ID: 123496 Cookbook: browseurl.jbs Time: 20:16:32 Date: 15/04/2019 Version: 25.0.0 Tiger's Eye Table of Contents
Table of Contents 2 Analysis Report http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 4 Overview 4 General Information 4 Detection 4 Confidence 4 Classification 5 Analysis Advice 5 Mitre Att&ck Matrix 6 Signature Overview 6 Phishing: 6 Networking: 6 System Summary: 6 Behavior Graph 7 Simulations 7 Behavior and APIs 7 Antivirus Detection 7 Initial Sample 7 Dropped Files 7 Unpacked PE Files 7 Domains 7 URLs 8 Yara Overview 8 Initial Sample 8 PCAP (Network Traffic) 8 Dropped Files 8 Memory Dumps 8 Unpacked PEs 8 Joe Sandbox View / Context 8 IPs 8 Domains 9 ASN 9 JA3 Fingerprints 9 Dropped Files 9 Screenshots 9 Thumbnails 9 Startup 10 Created / dropped Files 10 Domains and IPs 22 Contacted Domains 22 Contacted URLs 22 URLs from Memory and Binaries 22 Contacted IPs 23 Public 24 Static File Info 24 No static file info 24 Network Behavior 24 Snort IDS Alerts 24 Network Port Distribution 24 TCP Packets 25 UDP Packets 26 DNS Queries 27 DNS Answers 27 HTTP Request Dependency Graph 28 HTTP Packets 28 HTTPS Packets 30 Code Manipulations 32
Copyright Joe Security LLC 2019 Page 2 of 34 Statistics 32 Behavior 32 System Behavior 32 Analysis Process: iexplore.exe PID: 2924 Parent PID: 724 32 General 33 File Activities 33 Registry Activities 33 Analysis Process: iexplore.exe PID: 148 Parent PID: 2924 33 General 33 File Activities 33 Registry Activities 33 Disassembly 34
Copyright Joe Security LLC 2019 Page 3 of 34 Analysis Report http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwer gwea.com
Overview
General Information
Joe Sandbox Version: 25.0.0 Tiger's Eye Analysis ID: 123496 Start date: 15.04.2019 Start time: 20:16:32 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 4m 4s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs Sample URL: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113 Number of analysed new started processes analysed: 8 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies EGA enabled Analysis stop reason: Timeout Detection: MAL Classification: mal48.win@3/45@5/4 Cookbook Comments: Adjust boot time Enable AMSI Browsing link: https://www.kryptoslogic.com/ Warnings: Show All Exclude process from analysis (whitelisted): dllhost.exe, ielowutil.exe, wermgr.exe, conhost.exe, CompatTelRunner.exe, svchost.exe TCP Packets have been reduced to 100 Report size getting too big, too many NtDeviceIoControlFile calls found.
Detection
Strategy Score Range Reporting Whitelisted Detection
Threshold 48 0 - 100 false
Confidence
Strategy Score Range Further Analysis Required? Confidence
Copyright Joe Security LLC 2019 Page 4 of 34 Strategy Score Range Further Analysis Required? Confidence
Threshold 5 0 - 5 false
Classification
Ransomware
Miner Spreading
mmaallliiiccciiioouusss
malicious
Evader Phishing
sssuusssppiiiccciiioouusss
suspicious
cccllleeaann
clean
Exploiter Banker
Spyware Trojan / Bot
Adware
Analysis Advice
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Copyright Joe Security LLC 2019 Page 5 of 34 Mitre Att&ck Matrix
Privilege Defense Credential Lateral Command and Initial Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Valid Accounts Windows Winlogon Port Monitors File System Credential System Service Application Data from Local Data Standard Non- Remote Helper DLL Logical Offsets Dumping Discovery Deployment System Encrypted 1 Application Layer Management Software Protocol 3 Replication Service Port Monitors Accessibility Binary Padding Network Application Remote Services Data from Exfiltration Over Standard Through Execution Features Sniffing Window Removable Other Network Application Layer Removable Discovery Media Medium Protocol 3 Media
Signature Overview
• Phishing • Networking • System Summary
Click to jump to signature section
Phishing:
META author tag missing
META copyright tag missing
Networking:
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Downloads files from webservers via HTTP
Found strings which match to known social media urls
Performs DNS lookups
Urls found in memory or binary data
Uses HTTPS
System Summary:
Classification label
Creates files inside the user directory
Creates temporary files
Reads ini files
Spawns processes
Found graphical window changes (likely an installer)
Uses new MSVCR Dlls
Copyright Joe Security LLC 2019 Page 6 of 34 Behavior Graph
Hide Legend Behavior Graph Legend: ID: 123496 Process URL: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Startdate: 15/04/2019 Signature Architecture: WINDOWS Created File Score: 48 DNS/IP Info Is Dropped
Is Windows Process www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com Number of created Registry Values
started Number of created Files Visual Basic Snort IDS alert for network traffic (e.g. Delphi based on Emerging Threat rules) Java
.Net C# or VB.NET
C, C++ or other language iexplore.exe Is malicious
Internet 6 84
started
iexplore.exe
1 65
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com cdnjs.cloudflare.com
104.17.244.81, 49802, 49803, 80 104.19.199.151, 443, 49813, 49814 2 other IPs or domains unknown unknown United States United States
Simulations
Behavior and APIs
No simulations
Antivirus Detection
Initial Sample
Source Detection Scanner Label Link www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com 2% virustotal Browse
Dropped Files
No Antivirus matches
Unpacked PE Files
No Antivirus matches
Domains
Source Detection Scanner Label Link www.kryptoslogic.com 0% virustotal Browse
Copyright Joe Security LLC 2019 Page 7 of 34 Source Detection Scanner Label Link static.kryptoslogicsinkhole.com 0% virustotal Browse
URLs
Source Detection Scanner Label Link https://www.kryptoslogic.com/favicon.png 0% Avira URL Cloud safe www.iuqerfic.com/fjhgosurijfaewrwergwea.com/Root 0% Avira URL Cloud safe https://www.kryptoslogic.com/terms 0% Avira URL Cloud safe www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/ 2% virustotal Browse www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/ 0% Avira URL Cloud safe https://www.kryptoslogic.com/fjhgosurijfaewrwergwea.com/ 0% Avira URL Cloud safe static.kryptoslogicsinkhole.com/style.css 0% virustotal Browse static.kryptoslogicsinkhole.com/style.css 0% Avira URL Cloud safe www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/4Sinkholed 0% Avira URL Cloud safe https://www.kryptoslogic.com/products/telltale/ 0% Avira URL Cloud safe https://www.kryptoslogifjaposdfjhgosurijfaewrwergwea.com/ 0% Avira URL Cloud safe https://fontawesome.comhttps://fontawesome.comFont 0% Avira URL Cloud safe www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/favicon.ico 0% virustotal Browse www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/favicon.ico 0% Avira URL Cloud safe https://www.kryptoslogic.com/ 0% virustotal Browse https://www.kryptoslogic.com/ 0% Avira URL Cloud safe https://www.kryptoslogic.com/images/logo.svg 0% Avira URL Cloud safe www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/Root 0% Avira URL Cloud safe https://www.kryptoslogic.com/index.xml 0% Avira URL Cloud safe https://www.kryptoslogic.com/privacy 0% Avira URL Cloud safe https://www.kryptoslogic.com/images/dashboard.png 0% Avira URL Cloud safe https://telltale.kryptoslogic.com/auth/signup/ 0% Avira URL Cloud safe https://www.kryptoslogic.com/LCyber 0% Avira URL Cloud safe
Yara Overview
Initial Sample
No yara matches
PCAP (Network Traffic)
No yara matches
Dropped Files
No yara matches
Memory Dumps
No yara matches
Unpacked PEs
No yara matches
Joe Sandbox View / Context
IPs
No context
Copyright Joe Security LLC 2019 Page 8 of 34 Domains
No context
ASN
No context
JA3 Fingerprints
No context
Dropped Files
No context
Screenshots
Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Copyright Joe Security LLC 2019 Page 9 of 34 Startup
System is w10x64 iexplore.exe (PID: 2924 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 148 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2924 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup
Created / dropped Files
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{27CD80B4-5FF6-11E9-AAD9-C25F135D3C65}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Size (bytes): 30296 Entropy (8bit): 1.850766801604863 Encrypted: false MD5: 0BD629E0429078CAF6379F97BB0CE632 SHA1: 6B58C93CD2C7ED351358346DF18DDD80EBCE93E6 SHA-256: 1FB9C79B995CBD031A8FC29C53C6CAF0104572777C98AA263DBEE7326816F2FC SHA-512: D5D27305BEA284E3D45BDE1F0FC80FB2A7E9D12D60DD4CD922E81A2C8B0C8A9DD82C88A5DA48A7A32278D02523CFC788AC18A14249CFC7ABEA553DAB27889 DFB Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{27CD80B6-5FF6-11E9-AAD9-C25F135D3C65}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Size (bytes): 38394 Entropy (8bit): 1.9902641368401854 Encrypted: false MD5: CFA58193D344E4CFB7DB97E748B193DB SHA1: F5F59587AABEC011713C52BC69552501FB052CE5 SHA-256: 643828B074E7F58239F839FE342BE74F4937BB9BDF87D469120CD180ADD46E76 SHA-512: 71DA359C16C46B10BD97EFB60E1CCF0033252D4B82BFFB62C3D10DA48FE959E8F9297FE245B0ACA2B203EBFD290F1A4723DF60EEDF63FD30E1FAC9C92CFBD 9E4 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{27CD80B7-5FF6-11E9-AAD9-C25F135D3C65}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Size (bytes): 16984 Entropy (8bit): 1.564406834842471 Encrypted: false MD5: 281B22CB38442CC82812A70EE0DFD73C SHA1: DA396C8387E1F697BFD8A73ED5FA84E5C5D99C03 SHA-256: 025636D3E26B8B53CDF1B09B238E797C3123B6932C5AC97B3A6D5FC56FA7C804 SHA-512: FCBDF79445EE0FEBA8A311D970798D1044D19D77A3B9C587308B2877AD4A18A402DFF56A575D472482A732CEF4A14E8AE155483AC0C4D972F755246EFE323E87 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe
Copyright Joe Security LLC 2019 Page 10 of 34 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 656 Entropy (8bit): 5.070301949906665 Encrypted: false MD5: 2409619643AE07F6B75DCDDEE79369BA SHA1: A769FDCEF3D3844DDB885D4567E302C51F63A3AA SHA-256: 435748CECF5670952B119EAD755CC3F093155B7905D9CA414B659A615BA42859 SHA-512: 8B31A1C1D2EE58952A8D4CF7DBF3C2E35907E67240683F1BEB3378C63B3D5CD27F7261CBC7B0E2B323CDE409F37C47A837F22F3A9A37EBC618960688C004F181 Malicious: false Reputation: low Preview: ..0xfe742fe4,0x01d4f402 0x fe742fe4,0x01d4f402 0xfe742fe4,0x01d4f402 0xfe752dea, 0x01d4f402
