ID: 142877 Cookbook: browseurl.jbs Time: 14:46:27 Date: 18/06/2019 Version: 26.0.0 Aquamarine Table of Contents
Table of Contents 2 Analysis Report http://ftp.webolton.com/ 4 Overview 4 General Information 4 Detection 5 Confidence 5 Classification 5 Analysis Advice 6 Mitre Att&ck Matrix 6 Signature Overview 7 Phishing: 7 Networking: 7 System Summary: 7 Behavior Graph 7 Simulations 8 Behavior and APIs 8 Antivirus and Machine Learning Detection 8 Initial Sample 8 Dropped Files 8 Unpacked PE Files 8 Domains 8 URLs 8 Yara Overview 9 Initial Sample 9 PCAP (Network Traffic) 9 Dropped Files 9 Memory Dumps 9 Unpacked PEs 9 Joe Sandbox View / Context 9 IPs 9 Domains 9 ASN 9 JA3 Fingerprints 9 Dropped Files 10 Screenshots 10 Thumbnails 10 Startup 10 Created / dropped Files 11 Domains and IPs 29 Contacted Domains 29 Contacted URLs 29 URLs from Memory and Binaries 29 Contacted IPs 31 Public 31 Static File Info 31 No static file info 31 Network Behavior 31 Network Port Distribution 31 TCP Packets 32 UDP Packets 33 DNS Queries 35 DNS Answers 35 HTTP Request Dependency Graph 35 HTTP Packets 36 HTTPS Packets 38 Code Manipulations 41 Statistics 41 Copyright Joe Security LLC 2019 Page 2 of 43 Behavior 41 System Behavior 41 Analysis Process: iexplore.exe PID: 4196 Parent PID: 692 41 General 41 File Activities 42 Registry Activities 42 Analysis Process: iexplore.exe PID: 2372 Parent PID: 4196 42 General 42 File Activities 42 Registry Activities 42 Disassembly 42
Copyright Joe Security LLC 2019 Page 3 of 43 Analysis Report http://ftp.webolton.com/
Overview
General Information
Joe Sandbox Version: 26.0.0 Aquamarine Analysis ID: 142877 Start date: 18.06.2019 Start time: 14:46:27 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 4m 45s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs Sample URL: ftp.webolton.com/ Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113 Number of analysed new started processes analysed: 8 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: EGA enabled AMSI enabled Analysis stop reason: Timeout Detection: SUS Classification: sus21.phis.win@3/66@7/8 Cookbook Comments: Adjust boot time Enable AMSI Browsing link: http://chrome.google.com/ Browsing link: http://www.getfirefox.com/ Warnings: Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, ielowutil.exe, WMIADAP.exe, conhost.exe, CompatTelRunner.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 2.20.221.85, 216.58.211.110, 172.217.168.196, 172.217.168.206, 172.217.17.131, 172.217.17.72, 172.217.17.78, 172.217.168.238, 104.16.40.2, 104.16.41.2, 72.21.81.200, 152.199.19.161, 23.10.249.50, 23.10.249.17, 205.185.216.42, 205.185.216.10, 67.27.233.254, 67.27.159.126, 8.253.204.249, 8.253.204.120, 67.26.75.254, 93.184.221.240 Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, www.mozilla.org.cdn.cloudflare.net, adservice.google.com, wu.azureedge.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, www.googletagmanager.com, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2- 0.edgecastdns.net, www.google.com, www.gstatic.com, auto.au.download.windowsupdate.com.c.footprint.n et, wu.wpc.apr-52dd2.edgecastdns.net, www.google-analytics.com, www-google- analytics.l.google.com, ie9comview.vo.msecnd.net, www-googletagmanager.l.google.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, cds.d2s7q6s2.hwcdn.net, www3.l.google.com, go.microsoft.com.edgekey.net, tools.l.google.com, chrome.google.com, www.mozilla.org, tools.google.com, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.
