^..13333333333.-.e/.cgYAs....R.{.G..^.L...... j...... R.z..D..o...~...... $.`.BY.21.W...... 9...f.C..(..M.!..D....1rT ...w6cG.J....U...... ]..>...... q..jhT\l..;,M.zYK..x:.n.R...(...... g)..~...Xl#`...... -.#..T...]..Tw...... k.7....I.....@..$..r....X.\..L...... _.H.2".V... .1..."._d.#R..4c"...2> ..A..D;..e>".|Tt.1...... 8...._.K..+...... Y~'r.A.....D.../..W..ob.....[.8K.8Gtq..0...|....D.KE+.."..V.....\vr.._-.Se..=..A.1$...<.E.CL..%QB.8.9.....,.Jv.=,...%.i..:U*V..U.b..]N.D..O..'...1.$.....<
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\analytics[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 44130 Entropy (8bit): 5.514312906140191 Encrypted: false MD5: 0EA40A4CB2873A89CBE597EAEA860826 SHA1: BD6B139170EE44A65963986D0B785A13C7B6CDB4 SHA-256: 3E552578C7D450B023F2CD9D28F830BE4335C3ACC6C4AB6DADDA0769F09E5F22 SHA-512: 546F15177E41676F3D9CCEBB89B8014AA5CE37F06289DB3E9B6DCB0CA3240340E0878EFCFC2BE4273C81F3DD8128FF8A07530C391A23EDAC39F836767F861798 Malicious: false Reputation: low Preview: (function(){var k=this,l=function(a,b){a=a.split(".");var c=k;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||voi d 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var m=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},n=function(a){for(var b in a)if(a.has OwnProperty(b))return!0;return!1};var q=/^(?:(?:https?|mailto|ftp):|[^:/?#]*(?:[/?#]|$))/i;var r=window,t=document,u=function(a,b){t.addEventListener?t.addEventListener(a ,b,!1):t.attachEvent&&t.attachEvent("on"+a,b)};var v=/:[0-9]+$/,x=function(a,b){b&&(b=String(b).toLowerCase());if("protocol"===b||"port"===b)a.protocol=w(a.protocol)||w(r .location.protocol);"port"===b?a.port=String(Number(a.hostname?a.port:r.location.port)||("http"==a.protocol?80:"https"==a.protocol?443:"")):"host"===b&&(a.hostname= (a.hostname||r.location.hostname).replace(v,"").toLowerCase());var c=w(a.protocol);b&&(b=String(b).toLowerCase());switch(b){case "url_no_fragment"
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\dashboard[1].png
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 1300 x 800, 8-bit/color RGBA, non-interlaced Size (bytes): 372003 Entropy (8bit): 7.990916905784195 Encrypted: true MD5: B362D488D47499A7520CC7B612E8D847 SHA1: 1AC3CE4F67221F77A34966B5ADA41694D7695840 SHA-256: 2CFDFAB8F33A5D4A9446A50B46EFAB70C73D4EA96451D75C4AE5C68997B2A350 SHA-512: B1F07B9FF26A168E73190E3CE856CDB026B93C3CDDA31208F7A544FF0CC56DE25A938577F694F9C5F77BB5AC0CF037FABEBCB6F0FC28E7658E75ADBB7BD5F7 91 Malicious: false Reputation: low Preview: .PNG...... IHDR...... R..i.. .IDATx..y.eIU'.[..>.;e.{3k....(..6...v1..F....[[_.-..vk.|..|O...}.#[email protected] ..}. ..U.P3P.U...to..L;..#bE..g...u....Qy..;"V.XS...... (.&U.._.}..*bL0.J)$*A.$`flmm.V...n'.f .z}.y...Y.A)...u....).T}....jL!Q....#Ik.Z.dY=...... 4..Z.z.."[email protected] @DJ).Z...1.DD..y...B...uN.P...Z..PJA..f...... `6BK "(E.v5...([email protected] )"..5....3."b&R`.....@`...Z.d.d"..D...t.Y..J. ..X33..`RJ..`(R`..~..E....n2....liQ..5..b2...LD..0...... A..U.`...M{[email protected] ..... !..Ck.E...5....J.b.X.9.....V. [email protected] ).B...(.#..(.....5)C..".v..HA%..<..U1..%.....?..k+.o.O
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\mem8YaGs126MiZpBA-UFVZ0d[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 18100, version 1.1 Size (bytes): 18100 Entropy (8bit): 7.962027637722169 Encrypted: false MD5: DE0869E324680C99EFA1250515B4B41C SHA1: 8033A128504F11145EA791E481E3CF79DCD290E2 SHA-256: 81F0EC27796225EA29F9F1C7B74F083EDCD7BC97A09D5FC4E8D03C0134E62445 SHA-512: CD616DB99B91C6CBF427969F715197D54287BAFA60C3B58B93FF7837C21A6AAC1A984451AEEB9E07FD5B1B0EC465FE020ACBE1BFF8320E1628E970DDF37B0F 0E Malicious: false Reputation: low
Copyright Joe Security LLC 2019 Page 20 of 34 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\mem8YaGs126MiZpBA-UFVZ0d[1].woff Preview: wOFF...... F...... i...... GDEF...... GPOS...... GSUB...... X...t...OS/2...... ^...`~]..cmap...`...... X..cvt ...... Y.....M..fpgm...p...... ~a..gasp...... #glyf...... 6...S...]head..>....6...6..cphhea..>...... $....hmtx..?...... [$loca..A4...... f..maxp..B...... name..C...... &:A.post..D...... x.U..prep..E...... C...... x...5.A...... m."gW..`.L..&N".?...... IF....a.^...b1...... Uh."4...>..=x.c`f..8.....u..1...<.f...... A...... 5....1...A.._6..".-..L.....Ar,...... 3..(....x.\.!..q...... #aff...#1Q@.'U..@5." .llt.Aa#.f|c.W.....'..X..!..C...ITPE.;..V.j...... 0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p...... M.x.c.a.g.c..$KY...e@.,.."...... ?....%.g....Z..... (".o..Y..Bu342.e...... 0...... M=.....x.uTGw.F...... )..)7.W.$`*.....G.Kz.)e....t.|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N.KG.