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 653 Entropy (8bit): 5.0948601189081195 Encrypted: false MD5: 70E49486388E90871D4EA6F8BE6F1C14 SHA1: D75CEA3C86FB982AFDE3549074F9409DFF379AF7 SHA-256: 671E7E08C09F87E7C326DA3713F0492CAFFC15876783505E752346E0711123FF SHA-512: 26B9795DACFC9DBF7AA2320426D525128D687E92AFDD456C583A341CFA778F184234BE1D03B5C0C14BDC95517483F4E0AD954CC22A70A6EB792580AD52655564 Malicious: false Reputation: low Preview: ..0xfe5fda55,0x01d4f402 0xfe5fda55,0x01d4f402 0xfe5fda55,0x01d4f402 0xf e5fda55,0x01d4f402
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 662 Entropy (8bit): 5.091585596881241 Encrypted: false MD5: BA94D22A7A68EF621F03A7B191BAF435 SHA1: 56476D4AD06DA32263A4970A47E37E7CB967BD81 SHA-256: 79AFF6E7E1737701E12CED6A6343D556BF770C2D85939A8B181865446FB0AB02 SHA-512: 402B54B68FDA33BCC856A54AC3B06BB58B897FC286FA76BCDDD3115BD14F3713325D6033695AC270D17077D470C02489B00C87520F2036D24FACBD6EB8073AFC Malicious: false Reputation: low Preview: ..0xfe752dea,0x01d4f402 0xfe752dea,0x01d4f402 0xfe752dea,0x01d4f402 0xfe77b4de,0x01d4f402
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 647 Entropy (8bit): 5.14269869337794 Encrypted: false MD5: 2A6FE488FC2034DA732E60A6C14AE17B SHA1: 102766BDBED9707D1A8481F7729675EF5C173646 SHA-256: B232968C6DC4F1084398AB3D4544295272B77E5729C47EBAA870CBABA832B702 SHA-512: 8FFEE990FE3C5C8F834F33A034CFF5AEA83E9A07CF1B559DB15C46035460A9ABD6E899526D7001E884000D4BEF76C50AE253EDD808DFA72E12602E56B38A706 C Malicious: false Reputation: low
Copyright Joe Security LLC 2019 Page 11 of 34 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Preview: ..0xfe683539,0x01d4f402 0xfe683539,0x01d4f402 0xfe683539,0x01d4f402 0xfe6a9 e56,0x01d4f402
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 656 Entropy (8bit): 5.112087991667192 Encrypted: false MD5: 200682C8C8FAFC9BB8072C8C5FE77BEC SHA1: 2689A7FFBED04D204B293DA1600EBA57EB5E730B SHA-256: D1436DDD45DE7E99BEE92239B54281A0560760993366764AAE02A34833766920 SHA-512: 313F9B0C4A92BADB8BF43D32D42D764E2CA17B42D704C9B7D258FC84E638A758F3A6F595B6C54D7FA6E147CA99011B7969603D4AA14A110AFFD489BB03D1E8D D Malicious: false Reputation: low Preview: ..0xfe77b4de,0x01d4f402 < accdate>0xfe77b4de,0x01d4f4020xfe77b4de,0x01d4f402 0 xfe79f121,0x01d4f402
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 653 Entropy (8bit): 5.069453489028426 Encrypted: false MD5: EE68EB6CEA745E2AE38E10376BB54102 SHA1: F3898807FB14E0D39615F49B5ED660E5FF281086 SHA-256: CF4E7706193A96EB8C17AB9166EBA6C5E362722E0E12D5FAD764E2E71ED6CCE0 SHA-512: 6BE87EDE590A90BB0FE3F639E91DECFF26AFAC572C841CBD82AC8EFABC589602D67F4043EEAD4F8800C1B679FEA93DD6451CB90639921EB7120FF18EBAFFF 94E Malicious: false Reputation: low Preview: ..0xfe71e480,0x01d4f402 0xf e71e480,0x01d4f402 0xfe71e480,0x01d4f402 0xf e71e480,0x01d4f402
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 656 Entropy (8bit): 5.142241871732138 Encrypted: false MD5: 85A9CD4BDD42AACCB97063B8760FB31A SHA1: 1A65086DF4040BC30269A8EF259164744A5C76B3 SHA-256: 25570768EB00D8A9139BB168D66A00672C8307EE825853377AFBE3C9EA392147 SHA-512: 18B8A28D6D6A4D11650EC69CF91992D3735EE42081040EAA2FEC5DCDD92AF9D182507EA6C2177485B96711BC7700A0CDAE67F20F819F47D9FFCD1E960653F7A E Malicious: false Reputation: low Preview: ..0xfe6a9e56,0x01d4f402 < accdate>0xfe6a9e56,0x01d4f4020xfe6a9e56,0x01d4f402 0 xfe6cf5eb,0x01d4f402
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 659 Entropy (8bit): 5.132936607436384 Encrypted: false MD5: EFD3F5F820DE03F300E750AD117F827D
Copyright Joe Security LLC 2019 Page 12 of 34 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml SHA1: 11B45151CE04700CAA4A6212BF66BEE586731DFC SHA-256: 3196820A2A6DEE33031A95A2C9DC28070ED59EBC9669B4E1A79F3C6C24BCC437 SHA-512: 80B45B3AFCAF4A267CABD16ED46BFA9364DDCC03F04F28086341903166C06CA450D3FB5F1C9CDEEF0A3F3F3BE3B817EA2C1E18A2663E441D914219CDFC4ED1 23 Malicious: false Reputation: low Preview: ..0xfe65d97d,0x01d4f402 0xfe65d97d,0x01d4f402 0xfe65d97d,0x01d4f402 0xfe65d97d,0x01d4f402
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 653 Entropy (8bit): 5.128748125944211 Encrypted: false MD5: 81F4F49372B2D4F05B56173590E38DDF SHA1: A380A39F512A7DF6EB43ED20DB0EA01E983A410E SHA-256: BB1749F38A446073D89DD866525E61A35B37D38F6E1FD83C4633625745FDFE21 SHA-512: 6A528D6324AB895094330D6FD2C7AA2916BB145F755558DB41B7E53EDC77828FDBF626CA682910546780C6ED68225B1D145FD91BFBE204FC2D740A33EFE4F06C Malicious: false Reputation: low Preview: ..0xfe683539,0x01d4f402 0xfe683539,0x01d4f402 0xfe683539,0x01d4f402 0xf e683539,0x01d4f402
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\ZZRSIRDS.htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines, with no line terminators Size (bytes): 607 Entropy (8bit): 4.889496806372663 Encrypted: false MD5: D9FDB2D2F2440AC3C3A0786A83E6B69A SHA1: 7D7735147B217ACAA670F7FF6262B70AB7F4ECEA SHA-256: 5B17494A74770D5ABE918C36E8DFC10A4FF0F46451CDBE19D779D19BAF8E6385 SHA-512: 6A82E4FEF26C69CFB44205200C42A0994D612C21AD133E0A36DA4D10E9D949B648060E178F812EA5DABBBC800EEC1404C6C70A8BCAB86A82CB4EE6E4D9069E D6 Malicious: false Reputation: low Preview:
Sinkholed by Kryptos Logic Sinkholed! This domain has been sinkholed by Kryptos Logic .
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\bootstrap.bundle.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 78635 Entropy (8bit): 5.263861622876498 Encrypted: false MD5: A454220FC07088BF1FDD19313B6BFD50 SHA1: 265A733CB7FBC481FD2510A659A85AD55C93C895 SHA-256: 7F3145C87D3570154F633975E8A4F8D30AA38603EDABA145501E9C90DDBE186C SHA-512: 4EA980874FEC49BC12B9504E0C46A002889421E191A3CBBDE5AE35CF29067EAE623E43BDA227BC20A0A0C7BC80AF56DF8818D97AE6A98CB80C769F543290956 1 Malicious: false Reputation: low Preview: /*!. * Bootstrap v4.3.1 (https://getbootstrap.com/). * Copyright 2011-2019 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed un der MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jque ry")):"function"==typeof define&&define.amd?define(["exports","jquery"],e):e((t=t||self).bootstrap={},t.jQuery)}(this,function(t,p){"use strict";function i(t,e){for(var n=0;nC:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\favicon[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Copyright Joe Security LLC 2019 Page 13 of 34 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\favicon[1].htm File Type: HTML document, ASCII text, with very long lines, with no line terminators Size (bytes): 607 Entropy (8bit): 4.889496806372663 Encrypted: false MD5: D9FDB2D2F2440AC3C3A0786A83E6B69A SHA1: 7D7735147B217ACAA670F7FF6262B70AB7F4ECEA SHA-256: 5B17494A74770D5ABE918C36E8DFC10A4FF0F46451CDBE19D779D19BAF8E6385 SHA-512: 6A82E4FEF26C69CFB44205200C42A0994D612C21AD133E0A36DA4D10E9D949B648060E178F812EA5DABBBC800EEC1404C6C70A8BCAB86A82CB4EE6E4D9069E D6 Malicious: false Reputation: low Preview:
Sinkholed by Kryptos Logic Sinkholed! This domain has been sinkholed by Kryptos Logic .
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\header_hu584ef521985426c87c92ae30b5662845_49026_358x180_fit_bo x_2[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 358 x 180, 8-bit/color RGB, non-interlaced Size (bytes): 44221 Entropy (8bit): 7.986829676271256 Encrypted: false MD5: E5309FCE61D5F04E1FB29E365749FBED SHA1: A8725B3012E1A6AC176AC31375ED13B76C8591C7 SHA-256: D31200CD17B52601E866E0D87D89E610351CDEF5350431166F30C86744EBDE33 SHA-512: 1189B5CB30BBD63835E12343BB7D81CD88F0F2E7666666F1C529AB8E9B1F000CAA8E921125C639C98610ECCF69C342F90373CDC5EB5A02B17D1879141AA62256 Malicious: false Reputation: low Preview: .PNG...... IHDR...f...... (...... IDATx...... u'^U.'.9.....s.HI.HY..,Y..O..A.....g..u..g.l..d+P..D..(..$..9q.Xl.3..C....h.w..E"({..Gpv...... {...... 2...e,..Zw`..X...E.2...... X.2.q.X...X.2..."c..X .E`Yd,c...,..e,c...e...e,.".,2...e\..E.2...... X.2.q.X...X.2..."c..X.E`Yd,c...... oF.:.o.!.{....|9..K.(.0...<.0..s.....i..._f7...... Td..H..B..8.a.!.e.,.L?..eY.B...!.ij.F.6=.~.o.c..*.xA.C[cY.a..1..n..eY .4.E.4....R.j.Z/....!...I.D.<..B0..Rc.W...D..c...1..t.....d*....>.oxx.P(.N'.i..B:....!*2X....n...... a.....N....3..v.-.T*..r..v.}>...... d.P.T*..S]..P.V.r_...... @...... -B..W.uEQ.u.e\>..A.k.....".cL' .a....,...... k....ld...... 8..EQU.W^y...T.Y.EE...PH..l6.(..q>...r..i].~G.(..@%.BH.E....|.XTU...... Q.0T..jU.4.a.A.F.MMM.e]%5...B.*..Qe..{.....8}..aP.~.obI .......h...P...... |...... ,.bCCC2..D"TpPq
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\jquery.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 86927 Entropy (8bit): 5.289226719276158 Encrypted: false MD5: A09E13EE94D51C524B7E2A728C7D4039 SHA1: 0DC32DB4AA9C5F03F3B38C47D883DBD4FED13AAE SHA-256: 160A426FF2894252CD7CEBBDD6D6B7DA8FCD319C65B70468F10B6690C45D02EF SHA-512: F8DA8F95B6ED33542A88AF19028E18AE3D9CE25350A06BFC3FBF433ED2B38FEFA5E639CDDFDAC703FC6CAA7F3313D974B92A3168276B3A016CEB28F27DB071 4A Malicious: false Reputation: low Preview: /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports? module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window? window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty ,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src: !0,noModule:!0};function m(e,t,n){var i,o=(t=t||r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[c.call(e)]||"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\logo[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 2340 Entropy (8bit): 4.588184264888021 Encrypted: false MD5: 2F318D6EE02102039B58523AD010AC82 SHA1: 2CDE7F135294B42CDB90852BBD4633DB1D2B2FB5 SHA-256: 5A99BCB439F4BD2D4087D2AA358B7444771A0AD2184DEE5F5F7E5A64E927C2B8 SHA-512: 7F4AAB803325ED3B948BA99D65C076C1529230A5DFCD753325D4327F2B420CAA3CEEFBC8559CD7A9B9574EF43DE980194CDAF2E7A02D2D94FE3B886F0994A17 3 Malicious: false Reputation: low
