ID: 436545 Cookbook: browseurl.jbs Time: 08:42:17 Date: 18/06/2021 Version: 32.0.0 Black Diamond Table of Contents

Table of Contents 2 Windows Analysis Report http://snap.licdn.com 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Process Tree 3 Malware Configuration 3 Yara Overview 3 Sigma Overview 3 Signature Overview 3 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 5 Thumbnails 5 Antivirus, Machine Learning and Genetic Malware Detection 5 Initial Sample 5 Dropped Files 5 Unpacked PE Files 5 Domains 6 URLs 6 Domains and IPs 6 Contacted Domains 6 Contacted URLs 6 URLs from Memory and Binaries 6 Contacted IPs 6 Public 6 General Information 6 Simulations 7 Behavior and APIs 7 Joe Sandbox View / Context 7 IPs 7 Domains 7 ASN 7 JA3 Fingerprints 7 Dropped Files 7 Created / dropped Files 7 Static File Info 34 No static file info 34 Network Behavior 34 Network Port Distribution 34 TCP Packets 34 UDP Packets 34 DNS Queries 34 DNS Answers 35 HTTP Request Dependency Graph 35 HTTP Packets 35 HTTPS Packets 36 Code Manipulations 36 Statistics 36 Behavior 36 System Behavior 36 Analysis Process: iexplore.exe PID: 2832 Parent PID: 800 36 General 36 File Activities 37 Registry Activities 37 Analysis Process: iexplore.exe PID: 4744 Parent PID: 2832 37 General 37 File Activities 37 Registry Activities 37 Disassembly 37

Copyright Joe Security LLC 2021 Page 2 of 37 Windows Analysis Report http://snap.licdn.com

Overview

General Information Detection Signatures Classification

Sample URL: snap.licdn.com No high signatures. Analysis ID: 436545 Infos:

Most interesting Screenshot:

Ransomware

Miner Spreading

mmaallliiiccciiioouusss

malicious

Evader Phishing

sssuusssppiiiccciiioouusss

suspicious

cccllleeaann

clean

Exploiter Banker

Spyware Trojan / Bot

Adware

Score: 0 Range: 0 - 100 Whitelisted: false Confidence: 80%

Process Tree

System is w10x64 iexplore.exe (PID: 2832 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 4744 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2832 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Copyright Joe Security LLC 2021 Page 3 of 37 There are no malicious signatures, click here to show all signatures .

Mitre Att&ck Matrix

Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Windows Path Process Masquerading 1 OS File and Remote Data from Exfiltration Encrypted Eavesdrop on Remotely Modify Accounts Management Interception Injection 1 Credential Directory Services Local Over Other Channel 2 Insecure Track Device System Instrumentation Dumping Discovery 1 System Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Process LSASS Application Remote Data from Exfiltration Non- Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Injection 1 Memory Window Desktop Removable Over Application Redirect Phone Wipe Data Lockout Initialization Initialization Discovery Protocol Media Bluetooth Layer Calls/SMS Without Scripts Scripts Protocol 2 Authorization Domain At (Linux) Logon Script Logon Obfuscated Files Security Query SMB/Windows Data from Automated Application Exploit SS7 to Obtain Delete Accounts (Windows) Script or Information Account Registry Admin Shares Network Exfiltration Layer Track Device Device Device (Windows) Manager Shared Protocol 3 Location Cloud Data Drive Backups Local At (Windows) Logon Script Logon Binary Padding NTDS System Distributed Input Scheduled Ingress SIM Card Carrier Accounts (Mac) Script Network Component Capture Transfer Tool Swap Billing (Mac) Configuration Object Model Transfer 1 Fraud Discovery

Behavior Graph

Hide Legend Behavior Graph Legend: ID: 436545 Process URL: http://snap.licdn.com Signature Startdate: 18/06/2021 Created File Architecture: WINDOWS DNS/IP Info Score: 0 Is Dropped