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\zYX9KVElMYYaJe8bpLHnCwDKjXr8AIFscg[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 24220, version 1.1 Size (bytes): 24220 Entropy (8bit): 7.975197438590709 Encrypted: false MD5: 10BB6A0AE6DC8000D999AB622A45E281 SHA1: 3F3F0D0D1C197AAED691F72EEECA77C64CD65523 SHA-256: 6ABE6B7EF0ABE00B00FFD7B5D9E527102EDE9A623F808DC27E21D6F89F67ECFF SHA-512: 4B05DA497752A71461653DAC8E3E02DB379F98F90ED988BE6CA98C293569448B68294973865C1C8997ADB4DA19DA8313AC8711B3DEEDD942BC5C6032FEAF62F6 Malicious: false Reputation: low Preview: wOFF...... ^...... GDEF...... [email protected] ...... 6.o.#.GSUB...... >.,GOS/2...... U...`iC..cmap...... ?.=.cvt ...... >...>....fpgm...... s.Y.7gasp...... !glyf...... ;...~j,.>%head..V`...6...6...nhhea..V...... $....hmtx..V...... ?Xloca..X...... *maxp..Z...... name..Z...... <^post..[...... 5....prep..]...... l..qx...... @....O..u [email protected] .&U,V...... K.....I....;...x.d....A.F...gv..m.Qm.m3...EP.m...g..xP@6z3.i.so..Z0s2....3.z.G.JS. 6...X.c'...IcfN.X..Tb...ry7./E..8..=TO5\MTo.J:.Y..._..1N.1..f.o...Jf. ...._..D.{.M.O.C.I...... n.{..z.^.CtT.Mz.0.....4W.?.....Z...b+.v..h..K....k.....GN.R...<..L.jP.Z...i@C.....=..Hgz..../...P.1...g...... r....<...e.p.k\...... r..<...y.S...... y.[...|...... =.c/E..Q....8.c Ch..C.....^cll,.(.t,.).#.81..6.$..OnKI.#.dG.p2...... q?...0.f..y...d._b~...z..GQ+xRu...V._t.(.C..Y.\..9<...h.u.u.K....6.y..QM.N..m].VP..L.M..z..QY.e...... x...i..1d\).Ij..C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\zYXgKVElMYYaJe8bpLHnCwDKhdHeEw[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 22620, version 1.1 Size (bytes): 22620 Entropy (8bit): 7.9761014161385395 Encrypted: false MD5: A2C56F946488A9A267BA6BA21471A217 SHA1: 05124DD70199CD052531A4FDF3FEFC34B99D6AB4 SHA-256: ED561C5D042D08481AF8CB1D52EF6B0365FF6B982F17983CC0E0778C1611AFC1 SHA-512: E242BE2965AB97080EFC258D5FC6E440FA8ACAF0DFC1E2449AAA13E2997ECED0673918E0AC75738B30DDAC595D30DC9DB77CAC167893B5FD96C54064F4405F 82 Malicious: false Reputation: low Preview: wOFF...... X\...... GDEF...... [email protected] ...... 56.n*.GSUB...... >.,GOS/2...... Y...`i. ecmap...... ?.=.cvt ...... >...>.m..fpgm...... s.Y.7gasp...... !glyf...... :d..~.....head..P8...6...6.*.ohhea..Pp...... $....hmtx..P...... ';oloca..R...... v,..maxp..T...... name..T...... p.F8.post..Ux...... 5.=..prep..Wp...... x...... @....O..u [email protected] .&U,V...... K.....I....;...x.d...Q.E.:..b..Q.Il.?.ylc.m.....P....#....0....Yy..[l.}..]. ...(..j....Dn][email protected] {...S1.A...... 0}.\...f.....L...Z.....i.)W..... a.#u.E{. ..0_.....)...k...r..[....6...c.j{n{m...... sQ..`.s..".....b5...F...mlg.;....r./...... u.q..|.3..$.x.H$..RI#....&.\...".)..2...*....:..k... ..c.33....}8}...... p.&.4af..|.`f..xu.T....O.U/.1.a.b..T.9^.+q...g...\...... d..S.X'f..B\.E..Q.f.@Kv;.=:r....}v...F...... f...... *.U...:..Y.....u.7`A.%<.}K.X...... 2*...... s]\aw.n..q.uw.j..%.(...... 4..T:.mk......
C:\Users\user\AppData\Local\Temp\~DF79F69AFA191E6800.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Size (bytes): 25441 Entropy (8bit): 0.3743365608710266 Encrypted: false MD5: E3499D97AD34B67E89E22AB83BB33EFF SHA1: BB781CEBBF11A15CCDD70E2522EAE9D0DE40D5E3 SHA-256: B0E85B2B4416CA4C7C53AA514059A0BFAFFA78734FED33DBC9D82CE91455C9CC SHA-512: EFCBFB62E1C98D7DD71A36EB3BBF81EE619C04E1CB9F27BBD51AA669FB080AB2B2A19C6B33A9A4F40B14D96EA4A3EC6A358C2A754B056E323FABB17E4FE2 D088 Malicious: false Reputation: low Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(......
C:\Users\user\AppData\Local\Temp\~DF803BF8498F680D27.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Size (bytes): 44483 Entropy (8bit): 0.7600058150623348 Encrypted: false MD5: 183C571BBB8E8D2B0CA172B78A7846CE SHA1: 6216420094688489FE5DEF603F9A6C0A10C33BB8 Copyright Joe Security LLC 2019 Page 21 of 34 C:\Users\user\AppData\Local\Temp\~DF803BF8498F680D27.TMP SHA-256: 34FA7B92F2C78F58501D4325E78260473C4121F9CB6357F072AFE95B78286223 SHA-512: 5EF6121D4A3ADF019AEBFFE6D203CADAB2E3BA6E4F092EDC6A167C859D9F594287C2225C044D5EEC88E4DC8DCA52E58B5EE48EBC3706C6DF0CFC55AA91002 AAE Malicious: false Reputation: low Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(......
C:\Users\user\AppData\Local\Temp\~DF9F1749A2640D4826.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Size (bytes): 13029 Entropy (8bit): 0.474512122123611 Encrypted: false MD5: 7A4901F5BDC8C6CCCDE5DBD26046C555 SHA1: 097165EE0D6AD27B8C3BA539F8805C9EF176E54D SHA-256: 3404776FBEB9D7A946576077C25AED0FA12F28F7FCBA6F1BD8A2B01F4DCAAD87 SHA-512: 2F50F74A6083734FD61502F797F77AB770A5CC9AB45490E6B26DD4BDEC2CA195991AFE5A33531065A9CFD8BC093C1A9331A9045AE200586682829EF4CA8E5C81 Malicious: false Reputation: low Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(......