Copyright Joe Security LLC 2019 Page 14 of 34 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\logo[1].svg Preview: kryptoslogic C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\KlavikaWebBasicBoldItalic[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), . family Size (bytes): 26524 Entropy (8bit): 7.97511713332449 Encrypted: false MD5: 78301740D4707117ED9453DEBA621903 SHA1: 88EDBA2897B6D7EBB1B6D10FAE61F8F42FAC9F62 SHA-256: 2DF2287B30208E61DBFA8A83DF4A122626A364BA070026ACD3FAFDC74221326D SHA-512: BED0467C2D3704C6A358F080BBA0FF884852787DF8CA36664F5B146AA1D8BC040F365A0468288020DE226A3A1E40D6C586BFC40941CAE9B63AF97211137570BA Malicious: false Reputation: low Preview: .g...g...... LP....J .P...... /...... V.e.r.s.i.o.n. .2...0.0.1...... BSGP...... p.P0.P4.U8....c.g.i9.A.C...R./.,..Dx.R.d.g1.?.{Q.8..%.# +F&..=w.Rr...k..*n&N.*.x.:.....-'&8.B..%3..'.+...s..Gg..".+.3.xa.r..$.B3,2.....+..x.9Q\2.Z.%._..pndF....v...,_B...... U.\l.g.D26^G.Dj.{...... V*.2.9wr...j..J...... i.V..9)..q.J..UY..rXNr.. Q5...,.#%.H..d...'.[..pm.I.J.,V.b..D...... a...... "e.4X.I.v..Z...4.....{.xA1euK.*....&....,....."/\.o.^...... ;....q..0...<.yf....:.....q...... [G..r.....DDG8.^...... /...j....B!.....:.."@F]H. :[email protected] } g.)*....8.3L...... '...rkH.z.!...".za..!.i^..{.m13....}.M`I$.W.O.<(e....Y.4.u&N.4...Eu....g.Ga..!..M..3..(....tw)..;mc8...... s....A..u....be...... ?%m.~..B...... L1%.l.m.#..Hr.9.y..?.'.C...;...... L. (E'.....7*.....y.t...np...... 4..#L.&...5B...-.@.<...J...... C..J.G....e=yW...BG.f..8N....^....:5.d.<.q$T...h...~...:...H%.S.%)..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\KlavikaWebBasicBold[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), . family Size (bytes): 25999 Entropy (8bit): 7.9748397618179805 Encrypted: false MD5: 5B1C4C6040639DBE171D93722355F458 SHA1: E0883E80D6EB9085195645A005474D926445D60F SHA-256: 7CD0D29350CAB21EDB77052757B908052AD68E8EF4BA695C0427FFE2E008CF7B SHA-512: 160C9BEF5357D74ABAEE26B5B266CE3F2F5C5CFA4CCCE9B680DFF0C0EFD6E4D9003D4A11745E7A4D3B61A22F592FEB4D00587D30ABF481182697664EBF9A8E 31 Malicious: false Reputation: low Preview: .e...d...... LP....J .P...... c...... V.e.r.s.i.o.n. .2...0.0.1...... BSGP...... L.K..K..R&....c.g.i9.A.C...R./.,...... j...o.jK.FX..(.4..%( ..9.:Y*i....W|..Y.L...h..uf....ip?8.ttx..8.....*V!.qP..xRI31...Kn.I.3~(n.....Lb.(....iR";..^....(}...TX.UE./&...>...v.#UA.\j.>rp.nfZ....k..&....hW..0.....5.j..;.+c{....W-.. ..Wl...... L.1.C...w}#.%' ..-zd(...u.(7cI..-..QZO .@V...... h.g\...... a+..`....+.\.....tLV..Z.U..G.b..`.h...l+.T\$..B.U-..e./../....,.,I.c..gIR..H.%.~..y.Uw..lE|...... Y..5.6.....+1...b..,.Y...,.."..Z.CNK....."~(@=-;...... z!. [email protected] ...... @.&.H}..J ..^..f8..k..M..f{.:bL...... ]..h.V.j. ....`[email protected] [..d .!.BMW...`EB.z!0{..VXt...C..=x.8..8..J.q...'.k.~.....aU...2..d...... z.g.. .B..F..W..T. (.Q.D..;'....u) S=...... 4...... ]...g....+.7.).DXm...... *[email protected] }....%...H8....|..f.L.k.....D..!GY...... ,41`..v..B.h$.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\KlavikaWebBasicLightItalic[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), . family Size (bytes): 27239 Entropy (8bit): 7.9754704433193595
Copyright Joe Security LLC 2019 Page 15 of 34 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\KlavikaWebBasicLightItalic[1].eot Encrypted: false MD5: 9873FE8C71A42E241C1C0DF80539006B SHA1: 7CF79AB077F7BEB8EE4571DF40C310AFB51D22B4 SHA-256: B4C7EDBC336501BA5D8E239E47670FE7920697A6CDC883F7B9657C5013077A3E SHA-512: F68EC1EC091DADB04963351C934B60564AEB563B913160186178EEC11B5969E54C5C7A759435458BC255889D23C310B64CA33927860B760F5FF49A9A2FD6A91E Malicious: false Reputation: low Preview: gj...i...... ,.....LP....J .P...... Qpt}...... V.e.r.s.i.o.n. .2...0.0.1...... BSGP...... P..P..T.....c.g.i9.A.C...R./.,...... D8...... (..iI.P JQ.#Sr2t....5.=Y..e94F.m.[9....'.H..o:8.iya.._.1.v..;.[...Xa....lx.%...... 5...-..B.|...... i.yj....1...|U....33|.....D.^[email protected] ...~p.|..E.^k.P...... L..Fy..*[email protected] <>(.&.!. ...}DU..r.p.R.K....;...... 9p.K{...8C..k.EA.nR.-V.VgIL....~O.#[email protected] .#.^[email protected] ....)[email protected] `u...9...q...2J...!..g..i...jc..^ RG..-.BdF.'.H..%[email protected] .|./.(..w.C...r.i..S...... :n].6.z\.O..^....b...'....g(...C+'y0N....c...... &vB..Y..Q....].$...6.2C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\KlavikaWebBasicMediumItalic[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), . family Size (bytes): 26790 Entropy (8bit): 7.975264020845449 Encrypted: false MD5: 43019E4C22DDF9C5F517D9CF2A8C97E1 SHA1: A93F13AF2DBE6F52A9F795312AF85833AE67D499 SHA-256: B52F7A107C70E7B7A0DC0A8D4A9723A38D6BA22F153EE2E851CF6BD8BB2ABB2A SHA-512: B94583C8445FF4A1F4448E562341AC3D886269DB1CE7B6DA781DE03C9693DF5E5277CB0C37F201D8CDB0561A31AD51FE989F0DDF19DA9BC0A5013AF6D3FBA1E 7 Malicious: false Reputation: low Preview: .h...h...... LP....J .P...... ,...... V.e.r.s.i.o.n. .2...0.0.1...... BSGP...... O..O..T.....c.g.i9.A.C...R./.,U...... m...... D8.....5i.R.{...... A.v.Ehqi91...... '(~y....-..:..j..;..=.D.(Fa...... *+n)n..%.B.Q.&MU.lf...... 3..O.|hk...Ww^...5..)...z%z..%kH.*.&<.(..b.. .qM...|.7...... FJ...... A[!...B..t0....1F...... q.5M..m]x..PkYX....V6...4...#...\[email protected] ...*I.?.n]>%.2.$.|...v.A....w.-.F.j$fj"Gf."F. .2%.tB...... 4..S[..R.)N...... C...C ..2X/...... ?..K P2M0..:..!a...B..!.t..K...... I...... $9..L..g.dW...."..6.uG.#j..EI"e!.h.vw"..6.B..t....Wv..CM.J...6...W..f...... F..-..Ov...0.n.Q..u.IR.;...6J.hr....U.;q'$."F..8n...>2x_..7.C.m4.....A.koY... v..7?r ....[J..y..a...K.W.q'_.H:o7.G?.a.0>.P-f_t.y>.....B.y....CO.x..._`..}..#$.2.....E.G...... X...hD..^..N ...H..,..H..Z-.j".6.u@.!...D..2pcq.Fi..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\css[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Size (bytes): 486 Entropy (8bit): 5.227354540008541 Encrypted: false MD5: AE73DC44864AEBF69D074B3F3A270F7F SHA1: 8065D0C2F0AA3E01736FD666C7FBC33BE3EDA76F SHA-256: A38C72A6DE560913D4F20F633A4FCDAE890887EF17492315088EF3B61412A0CC SHA-512: 9ED6BE4B0587C187080DEA52F10EE01DF47B237B1495E0A3C7C549EC6ED8F60725453776D322B0759D3F9408C0E575A70A66CB887FD2AC855CF4659DB95DE3B0 Malicious: false Reputation: low Preview: @font -face {. font-family: 'Montserrat';. font-style: normal;. font-weight: 400;. src: local('Montserrat Regular'), local('Montserrat-Regular'), url(https://fonts.gstatic.com/s /montserrat/v13/JTUSjIg1_i6t8kCHKm459WlhzQ.woff) format('woff');.}.@font-face {. font-family: 'Open Sans ';. font-style: normal;. font-weight: 400;. src: local('Open S ans Regular'), local('OpenSans-Regular'), url(https://fonts.gstatic.com/s/opensans/v16/mem8YaGs126MiZpBA-UFVZ0d.woff) format('woff');.}.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\fa-brands-400[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Font Awesome 5 Brands Regular family Size (bytes): 129916 Entropy (8bit): 6.258102242144604 Encrypted: false MD5: 72721167AEA128F7DDAC301C15DAB835 SHA1: EFB380B2F7F832CCB3FD4F8F45B6738791316C50 SHA-256: 41435FE3DB03BE7E3170324B29D1E4E0A1E2A2AC5B5D68FCA7596FDC6567F445 SHA-512: 97D5FBF849028C0862A1C08C69B71A1B53BDA5AC6942177FBCCC00A4143C056A15316A3B2372618129896AFE253741E21622DAD1A16D9CC4658D13EA681A4100 Malicious: false Reputation: low Preview: |...L...... LP...... F.wU...... :.F.o.n.t. .A.w.e.s.o.m.e. .5. .B.r.a.n.d.s. .R.e.g.u.l.a.r.....R.e.g.u.l.a.r...J.3.2.9...7.2.9. .(.F.o.n.t. .A.w.e.s.o.m.e. .v. e.r.s.i.o.n.:. .5...8...1.)...:.F.o.n.t. .A.w.e.s.o.m.e. .5. .B.r.a.n.d.s. .R.e.g.u.l.a.r...... PFFTM...... 0....GDEF.*...... OS/2B.....X...`cmap...... h...zgasp...... glyfW. )....@[email protected] [...... 6hhea.6...... $hmtx,...... loca=3...... \maxp...O...8... name.{o$...... postn...... I..Uw.F_.<...... #...... ,...... L.'...... @...... L.f...G.L.f...... PfEd.....@...... T...... :...... @...... @...... p...... @...... @...... @......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\header_huca34863c0a6a1c35013259d5cf9fcb96_94613_358x180_fit_bo x_2[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Copyright Joe Security LLC 2019 Page 16 of 34 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\header_huca34863c0a6a1c35013259d5cf9fcb96_94613_358x180_fit_bo x_2[1].png File Type: PNG image data, 344 x 180, 8-bit/color RGB, non-interlaced Size (bytes): 23370 Entropy (8bit): 7.969534723831183 Encrypted: false MD5: 404FC043DFB0893D298513EF65C50F6F SHA1: 87B292DB1E2DC05560177F56A57523C9A75AA917 SHA-256: 5A27F20D7B8ACEAB126B3F20AB2BB55DCBCC8A56C1D7463D5A6080E2C6547D5C SHA-512: D4FD30BDAD84ACC6B236F3C991DAF68D98E397EEE0B9BD4B7BA481B2977D44B4239C1EA4280EA162CFFC0486365A5B5776A32A3F4E1E443D83F0A5FB211D92 DB Malicious: false Reputation: low Preview: .PNG...... IHDR...X...... ^..Z..[.IDATx...|...... d2..F...B.W..."E....V.h...... }...V[[email protected] .}.@...... 'sp.!..BB.|?..d.y.9.d...... Q.!. A..7.h. A...OB.$H. !..$H.....$..P.=...y.!D .=..a...h.(A....P.(...*[email protected] !.BQ..^..hTU....!...... $I.V...k0..b.. A.....>.e9...... $)I...,...%.. .H.D..4-."...... A0...... $.yGEQ.>@UUI.H.$.BU..m.4=.u.A.(j..J.`\2..._A.$"...... @.4 B./...... $Ir..ye..,[email protected] . .Q.%I.Z...... [email protected] ...... U.\.(..'.(.2.L.,+...R.E...<.(.,. p.g0.x.....X..H.LJJ.....Q.C..(.f..a.. ..qe..QU5..r...... &\[email protected] ..,...&..h.Z%.V.UU..V .5.Lx~..WZ,&.....,....ah...t.Ea.c.).....?.8..W..,.z....!...... 6FP...`.p...$I....>EQ,...eA8...a..V{..<.....M.&...... ~Q....B.....3.B..eY...... h.>..v.l6Y.EQdY6.VH0...... n..'I..]xQ..B.B...q.. PU.H$..B.+.L.A.O.4..".$I.F.6.-~..2"....x<.`...$I.!.a4...(~.....D.....f...... HH.....^l..$y...+....t:...h(.B.i4..^.q....i.m...... [{..t8...2.n...... $I..{I.\...l.(.O...... (._#..A.8..M....w ...... wT1.f.8E.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\header_hufc27ab132906a505d6d1b330eb87030d_18566_358x180_fit_bo x_2[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 358 x 180, 8-bit/color RGB, non-interlaced Size (bytes): 16674 Entropy (8bit): 7.961451875769327 Encrypted: false MD5: D55782C47878F0DA42F9B46D2E891CB0 SHA1: 2C188BEC4ACCBFAF3C0D44FA6C45469CCBCCE45B SHA-256: 3AF597EE5338EF385F013493F205D1FD70228AD98C713787CD52430EEFFF26F4 SHA-512: B108D71805DB31C8AF42A67AC554AE33D6719BD22CDE49C5F163A8668ED9D161FABCBBC10EB595B30428F1FDF1C162F97A1237583229FE522532B1F4A35E768A Malicious: false Reputation: low Preview: .PNG...... IHDR...f...... ([email protected] R#R..".^.....^."..E...F..4.P.j.t ...M..O.?.'..Fr.*...... 9.s.{.yg.I...@ [email protected] @ ...L..p.m.@ ...... o.z...@ .'.*[email protected] [email protected] ..$I.m... . (.. I...... n.`.E;{a{...... O..[zA.....l...... [email protected] .{.xz.E...._N...pw.t...(.6.N).1_W1... .A..ZErV]..."y.....f3....u.....M..!...d.A...K...[fMY.J.".rY.E.(.0.w.-O+h..8.b. .}. .Bg.u..a.R.k..zq$..hzuc.....d.v%./.nz.....;sN_....m..@..{.Vgp.\.I._...3e.....V.8x...u....x.rM....;I.....r.@.{.w/g."m.....An...[.,Q...... P..<.a...... |...... {..k...G..U.....lP.Xq.Li.p.+...q..G..4.. ..R2k*..W..4...... U..W./....x...... oM...... n.e ...... U....,6....V.?.{.RN..g...."....DL....VN/.h{...U...'.\)..}..|~#]W..z.Z.7...o6....B../Wn9U\)W...M...wh....g.lA.T.5.K..hV[....7..#..Z.-...E c...7..9Vp<..>]M.f_ZeC...Vq.X..(....q8...... k...... [.Q{h...[.j1..o.L.....:.Rk.<&.V.l?[z....f..l.b...... \...... _...2H...9.?...b../....8.S..o.?.s..20.....t