Is Windows Process

Number of created Registry Values

static-exp1.licdn.com snap.licdn.com started Number of created Files

Visual Basic

Delphi

iexplore.exe Java .Net C# or VB.NET

C, C++ or other language 2 79 Is malicious

Internet started

iexplore.exe

3 109

linkedin.custhelp.com

130.35.96.16, 443, 49732, 49733 www.linkedin.com 3 other IPs or domains ORACLE-BMC-31898US United States

Copyright Joe Security LLC 2021 Page 4 of 37 TShcumrebennaislshots This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source Detection Scanner Label Link snap.licdn.com 0% Avira URL Cloud safe

Dropped Files

No Antivirus matches

Unpacked PE Files

Copyright Joe Security LLC 2021 Page 5 of 37 No Antivirus matches

Domains

No Antivirus matches

URLs

Source Detection Scanner Label Link linkedin.github.io/dustjs/ 0% Avira URL Cloud safe

Domains and IPs

Contacted Domains

Name IP Active Malicious Antivirus Detection Reputation linkedin.custhelp.com 130.35.96.16 true false high static.licdn.com unknown unknown false high snap.licdn.com unknown unknown false high www.linkedin.com unknown unknown false high static-exp1.licdn.com unknown unknown false high help.linkedin.com unknown unknown false high

Contacted URLs

Name Malicious Antivirus Detection Reputation https://www.linkedin.com/jobs false high https://www.linkedin.com/help/linkedin?lang=en false high https://www.linkedin.com/error_pages/unsupported-browser.html false high linkedin.custhelp.com/ false high

URLs from Memory and Binaries

Contacted IPs

Public

IP Domain Country Flag ASN ASN Name Malicious 130.35.96.16 linkedin.custhelp.com United States 31898 ORACLE-BMC-31898US false

General Information

Joe Sandbox Version: 32.0.0 Black Diamond Analysis ID: 436545 Start date: 18.06.2021 Start time: 08:42:17 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 5m 26s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs Sample URL: snap.licdn.com Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 Number of analysed new started processes 7 analysed: Number of new started drivers analysed: 0 Number of existing processes analysed: 0

Copyright Joe Security LLC 2021 Page 6 of 37 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled AMSI enabled Analysis Mode: default Analysis stop reason: Timeout Detection: CLEAN Classification: clean0.win@3/81@7/1 Cookbook Comments: Adjust boot time Enable AMSI Browsing link: http://www.linkedin.com/home Browsing link: http://linkedin.custhelp.com/ Browsing link: http://www.linkedin.com/search Browsing link: http://www.linkedin.com/jobs Browsing link: http://www.linkedin.com/answers Browsing link: http://www.linkedin.com/companies Browsing link: https://www.linkedin.com/secure/settings Browsing link: http://www.linkedin.com/profile Browsing link: http://www.linkedin.com/connections Browsing link: http://www.linkedin.com/inBox Browsing link: http://www.linkedin.com/static?key=tools Warnings: Show All

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\www.linkedin[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Category: dropped Size (bytes): 13

Copyright Joe Security LLC 2021 Page 7 of 37 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\www.linkedin[1].xml Entropy (8bit): 2.469670487371862 Encrypted: false SSDEEP: 3:D90aKb:JFKb MD5: C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 SHA1: 35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966 SHA-256: B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB SHA-512: 6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FE D Malicious: false Reputation: low Preview:

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{70E70FAF-D000-11EB-90EB-ECF4BBEA1588}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 30296 Entropy (8bit): 1.8387167036476981 Encrypted: false SSDEEP: 192:r8ZzZ62elWx/txBifxWOczMxsUBxLaDxZsfxSROhjX:r8V5ZTEVLqux MD5: B2AFFA2951324BBAB7F0D560F2F9A9D2 SHA1: B884AE8EF23263FB5E7FC22F2753863CE26D348F SHA-256: E0742444A8AE457FA8E3D4241111537062519CB937EC8DEB83B21B95FCD4AABE SHA-512: 9FB59B6C88D5AA368008BBDE40DAB112E866A1BD4C0AF34E74CFECCA49FE9CFD16A05A48B4B8BF03BE40653DBDC2CA93F512A1B3563E747C25829A18F3EB8 082 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{70E70FB1-D000-11EB-90EB-ECF4BBEA1588}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 186646 Entropy (8bit): 2.483118248529257 Encrypted: false SSDEEP: 384:rkcKyZoZyuY/l7cIesesXTGCeUcZsXT3dvu2YW61BPKOymBCVZm9NyFio/xmiJVd:XL/xmOmemImyw9lE0XFiv2p6xd6PKBz MD5: ED3D083EB48DAA4BA4F33DBA9E612C9C SHA1: AE9058516ADE873572F59263A4122E915D4801F9 SHA-256: E9ADBD28B94EC197E804A27B1BD66D4EC2A916DF610D2C759D3A5E65D2C8E914 SHA-512: 2A56E5F1BF5C7B1060908512244777AA473950A844A30047CFAECD2FD5875E95D5285E7A0F947D8AFAE791087E79A5E04CC9F146F6F1F7CA5AB4CA04FE75A126 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{70E70FB2-D000-11EB-90EB-ECF4BBEA1588}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 16984 Entropy (8bit): 1.563976917877486 Encrypted: false SSDEEP: 48:Iw/GcprSGwpa3G4pQXGrapbSXjGQpKCG7HpRiETGIpG:rVZaQ56rBSXdAtTiAA MD5: 62FE84DB879885C558B9498F5E563A4D SHA1: 02B09DC130FCB24A9618D115EB5F7D21C7B2E389 SHA-256: 09B79707A1886D9C6782A8647FE7C30190434DEA027EA38C563CCFBC05BCB111 SHA-512: F20189576C79F89A7649830C10118D0E7DCA05AA9A676CAFFDC6F31981BC44E977B834F6064C07D8667CA479AB2F9559332BD60E26EF1B70DE46AA53B681EA29 Malicious: false

Copyright Joe Security LLC 2021 Page 8 of 37 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{70E70FB2-D000-11EB-90EB-ECF4BBEA1588}.dat Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 656 Entropy (8bit): 5.139549222040272 Encrypted: false SSDEEP: 12:TMHdNMNxOEk3knWimI002EtM3MHdNMNxOEk3knWimI00OYGVbkEtMb:2d6NxOmSZHKd6NxOmSZ7YLb MD5: 33DA4C6059890BBAACEC742AFA30310F SHA1: 364E6CB17408ED6BF7B0A71383606CA310C5E4A7 SHA-256: 1AF66B564E3AB72A79C14DF91E0A7B9F99E54B7C191D184B347052B33B2E2389 SHA-512: 841F3C51A7AA5B6D904EEA886C3D21144A347B0018BC4237B7340891AA9F0A96DA8C39F63F421C35FFD80EAE573C85CBE9767104BFF229F62185CCB0A121DAC E Malicious: false Reputation: low Preview: ..0x4b3b1925,0x01d7640d< accdate>0x4b3b1925,0x01d7640d....0x4b3b1925,0x01d7640d0 x4b3b1925,0x01d7640d..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 653 Entropy (8bit): 5.127832512323968 Encrypted: false SSDEEP: 12:TMHdNMNxe2kNnWimI002EtM3MHdNMNxe2kPC+nWimI00OYGkak6EtMb:2d6NxrwSZHKd6Nxr+C+SZ7Yza7b MD5: 1905F80C1B64AA772C8ED801E5910133 SHA1: 36CEB2DCC21B77A7A0BC0873B681ACE30B5EE5CC SHA-256: E163C12EB0896BEC481607387C9E21D0DB498D5666D08A0C756E7B6161D85B84 SHA-512: 4D2F6738114E3AAEB9CDBE565D683F08886263634BEA081EA5476102C4FF78E56C6B881184D1770ED45F48F7D18EEC24E12FB7D5911B46FE949B7A8D0120D876 Malicious: false Reputation: low Preview: ..0x4b2ccb2a,0x01d7640d0x4b2ccb2a,0x01d7640d....0x4b2ccb2a,0x01d7640d0x4b33f2c8,0x01d7640d..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 662 Entropy (8bit): 5.158108736051259 Encrypted: false SSDEEP: 12:TMHdNMNxvLk3knWimI002EtM3MHdNMNxvLk3knWimI00OYGmZEtMb:2d6NxvbSZHKd6NxvbSZ7Yjb MD5: 4F095261AA26BB1486CBA5D89F7F049F SHA1: 8C68535BB236D3E14710B561D2D13747D4A4A2D7 SHA-256: 3D124A6D55A9A7BE66C23DFA676BE2B16CD5B8E47D851D57AD6421E447BDCE01 SHA-512: 891DCFD9B5BD90689C028491A74D2CE5D750FC9BB85CEEB820FD56A8FF076F70D2E3E42811CC84BE3E32BABB937CFF0BFB0FE0E5B298629C8166590DC0A130 9C Malicious: false Reputation: low