Domains and IPs
Contacted Domains
Name IP Active Malicious Antivirus Detection Reputation www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.co 104.17.244.81 true false high m www.kryptoslogic.com 104.24.98.133 true false 0%, virustotal, Browse low cdnjs.cloudflare.com 104.19.199.151 true false high static.kryptoslogicsinkhole.com 35.237.128.253 true false 0%, virustotal, Browse unknown
Contacted URLs
Name Malicious Antivirus Detection Reputation www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/ true 2%, virustotal, Browse low Avira URL Cloud: safe static.kryptoslogicsinkhole.com/style.css false 0%, virustotal, Browse unknown Avira URL Cloud: safe www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/favicon.ico true 0%, virustotal, Browse low Avira URL Cloud: safe
URLs from Memory and Binaries
Name Source Malicious Antivirus Detection Reputation https://www.kryptoslogic.com/favicon.png index[1].html.2.dr false Avira URL Cloud: safe low www.iuqerfic.com/fjhgosurijfaewrwergwea.com/Root {27CD80B6-5FF6-11E9-AAD9-C25F1 false Avira URL Cloud: safe unknown 35D3C65}.dat.1.dr https://www.kryptoslogic.com/terms index[1].html.2.dr false Avira URL Cloud: safe low www.nytimes.com/ msapplication.xml3.1.dr false high ~DF803BF8498F680D27.TMP.1.dr false Avira URL Cloud: safe low https://www.kryptoslogic.com/fjhgosurijfaewrwergwea.com/ https://github.com/ashleydw/lightbox bundle.min.7788c4bdac16b7a1e97 false high 4a1a2b27e4e0a7e9e84df97ef50de0 1521b0507be8b30[1].js.2.dr js[1].js.2.dr false high https://www.googletraveladservices.com/travel/clk/pagead/con version/ https://stats.g.doubleclick.net/r/collect? analytics[1].js.2.dr false high t=dc&aip=1&_r=3& www.amazon.com/ msapplication.xml.1.dr false high Copyright Joe Security LLC 2019 Page 22 of 34 Name Source Malicious Antivirus Detection Reputation ~DF803BF8498F680D27.TMP.1.dr false Avira URL Cloud: safe low www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/4Sinkhol ed https://getbootstrap.com/) bootstrap.bundle.min[1].js.2.dr false high https://www.kryptoslogic.com/products/telltale/ index[1].html.2.dr false Avira URL Cloud: safe low {27CD80B6-5FF6-11E9-AAD9-C25F1 false Avira URL Cloud: safe unknown https://www.kryptoslogifjaposdfjhgosurijfaewrwergwea.com/ 35D3C65}.dat.1.dr www.twitter.com/ msapplication.xml5.1.dr false high https://fontawesome.comhttps://fontawesome.comFont fa-brands-400[1].eot.2.dr false Avira URL Cloud: safe unknown index[1].html.2.dr false high https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.c arousel.min.js https://www.linkedin.com/company/kryptos-logic index[1].html.2.dr false high https://fontawesome.com style.min.da902094c76a979e1f92 false high 977045b7b3bfbaee983d2368f3ded5 00f832d61eac11[1].css.2.dr https://github.com/twbs/bootstrap/graphs/contributors) bootstrap.bundle.min[1].js.2.dr false high https://www.google.%/ads/ga-audiences analytics[1].js.2.dr false high https://www.kryptoslogic.com/ ~DF803BF8498F680D27.TMP.1.dr false 0%, virustotal, Browse low Avira URL Cloud: safe https://fontawesome.com/license style.min.da902094c76a979e1f92 false high 977045b7b3bfbaee983d2368f3ded5 00f832d61eac11[1].css.2.dr https://github.com/kryptoslogic index[1].html.2.dr false high www.youtube.com/ msapplication.xml7.1.dr false high https://cdnjs.cloudflare.com/ajax/libs/twitter- index[1].html.2.dr false high bootstrap/4.3.1/js/bootstrap.bundle.min.js https://www.kryptoslogic.com/images/logo.svg index[1].html.2.dr false Avira URL Cloud: safe low {27CD80B6-5FF6-11E9-AAD9-C25F1 false Avira URL Cloud: safe low www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/Root 35D3C65}.dat.1.dr js[1].js.2.dr false high https://github.com/krux/postscribe/blob/master/LICENSE. https://github.com/twbs/bootstrap/blob/master/LICENSE) bootstrap.bundle.min[1].js.2.dr false high https://www.kryptoslogic.com/index.xml index[1].html.2.dr false Avira URL Cloud: safe low https://www.kryptoslogic.com ZZRSIRDS.htm.2.dr false high www.wikipedia.com/ msapplication.xml6.1.dr false high https://stats.g.doubleclick.net/j/collect analytics[1].js.2.dr false high https://www.googletraveladservices.com/travel/flights/clk js[1].js.2.dr false high https://www.kryptoslogic.com/privacy index[1].html.2.dr false Avira URL Cloud: safe low www.live.com/ msapplication.xml2.1.dr false high https://www.kryptoslogic.com/images/dashboard.png index[1].html.2.dr false Avira URL Cloud: safe low https://twitter.com/kryptoslogic index[1].html.2.dr false high index[1].html.2.dr false high https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js www.reddit.com/ msapplication.xml4.1.dr false high bundle.min.7788c4bdac16b7a1e97 false high https://github.com/ashleydw/lightbox/blob/master/LICENSE 4a1a2b27e4e0a7e9e84df97ef50de0 1521b0507be8b30[1].js.2.dr https://telltale.kryptoslogic.com/auth/signup/ index[1].html.2.dr false Avira URL Cloud: safe low https://www.kryptoslogic.com/LCyber ~DF803BF8498F680D27.TMP.1.dr false Avira URL Cloud: safe low owl.carousel.min[1].js.2.dr false high https://github.com/OwlCarousel2/OwlCarousel2/blob/master/LI CENSE
Contacted IPs
Copyright Joe Security LLC 2019 Page 23 of 34 No. of IPs < 25%
25% < No. of IPs < 50% 50% < No. of IPs < 75% 75% < No. of IPs
Public
IP Country Flag ASN ASN Name Malicious 104.19.199.151 United States 13335 unknown false 35.237.128.253 United States 15169 unknown false 104.24.98.133 United States 13335 unknown false 104.17.244.81 United States 13335 unknown false
Static File Info
No static file info
Network Behavior
Snort IDS Alerts
Source Dest Timestamp Protocol SID Message Port Port Source IP Dest IP 04/15/19- UDP 2024291 ET TROJAN Possible WannaCry DNS Lookup 1 54455 53 192.168.2.5 8.8.8.8 20:17:27.528466 04/15/19- TCP 2024298 ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1 49802 80 192.168.2.5 104.17.244.81 20:17:27.570869 04/15/19- TCP 2024298 ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1 49803 80 192.168.2.5 104.17.244.81 20:17:30.038956 04/15/19- UDP 2024291 ET TROJAN Possible WannaCry DNS Lookup 1 58501 53 192.168.2.5 8.8.8.8 20:17:43.676068 04/15/19- TCP 2024298 ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1 49810 80 192.168.2.5 104.16.173.80 20:17:43.727070