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\style.min.da902094c76a979e1f92977045b7b3bfbaee983d2368f3ded500 f832d61eac11[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 205542 Entropy (8bit): 5.06752526555691 Encrypted: false MD5: E0EF11F5CF200FA88C8CFC8C4B590E53 SHA1: 3647B6EE259D4084CC57DC50BF7205B1AA4CDD0A SHA-256: 582CCA913E70C8D86DDB4720A447AC7C65703BFBE888799BB146557AFD0CC3B3 SHA-512: 6321D3BD313789B7749F2645F7346643D9E6697F144DBDAC82B089CD7A932F153F39F105D632EBCBC9AC394967C2EA55ED450288443A7E3D6AEA35DFF919C2E5 Malicious: false Reputation: low Preview: @import "https://fonts.googleapis.com/css?family=IBM+Plex+Mono|IBM+Plex+Sans:300,400";:root{--blue: #007bff;--indigo: #6610f2;--purple: #6f42c1;--pink: #e83e8c;--red: #dc3545;--orange: #fd7e14;--yellow: #ffc107;--green: #28a745;--teal: #20c997;--cyan: #17a2b8;--white: #fff;--gray: #6c757d;--gray-dark: #343a40;--primary: #0072cb;-- secondary: #414156;--success: #28a745;--info: #17a2b8;--warning: #ffc107;--danger: #dc3545;--light: #f8f9fa;--dark: #343a40;--breakpoint-xs: 0;--breakpoint-sm: 576px;-- breakpoint-md: 768px;--breakpoint-lg: 992px;--breakpoint-xl: 1200px;--font-family-sans-serif: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto , "Helvetica Neue", Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";--font-family-monospace: "IBM Plex Mono", Menlo, Monaco, Consolas, "Courier New", monos pace}*,*::before,*::after{box-sizing:border-box}html{font-family:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:sc
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\KlavikaWebBasicLight[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), . family Size (bytes): 26275 Entropy (8bit): 7.977860216755032 Encrypted: false MD5: 5386C517848285F6920C752E37E7D583 SHA1: BF3ED62E12B690FB913F2BB31ECEEF121E44156A SHA-256: F481064F9BB3B6437E3525ACE59CF22B9CDC862A84116BC788ACBA828D38F1C3 SHA-512: 6A13196444C47306575EE811C1F9B8984B6EC23947174BDEE666F3F8AB13849AFB4B95E44A5467ACE2DA96652FB5BA7F998A8AA88E0291B162B7E4BF24030C85 Malicious: false Reputation: low
Copyright Joe Security LLC 2019 Page 17 of 34 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\KlavikaWebBasicLight[1].eot Preview: .f...f...... ,.....LP....J .P...... F...... V.e.r.s.i.o.n. .2...0.0.1...... BSGP...... <.LD.LI.R.....c.g.i9.A.C...R./.,.h...... j...q..%.,v6..=.Rr.. .l.....,.4.r.\.DQ.0.L..h..wg{|..RpP.7...4.a...... N. ~!...... hx.%..GJ...>.....W.J8.R".ZX.....%Y_zU$>...TX!|..>....D....F...... <..j..Z./[email protected] .`...._$7.....B.g.A.l";.P.}.iq. .z [email protected] ...@&ABEG.D82...... d=V....+cv...... J.+.WJ...x....p+s.!.n....U..I.0...... *.L)k.4/.....|..../+...2!,T|.V..#...>X2:.0.....k..-.....P.4h...5...._.....4..4...c ....I..Ak...... /.1}O...8.^...I\..J.kOfC...... L.5..w..Rs...4....=.D...e"o....3po..`...G..2.3{.....1.}..M.|.d.z.cNj...[.E...t..-.n.....1Z.C)...o....'...... [email protected] '.l.g...\kF.QVq^j....|+8.....O..U. .'..&..$...... X..5x....-.].W..V..g...I.h....!....E..9...... v.H.?P...*....=Y@^.|{7Ov.EO.g.....]...@...... >...... D8.J.-..[.P..A....Y....vr.....^J...J...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\KlavikaWebBasicRegularItalic[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), . family Size (bytes): 27439 Entropy (8bit): 7.974556238743968 Encrypted: false MD5: 583153B0B92570A786FA6C4895E90143 SHA1: E682E5F0AD514E14621A3AC863D917C70EA655D6 SHA-256: 532BBCC80223DA8D5F70667EA457BFACD264B904CC5CFEF076525427ABC9FCF8 SHA-512: 43972E673DEC13D487B41F9FBB4700D0AB22DB39433BA4130B2AB18E6C04EEC63D8E8B252FCD8BCBFFCA4C7259F01DB7ACF4C03DB0AF2F5702C6B278DD16F 59E Malicious: false Reputation: low Preview: /k...j...... LP....J .P...... 2S...... V.e.r.s.i.o.n. .2...0.0.1...... BSGP...... 8.Q..Q..U.....c.g.i9.A.C...R./.,a.Dx.R.d.@g1.?.{Q.7..%. #+F)7...K. 4Q.dD.@ ...... _..`3Q.k0.,Y.>^yq.H...... %..,....@..&(b[.".+>s,..vUR...... 4t?.y..RDWd...!...... v[x1...w.".i.^^.t...... x...n.. .m.Mm....g...p...... 0P.L..). h..%[email protected] ".a.a.%."+*`...... n.U....rBUK'..D+...R.^..d/l4.<.....A.m.i.0S..=i....V.kP...q...`"w.F.ab.H.c.ms...c...&..U.D...NvE7.Yqd..?0.y.u....@.]...Q G.p..C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\KlavikaWebBasicRegular[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), . family Size (bytes): 29333 Entropy (8bit): 7.9758651276894845 Encrypted: false MD5: DC85FE4BAD14F1667015C33116AF180A SHA1: F3689186EFD1550DB250AFCD23E5D348AE4246AB SHA-256: DC285763042ED4194CA08AF3491D1F5CA8761877CB35D18188803C7575245A1F SHA-512: 873CFE209FE1F1BD1074B324E1A66DB2F4303B5AFD04A40346B5C72A5E206C949CCE36AE761C90BD44255CEA3F767DA136745B80778A790F1942ED33DF3275F0 Malicious: false Reputation: low Preview: .r...q...... LP....J .P...... \/.5...... V.e.r.s.i.o.n. .2...0.0.1...... BSGP...... L..M..Q~....c.g.i9.A.C...R./.,i4Dx.R.d..cD..{Q.7O.%.+F. [..!.)9j.J5.knFN.J.t9....)i.s.,g...Y..+.Bn.D.GG...Y.5z.bN..l..p.I.XQ..`..).<..?t.8....c.d\).0..(.. ...S.%.#...{.....9.'t..v.....3.4.U.?.....j...... oj&....h.....$..s6. ...Y.!a..%..h.!~....8e.NV..|.K..E\D.k..{P..{....5.9...$%...... B.z.E..r.A.V`.N....zH6..`@....+.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\bundle.min.7788c4bdac16b7a1e974a1a2b27e4e0a7e9e84df97ef50de015 21b0507be8b30[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 19816 Entropy (8bit): 5.3114288976268815 Encrypted: false MD5: 6C742CD6884C52529896E63246AF0086 SHA1: BAAA4A38A94FC84E0C372B73512148BC2AB24840 SHA-256: 7788C4BDAC16B7A1E974A1A2B27E4E0A7E9E84DF97EF50DE01521B0507BE8B30 SHA-512: 4567DE32AB4CD548DDE0BD4FBBE405150378F08B2C0D9BDBE9CFCECB017BBD4B8130B9278979B95B34AC2AB0F728C1F22F570F57EC1233FC86AB6DD6FDDDD 9CC Malicious: false Reputation: low Preview: /*!.* Lightbox for Bootstrap by @ashleydw.* https://github.com/ashleydw/lightbox.*.* License: https://github.com/ashleydw/lightbox/blob/master/LICENSE.*/+function($){'use strict';var _createClass=(function(){function defineProperties(target,props){for(var i=0;iC:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\css[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Size (bytes): 742 Entropy (8bit): 5.3614104416690695 Encrypted: false
Copyright Joe Security LLC 2019 Page 18 of 34 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\css[1].css MD5: 73155DC25E807C6EF17F9CBAB955E6D6 SHA1: 90EDA567358F36CBDFE35CB88F71D5CC328C9A26 SHA-256: C7CDF94EE3CBC8E38A03D5A0DA37CED4855CCB827EA9E5C256A167862BDD4795 SHA-512: 17FC77F73140197278AD98514A1BDAC942B5B0548C7F00C0E452EEB110F327ADCFB9C24553D7844F21FB5D719576834182EBFC3B11281F3F4267F2240B4C7D6C Malicious: false Reputation: low Preview: @font-face {. font-family: 'IBM Plex Mono';. font-style: normal;. font-weight: 400;. src: local('IBM Plex Mono'), local('IBMPlexMono'), url(https://fonts.gstatic.com/ s/ibmplexmono/v4/-F63fjptAgt5VM-kVkqdyU8n1i8q0Q.woff) format('woff');.}.@font-face {. font-family: 'IBM Plex Sans';. font-style: normal;. font-weight: 300;. src: loca l('IBM Plex Sans Light'), local('IBMPlexSans-Light'), url(https://fonts.gstatic.com/s/ibmplexsans/v6/zYX9KVElMYYaJe8bpLHnCwDKjXr8AIFscg.woff) format('woff');.}.@font- face {. font-family: 'IBM Plex Sans';. font-style: normal;. font-weight: 400;. src: local('IBM Plex Sans'), local('IBMPlexSans'), url(https://fonts.gstatic.com/s/ibmplexs ans/v6/zYXgKVElMYYaJe8bpLHnCwDKhdHeEw.woff) format('woff');.}.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\index[1].html Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text Size (bytes): 7174 Entropy (8bit): 5.213781776793789 Encrypted: false MD5: 8C4E3C800189536A4836731429CC7FF3 SHA1: E098BEAAA693912B224C9C4E3ED3D54E615633D6 SHA-256: A05920F533A3B0A9C213F905C3BE0984238FE7038F704352CAFEB5C1EC397C9F SHA-512: 4F6DAB5A7CB232243559DEB5EA466165FEB80C86564F958F916CE0A741D61629E0B65EB2137211E4723F378A33280A3D0EA768B719C938EAE7F7E5269AAD6FCD Malicious: false Reputation: low Preview: ..
.Cyber Security Experts - Kryptos Logic ..
.C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\js[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 64205 Entropy (8bit): 5.522089999243716 Encrypted: false MD5: 8F9C050B9088863771A4F6FDDDF153DB SHA1: BD90D228D99CEEEBAA409CE8AF1CF6B65A47A448 SHA-256: 362F8C24418209B8B9D9C64E4916AD73590F205110DC42F6AA4E3B130A6C5560 SHA-512: 308F5C92FD396035208047327DBBB0DDA45BAE65DB72D595BACCE83F0654D6E562AA5AADB1D9BF5DB3D1697AB6442EDBC296DBC60B3F392D2BC8F6D46564B 371 Malicious: false Reputation: low Preview: .// Copyright 2012 Google Inc. All rights reserved..(function(){..var data = {."resource": {. "version":"1",. "macros":[],. "tags":[],. "predicates":[],. "rules":[].},."runtime":[.[],[] .]...};.var aa,ca=this,da=/^[\w+/_-]+[=]{0,2}$/,ea=null;var fa=function(){},ha=function(a){return"function"==typeof a},ia=function(a){return"string"==typeof a},ja=function(a) {return"number"==typeof a&&!isNaN(a)},ka=function(a){return"[object Array]"==Object.prototype.toString.call(Object(a))},la=function(a,b){if(Array.prototype.indexOf){var c=a.indexOf(b);return"number"==typeof c?c:-1}for(var d=0;db)a=0,b=2147483647;return Math.floor(Math.random()*(b-a+1)+a)},pa=function(a,b){for(var c in a)Object.prototy pe.hasOwnProperty.call(a,c)&&b(c,a[c])},qa=function(a){return Math.round(Number(a))||0},ra=function(a){return"false"==String(a).to
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\style[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 11813 Entropy (8bit): 5.051476676685972 Encrypted: false MD5: 37E7076DA5A0B5DCB8D8F6EE55F7D875 SHA1: F56F8FBAED5B9185287FB13864E5F3B3F05D8831 SHA-256: E0B0BE038DDFD148E850ECD612606250F185444A150BC71EB298B0F88CBAE47E SHA-512: 1B7FF36E660F583D253ABD9928E6160668354309784619056D79680DE6C581115622A21BF4879246B781655352236DED7AB391583C181A1F4620CC14982F3724 Malicious: false Reputation: low Preview: @charset "UTF-8";@import url("https://fonts.googleapis.com/css?family=Montserrat|Open+Sans");html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockqu ote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,center,dl,dt,dd,ol,ul,li,fieldset,form,label,legend, table,caption,tbody,tfoot,thead,tr,th,td,article,aside,canvas,details,embed,figure,figcaption,footer,header,hgroup,menu,nav,output,ruby,section,summary,time,mark,audio,vi deo{margin:0;padding:0;border:0;font-size:100%;font:inherit;vertical-align:baseline;}article,aside,details,figcaption,figure,footer,header,hgroup,menu,nav,section,main{di splay:block;}body{line-height:1;}ol,ul{list-style:none;}blockquote,q{quotes:none;}blockquote:before,blockquote:after,q:before,q:after{content:'';content:none;}table{border- collapse:collapse;border-spacing:0;}html{font-size:62.5%;}body{background:#1F222E;font-family:"Open Sans","Helvetica Neue","Lucida Grande",Arial,Verdana,sans-