Copyright Joe Security LLC 2019 Page 4 of 43 Detection
Strategy Score Range Reporting Whitelisted Detection
Threshold 21 0 - 100 false
Confidence
Strategy Score Range Further Analysis Required? Confidence
Threshold 4 0 - 5 false
Classification
Copyright Joe Security LLC 2019 Page 5 of 43 Ransomware
Miner Spreading
mmaallliiiccciiioouusss
malicious
Evader Phishing
sssuusssppiiiccciiioouusss
suspicious
cccllleeaann
clean
Exploiter Banker
Spyware Trojan / Bot
Adware
Analysis Advice
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Mitre Att&ck Matrix
Privilege Defense Credential Lateral Command and Initial Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Valid Windows Valid Valid Valid Input File and Remote File Data from Local Data Standard Accounts 1 Remote Accounts 1 Accounts 1 Accounts 1 Prompt 1 Directory Copy 1 System Encrypted 1 Cryptographic Management Discovery 1 Protocol 2 Replication Service Port Monitors Accessibility Binary Padding Network Application Remote Data from Exfiltration Over Standard Non- Through Execution Features Sniffing Window Services Removable Other Network Application Removable Discovery Media Medium Layer Media Protocol 3 Drive-by Windows Accessibility Path Rootkit Input Query Registry Windows Data from Automated Standard Compromise Management Features Interception Capture Remote Network Shared Exfiltration Application Instrumentation Management Drive Layer Protocol 3
Copyright Joe Security LLC 2019 Page 6 of 43 Privilege Defense Credential Lateral Command and Initial Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Exploit Public- Scheduled Task System DLL Search Obfuscated Credentials System Network Logon Scripts Input Capture Data Encrypted Remote File Facing Firmware Order Hijacking Files or in Files Configuration Copy 1 Application Information Discovery
Signature Overview
• Phishing • Networking • System Summary
Click to jump to signature section
Phishing:
Ask for current and new password
Found iframes
HTML body contains low number of good links
None HTTPS page querying sensitive user data (password, username or email)
META author tag missing
META copyright tag missing
Networking:
Downloads files from webservers via HTTP
Found strings which match to known social media urls
Performs DNS lookups
Urls found in memory or binary data
Uses HTTPS
System Summary:
Classification label
Creates files inside the user directory
Creates temporary files
Reads ini files
Spawns processes
Found graphical window changes (likely an installer)
Uses new MSVCR Dlls
Behavior Graph
Copyright Joe Security LLC 2019 Page 7 of 43 Hide Legend Behavior Graph Legend: ID: 142877 Process URL: http://ftp.webolton.com/ Signature Startdate: 18/06/2019 Created File Architecture: WINDOWS DNS/IP Info Score: 21 Is Dropped
Is Windows Process
Number of created Registry Values Ask for current and started new password Number of created Files
Visual Basic
Delphi
iexplore.exe Java .Net C# or VB.NET
C, C++ or other language 10 84 Is malicious
Internet started
iexplore.exe
5 119
pagead46.l.doubleclick.net www.google.ch
172.217.17.98, 443, 49746, 49747 172.217.20.67, 443, 49744, 49745 10 other IPs or domains unknown unknown United States United States
Simulations
Behavior and APIs
No simulations
Antivirus and Machine Learning Detection
Initial Sample
Source Detection Scanner Label Link ftp.webolton.com/ 0% virustotal Browse
Dropped Files
No Antivirus matches
Unpacked PE Files
No Antivirus matches
Domains
Source Detection Scanner Label Link ftp.webolton.com 0% virustotal Browse
URLs