Network Port Distribution
Copyright Joe Security LLC 2019 Page 24 of 34 Total Packets: 59 • 53 (DNS) • 443 (HTTPS) • 80 (HTTP)
TCP Packets
Timestamp Source Port Dest Port Source IP Dest IP Apr 15, 2019 20:17:27.555869102 CEST 49803 80 192.168.2.5 104.17.244.81 Apr 15, 2019 20:17:27.556341887 CEST 49802 80 192.168.2.5 104.17.244.81 Apr 15, 2019 20:17:27.567275047 CEST 80 49803 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:27.568036079 CEST 80 49802 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:27.569977999 CEST 49803 80 192.168.2.5 104.17.244.81 Apr 15, 2019 20:17:27.570004940 CEST 49802 80 192.168.2.5 104.17.244.81 Apr 15, 2019 20:17:27.570868969 CEST 49802 80 192.168.2.5 104.17.244.81 Apr 15, 2019 20:17:27.582402945 CEST 80 49802 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:27.618668079 CEST 80 49802 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:27.618705034 CEST 80 49802 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:27.618724108 CEST 80 49802 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:27.618803978 CEST 49802 80 192.168.2.5 104.17.244.81 Apr 15, 2019 20:17:27.630290985 CEST 49802 80 192.168.2.5 104.17.244.81 Apr 15, 2019 20:17:27.641655922 CEST 80 49802 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:27.783776999 CEST 49804 80 192.168.2.5 35.237.128.253 Apr 15, 2019 20:17:27.783971071 CEST 49805 80 192.168.2.5 35.237.128.253 Apr 15, 2019 20:17:27.898999929 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:27.899096966 CEST 49804 80 192.168.2.5 35.237.128.253 Apr 15, 2019 20:17:27.899930000 CEST 49804 80 192.168.2.5 35.237.128.253 Apr 15, 2019 20:17:27.900796890 CEST 80 49805 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:27.900888920 CEST 49805 80 192.168.2.5 35.237.128.253 Apr 15, 2019 20:17:28.015961885 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.016182899 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.016233921 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.016259909 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.016288996 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.016311884 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.016340971 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.016377926 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.016411066 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.016438007 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.016474009 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.017579079 CEST 49804 80 192.168.2.5 35.237.128.253 Apr 15, 2019 20:17:28.017623901 CEST 49804 80 192.168.2.5 35.237.128.253 Apr 15, 2019 20:17:28.132900000 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.134444952 CEST 49804 80 192.168.2.5 35.237.128.253 Apr 15, 2019 20:17:30.038955927 CEST 49803 80 192.168.2.5 104.17.244.81 Apr 15, 2019 20:17:30.050450087 CEST 80 49803 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:30.053271055 CEST 80 49803 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:30.053303003 CEST 80 49803 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:30.053457022 CEST 80 49803 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:30.054102898 CEST 49803 80 192.168.2.5 104.17.244.81 Apr 15, 2019 20:17:30.060544968 CEST 49803 80 192.168.2.5 104.17.244.81 Apr 15, 2019 20:17:30.071913958 CEST 80 49803 104.17.244.81 192.168.2.5
Copyright Joe Security LLC 2019 Page 25 of 34 Timestamp Source Port Dest Port Source IP Dest IP Apr 15, 2019 20:17:45.636384010 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.637661934 CEST 49812 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.648611069 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.649328947 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.649492025 CEST 443 49812 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.650923014 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.651611090 CEST 49812 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.652265072 CEST 49812 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.663650990 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.664952040 CEST 443 49812 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.667843103 CEST 443 49812 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.667886019 CEST 443 49812 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.667912006 CEST 443 49812 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.667932034 CEST 443 49812 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.669888973 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.669945002 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.669970989 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.669995070 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.698374033 CEST 49812 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.699320078 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.700660944 CEST 443 49812 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.711147070 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.711183071 CEST 49812 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.716743946 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.717173100 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.717524052 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.717876911 CEST 49812 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.718285084 CEST 49812 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.728426933 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.728542089 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.730390072 CEST 443 49812 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.730422020 CEST 443 49812 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.730524063 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.731733084 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.743063927 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.749471903 CEST 49812 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.751996994 CEST 49812 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.804697037 CEST 443 49812 