Copyright Joe Security LLC 2019 Page 19 of 34 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\JTUSjIg1_i6t8kCHKm459WlhzQ[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 23480, version 1.1 Size (bytes): 23480 Entropy (8bit): 7.981253427621622 Encrypted: false MD5: 8102C4838F9E3D08DAD644290A9CB701 SHA1: 5AF1938D1327395F47C84E57B6BA7756234D2262 SHA-256: 60CEBEA4C9183F51FBD323F14DD729E18768BE4F6395467013216AE36526CF9C SHA-512: E8A0D6B72163E407DE82170E4560044CAE90116D1DD3CFA20F140E4379C8AABDC5BEAC6DD965D0E925CA673E41C42A858975C47F1F8152637958569D239E91FC Malicious: false Reputation: low Preview: wOFF...... [...... 8...... GDEF...... G...X.g.^GPOS...... 2.....GSUB...... ,.OS/2...\...N...`S..Ucmap...... h.cvt ...p...\..../R.Hfpgm...... F...mM$.|gasp...... glyf...... 3X..].,..$head..Rt...6...6.F.nhhea..R...... $....hmtx..R....%...>.x..loca..T...... (..*0maxp..W...... h.Yname..W4...... -5H.post..X$...... D.z.prep..Z...... K..x.%.... P...... @:D...$.. ]!....h.....2/.$.....D.^.F..ua.].N....%>./...x..ut.I...... e+..o...g.^..13333333333.-.e/.cgYAs....R.{.G..^.L...... j...... R.z..D..o...~...... $.`.BY.21.W...... 9...f.C..(..M.!..D....1rT ...w6cG.J....U...... ]..>...... q..jhT\l..;,M.zYK..x:.n.R...(...... g)..~...Xl#`...... -.#..T...]..Tw...... k.7....I.....@..$..r....X.\..L...... _.H.2".V... .1..."._d.#R..4c"...2> ..A..D;..e>".|Tt.1...... 8...._.K..+...... Y~'r.A.....D.../..W..ob.....[.8K.8Gtq..0...|....D.KE+.."..V.....\vr.._-.Se..=..A.1$...<.E.CL..%QB.8.9.....,.Jv.=,...%.i..:U*V..U.b..]N.D..O..'...1.$.....<
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\analytics[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 44130 Entropy (8bit): 5.514312906140191 Encrypted: false MD5: 0EA40A4CB2873A89CBE597EAEA860826 SHA1: BD6B139170EE44A65963986D0B785A13C7B6CDB4 SHA-256: 3E552578C7D450B023F2CD9D28F830BE4335C3ACC6C4AB6DADDA0769F09E5F22 SHA-512: 546F15177E41676F3D9CCEBB89B8014AA5CE37F06289DB3E9B6DCB0CA3240340E0878EFCFC2BE4273C81F3DD8128FF8A07530C391A23EDAC39F836767F861798 Malicious: false Reputation: low Preview: (function(){var k=this,l=function(a,b){a=a.split(".");var c=k;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||voi d 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var m=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},n=function(a){for(var b in a)if(a.has OwnProperty(b))return!0;return!1};var q=/^(?:(?:https?|mailto|ftp):|[^:/?#]*(?:[/?#]|$))/i;var r=window,t=document,u=function(a,b){t.addEventListener?t.addEventListener(a ,b,!1):t.attachEvent&&t.attachEvent("on"+a,b)};var v=/:[0-9]+$/,x=function(a,b){b&&(b=String(b).toLowerCase());if("protocol"===b||"port"===b)a.protocol=w(a.protocol)||w(r .location.protocol);"port"===b?a.port=String(Number(a.hostname?a.port:r.location.port)||("http"==a.protocol?80:"https"==a.protocol?443:"")):"host"===b&&(a.hostname= (a.hostname||r.location.hostname).replace(v,"").toLowerCase());var c=w(a.protocol);b&&(b=String(b).toLowerCase());switch(b){case "url_no_fragment"
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\dashboard[1].png
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 1300 x 800, 8-bit/color RGBA, non-interlaced Size (bytes): 372003 Entropy (8bit): 7.990916905784195 Encrypted: true MD5: B362D488D47499A7520CC7B612E8D847 SHA1: 1AC3CE4F67221F77A34966B5ADA41694D7695840 SHA-256: 2CFDFAB8F33A5D4A9446A50B46EFAB70C73D4EA96451D75C4AE5C68997B2A350 SHA-512: B1F07B9FF26A168E73190E3CE856CDB026B93C3CDDA31208F7A544FF0CC56DE25A938577F694F9C5F77BB5AC0CF037FABEBCB6F0FC28E7658E75ADBB7BD5F7 91 Malicious: false Reputation: low Preview: .PNG...... IHDR...... R..i.. .IDATx..y.eIU'.[..>.;e.{3k....(..6...v1..F....[[_.-..vk.|..|O...}.#[email protected] ..}. ..U.P3P.U...to..L;..#bE..g...u....Qy..;"V.XS...... (.&U.._.}..*bL0.J)$*A.$`flmm.V...n'.f .z}.y...Y.A)...u....).T}....jL!Q....#Ik.Z.dY=...... 4..Z.z.."[email protected] @DJ).Z...1.DD..y...B...uN.P...Z..PJA..f...... `6BK "(E.v5...([email protected] )"..5....3."b&R`.....@`...Z.d.d"..D...t.Y..J. ..X33..`RJ..`(R`..~..E....n2....liQ..5..b2...LD..0...... A..U.`...M{[email protected] ..... !..Ck.E...5....J.b.X.9.....V. [email protected] ).B...(.#..(.....5)C..".v..HA%..<..U1..%.....?..k+.o.O
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\mem8YaGs126MiZpBA-UFVZ0d[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 18100, version 1.1 Size (bytes): 18100 Entropy (8bit): 7.962027637722169 Encrypted: false MD5: DE0869E324680C99EFA1250515B4B41C SHA1: 8033A128504F11145EA791E481E3CF79DCD290E2 SHA-256: 81F0EC27796225EA29F9F1C7B74F083EDCD7BC97A09D5FC4E8D03C0134E62445 SHA-512: CD616DB99B91C6CBF427969F715197D54287BAFA60C3B58B93FF7837C21A6AAC1A984451AEEB9E07FD5B1B0EC465FE020ACBE1BFF8320E1628E970DDF37B0F 0E Malicious: false Reputation: low
Copyright Joe Security LLC 2019 Page 20 of 34 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\mem8YaGs126MiZpBA-UFVZ0d[1].woff Preview: wOFF...... F...... i...... GDEF...... GPOS...... GSUB...... X...t...OS/2...... ^...`~]..cmap...`...... X..cvt ...... Y.....M..fpgm...p...... ~a..gasp...... #glyf...... 6...S...]head..>....6...6..cphhea..>...... $....hmtx..?...... [$loca..A4...... f..maxp..B...... name..C...... &:A.post..D...... x.U..prep..E...... C...... x...5.A...... m."gW..`.L..&N".?...... IF....a.^...b1...... Uh."4...>..=x.c`f..8.....u..1...<.f...... A...... 5....1...A.._6..".-..L.....Ar,...... 3..(....x.\.!..q...... #aff...#1Q@.'U..@5." .llt.Aa#.f|c.W.....'..X..!..C...ITPE.;..V.j...... 0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p...... M.x.c.a.g.c..$KY...e@.,.."...... ?....%.g....Z..... (".o..Y..Bu342.e...... 0...... M=.....x.uTGw.F...... )..)7.W.$`*.....G.Kz.)e....t.|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N.KG.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\zYX9KVElMYYaJe8bpLHnCwDKjXr8AIFscg[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 24220, version 1.1 Size (bytes): 24220 Entropy (8bit): 7.975197438590709 Encrypted: false MD5: 10BB6A0AE6DC8000D999AB622A45E281 SHA1: 3F3F0D0D1C197AAED691F72EEECA77C64CD65523 SHA-256: 6ABE6B7EF0ABE00B00FFD7B5D9E527102EDE9A623F808DC27E21D6F89F67ECFF SHA-512: 4B05DA497752A71461653DAC8E3E02DB379F98F90ED988BE6CA98C293569448B68294973865C1C8997ADB4DA19DA8313AC8711B3DEEDD942BC5C6032FEAF62F6 Malicious: false Reputation: low Preview: wOFF...... ^...... GDEF...... [email protected] ...... 6.o.#.GSUB...... >.,GOS/2...... U...`iC..cmap...... ?.=.cvt ...... >...>....fpgm...... s.Y.7gasp...... !glyf...... ;...~j,.>%head..V`...6...6...nhhea..V...... $....hmtx..V...... ?Xloca..X...... *maxp..Z...... name..Z...... <^post..[...... 5....prep..]...... l..qx...... @....O..u [email protected] .&U,V...... K.....I....;...x.d....A.F...gv..m.Qm.m3...EP.m...g..xP@6z3.i.so..Z0s2....3.z.G.JS. 6...X.c'...IcfN.X..Tb...ry7./E..8..=TO5\MTo.J:.Y..._..1N.1..f.o...Jf. ...._..D.{.M.O.C.I...... n.{..z.^.CtT.Mz.0.....4W.?.....Z...b+.v..h..K....k.....GN.R...<..L.jP.Z...i@C.....=..Hgz..../...P.1...g...... r....<...e.p.k\...... r..<...y.S...... y.[...|...... =.c/E..Q....8.c Ch..C.....^cll,.(.t,.).#.81..6.$..OnKI.#.dG.p2...... q?...0.f..y...d._b~...z..GQ+xRu...V._t.(.C..Y.\..9<...h.u.u.K....6.y..QM.N..m].VP..L.M..z..QY.e...... x...i..1d\).Ij..C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\zYXgKVElMYYaJe8bpLHnCwDKhdHeEw[1].woff Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 22620, version 1.1 Size (bytes): 22620 Entropy (8bit): 7.9761014161385395 Encrypted: false MD5: A2C56F946488A9A267BA6BA21471A217 SHA1: 05124DD70199CD052531A4FDF3FEFC34B99D6AB4 SHA-256: ED561C5D042D08481AF8CB1D52EF6B0365FF6B982F17983CC0E0778C1611AFC1 SHA-512: E242BE2965AB97080EFC258D5FC6E440FA8ACAF0DFC1E2449AAA13E2997ECED0673918E0AC75738B30DDAC595D30DC9DB77CAC167893B5FD96C54064F4405F 82 Malicious: false Reputation: low Preview: wOFF...... X\...... GDEF...... [email protected] ...... 56.n*.GSUB...... >.,GOS/2...... Y...`i. ecmap...... ?.=.cvt ...... >...>.m..fpgm...... s.Y.7gasp...... !glyf...... :d..~.....head..P8...6...6.*.ohhea..Pp...... $....hmtx..P...... ';oloca..R...... v,..maxp..T...... name..T...... p.F8.post..Ux...... 5.=..prep..Wp...... x...... @....O..u [email protected] .&U,V...... K.....I....;...x.d...Q.E.:..b..Q.Il.?.ylc.m.....P....#....0....Yy..[l.}..]. ...(..j....Dn][email protected] {...S1.A...... 0}.\...f.....L...Z.....i.)W..... a.#u.E{. ..0_.....)...k...r..[....6...c.j{n{m...... sQ..`.s..".....b5...F...mlg.;....r./...... u.q..|.3..$.x.H$..RI#....&.\...".)..2...*....:..k... ..c.33....}8}...... p.&.4af..|.`f..xu.T....O.U/.1.a.b..T.9^.+q...g...\...... d..S.X'f..B\.E..Q.f.@Kv;.=:r....}v...F...... f...... *.U...:..Y.....u.7`A.%<.}K.X...... 2*...... s]\aw.n..q.uw.j..%.(...... 4..T:.mk......
C:\Users\user\AppData\Local\Temp\~DF79F69AFA191E6800.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Size (bytes): 25441 Entropy (8bit): 0.3743365608710266 Encrypted: false MD5: E3499D97AD34B67E89E22AB83BB33EFF SHA1: BB781CEBBF11A15CCDD70E2522EAE9D0DE40D5E3 SHA-256: B0E85B2B4416CA4C7C53AA514059A0BFAFFA78734FED33DBC9D82CE91455C9CC SHA-512: EFCBFB62E1C98D7DD71A36EB3BBF81EE619C04E1CB9F27BBD51AA669FB080AB2B2A19C6B33A9A4F40B14D96EA4A3EC6A358C2A754B056E323FABB17E4FE2 D088 Malicious: false Reputation: low Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(......
C:\Users\user\AppData\Local\Temp\~DF803BF8498F680D27.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Size (bytes): 44483 Entropy (8bit): 0.7600058150623348 Encrypted: false MD5: 183C571BBB8E8D2B0CA172B78A7846CE SHA1: 6216420094688489FE5DEF603F9A6C0A10C33BB8 Copyright Joe Security LLC 2019 Page 21 of 34 C:\Users\user\AppData\Local\Temp\~DF803BF8498F680D27.TMP SHA-256: 34FA7B92F2C78F58501D4325E78260473C4121F9CB6357F072AFE95B78286223 SHA-512: 5EF6121D4A3ADF019AEBFFE6D203CADAB2E3BA6E4F092EDC6A167C859D9F594287C2225C044D5EEC88E4DC8DCA52E58B5EE48EBC3706C6DF0CFC55AA91002 AAE Malicious: false Reputation: low Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(......
C:\Users\user\AppData\Local\Temp\~DF9F1749A2640D4826.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Size (bytes): 13029 Entropy (8bit): 0.474512122123611 Encrypted: false MD5: 7A4901F5BDC8C6CCCDE5DBD26046C555 SHA1: 097165EE0D6AD27B8C3BA539F8805C9EF176E54D SHA-256: 3404776FBEB9D7A946576077C25AED0FA12F28F7FCBA6F1BD8A2B01F4DCAAD87 SHA-512: 2F50F74A6083734FD61502F797F77AB770A5CC9AB45490E6B26DD4BDEC2CA195991AFE5A33531065A9CFD8BC093C1A9331A9045AE200586682829EF4CA8E5C81 Malicious: false Reputation: low Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(......