Copyright Joe Security LLC 2021 Page 9 of 37 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Preview: ..0x4b3b1925,0x01d7640d 0x4b3b1925,0x01d7640d.. ..0x4b3b1925,0x01d7640d0x4b3b1925,0x01d7640d..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 647 Entropy (8bit): 5.129283867508471 Encrypted: false SSDEEP: 12:TMHdNMNxiKCFC+nWimI002EtM3MHdNMNxiKCFC+nWimI00OYGd5EtMb:2d6NxvCFC+SZHKd6NxvCFC+SZ7YEjb MD5: D7E076155FC52E9C340C1DB7D1773DED SHA1: C601E8AFD49E12312E25D2B40869AA6DEDDD77E1 SHA-256: 1E50C232B725565CD2EF01DB628EB60DA92B6DBA1261BE275128FCF88C0182CD SHA-512: 7FA375020F7D9AA49A2B2BD0C77CC5CE7F7F043C7E06447B0136EFBC67D83FE40CFCA3E5F945818FDD8951CCE44DE2585700B7DBE5924279E3C89E458210B8C 6 Malicious: false Reputation: low Preview: ..0x4b33f2c8,0x01d7640d0x4b33f2c8,0x01d7640d....0x4b33f2c8,0x01d7640d0x4b33f 2c8,0x01d7640d ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 656 Entropy (8bit): 5.167856278144973 Encrypted: false SSDEEP: 12:TMHdNMNxhGwk3knWimI002EtM3MHdNMNxhGwk3knWimI00OYG8K075EtMb:2d6NxQqSZHKd6NxQqSZ7YrKajb MD5: 59FCDA714D605EF23D3A9E3A0878EC53 SHA1: 86E2BB9C0F4568B1292BFE7CE793645CD7B4023F SHA-256: E95ECF89B985012B07E66FCBD2D5533E58AA28158D61AE42B4914F2267DFA881 SHA-512: B7B3410F8596F10447ACFF36A4E788DA529AFC4E23EC8CFA9145CCB46326566179B8F9CBE37DF7D8794870FF2965FDBBB7749E15E30EC11D1E66BB91C43F82A 4 Malicious: false Reputation: low Preview: ..0x4b3b1925,0x01d7640d< accdate>0x4b3b1925,0x01d7640d....0x4b3b1925,0x01d7640d0 x4b3b1925,0x01d7640d ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 653 Entropy (8bit): 5.1409706908149095 Encrypted: false SSDEEP: 12:TMHdNMNx0nk3knWimI002EtM3MHdNMNx0nk3knWimI00OYGxEtMb:2d6Nx0vSZHKd6Nx0vSZ7Ygb MD5: A2450C8BC2322CD717B5F2930D6E3290 SHA1: 15399BE277FA3A67243D43513508EA8D55C6AD78 SHA-256: 5B3088443025A4B800263034049E410768E1FE89495B25691FD9C3D25A4CE68B SHA-512: D476E01E15AC3386C7139FA7088A12BA9E2A40425017A237C0C69FDDD4688AA778666C47DFCA2529C6259BB7AF037D2265D46CFA730A1649CB15683DA8E6C771 Malicious: false Reputation: low Preview: ..0x4b3b1925,0x01d7640d0x4b3b1925,0x01d7640d....0x4b3b1925,0x01d7640d0x4 b3b1925,0x01d7640d .. Copyright Joe Security LLC 2021 Page 10 of 37 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 656 Entropy (8bit): 5.165663695445251 Encrypted: false SSDEEP: 12:TMHdNMNxxKCFC+nWimI002EtM3MHdNMNxxKCBknWimI00OYG6Kq5EtMb:2d6NxICFC+SZHKd6NxICGSZ7Yhb MD5: AEEF70EAD0F0EA3623B777BFC90CE1A1 SHA1: 227965262D6F3D05BFAD723692DD670241BD77CA SHA-256: 975C7053F3B863D653FEB5E180BB872B8C6A4A9B5DA13C07D8C1CF3C3FA0CACD SHA-512: 625C6E392AEC7F556B311F54EFDED494A453AA60171B99C443EED17A1B76657B03FA48AC7E9118A675366EBA9FEAED9683B7746EC6C9F4910620F0F48FB23194 Malicious: false Reputation: low Preview: ..0x4b33f2c8,0x01d7640d< accdate>0x4b33f2c8,0x01d7640d....0x4b33f2c8,0x01d7640d0 x4b3b1925,0x01d7640d ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 659 Entropy (8bit): 5.128934953797442 Encrypted: false SSDEEP: 12:TMHdNMNxcKCFC+nWimI002EtM3MHdNMNxcKCFC+nWimI00OYGVEtMb:2d6NxFCFC+SZHKd6NxFCFC+SZ7Ykb MD5: 46CAB51487283446154C2D0B5C10CEAE SHA1: 20BCB94395F3C2FA2DF1C6690663BF59DA38D5A5 SHA-256: D611517B81C3E159514B44DB26E5678AAD37DAF066CD7F70000C3449361017C4 SHA-512: 7A35B6F0C703DE3C99E5ECDE6D00D741DB4A5CD095910DCE6922D4745554EA53FD26AF3E747744B2C9EC352907D0B42010689867957C1179E12853DA5EA50E1E Malicious: false Reputation: low Preview: ..0x4b33f2c8,0x01d7640d 0x4b33f2c8,0x01d7640d....0x4b33f2c8,0x01d7640d0x4b33f2c8,0x01d7640d..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 653 Entropy (8bit): 5.114444310595764 Encrypted: false SSDEEP: 12:TMHdNMNxfnKCFC+nWimI002EtM3MHdNMNxfnKCFC+nWimI00OYGe5EtMb:2d6NxCCFC+SZHKd6NxCCFC+SZ7YLjb MD5: E7D1FE3162E7991D0E45C9B2959B9F98 SHA1: B14B0800C2FCAA0D61DB027C1C5B771CA3AE5CE2 SHA-256: 5C78CEF3A2F9C6B968AAF2A12BF826B34938A0E61C1A50BAD351985C4715E718 SHA-512: A3E41810B534BB1818F13119EAEDAC6339F2C705EC07EA1C6DE244D7438FBEA35BCEE875020BF37A64484B9493F1BA5CE3C71C4B35FC95E9AC23565D132D914 5 Malicious: false Reputation: low Preview: ..0x4b33f2c8,0x01d7640d0x4b33f2c8,0x01d7640d....0x4b33f2c8,0x01d7640d0x4 b33f2c8,0x01d7640d ..