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.932765007 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.932812929 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.932847023 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.932867050 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.932887077 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.951901913 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.962208986 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.974518061 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:46.017302990 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:46.018595934 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:46.019988060 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:46.021189928 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:46.023386002 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:46.028343916 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:46.029903889 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:46.032525063 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:46.039724112 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:46.047981024 CEST 443 49811 104.24.98.133 192.168.2.5
UDP Packets
Timestamp Source Port Dest Port Source IP Dest IP Apr 15, 2019 20:17:20.667615891 CEST 55147 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:20.688916922 CEST 53 55147 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:21.063441992 CEST 62247 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:21.085186005 CEST 53 62247 8.8.8.8 192.168.2.5
Copyright Joe Security LLC 2019 Page 26 of 34 Timestamp Source Port Dest Port Source IP Dest IP Apr 15, 2019 20:17:21.739505053 CEST 59496 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:21.751327991 CEST 53 59496 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:22.723947048 CEST 58937 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:22.743525028 CEST 53 58937 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:23.338157892 CEST 62548 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:23.399841070 CEST 53 62548 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:26.431926012 CEST 53311 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:26.449282885 CEST 53 53311 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:27.528465986 CEST 54455 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:27.540838003 CEST 53 54455 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:27.736438036 CEST 54772 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:27.778259039 CEST 53 54772 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:28.158189058 CEST 58460 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:28.186804056 CEST 53 58460 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:29.569307089 CEST 58876 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:29.599524975 CEST 53 58876 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:43.676068068 CEST 58501 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:43.708053112 CEST 53 58501 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:45.581392050 CEST 53388 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:45.613946915 CEST 53 53388 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:46.457343102 CEST 58724 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:46.469024897 CEST 53 58724 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:47.301501989 CEST 60822 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:47.331711054 CEST 53 60822 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:48.199058056 CEST 58429 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:48.225547075 CEST 53 58429 8.8.8.8 192.168.2.5
DNS Queries
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class Apr 15, 2019 20:17:27.528465986 CEST 192.168.2.5 8.8.8.8 0x1637 Standard query www.iuqerf A (IP address) IN (0x0001) (0) sodp9ifjap osdfjhgosu rijfaewrwe rgwea.com Apr 15, 2019 20:17:27.736438036 CEST 192.168.2.5 8.8.8.8 0x34a2 Standard query static.kry A (IP address) IN (0x0001) (0) ptoslogics inkhole.com Apr 15, 2019 20:17:43.676068068 CEST 192.168.2.5 8.8.8.8 0xab12 Standard query www.iuqerf A (IP address) IN (0x0001) (0) sodp9ifjap osdfjhgosu rijfaewrwe rgwea.com Apr 15, 2019 20:17:45.581392050 CEST 192.168.2.5 8.8.8.8 0xeb89 Standard query www.krypto A (IP address) IN (0x0001) (0) slogic.com Apr 15, 2019 20:17:46.457343102 CEST 192.168.2.5 8.8.8.8 0x99d8 Standard query cdnjs.clou A (IP address) IN (0x0001) (0) dflare.com
DNS Answers
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Apr 15, 2019 8.8.8.8 192.168.2.5 0x1637 No error (0) www.iuqerf 104.17.244.81 A (IP address) IN (0x0001) 20:17:27.540838003 sodp9ifjap CEST osdfjhgosu rijfaewrwe rgwea.com Apr 15, 2019 8.8.8.8 192.168.2.5 0x1637 No error (0) www.iuqerf 104.16.173.80 A (IP address) IN (0x0001) 20:17:27.540838003 sodp9ifjap CEST osdfjhgosu rijfaewrwe rgwea.com Apr 15, 2019 8.8.8.8 192.168.2.5 0x34a2 No error (0) static.kry 35.237.128.253 A (IP address) IN (0x0001) 20:17:27.778259039 ptoslogics CEST inkhole.com Apr 15, 2019 8.8.8.8 192.168.2.5 0xab12 No error (0) www.iuqerf 104.16.173.80 A (IP address) IN (0x0001) 20:17:43.708053112 sodp9ifjap CEST osdfjhgosu rijfaewrwe rgwea.com
Copyright Joe Security LLC 2019 Page 27 of 34 Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Apr 15, 2019 8.8.8.8 192.168.2.5 0xab12 No error (0) www.iuqerf 104.17.244.81 A (IP address) IN (0x0001) 20:17:43.708053112 sodp9ifjap CEST osdfjhgosu rijfaewrwe rgwea.com Apr 15, 2019 8.8.8.8 192.168.2.5 0xeb89 No error (0) www.krypto 104.24.98.133 A (IP address) IN (0x0001) 20:17:45.613946915 slogic.com CEST Apr 15, 2019 8.8.8.8 192.168.2.5 0xeb89 No error (0) www.krypto 104.24.99.133 A (IP address) IN (0x0001) 20:17:45.613946915 slogic.com CEST Apr 15, 2019 8.8.8.8 192.168.2.5 0x99d8 No error (0) cdnjs.clou 104.19.199.151 A (IP address) IN (0x0001) 20:17:46.469024897 dflare.com CEST Apr 15, 2019 8.8.8.8 192.168.2.5 0x99d8 No error (0) cdnjs.clou 104.19.195.151 A (IP address) IN (0x0001) 20:17:46.469024897 dflare.com CEST Apr 15, 2019 8.8.8.8 192.168.2.5 0x99d8 No error (0) cdnjs.clou 104.19.197.151 A (IP address) IN (0x0001) 20:17:46.469024897 dflare.com CEST Apr 15, 2019 8.8.8.8 192.168.2.5 0x99d8 No error (0) cdnjs.clou 104.19.196.151 A (IP address) IN (0x0001) 20:17:46.469024897 dflare.com CEST Apr 15, 2019 8.8.8.8 192.168.2.5 0x99d8 No error (0) cdnjs.clou 104.19.198.151 A (IP address) IN (0x0001) 20:17:46.469024897 dflare.com CEST