Domains and IPs
Contacted Domains
Name IP Active Malicious Antivirus Detection Reputation www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.co 104.17.244.81 true false high m www.kryptoslogic.com 104.24.98.133 true false 0%, virustotal, Browse low cdnjs.cloudflare.com 104.19.199.151 true false high static.kryptoslogicsinkhole.com 35.237.128.253 true false 0%, virustotal, Browse unknown
Contacted URLs
Name Malicious Antivirus Detection Reputation www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/ true 2%, virustotal, Browse low Avira URL Cloud: safe static.kryptoslogicsinkhole.com/style.css false 0%, virustotal, Browse unknown Avira URL Cloud: safe www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/favicon.ico true 0%, virustotal, Browse low Avira URL Cloud: safe
URLs from Memory and Binaries
Name Source Malicious Antivirus Detection Reputation https://www.kryptoslogic.com/favicon.png index[1].html.2.dr false Avira URL Cloud: safe low www.iuqerfic.com/fjhgosurijfaewrwergwea.com/Root {27CD80B6-5FF6-11E9-AAD9-C25F1 false Avira URL Cloud: safe unknown 35D3C65}.dat.1.dr https://www.kryptoslogic.com/terms index[1].html.2.dr false Avira URL Cloud: safe low www.nytimes.com/ msapplication.xml3.1.dr false high ~DF803BF8498F680D27.TMP.1.dr false Avira URL Cloud: safe low https://www.kryptoslogic.com/fjhgosurijfaewrwergwea.com/ https://github.com/ashleydw/lightbox bundle.min.7788c4bdac16b7a1e97 false high 4a1a2b27e4e0a7e9e84df97ef50de0 1521b0507be8b30[1].js.2.dr js[1].js.2.dr false high https://www.googletraveladservices.com/travel/clk/pagead/con version/ https://stats.g.doubleclick.net/r/collect? analytics[1].js.2.dr false high t=dc&aip=1&_r=3& www.amazon.com/ msapplication.xml.1.dr false high Copyright Joe Security LLC 2019 Page 22 of 34 Name Source Malicious Antivirus Detection Reputation ~DF803BF8498F680D27.TMP.1.dr false Avira URL Cloud: safe low www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/4Sinkhol ed https://getbootstrap.com/) bootstrap.bundle.min[1].js.2.dr false high https://www.kryptoslogic.com/products/telltale/ index[1].html.2.dr false Avira URL Cloud: safe low {27CD80B6-5FF6-11E9-AAD9-C25F1 false Avira URL Cloud: safe unknown https://www.kryptoslogifjaposdfjhgosurijfaewrwergwea.com/ 35D3C65}.dat.1.dr www.twitter.com/ msapplication.xml5.1.dr false high https://fontawesome.comhttps://fontawesome.comFont fa-brands-400[1].eot.2.dr false Avira URL Cloud: safe unknown index[1].html.2.dr false high https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.c arousel.min.js https://www.linkedin.com/company/kryptos-logic index[1].html.2.dr false high https://fontawesome.com style.min.da902094c76a979e1f92 false high 977045b7b3bfbaee983d2368f3ded5 00f832d61eac11[1].css.2.dr https://github.com/twbs/bootstrap/graphs/contributors) bootstrap.bundle.min[1].js.2.dr false high https://www.google.%/ads/ga-audiences analytics[1].js.2.dr false high https://www.kryptoslogic.com/ ~DF803BF8498F680D27.TMP.1.dr false 0%, virustotal, Browse low Avira URL Cloud: safe https://fontawesome.com/license style.min.da902094c76a979e1f92 false high 977045b7b3bfbaee983d2368f3ded5 00f832d61eac11[1].css.2.dr https://github.com/kryptoslogic index[1].html.2.dr false high www.youtube.com/ msapplication.xml7.1.dr false high https://cdnjs.cloudflare.com/ajax/libs/twitter- index[1].html.2.dr false high bootstrap/4.3.1/js/bootstrap.bundle.min.js https://www.kryptoslogic.com/images/logo.svg index[1].html.2.dr false Avira URL Cloud: safe low {27CD80B6-5FF6-11E9-AAD9-C25F1 false Avira URL Cloud: safe low www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/Root 35D3C65}.dat.1.dr js[1].js.2.dr false high https://github.com/krux/postscribe/blob/master/LICENSE. https://github.com/twbs/bootstrap/blob/master/LICENSE) bootstrap.bundle.min[1].js.2.dr false high https://www.kryptoslogic.com/index.xml index[1].html.2.dr false Avira URL Cloud: safe low https://www.kryptoslogic.com ZZRSIRDS.htm.2.dr false high www.wikipedia.com/ msapplication.xml6.1.dr false high https://stats.g.doubleclick.net/j/collect analytics[1].js.2.dr false high https://www.googletraveladservices.com/travel/flights/clk js[1].js.2.dr false high https://www.kryptoslogic.com/privacy index[1].html.2.dr false Avira URL Cloud: safe low www.live.com/ msapplication.xml2.1.dr false high https://www.kryptoslogic.com/images/dashboard.png index[1].html.2.dr false Avira URL Cloud: safe low https://twitter.com/kryptoslogic index[1].html.2.dr false high index[1].html.2.dr false high https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js www.reddit.com/ msapplication.xml4.1.dr false high bundle.min.7788c4bdac16b7a1e97 false high https://github.com/ashleydw/lightbox/blob/master/LICENSE 4a1a2b27e4e0a7e9e84df97ef50de0 1521b0507be8b30[1].js.2.dr https://telltale.kryptoslogic.com/auth/signup/ index[1].html.2.dr false Avira URL Cloud: safe low https://www.kryptoslogic.com/LCyber ~DF803BF8498F680D27.TMP.1.dr false Avira URL Cloud: safe low owl.carousel.min[1].js.2.dr false high https://github.com/OwlCarousel2/OwlCarousel2/blob/master/LI CENSE
Contacted IPs
Copyright Joe Security LLC 2019 Page 23 of 34 No. of IPs < 25%
25% < No. of IPs < 50% 50% < No. of IPs < 75% 75% < No. of IPs
Public
IP Country Flag ASN ASN Name Malicious 104.19.199.151 United States 13335 unknown false 35.237.128.253 United States 15169 unknown false 104.24.98.133 United States 13335 unknown false 104.17.244.81 United States 13335 unknown false
Static File Info
No static file info
Network Behavior
Snort IDS Alerts
Source Dest Timestamp Protocol SID Message Port Port Source IP Dest IP 04/15/19- UDP 2024291 ET TROJAN Possible WannaCry DNS Lookup 1 54455 53 192.168.2.5 8.8.8.8 20:17:27.528466 04/15/19- TCP 2024298 ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1 49802 80 192.168.2.5 104.17.244.81 20:17:27.570869 04/15/19- TCP 2024298 ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1 49803 80 192.168.2.5 104.17.244.81 20:17:30.038956 04/15/19- UDP 2024291 ET TROJAN Possible WannaCry DNS Lookup 1 58501 53 192.168.2.5 8.8.8.8 20:17:43.676068 04/15/19- TCP 2024298 ET TROJAN W32/WannaCry.Ransomware Killswitch Domain HTTP Request 1 49810 80 192.168.2.5 104.16.173.80 20:17:43.727070
Network Port Distribution
Copyright Joe Security LLC 2019 Page 24 of 34 Total Packets: 59 • 53 (DNS) • 443 (HTTPS) • 80 (HTTP)
TCP Packets
Timestamp Source Port Dest Port Source IP Dest IP Apr 15, 2019 20:17:27.555869102 CEST 49803 80 192.168.2.5 104.17.244.81 Apr 15, 2019 20:17:27.556341887 CEST 49802 80 192.168.2.5 104.17.244.81 Apr 15, 2019 20:17:27.567275047 CEST 80 49803 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:27.568036079 CEST 80 49802 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:27.569977999 CEST 49803 80 192.168.2.5 104.17.244.81 Apr 15, 2019 20:17:27.570004940 CEST 49802 80 192.168.2.5 104.17.244.81 Apr 15, 2019 20:17:27.570868969 CEST 49802 80 192.168.2.5 104.17.244.81 Apr 15, 2019 20:17:27.582402945 CEST 80 49802 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:27.618668079 CEST 80 49802 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:27.618705034 CEST 80 49802 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:27.618724108 CEST 80 49802 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:27.618803978 CEST 49802 80 192.168.2.5 104.17.244.81 Apr 15, 2019 20:17:27.630290985 CEST 49802 80 192.168.2.5 104.17.244.81 Apr 15, 2019 20:17:27.641655922 CEST 80 49802 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:27.783776999 CEST 49804 80 192.168.2.5 35.237.128.253 Apr 15, 2019 20:17:27.783971071 CEST 49805 80 192.168.2.5 35.237.128.253 Apr 15, 2019 20:17:27.898999929 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:27.899096966 CEST 49804 80 192.168.2.5 35.237.128.253 Apr 15, 2019 20:17:27.899930000 CEST 49804 80 192.168.2.5 35.237.128.253 Apr 15, 2019 20:17:27.900796890 CEST 80 49805 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:27.900888920 CEST 49805 80 192.168.2.5 35.237.128.253 Apr 15, 2019 20:17:28.015961885 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.016182899 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.016233921 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.016259909 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.016288996 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.016311884 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.016340971 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.016377926 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.016411066 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.016438007 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.016474009 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.017579079 CEST 49804 80 192.168.2.5 35.237.128.253 Apr 15, 2019 20:17:28.017623901 CEST 49804 80 192.168.2.5 35.237.128.253 Apr 15, 2019 20:17:28.132900000 CEST 80 49804 35.237.128.253 192.168.2.5 Apr 15, 2019 20:17:28.134444952 CEST 49804 80 192.168.2.5 35.237.128.253 Apr 15, 2019 20:17:30.038955927 CEST 49803 80 192.168.2.5 104.17.244.81 Apr 15, 2019 20:17:30.050450087 CEST 80 49803 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:30.053271055 CEST 80 49803 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:30.053303003 CEST 80 49803 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:30.053457022 CEST 80 49803 104.17.244.81 192.168.2.5 Apr 15, 2019 20:17:30.054102898 CEST 49803 80 192.168.2.5 104.17.244.81 Apr 15, 2019 20:17:30.060544968 CEST 49803 80 192.168.2.5 104.17.244.81 Apr 15, 2019 20:17:30.071913958 CEST 80 49803 104.17.244.81 192.168.2.5
Copyright Joe Security LLC 2019 Page 25 of 34 Timestamp Source Port Dest Port Source IP Dest IP Apr 15, 2019 20:17:45.636384010 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.637661934 CEST 49812 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.648611069 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.649328947 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.649492025 CEST 443 49812 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.650923014 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.651611090 CEST 49812 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.652265072 CEST 49812 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.663650990 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.664952040 CEST 443 49812 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.667843103 CEST 443 49812 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.667886019 CEST 443 49812 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.667912006 CEST 443 49812 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.667932034 CEST 443 49812 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.669888973 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.669945002 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.669970989 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.669995070 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.698374033 CEST 49812 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.699320078 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.700660944 CEST 443 49812 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.711147070 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.711183071 CEST 49812 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.716743946 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.717173100 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.717524052 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.717876911 CEST 49812 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.718285084 CEST 49812 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.728426933 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.728542089 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.730390072 CEST 443 49812 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.730422020 CEST 443 49812 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.730524063 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.731733084 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.743063927 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.749471903 CEST 49812 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.751996994 CEST 49812 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.804697037 CEST 443 49812 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.932765007 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.932812929 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.932847023 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.932867050 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.932887077 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.951901913 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:45.962208986 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:45.974518061 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:46.017302990 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:46.018595934 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:46.019988060 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:46.021189928 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:46.023386002 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:46.028343916 CEST 49811 443 192.168.2.5 104.24.98.133 Apr 15, 2019 20:17:46.029903889 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:46.032525063 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:46.039724112 CEST 443 49811 104.24.98.133 192.168.2.5 Apr 15, 2019 20:17:46.047981024 CEST 443 49811 104.24.98.133 192.168.2.5