Copyright Joe Security LLC 2021 Page 11 of 37 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: data Category: dropped Size (bytes): 50296 Entropy (8bit): 2.7213294558626986 Encrypted: false SSDEEP: 96:k0ki0ihoer+JHZyL51Za3juid220pvVhrBpvt7+rhBJlPfnnXXXXXXXxbD3SackU:k0bEHU1ZrY2203whBJ7BZznTfkcGwGDd MD5: 744C1D28F1C7F50DCD01A8F6CAD2B465 SHA1: 850D9606EC8D42153E68E46EC05C533A919146F2 SHA-256: BABECD3BC530989E88298646A2DA1AF0118ED1E14A738E73F66D12630735A0BC SHA-512: 0C1361D91E90CCB68C62B701D200FFCF396EF6DDF32F790150BC8C643A5DFF6977E759A1D8947EDC703BF385BDE5855A563162AF2283753585EB4DEBC9229999 Malicious: false Reputation: low Preview: <.h.t.t.p.s.:././.s.t.a.t.i.c.-.e.x.p.1...l.i.c.d.n...c.o.m./.s.c./.h./.a.l.2.o.9.z.r.v.r.u.7.a.q.j.8.e.1.x.2.r.z.s.r.c.a.~...... h...... (...... s...s...s...s...s...s...s...s...s...s...s...s..../...... s...s...s...s...s...s...s...s...s...s...s...s...s...s...... s...s...... s...... s...s...s...... s...s...... s...s...... s...... s...s...s...... s...s...... s...s...... s...... s...s...s...... s...s...... s...s...... s...... s...y...... s...s...... s...s...... s...... z..s...D...... s...s...... s...s...... s...... s...s...... s...s...... s...... ?..s...s...... s...s...=..=..s...s...s...s...w...~...s...s...s...s...... s...=...... =..s...s...s...s...s...s...s...s...s...... s...=...... =..s...s...s...s...s..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\2nvf04e7kqpzv32cwo6mgsd0s[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 text, with very long lines, with NEL line terminators Category: downloaded Size (bytes): 418908 Entropy (8bit): 5.322880418795053 Encrypted: false SSDEEP: 3072:by1ueQBg1U63fWGyUspr9d9OlIehxjnPKjqo30yoEHywimcCZVot9GkCYbTf/n+D:by1LtmSwimcCZVot9GkCYbTHn8WhBW MD5: 2CFBC49AAFF2BAE45C5F8F32A5F8B8EC SHA1: 9C3EA62ECDE425E180283DDB5E259E3311DFA1F4 SHA-256: F0967199E2EF732140E169C25A46797DAC1B4BF0B981A2433CDA71EE6CB9810C SHA-512: AD07A429AC53E06D06AC8E7B79E6BB591E002EB2133FEDF8600135825B263A5426E355CEC0EDDAF316C6CD3908B51B6C6F2922C9E78D1FFD046DF7F8A1C979C 6 Malicious: false Reputation: low IE Cache URL: https://static-exp1.licdn.com/sc/h/2nvf04e7kqpzv32cwo6mgsd0s Preview: (self.webpackChunk=self.webpackChunk||[]).push([[736],{3334:(t,e,n)=>{"use strict";n.d(e,{fP:()=>B.fP,Of:()=>i.ty,My:()=>B.My,Ub:()=>B.Ub,SO:()=>j,bL:()=>B.bL,mf: ()=>B.mf,Er:()=>B.Er,J4:()=>B.J4,Q4:()=>F.Q4}),n(3037),n(7462),n(8591),n(8062),n(9343),n(2271),n(3377),n(9024),n(352),n(3856),n(8921),n(4474),n(8253);var r=n( 5534),o=n(9504),i=n(2107),a=(n(1711),n(6803),n(7065),n(8674),n(4677));function u(t,e){for(var n=0;n

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\2v4aw4thobilyhupaowi0emba[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 1138 Entropy (8bit): 5.104871346630206 Encrypted: false SSDEEP: 24:2Qzwsq6Y4KVL0pI3VfMwc4M0VW3BxizQN+8WmJVfGcoVW3Bd8bgsrA4v:EuY1FF04uRUkN+XmntfRlsF MD5: 306238E6194705838DBA815BD6CFF076 SHA1: 364D3905BC283948DA365D9FAA8C8F38A6629086 SHA-256: A198A2A8C8B38CC64E1C5F34458E8F7C18980113DCE61B952C8B3A6A2B3E74A4 SHA-512: DE3CC3B50CD26F1D767E026BCAAF204342ADDCA6306E0E0647BE9C7DB45DF321CD6C360B91E4A37D70DEBB2A0B87C18262B28C90C49C089D07EE721B1029D D2C Malicious: false Reputation: low IE Cache URL: https://static-exp1.licdn.com/sc/h/2v4aw4thobilyhupaowi0emba Preview: (function(){dust.register("templates/fusion/partials/compound-search-product-switcher/trigger",body_0);function body_0(chk,ctx){return chk.write("