HTTP Request Dependency Graph
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com static.kryptoslogicsinkhole.com
HTTP Packets
Session ID Source IP Source Port Destination IP Destination Port Process 0 192.168.2.5 49802 104.17.244.81 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
kBytes Timestamp transferred Direction Data Apr 15, 2019 145 OUT GET / HTTP/1.1 20:17:27.570868969 CEST Accept: text/html, application/xhtml+xml, image/jxr, */* Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com Connection: Keep-Alive Apr 15, 2019 146 IN HTTP/1.1 200 OK 20:17:27.618668079 CEST Date: Mon, 15 Apr 2019 18:17:27 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: __cfduid=d17476a6de4fbd67aef918743bfca15cb1555352247; expires=Tue, 14-Apr-20 18:17:27 GMT; path=/; domain=.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com; HttpOnly Vary: Accept-Encoding Server: cloudflare CF-RAY: 4c7fea9b58b0cc64-ZRH Content-Encoding: gzip Data Raw: 31 35 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6c 52 c1 6e db 30 0c fd 15 96 e7 39 5a 6e c5 20 e9 b2 f6 b4 01 1b d0 5e 76 94 25 26 62 23 4b 86 c9 c6 f5 df 0f 6e 12 ac 1e 7a 21 44 8a 8f 8f 7a 4f f6 ee e1 d7 f7 e7 3f bf 1f 21 eb 50 bc 5d 23 94 50 8f 0e a9 76 af 82 10 4b 10 71 58 5b f7 22 e8 6d a6 90 bc 1d 48 03 c4 1c 26 21 75 f8 aa 87 ee 1e bd 55 d6 42 fe 89 eb 29 b7 42 09 fa 05 7e 4c cb a8 4d e0 67 3b 72 b4 e6 d2 71 81 d7 30 90 c3 44 12 27 1e 95 5b 45 88 ad 2a 55 75 b8 81 c1 6d 22 6e 90 67 a6 79 6c 93 7e 80 cd 9c 34 bb 44 67 8e d4 bd 27 5f 80 2b 2b 87 d2 49 0c 85 dc 7e f7 15 bd 2d 5c 4f 90 27 3a 38 34 46 34 28 c7 dd e9 42 59 56 46 b9 12 ee 62 1b 8c e8 b2 9e 44 10 26 2a 0e df 73 c9 44 8a a0 cb 48 0e 95 de d4 ac 0d c6 5b 73 11 a8 6f 69 b9 49 77 28 41 d1 db c4 e7 5b e5 ba f0 a7 c5 ae 6f 6f db 8b 9e 8f dd e7 88 42 61 42 6f 4d e2 f3 2d e6 fd 3f 03 ee ac c9 7b 6f 47 ff 9c 59 20 b5 21 70 85 1c 04 7a a2 0a f2 d1 27 1b ae 7a 64 d5 51 be 19 33 cf f3 46 92 55 0a f4 ff d9 19 fc ce 9a 71 bb 80 59 9f be ea b0 fe a7 bf 00 00 00 ff ff 03 00 1b 65 fe 4f 5f 02 00 00 0d 0a Data Ascii: 15dlRn09Zn ^v%&b#Knz!DzO?!P]#PvKqX["mH&!uUB)B~LMg;rq0D'[E*Uum"ngyl~4Dg'_++I~-\O':84F4(BY VFbD&*sDH[soiIw(A[ooBaBoM-?{oGY !pz'zdQ3FUqYeO_
Session ID Source IP Source Port Destination IP Destination Port Process 1 192.168.2.5 49804 35.237.128.253 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
kBytes Timestamp transferred Direction Data
Copyright Joe Security LLC 2019 Page 28 of 34 kBytes Timestamp transferred Direction Data Apr 15, 2019 147 OUT GET /style.css HTTP/1.1 20:17:27.899930000 CEST Accept: text/css, */* Referer: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/ Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: static.kryptoslogicsinkhole.com Connection: Keep-Alive Apr 15, 2019 149 IN HTTP/1.1 200 OK 20:17:28.016182899 CEST Server: nginx/1.10.3 Date: Mon, 15 Apr 2019 18:17:27 GMT Content-Type: text/css Content-Length: 11813 Last-Modified: Mon, 02 Jul 2018 02:05:52 GMT Connection: keep-alive ETag: "5b398880-2e25" Accept-Ranges: bytes Data Raw: 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 40 69 6d 70 6f 72 74 20 75 72 6c 28 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 7c 4f 70 65 6e 2b 53 61 6e 73 22 29 3b 68 74 6d 6c 2c 62 6f 64 79 2c 64 69 76 2c 73 70 61 6e 2c 61 70 70 6c 65 74 2c 6f 62 6a 65 63 74 2c 69 66 72 61 6d 65 2c 68 31 2c 68 32 2c 68 33 2c 68 34 2c 68 35 2c 68 36 2c 70 2c 62 6c 6f 63 6b 71 75 6f 74 65 2c 70 72 65 2c 61 2c 61 62 62 72 2c 61 63 72 6f 6e 79 6d 2c 61 64 64 72 65 73 73 2c 62 69 67 2c 63 69 74 65 2c 63 6f 64 65 2c 64 65 6c 2c 64 66 6e 2c 65 6d 2c 69 6d 67 2c 69 6e 73 2c 6b 62 64 2c 71 2c 73 2c 73 61 6d 70 2c 73 6d 61 6c 6c 2c 73 74 72 69 6b 65 2c 73 74 72 6f 6e 67 2c 73 75 62 2c 73 75 70 2c 74 74 2c 76 61 72 2c 62 2c 75 2c 69 2c 63 65 6e 74 65 72 2c 64 6c 2c 64 74 2c 64 64 2c 6f 6c 2c 75 6c 2c 6c 69 2c 66 69 65 6c 64 73 65 74 2c 66 6f 72 6d 2c 6c 61 62 65 6c 2c 6c 65 67 65 6e 64 2c 74 61 62 6c 65 2c 63 61 70 74 69 6f 6e 2c 74 62 6f 64 79 2c 74 66 6f 6f 74 2c 74 68 65 61 64 2c 74 72 2c 74 68 2c 74 64 2c 61 72 74 69 63 6c 65 2c 61 73 69 64 65 2c 63 61 6e 76 61 73 2c 64 65 74 61 69 6c 73 2c 65 6d 62 65 64 2c 66 69 67 75 72 65 2c 66 69 67 63 61 70 74 69 6f 6e 2c 66 6f 6f 74 65 72 2c 68 65 61 64 65 72 2c 68 67 72 6f 75 70 2c 6d 65 6e 75 2c 6e 61 76 2c 6f 75 74 70 75 74 2c 72 75 62 79 2c 73 65 63 74 69 6f 6e 2c 73 75 6d 6d 61 72 79 2c 74 69 6d 65 2c 6d 61 72 6b 2c 61 75 64 69 6f 2c 76 69 64 65 6f 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 66 6f 6e 74 3a 69 6e 68 65 72 69 74 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 7d 61 72 74 69 63 6c 65 2c 61 73 69 64 65 2c 64 65 74 61 69 6c 73 2c 66 69 67 63 61 70 74 69 6f 6e 2c 66 69 67 75 72 65 2c 66 6f 6f 74 65 72 2c 68 65 61 64 65 72 2c 68 67 72 6f 75 70 2c 6d 65 6e 75 2c 6e 61 76 2c 73 65 63 74 69 6f 6e 2c 6d 61 69 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 7d 62 6f 64 79 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 7d 6f 6c 2c 75 6c 7b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 3b 7d 62 6c 6f 63 6b 71 75 6f 74 65 2c 71 7b 71 75 6f 74 65 73 3a 6e 6f 6e 65 3b 7d 62 6c 6f 63 6b 71 75 6f 74 65 3a 62 65 66 6f 72 65 2c 62 6c 6f 63 6b 71 75 6f 74 65 3a 61 66 74 65 72 2c 71 3a 62 65 66 6f 72 65 2c 71 3a 61 66 74 65 72 7b 63 6f 6e 74 65 6e 74 3a 27 27 3b 63 6f 6e 74 65 6e 74 3a 6e 6f 6e 65 3b 7d 74 61 62 6c 65 7b 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 7d 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 31 46 32 32 32 45 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 Data Ascii: @charset "UTF-8";@import url("https://fonts.googleapis.com/css?family=Montserrat|Open+Sans");html, body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,im g,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,center,dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbod y,tfoot,thead,tr,th,td,article,aside,canvas,details,embed,figure,figcaption,footer,header,hgroup,menu,nav,output,ruby,se ction,summary,time,mark,audio,video{margin:0;padding:0;border:0;font-size:100%;font:inherit;vertical-align:baseline;}art icle,aside,details,figcaption,figure,footer,header,hgroup,menu,nav,section,main{display:block;}body{line-height:1;}ol,ul{list- style:none;}blockquote,q{quotes:none;}blockquote:before,blockquote:after,q:before,q:after{content:'';content:none; }table{border-collapse:collapse;border-spacing:0;}html{font-size:62.5%;}body{background:#1F222E;font-family:"Open Sans","Helvetica Neue