UDP Packets
Timestamp Source Port Dest Port Source IP Dest IP Apr 15, 2019 20:17:20.667615891 CEST 55147 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:20.688916922 CEST 53 55147 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:21.063441992 CEST 62247 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:21.085186005 CEST 53 62247 8.8.8.8 192.168.2.5
Copyright Joe Security LLC 2019 Page 26 of 34 Timestamp Source Port Dest Port Source IP Dest IP Apr 15, 2019 20:17:21.739505053 CEST 59496 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:21.751327991 CEST 53 59496 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:22.723947048 CEST 58937 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:22.743525028 CEST 53 58937 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:23.338157892 CEST 62548 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:23.399841070 CEST 53 62548 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:26.431926012 CEST 53311 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:26.449282885 CEST 53 53311 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:27.528465986 CEST 54455 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:27.540838003 CEST 53 54455 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:27.736438036 CEST 54772 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:27.778259039 CEST 53 54772 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:28.158189058 CEST 58460 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:28.186804056 CEST 53 58460 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:29.569307089 CEST 58876 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:29.599524975 CEST 53 58876 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:43.676068068 CEST 58501 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:43.708053112 CEST 53 58501 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:45.581392050 CEST 53388 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:45.613946915 CEST 53 53388 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:46.457343102 CEST 58724 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:46.469024897 CEST 53 58724 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:47.301501989 CEST 60822 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:47.331711054 CEST 53 60822 8.8.8.8 192.168.2.5 Apr 15, 2019 20:17:48.199058056 CEST 58429 53 192.168.2.5 8.8.8.8 Apr 15, 2019 20:17:48.225547075 CEST 53 58429 8.8.8.8 192.168.2.5
DNS Queries
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class Apr 15, 2019 20:17:27.528465986 CEST 192.168.2.5 8.8.8.8 0x1637 Standard query www.iuqerf A (IP address) IN (0x0001) (0) sodp9ifjap osdfjhgosu rijfaewrwe rgwea.com Apr 15, 2019 20:17:27.736438036 CEST 192.168.2.5 8.8.8.8 0x34a2 Standard query static.kry A (IP address) IN (0x0001) (0) ptoslogics inkhole.com Apr 15, 2019 20:17:43.676068068 CEST 192.168.2.5 8.8.8.8 0xab12 Standard query www.iuqerf A (IP address) IN (0x0001) (0) sodp9ifjap osdfjhgosu rijfaewrwe rgwea.com Apr 15, 2019 20:17:45.581392050 CEST 192.168.2.5 8.8.8.8 0xeb89 Standard query www.krypto A (IP address) IN (0x0001) (0) slogic.com Apr 15, 2019 20:17:46.457343102 CEST 192.168.2.5 8.8.8.8 0x99d8 Standard query cdnjs.clou A (IP address) IN (0x0001) (0) dflare.com
DNS Answers
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Apr 15, 2019 8.8.8.8 192.168.2.5 0x1637 No error (0) www.iuqerf 104.17.244.81 A (IP address) IN (0x0001) 20:17:27.540838003 sodp9ifjap CEST osdfjhgosu rijfaewrwe rgwea.com Apr 15, 2019 8.8.8.8 192.168.2.5 0x1637 No error (0) www.iuqerf 104.16.173.80 A (IP address) IN (0x0001) 20:17:27.540838003 sodp9ifjap CEST osdfjhgosu rijfaewrwe rgwea.com Apr 15, 2019 8.8.8.8 192.168.2.5 0x34a2 No error (0) static.kry 35.237.128.253 A (IP address) IN (0x0001) 20:17:27.778259039 ptoslogics CEST inkhole.com Apr 15, 2019 8.8.8.8 192.168.2.5 0xab12 No error (0) www.iuqerf 104.16.173.80 A (IP address) IN (0x0001) 20:17:43.708053112 sodp9ifjap CEST osdfjhgosu rijfaewrwe rgwea.com
Copyright Joe Security LLC 2019 Page 27 of 34 Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Apr 15, 2019 8.8.8.8 192.168.2.5 0xab12 No error (0) www.iuqerf 104.17.244.81 A (IP address) IN (0x0001) 20:17:43.708053112 sodp9ifjap CEST osdfjhgosu rijfaewrwe rgwea.com Apr 15, 2019 8.8.8.8 192.168.2.5 0xeb89 No error (0) www.krypto 104.24.98.133 A (IP address) IN (0x0001) 20:17:45.613946915 slogic.com CEST Apr 15, 2019 8.8.8.8 192.168.2.5 0xeb89 No error (0) www.krypto 104.24.99.133 A (IP address) IN (0x0001) 20:17:45.613946915 slogic.com CEST Apr 15, 2019 8.8.8.8 192.168.2.5 0x99d8 No error (0) cdnjs.clou 104.19.199.151 A (IP address) IN (0x0001) 20:17:46.469024897 dflare.com CEST Apr 15, 2019 8.8.8.8 192.168.2.5 0x99d8 No error (0) cdnjs.clou 104.19.195.151 A (IP address) IN (0x0001) 20:17:46.469024897 dflare.com CEST Apr 15, 2019 8.8.8.8 192.168.2.5 0x99d8 No error (0) cdnjs.clou 104.19.197.151 A (IP address) IN (0x0001) 20:17:46.469024897 dflare.com CEST Apr 15, 2019 8.8.8.8 192.168.2.5 0x99d8 No error (0) cdnjs.clou 104.19.196.151 A (IP address) IN (0x0001) 20:17:46.469024897 dflare.com CEST Apr 15, 2019 8.8.8.8 192.168.2.5 0x99d8 No error (0) cdnjs.clou 104.19.198.151 A (IP address) IN (0x0001) 20:17:46.469024897 dflare.com CEST
HTTP Request Dependency Graph
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com static.kryptoslogicsinkhole.com
HTTP Packets
Session ID Source IP Source Port Destination IP Destination Port Process 0 192.168.2.5 49802 104.17.244.81 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
kBytes Timestamp transferred Direction Data Apr 15, 2019 145 OUT GET / HTTP/1.1 20:17:27.570868969 CEST Accept: text/html, application/xhtml+xml, image/jxr, */* Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com Connection: Keep-Alive Apr 15, 2019 146 IN HTTP/1.1 200 OK 20:17:27.618668079 CEST Date: Mon, 15 Apr 2019 18:17:27 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: __cfduid=d17476a6de4fbd67aef918743bfca15cb1555352247; expires=Tue, 14-Apr-20 18:17:27 GMT; path=/; domain=.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com; HttpOnly Vary: Accept-Encoding Server: cloudflare CF-RAY: 4c7fea9b58b0cc64-ZRH Content-Encoding: gzip Data Raw: 31 35 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6c 52 c1 6e db 30 0c fd 15 96 e7 39 5a 6e c5 20 e9 b2 f6 b4 01 1b d0 5e 76 94 25 26 62 23 4b 86 c9 c6 f5 df 0f 6e 12 ac 1e 7a 21 44 8a 8f 8f 7a 4f f6 ee e1 d7 f7 e7 3f bf 1f 21 eb 50 bc 5d 23 94 50 8f 0e a9 76 af 82 10 4b 10 71 58 5b f7 22 e8 6d a6 90 bc 1d 48 03 c4 1c 26 21 75 f8 aa 87 ee 1e bd 55 d6 42 fe 89 eb 29 b7 42 09 fa 05 7e 4c cb a8 4d e0 67 3b 72 b4 e6 d2 71 81 d7 30 90 c3 44 12 27 1e 95 5b 45 88 ad 2a 55 75 b8 81 c1 6d 22 6e 90 67 a6 79 6c 93 7e 80 cd 9c 34 bb 44 67 8e d4 bd 27 5f 80 2b 2b 87 d2 49 0c 85 dc 7e f7 15 bd 2d 5c 4f 90 27 3a 38 34 46 34 28 c7 dd e9 42 59 56 46 b9 12 ee 62 1b 8c e8 b2 9e 44 10 26 2a 0e df 73 c9 44 8a a0 cb 48 0e 95 de d4 ac 0d c6 5b 73 11 a8 6f 69 b9 49 77 28 41 d1 db c4 e7 5b e5 ba f0 a7 c5 ae 6f 6f db 8b 9e 8f dd e7 88 42 61 42 6f 4d e2 f3 2d e6 fd 3f 03 ee ac c9 7b 6f 47 ff 9c 59 20 b5 21 70 85 1c 04 7a a2 0a f2 d1 27 1b ae 7a 64 d5 51 be 19 33 cf f3 46 92 55 0a f4 ff d9 19 fc ce 9a 71 bb 80 59 9f be ea b0 fe a7 bf 00 00 00 ff ff 03 00 1b 65 fe 4f 5f 02 00 00 0d 0a Data Ascii: 15dlRn09Zn ^v%&b#Knz!DzO?!P]#PvKqX["mH&!uUB)B~LMg;rq0D'[E*Uum"ngyl~4Dg'_++I~-\O':84F4(BY VFbD&*sDH[soiIw(A[ooBaBoM-?{oGY !pz'zdQ3FUqYeO_
Session ID Source IP Source Port Destination IP Destination Port Process 1 192.168.2.5 49804 35.237.128.253 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
kBytes Timestamp transferred Direction Data
Copyright Joe Security LLC 2019 Page 28 of 34 kBytes Timestamp transferred Direction Data Apr 15, 2019 147 OUT GET /style.css HTTP/1.1 20:17:27.899930000 CEST Accept: text/css, */* Referer: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/ Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: static.kryptoslogicsinkhole.com Connection: Keep-Alive Apr 15, 2019 149 IN HTTP/1.1 200 OK 20:17:28.016182899 CEST Server: nginx/1.10.3 Date: Mon, 15 Apr 2019 18:17:27 GMT Content-Type: text/css Content-Length: 11813 Last-Modified: Mon, 02 Jul 2018 02:05:52 GMT Connection: keep-alive ETag: "5b398880-2e25" Accept-Ranges: bytes Data Raw: 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 40 69 6d 70 6f 72 74 20 75 72 6c 28 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 7c 4f 70 65 6e 2b 53 61 6e 73 22 29 3b 68 74 6d 6c 2c 62 6f 64 79 2c 64 69 76 2c 73 70 61 6e 2c 61 70 70 6c 65 74 2c 6f 62 6a 65 63 74 2c 69 66 72 61 6d 65 2c 68 31 2c 68 32 2c 68 33 2c 68 34 2c 68 35 2c 68 36 2c 70 2c 62 6c 6f 63 6b 71 75 6f 74 65 2c 70 72 65 2c 61 2c 61 62 62 72 2c 61 63 72 6f 6e 79 6d 2c 61 64 64 72 65 73 73 2c 62 69 67 2c 63 69 74 65 2c 63 6f 64 65 2c 64 65 6c 2c 64 66 6e 2c 65 6d 2c 69 6d 67 2c 69 6e 73 2c 6b 62 64 2c 71 2c 73 2c 73 61 6d 70 2c 73 6d 61 6c 6c 2c 73 74 72 69 6b 65 2c 73 74 72 6f 6e 67 2c 73 75 62 2c 73 75 70 2c 74 74 2c 76 61 72 2c 62 2c 75 2c 69 2c 63 65 6e 74 65 72 2c 64 6c 2c 64 74 2c 64 64 2c 6f 6c 2c 75 6c 2c 6c 69 2c 66 69 65 6c 64 73 65 74 2c 66 6f 72 6d 2c 6c 61 62 65 6c 2c 6c 65 67 65 6e 64 2c 74 61 62 6c 65 2c 63 61 70 74 69 6f 6e 2c 74 62 6f 64 79 2c 74 66 6f 6f 74 2c 74 68 65 61 64 2c 74 72 2c 74 68 2c 74 64 2c 61 72 74 69 63 6c 65 2c 61 73 69 64 65 2c 63 61 6e 76 61 73 2c 64 65 74 61 69 6c 73 2c 65 6d 62 65 64 2c 66 69 67 75 72 65 2c 66 69 67 63 61 70 74 69 6f 6e 2c 66 6f 6f 74 65 72 2c 68 65 61 64 65 72 2c 68 67 72 6f 75 70 2c 6d 65 6e 75 2c 6e 61 76 2c 6f 75 74 70 75 74 2c 72 75 62 79 2c 73 65 63 74 69 6f 6e 2c 73 75 6d 6d 61 72 79 2c 74 69 6d 65 2c 6d 61 72 6b 2c 61 75 64 69 6f 2c 76 69 64 65 6f 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 66 6f 6e 74 3a 69 6e 68 65 72 69 74 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 7d 61 72 74 69 63 6c 65 2c 61 73 69 64 65 2c 64 65 74 61 69 6c 73 2c 66 69 67 63 61 70 74 69 6f 6e 2c 66 69 67 75 72 65 2c 66 6f 6f 74 65 72 2c 68 65 61 64 65 72 2c 68 67 72 6f 75 70 2c 6d 65 6e 75 2c 6e 61 76 2c 73 65 63 74 69 6f 6e 2c 6d 61 69 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 7d 62 6f 64 79 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 7d 6f 6c 2c 75 6c 7b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 3b 7d 62 6c 6f 63 6b 71 75 6f 74 65 2c 71 7b 71 75 6f 74 65 73 3a 6e 6f 6e 65 3b 7d 62 6c 6f 63 6b 71 75 6f 74 65 3a 62 65 66 6f 72 65 2c 62 6c 6f 63 6b 71 75 6f 74 65 3a 61 66 74 65 72 2c 71 3a 62 65 66 6f 72 65 2c 71 3a 61 66 74 65 72 7b 63 6f 6e 74 65 6e 74 3a 27 27 3b 63 6f 6e 74 65 6e 74 3a 6e 6f 6e 65 3b 7d 74 61 62 6c 65 7b 62 6f 72 64 65 72 2d 63 6f 6c 6c 61 70 73 65 3a 63 6f 6c 6c 61 70 73 65 3b 62 6f 72 64 65 72 2d 73 70 61 63 69 6e 67 3a 30 3b 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 7d 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 31 46 32 32 32 45 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 Data Ascii: @charset "UTF-8";@import url("https://fonts.googleapis.com/css?family=Montserrat|Open+Sans");html, body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,im g,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,center,dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbod y,tfoot,thead,tr,th,td,article,aside,canvas,details,embed,figure,figcaption,footer,header,hgroup,menu,nav,output,ruby,se ction,summary,time,mark,audio,video{margin:0;padding:0;border:0;font-size:100%;font:inherit;vertical-align:baseline;}art icle,aside,details,figcaption,figure,footer,header,hgroup,menu,nav,section,main{display:block;}body{line-height:1;}ol,ul{list- style:none;}blockquote,q{quotes:none;}blockquote:before,blockquote:after,q:before,q:after{content:'';content:none; }table{border-collapse:collapse;border-spacing:0;}html{font-size:62.5%;}body{background:#1F222E;font-family:"Open Sans","Helvetica Neue