Session ID Source IP Source Port Destination IP Destination Port Process 2 192.168.2.5 49803 104.17.244.81 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
kBytes Timestamp transferred Direction Data Apr 15, 2019 228 OUT GET /favicon.ico HTTP/1.1 20:17:30.038955927 CEST Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com Connection: Keep-Alive Cookie: __cfduid=d17476a6de4fbd67aef918743bfca15cb1555352247
Copyright Joe Security LLC 2019 Page 29 of 34 kBytes Timestamp transferred Direction Data Apr 15, 2019 229 IN HTTP/1.1 200 OK 20:17:30.053271055 CEST Date: Mon, 15 Apr 2019 18:17:30 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Server: cloudflare CF-RAY: 4c7feaaaccc9cc64-ZRH Content-Encoding: gzip Data Raw: 31 35 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6c 52 c1 6e db 30 0c fd 15 96 e7 39 5a 6e c5 20 e9 b2 f6 b4 01 1b d0 5e 76 94 25 26 62 23 4b 86 c9 c6 f5 df 0f 6e 12 ac 1e 7a 21 44 8a 8f 8f 7a 4f f6 ee e1 d7 f7 e7 3f bf 1f 21 eb 50 bc 5d 23 94 50 8f 0e a9 76 af 82 10 4b 10 71 58 5b f7 22 e8 6d a6 90 bc 1d 48 03 c4 1c 26 21 75 f8 aa 87 ee 1e bd 55 d6 42 fe 89 eb 29 b7 42 09 fa 05 7e 4c cb a8 4d e0 67 3b 72 b4 e6 d2 71 81 d7 30 90 c3 44 12 27 1e 95 5b 45 88 ad 2a 55 75 b8 81 c1 6d 22 6e 90 67 a6 79 6c 93 7e 80 cd 9c 34 bb 44 67 8e d4 bd 27 5f 80 2b 2b 87 d2 49 0c 85 dc 7e f7 15 bd 2d 5c 4f 90 27 3a 38 34 46 34 28 c7 dd e9 42 59 56 46 b9 12 ee 62 1b 8c e8 b2 9e 44 10 26 2a 0e df 73 c9 44 8a a0 cb 48 0e 95 de d4 ac 0d c6 5b 73 11 a8 6f 69 b9 49 77 28 41 d1 db c4 e7 5b e5 ba f0 a7 c5 ae 6f 6f db 8b 9e 8f dd e7 88 42 61 42 6f 4d e2 f3 2d e6 fd 3f 03 ee ac c9 7b 6f 47 ff 9c 59 20 b5 21 70 85 1c 04 7a a2 0a f2 d1 27 1b ae 7a 64 d5 51 be 19 33 cf f3 46 92 55 0a f4 ff d9 19 fc ce 9a 71 bb 80 59 9f be ea b0 fe a7 bf 00 00 00 ff ff 03 00 1b 65 fe 4f 5f 02 00 00 0d 0a Data Ascii: 15dlRn09Zn ^v%&b#Knz!DzO?!P]#PvKqX["mH&!uUB)B~LMg;rq0D'[E*Uum"ngyl~4Dg'_++I~-\O':84F4(BY VFbD&*sDH[soiIw(A[ooBaBoM-?{oGY !pz'zdQ3FUqYeO_
HTTPS Packets
Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 15, 2019 104.24.98.133 443 192.168.2.5 49812 CN=sni173774.cloudflaressl.c CN=COMODO ECC Mon Apr Wed Oct 771,49196-49195- 9e10692f1b7f78228b2d4e 20:17:45.667932034 om, OU=PositiveSSL Multi- Domain Validation 01 09 49200-49199- 424db3a98c CEST Domain, OU=Domain Control Secure Server CA 02:00:00 01:59:59 49188-49187- Validated CN=COMODO ECC 2, O=COMODO CA CEST CEST 49192-49191- Domain Validation Secure Limited, L=Salford, 2019 2019 49162-49161- Server CA 2, O=COMODO CA ST=Greater Thu Sep Tue Sep 49172-49171-157- Limited, L=Salford, Manchester, C=GB 25 25 156-61-60-53-47- ST=Greater Manchester, CN=COMODO ECC 02:00:00 01:59:59 10,0-10-11-13-35- C=GB CN=COMODO ECC Certification CEST CEST 16-23-24- Certification Authority, Authority, 2014 2029 65281,29-23-24,0 O=COMODO CA Limited, O=COMODO CA Tue May Sat May L=Salford, ST=Greater Limited, L=Salford, 30 30 Manchester, C=GB ST=Greater 12:48:38 12:48:38 Manchester, C=GB CEST CEST CN=AddTrust 2000 2020 External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE CN=COMODO ECC Domain CN=COMODO ECC Thu Sep Tue Sep Validation Secure Server CA Certification 25 25 2, O=COMODO CA Limited, Authority, 02:00:00 01:59:59 L=Salford, ST=Greater O=COMODO CA CEST CEST Manchester, C=GB Limited, L=Salford, 2014 2029 ST=Greater Manchester, C=GB CN=COMODO ECC CN=AddTrust Tue May Sat May Certification Authority, External CA Root, 30 30 O=COMODO CA Limited, OU=AddTrust 12:48:38 12:48:38 L=Salford, ST=Greater External TTP CEST CEST Manchester, C=GB Network, 2000 2020 O=AddTrust AB, C=SE Apr 15, 2019 104.24.98.133 443 192.168.2.5 49811 CN=sni173774.cloudflaressl.c CN=COMODO ECC Mon Apr Wed Oct 771,49196-49195- 9e10692f1b7f78228b2d4e 20:17:45.669995070 om, OU=PositiveSSL Multi- Domain Validation 01 09 49200-49199- 424db3a98c CEST Domain, OU=Domain Control Secure Server CA 02:00:00 01:59:59 49188-49187- Validated CN=COMODO ECC 2, O=COMODO CA CEST CEST 49192-49191- Domain Validation Secure Limited, L=Salford, 2019 2019 49162-49161- Server CA 2, O=COMODO CA ST=Greater Thu Sep Tue Sep 49172-49171-157- Limited, L=Salford, Manchester, C=GB 25 25 156-61-60-53-47- ST=Greater Manchester, CN=COMODO ECC 02:00:00 01:59:59 10,0-10-11-13-35- C=GB CN=COMODO ECC Certification CEST CEST 16-23-24- Certification Authority, Authority, 2014 2029 65281,29-23-24,0 O=COMODO CA Limited, O=COMODO CA Tue May Sat May L=Salford, ST=Greater Limited, L=Salford, 30 30 Manchester, C=GB ST=Greater 12:48:38 12:48:38 Manchester, C=GB CEST CEST CN=AddTrust 2000 2020 External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Copyright Joe Security LLC 2019 Page 30 of 34 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest CN=COMODO ECC Domain CN=COMODO ECC Thu Sep Tue Sep Validation Secure Server CA Certification 25 25 2, O=COMODO CA Limited, Authority, 02:00:00 01:59:59 L=Salford, ST=Greater O=COMODO CA CEST CEST Manchester, C=GB Limited, L=Salford, 2014 2029 ST=Greater Manchester, C=GB CN=COMODO ECC CN=AddTrust Tue May Sat May Certification Authority, External CA Root, 30 30 O=COMODO CA Limited, OU=AddTrust 12:48:38 12:48:38 L=Salford, ST=Greater External TTP CEST CEST Manchester, C=GB Network, 2000 2020 O=AddTrust AB, C=SE Apr 15, 2019 104.19.199.151 443 192.168.2.5 49814 CN=ssl412106.cloudflaressl.c CN=COMODO ECC Sat Mar Mon 771,49196-49195- 9e10692f1b7f78228b2d4e 20:17:46.522193909 om, OU=PositiveSSL Multi- Domain Validation 02 Sep 09 49200-49199- 424db3a98c CEST Domain, OU=Domain Control Secure Server CA 01:00:00 01:59:59 49188-49187- Validated