Session ID Source IP Source Port Destination IP Destination Port Process 2 192.168.2.5 49803 104.17.244.81 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
kBytes Timestamp transferred Direction Data Apr 15, 2019 228 OUT GET /favicon.ico HTTP/1.1 20:17:30.038955927 CEST Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com Connection: Keep-Alive Cookie: __cfduid=d17476a6de4fbd67aef918743bfca15cb1555352247
Copyright Joe Security LLC 2019 Page 29 of 34 kBytes Timestamp transferred Direction Data Apr 15, 2019 229 IN HTTP/1.1 200 OK 20:17:30.053271055 CEST Date: Mon, 15 Apr 2019 18:17:30 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Server: cloudflare CF-RAY: 4c7feaaaccc9cc64-ZRH Content-Encoding: gzip Data Raw: 31 35 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6c 52 c1 6e db 30 0c fd 15 96 e7 39 5a 6e c5 20 e9 b2 f6 b4 01 1b d0 5e 76 94 25 26 62 23 4b 86 c9 c6 f5 df 0f 6e 12 ac 1e 7a 21 44 8a 8f 8f 7a 4f f6 ee e1 d7 f7 e7 3f bf 1f 21 eb 50 bc 5d 23 94 50 8f 0e a9 76 af 82 10 4b 10 71 58 5b f7 22 e8 6d a6 90 bc 1d 48 03 c4 1c 26 21 75 f8 aa 87 ee 1e bd 55 d6 42 fe 89 eb 29 b7 42 09 fa 05 7e 4c cb a8 4d e0 67 3b 72 b4 e6 d2 71 81 d7 30 90 c3 44 12 27 1e 95 5b 45 88 ad 2a 55 75 b8 81 c1 6d 22 6e 90 67 a6 79 6c 93 7e 80 cd 9c 34 bb 44 67 8e d4 bd 27 5f 80 2b 2b 87 d2 49 0c 85 dc 7e f7 15 bd 2d 5c 4f 90 27 3a 38 34 46 34 28 c7 dd e9 42 59 56 46 b9 12 ee 62 1b 8c e8 b2 9e 44 10 26 2a 0e df 73 c9 44 8a a0 cb 48 0e 95 de d4 ac 0d c6 5b 73 11 a8 6f 69 b9 49 77 28 41 d1 db c4 e7 5b e5 ba f0 a7 c5 ae 6f 6f db 8b 9e 8f dd e7 88 42 61 42 6f 4d e2 f3 2d e6 fd 3f 03 ee ac c9 7b 6f 47 ff 9c 59 20 b5 21 70 85 1c 04 7a a2 0a f2 d1 27 1b ae 7a 64 d5 51 be 19 33 cf f3 46 92 55 0a f4 ff d9 19 fc ce 9a 71 bb 80 59 9f be ea b0 fe a7 bf 00 00 00 ff ff 03 00 1b 65 fe 4f 5f 02 00 00 0d 0a Data Ascii: 15dlRn09Zn ^v%&b#Knz!DzO?!P]#PvKqX["mH&!uUB)B~LMg;rq0D'[E*Uum"ngyl~4Dg'_++I~-\O':84F4(BY VFbD&*sDH[soiIw(A[ooBaBoM-?{oGY !pz'zdQ3FUqYeO_
HTTPS Packets
Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 15, 2019 104.24.98.133 443 192.168.2.5 49812 CN=sni173774.cloudflaressl.c CN=COMODO ECC Mon Apr Wed Oct 771,49196-49195- 9e10692f1b7f78228b2d4e 20:17:45.667932034 om, OU=PositiveSSL Multi- Domain Validation 01 09 49200-49199- 424db3a98c CEST Domain, OU=Domain Control Secure Server CA 02:00:00 01:59:59 49188-49187- Validated CN=COMODO ECC 2, O=COMODO CA CEST CEST 49192-49191- Domain Validation Secure Limited, L=Salford, 2019 2019 49162-49161- Server CA 2, O=COMODO CA ST=Greater Thu Sep Tue Sep 49172-49171-157- Limited, L=Salford, Manchester, C=GB 25 25 156-61-60-53-47- ST=Greater Manchester, CN=COMODO ECC 02:00:00 01:59:59 10,0-10-11-13-35- C=GB CN=COMODO ECC Certification CEST CEST 16-23-24- Certification Authority, Authority, 2014 2029 65281,29-23-24,0 O=COMODO CA Limited, O=COMODO CA Tue May Sat May L=Salford, ST=Greater Limited, L=Salford, 30 30 Manchester, C=GB ST=Greater 12:48:38 12:48:38 Manchester, C=GB CEST CEST CN=AddTrust 2000 2020 External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE CN=COMODO ECC Domain CN=COMODO ECC Thu Sep Tue Sep Validation Secure Server CA Certification 25 25 2, O=COMODO CA Limited, Authority, 02:00:00 01:59:59 L=Salford, ST=Greater O=COMODO CA CEST CEST Manchester, C=GB Limited, L=Salford, 2014 2029 ST=Greater Manchester, C=GB CN=COMODO ECC CN=AddTrust Tue May Sat May Certification Authority, External CA Root, 30 30 O=COMODO CA Limited, OU=AddTrust 12:48:38 12:48:38 L=Salford, ST=Greater External TTP CEST CEST Manchester, C=GB Network, 2000 2020 O=AddTrust AB, C=SE Apr 15, 2019 104.24.98.133 443 192.168.2.5 49811 CN=sni173774.cloudflaressl.c CN=COMODO ECC Mon Apr Wed Oct 771,49196-49195- 9e10692f1b7f78228b2d4e 20:17:45.669995070 om, OU=PositiveSSL Multi- Domain Validation 01 09 49200-49199- 424db3a98c CEST Domain, OU=Domain Control Secure Server CA 02:00:00 01:59:59 49188-49187- Validated CN=COMODO ECC 2, O=COMODO CA CEST CEST 49192-49191- Domain Validation Secure Limited, L=Salford, 2019 2019 49162-49161- Server CA 2, O=COMODO CA ST=Greater Thu Sep Tue Sep 49172-49171-157- Limited, L=Salford, Manchester, C=GB 25 25 156-61-60-53-47- ST=Greater Manchester, CN=COMODO ECC 02:00:00 01:59:59 10,0-10-11-13-35- C=GB CN=COMODO ECC Certification CEST CEST 16-23-24- Certification Authority, Authority, 2014 2029 65281,29-23-24,0 O=COMODO CA Limited, O=COMODO CA Tue May Sat May L=Salford, ST=Greater Limited, L=Salford, 30 30 Manchester, C=GB ST=Greater 12:48:38 12:48:38 Manchester, C=GB CEST CEST CN=AddTrust 2000 2020 External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Copyright Joe Security LLC 2019 Page 30 of 34 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest CN=COMODO ECC Domain CN=COMODO ECC Thu Sep Tue Sep Validation Secure Server CA Certification 25 25 2, O=COMODO CA Limited, Authority, 02:00:00 01:59:59 L=Salford, ST=Greater O=COMODO CA CEST CEST Manchester, C=GB Limited, L=Salford, 2014 2029 ST=Greater Manchester, C=GB CN=COMODO ECC CN=AddTrust Tue May Sat May Certification Authority, External CA Root, 30 30 O=COMODO CA Limited, OU=AddTrust 12:48:38 12:48:38 L=Salford, ST=Greater External TTP CEST CEST Manchester, C=GB Network, 2000 2020 O=AddTrust AB, C=SE Apr 15, 2019 104.19.199.151 443 192.168.2.5 49814 CN=ssl412106.cloudflaressl.c CN=COMODO ECC Sat Mar Mon 771,49196-49195- 9e10692f1b7f78228b2d4e 20:17:46.522193909 om, OU=PositiveSSL Multi- Domain Validation 02 Sep 09 49200-49199- 424db3a98c CEST Domain, OU=Domain Control Secure Server CA 01:00:00 01:59:59 49188-49187- Validated CN=COMODO ECC 2, O=COMODO CA CET CEST 49192-49191- Domain Validation Secure Limited, L=Salford, 2019 2019 49162-49161- Server CA 2, O=COMODO CA ST=Greater Thu Sep Tue Sep 49172-49171-157- Limited, L=Salford, Manchester, C=GB 25 25 156-61-60-53-47- ST=Greater Manchester, CN=COMODO ECC 02:00:00 01:59:59 10,0-10-11-13-35- C=GB CN=COMODO ECC Certification CEST CEST 16-23-24- Certification Authority, Authority, 2014 2029 65281,29-23-24,0 O=COMODO CA Limited, O=COMODO CA Tue May Sat May L=Salford, ST=Greater Limited, L=Salford, 30 30 Manchester, C=GB ST=Greater 12:48:38 12:48:38 Manchester, C=GB CEST CEST CN=AddTrust 2000 2020 External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE CN=COMODO ECC Domain CN=COMODO ECC Thu Sep Tue Sep Validation Secure Server CA Certification 25 25 2, O=COMODO CA Limited, Authority, 02:00:00 01:59:59 L=Salford, ST=Greater O=COMODO CA CEST CEST Manchester, C=GB Limited, L=Salford, 2014 2029 ST=Greater Manchester, C=GB CN=COMODO ECC CN=AddTrust Tue May Sat May Certification Authority, External CA Root, 30 30 O=COMODO CA Limited, OU=AddTrust 12:48:38 12:48:38 L=Salford, ST=Greater External TTP CEST CEST Manchester, C=GB Network, 2000 2020 O=AddTrust AB, C=SE Apr 15, 2019 104.19.199.151 443 192.168.2.5 49813 CN=ssl412106.cloudflaressl.c CN=COMODO ECC Sat Mar Mon 771,49196-49195- 9e10692f1b7f78228b2d4e 20:17:46.522756100 om, OU=PositiveSSL Multi- Domain Validation 02 Sep 09 49200-49199- 424db3a98c CEST Domain, OU=Domain Control Secure Server CA 01:00:00 01:59:59 49188-49187- Validated CN=COMODO ECC 2, O=COMODO CA CET CEST 49192-49191- Domain Validation Secure Limited, L=Salford, 2019 2019 49162-49161- Server CA 2, O=COMODO CA ST=Greater Thu Sep Tue Sep 49172-49171-157- Limited, L=Salford, Manchester, C=GB 25 25 156-61-60-53-47- ST=Greater Manchester, CN=COMODO ECC 02:00:00 01:59:59 10,0-10-11-13-35- C=GB CN=COMODO ECC Certification CEST CEST 16-23-24- Certification Authority, Authority, 2014 2029 65281,29-23-24,0 O=COMODO CA Limited, O=COMODO CA Tue May Sat May L=Salford, ST=Greater Limited, L=Salford, 30 30 Manchester, C=GB ST=Greater 12:48:38 12:48:38 Manchester, C=GB CEST CEST CN=AddTrust 2000 2020 External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE CN=COMODO ECC Domain CN=COMODO ECC Thu Sep Tue Sep Validation Secure Server CA Certification 25 25 2, O=COMODO CA Limited, Authority, 02:00:00 01:59:59 L=Salford, ST=Greater O=COMODO CA CEST CEST Manchester, C=GB Limited, L=Salford, 2014 2029 ST=Greater Manchester, C=GB CN=COMODO ECC CN=AddTrust Tue May Sat May Certification Authority, External CA Root, 30 30 O=COMODO CA Limited, OU=AddTrust 12:48:38 12:48:38 L=Salford, ST=Greater External TTP CEST CEST Manchester, C=GB Network, 2000 2020 O=AddTrust AB, C=SE
Copyright Joe Security LLC 2019 Page 31 of 34 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Apr 15, 2019 104.19.199.151 443 192.168.2.5 49815 CN=ssl412106.cloudflaressl.c CN=COMODO ECC Sat Mar Mon 771,49196-49195- 9e10692f1b7f78228b2d4e 20:17:46.533040047 om, OU=PositiveSSL Multi- Domain Validation 02 Sep 09 49200-49199- 424db3a98c CEST Domain, OU=Domain Control Secure Server CA 01:00:00 01:59:59 49188-49187- Validated CN=COMODO ECC 2, O=COMODO CA CET CEST 49192-49191- Domain Validation Secure Limited, L=Salford, 2019 2019 49162-49161- Server CA 2, O=COMODO CA ST=Greater Thu Sep Tue Sep 49172-49171-157- Limited, L=Salford, Manchester, C=GB 25 25 156-61-60-53-47- ST=Greater Manchester, CN=COMODO ECC 02:00:00 01:59:59 10,0-10-11-13-35- C=GB CN=COMODO ECC Certification CEST CEST 16-23-24- Certification Authority, Authority, 2014 2029 65281,29-23-24,0 O=COMODO CA Limited, O=COMODO CA Tue May Sat May L=Salford, ST=Greater Limited, L=Salford, 30 30 Manchester, C=GB ST=Greater 12:48:38 12:48:38 Manchester, C=GB CEST CEST CN=AddTrust 2000 2020 External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE CN=COMODO ECC Domain CN=COMODO ECC Thu Sep Tue Sep Validation Secure Server CA Certification 25 25 2, O=COMODO CA Limited, Authority, 02:00:00 01:59:59 L=Salford, ST=Greater O=COMODO CA CEST CEST Manchester, C=GB Limited, L=Salford, 2014 2029 ST=Greater Manchester, C=GB CN=COMODO ECC CN=AddTrust Tue May Sat May Certification Authority, External CA Root, 30 30 O=COMODO CA Limited, OU=AddTrust 12:48:38 12:48:38 L=Salford, ST=Greater External TTP CEST CEST Manchester, C=GB Network, 2000 2020 O=AddTrust AB, C=SE
Code Manipulations
Statistics
Behavior
• iexplore.exe • iexplore.exe
Click to jump to process
System Behavior
Analysis Process: iexplore.exe PID: 2924 Parent PID: 724
Copyright Joe Security LLC 2019 Page 32 of 34 General
Start time: 20:17:25 Start date: 15/04/2019 Path: C:\Program Files\internet explorer\iexplore.exe Wow64 process (32bit): false Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding Imagebase: 0x7ff6f85a0000 File size: 823560 bytes MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596 Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low
File Activities
Source File Path Access Attributes Options Completion Count Address Symbol
Source File Path Offset Length Value Ascii Completion Count Address Symbol
Source File Path Offset Length Completion Count Address Symbol
Registry Activities
Source Key Path Completion Count Address Symbol
Source Key Path Name Type Data Completion Count Address Symbol
Source Key Path Name Type Old Data New Data Completion Count Address Symbol
Analysis Process: iexplore.exe PID: 148 Parent PID: 2924
General
Start time: 20:17:25 Start date: 15/04/2019 Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Wow64 process (32bit): true Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2924 CREDAT:17410 /prefetch:2 Imagebase: 0xa50000 File size: 822536 bytes MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low
File Activities
Source File Path Access Attributes Options Completion Count Address Symbol
Source File Path Offset Length Value Ascii Completion Count Address Symbol
Source File Path Offset Length Completion Count Address Symbol
Registry Activities
Copyright Joe Security LLC 2019 Page 33 of 34 Source Key Path Name Type Data Completion Count Address Symbol
Disassembly
Copyright Joe Security LLC 2019 Page 34 of 34