CN=COMODO ECC 2, O=COMODO CA CET CEST 49192-49191- Domain Validation Secure Limited, L=Salford, 2019 2019 49162-49161- Server CA 2, O=COMODO CA ST=Greater Thu Sep Tue Sep 49172-49171-157- Limited, L=Salford, Manchester, C=GB 25 25 156-61-60-53-47- ST=Greater Manchester, CN=COMODO ECC 02:00:00 01:59:59 10,0-10-11-13-35- C=GB CN=COMODO ECC Certification CEST CEST 16-23-24- Certification Authority, Authority, 2014 2029 65281,29-23-24,0 O=COMODO CA Limited, O=COMODO CA Tue May Sat May L=Salford, ST=Greater Limited, L=Salford, 30 30 Manchester, C=GB ST=Greater 12:48:38 12:48:38 Manchester, C=GB CEST CEST CN=AddTrust 2000 2020 External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE CN=COMODO ECC Domain CN=COMODO ECC Thu Sep Tue Sep Validation Secure Server CA Certification 25 25 2, O=COMODO CA Limited, Authority, 02:00:00 01:59:59 L=Salford, ST=Greater O=COMODO CA CEST CEST Manchester, C=GB Limited, L=Salford, 2014 2029 ST=Greater Manchester, C=GB CN=COMODO ECC CN=AddTrust Tue May Sat May Certification Authority, External CA Root, 30 30 O=COMODO CA Limited, OU=AddTrust 12:48:38 12:48:38 L=Salford, ST=Greater External TTP CEST CEST Manchester, C=GB Network, 2000 2020 O=AddTrust AB, C=SE Apr 15, 2019 104.19.199.151 443 192.168.2.5 49813 CN=ssl412106.cloudflaressl.c CN=COMODO ECC Sat Mar Mon 771,49196-49195- 9e10692f1b7f78228b2d4e 20:17:46.522756100 om, OU=PositiveSSL Multi- Domain Validation 02 Sep 09 49200-49199- 424db3a98c CEST Domain, OU=Domain Control Secure Server CA 01:00:00 01:59:59 49188-49187- Validated CN=COMODO ECC 2, O=COMODO CA CET CEST 49192-49191- Domain Validation Secure Limited, L=Salford, 2019 2019 49162-49161- Server CA 2, O=COMODO CA ST=Greater Thu Sep Tue Sep 49172-49171-157- Limited, L=Salford, Manchester, C=GB 25 25 156-61-60-53-47- ST=Greater Manchester, CN=COMODO ECC 02:00:00 01:59:59 10,0-10-11-13-35- C=GB CN=COMODO ECC Certification CEST CEST 16-23-24- Certification Authority, Authority, 2014 2029 65281,29-23-24,0 O=COMODO CA Limited, O=COMODO CA Tue May Sat May L=Salford, ST=Greater Limited, L=Salford, 30 30 Manchester, C=GB ST=Greater 12:48:38 12:48:38 Manchester, C=GB CEST CEST CN=AddTrust 2000 2020 External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE CN=COMODO ECC Domain CN=COMODO ECC Thu Sep Tue Sep Validation Secure Server CA Certification 25 25 2, O=COMODO CA Limited, Authority, 02:00:00 01:59:59 L=Salford, ST=Greater O=COMODO CA CEST CEST Manchester, C=GB Limited, L=Salford, 2014 2029 ST=Greater Manchester, C=GB CN=COMODO ECC CN=AddTrust Tue May Sat May Certification Authority, External CA Root, 30 30 O=COMODO CA Limited, OU=AddTrust 12:48:38 12:48:38 L=Salford, ST=Greater External TTP CEST CEST Manchester, C=GB Network, 2000 2020 O=AddTrust AB, C=SE
Copyright Joe Security LLC 2019 Page 31 of 34 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 15, 2019 104.19.199.151 443 192.168.2.5 49815 CN=ssl412106.cloudflaressl.c CN=COMODO ECC Sat Mar Mon 771,49196-49195- 9e10692f1b7f78228b2d4e 20:17:46.533040047 om, OU=PositiveSSL Multi- Domain Validation 02 Sep 09 49200-49199- 424db3a98c CEST Domain, OU=Domain Control Secure Server CA 01:00:00 01:59:59 49188-49187- Validated CN=COMODO ECC 2, O=COMODO CA CET CEST 49192-49191- Domain Validation Secure Limited, L=Salford, 2019 2019 49162-49161- Server CA 2, O=COMODO CA ST=Greater Thu Sep Tue Sep 49172-49171-157- Limited, L=Salford, Manchester, C=GB 25 25 156-61-60-53-47- ST=Greater Manchester, CN=COMODO ECC 02:00:00 01:59:59 10,0-10-11-13-35- C=GB CN=COMODO ECC Certification CEST CEST 16-23-24- Certification Authority, Authority, 2014 2029 65281,29-23-24,0 O=COMODO CA Limited, O=COMODO CA Tue May Sat May L=Salford, ST=Greater Limited, L=Salford, 30 30 Manchester, C=GB ST=Greater 12:48:38 12:48:38 Manchester, C=GB CEST CEST CN=AddTrust 2000 2020 External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE CN=COMODO ECC Domain CN=COMODO ECC Thu Sep Tue Sep Validation Secure Server CA Certification 25 25 2, O=COMODO CA Limited, Authority, 02:00:00 01:59:59 L=Salford, ST=Greater O=COMODO CA CEST CEST Manchester, C=GB Limited, L=Salford, 2014 2029 ST=Greater Manchester, C=GB CN=COMODO ECC CN=AddTrust Tue May Sat May Certification Authority, External CA Root, 30 30 O=COMODO CA Limited, OU=AddTrust 12:48:38 12:48:38 L=Salford, ST=Greater External TTP CEST CEST Manchester, C=GB Network, 2000 2020 O=AddTrust AB, C=SE
Code Manipulations
Statistics
Behavior
• iexplore.exe • iexplore.exe
Click to jump to process
System Behavior
Analysis Process: iexplore.exe PID: 2924 Parent PID: 724
Copyright Joe Security LLC 2019 Page 32 of 34 General
Start time: 20:17:25 Start date: 15/04/2019 Path: C:\Program Files\internet explorer\iexplore.exe Wow64 process (32bit): false Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding Imagebase: 0x7ff6f85a0000 File size: 823560 bytes MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596 Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low
File Activities
Source File Path Access Attributes Options Completion Count Address Symbol
Source File Path Offset Length Value Ascii Completion Count Address Symbol
Source File Path Offset Length Completion Count Address Symbol
Registry Activities
Source Key Path Completion Count Address Symbol
Source Key Path Name Type Data Completion Count Address Symbol
Source Key Path Name Type Old Data New Data Completion Count Address Symbol
Analysis Process: iexplore.exe PID: 148 Parent PID: 2924
General
Start time: 20:17:25 Start date: 15/04/2019 Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Wow64 process (32bit): true Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2924 CREDAT:17410 /prefetch:2 Imagebase: 0xa50000 File size: 822536 bytes MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low
File Activities
Source File Path Access Attributes Options Completion Count Address Symbol
Source File Path Offset Length Value Ascii Completion Count Address Symbol
Source File Path Offset Length Completion Count Address Symbol
Registry Activities
Copyright Joe Security LLC 2019 Page 33 of 34 Source Key Path Name Type Data Completion Count Address Symbol
Disassembly
Copyright Joe Security LLC 2019 Page 34 of 34