Copyright Joe Security LLC 2019 Page 8 of 43 Source Detection Scanner Label Link ftp.webolton.com/WebInterface/login.html 0% virustotal Browse ftp.webolton.com/WebInterface/login.html 0% Avira URL Cloud safe ftp.webolton.com/WebInterface/jQuery/js/jquery.blockUI.js 0% Avira URL Cloud safe ftp.webolton.com/WebInterface/login.html/chrome/face/login.htmlRoot 0% Avira URL Cloud safe ftp.webolton.com/favicon.ico 0% Avira URL Cloud safe ftp.webolton.com/WebInterface/jQuery/images/button-bg.png 0% Avira URL Cloud safe ftp.weboltRoot 0% Avira URL Cloud safe ftp.webolton.com/WebInterface/login.htmlRoot 0% Avira URL Cloud safe ftp.webolton.com/WebInterface/login.htmlg/en-US/firefox/new/?redirect_soon.com/WebInterface/l 0% Avira URL Cloud safe ftp.webolton.com/WebInterface/jQuery/js/jquery-ui-1.8.2.custom.min.js 0% Avira URL Cloud safe ftp.webolton.com/WebInterface/images/wheel.gif 0% Avira URL Cloud safe ftp.webolton.com/favicon.ico~ 0% Avira URL Cloud safe ftp.webolton.com/WebInterface/jQuery/js/jquery-1.4.2.min.js 0% Avira URL Cloud safe ftp.webolton.com/WebInterface/images/bolton-logo.JPG 0% Avira URL Cloud safe ftp.webolton.com/WebInterface/login.html.Bolton 0% Avira URL Cloud safe ftp.webolton.com/WebInterface/jQuery/css/login.css 0% Avira URL Cloud safe ftp.webolton.com/ 0% virustotal Browse ftp.webolton.com/ 0% Avira URL Cloud safe ftp.webolton.com/WebInterface/login.htmlon.com/WebInterface/login.html 0% Avira URL Cloud safe
Yara Overview
Initial Sample
No yara matches
PCAP (Network Traffic)
No yara matches
Dropped Files
No yara matches
Memory Dumps
No yara matches
Unpacked PEs
No yara matches
Joe Sandbox View / Context
IPs
No context
Domains
No context
ASN
No context
JA3 Fingerprints
Copyright Joe Security LLC 2019 Page 9 of 43 No context
Dropped Files
No context
Screenshots
Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Startup
Copyright Joe Security LLC 2019 Page 10 of 43 System is w10x64 iexplore.exe (PID: 4196 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 2372 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4196 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup
Created / dropped Files
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\00ZPWYNC\www.google[1].xml Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Size (bytes): 118 Entropy (8bit): 4.439890005366943 Encrypted: false MD5: E5A4742E829392DE3D5CBBB06B03C889 SHA1: 76DD931770C627BDF2AF493920AE96D4D22664C8 SHA-256: 38EFEF9CAD17E7F865AA90CF62488C46068E6BB59EF6E6837BAE5B5791E7E4E1 SHA-512: AD548365715B8D38825C9E196DF1441CE66D1EADAD512497C2D0A6C016F67ABE7D1E6B802AB6137E24CCC52318A227DA8D8918CB72EE8420AD511F6986D41896 Malicious: false Reputation: low Preview:
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A77869D3-9212-11E9-AADD-44C1B3FB757B}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Size (bytes): 30296 Entropy (8bit): 1.8539870640231988 Encrypted: false MD5: 3B83170861EB97936262B7B20FB7285D SHA1: A58B7832994E6C69B4A016C019F0431CD3C59388 SHA-256: 95D098298C2291F1E736DCA8446BB0E5D13DE25D463E20E53471243C4447151F SHA-512: CD5DBC010CB767269961D061222A1046C7EA31BD9EE2881978AEF2649CC690DCD0F44E6877985F80C6751825CE9C91F11110DB0F8CBFA98D54EE60858BBD54F4 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A77869D5-9212-11E9-AADD-44C1B3FB757B}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Size (bytes): 60722 Entropy (8bit): 2.4351191380889703 Encrypted: false MD5: A6A22EFD8C705C4308AC8945C9E9428D SHA1: 2C3F963AB1AD9EF949AB11BEEC0B7CFD536B33C6 SHA-256: 0E7E370452495C2AD89BEE16CF3861AC7E11748EA7F2BFB4ADB9DE3D27428DA0 SHA-512: E42B9C6CEF99CCD77415FEA70BDE9CEAA384E597A5283BA4B6308C7109A64F43FEFFA6E4602D02CE78C75860059A25E503F03FB4D0013CBF4D406E039E63E8C 7 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AEBEFB94-9212-11E9-AADD-44C1B3FB757B}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Size (bytes): 16984 Entropy (8bit): 1.563587577569696 Encrypted: false MD5: 1977035D9312FCCD6121ABE8FD746D48 SHA1: EC0D8A80976E07179846081290801829AFD6ED48 SHA-256: 16E9D90DDF3848F3BC75A7E9D500BC6CA3F98FD27728023DC0EAA00C04FECF3B Copyright Joe Security LLC 2019 Page 11 of 43 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AEBEFB94-9212-11E9-AADD-44C1B3FB757B}.dat
SHA-512: 0E48353D09C656477BCFB2B40905F294C95D5144F562E96EE9CB8D9E5DBBFBAC7AEB8C1740783AC97D9E0D9EDDA7F1EEEB587D5F769784FE9C2B3B5A141304 74 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 665 Entropy (8bit): 5.144022796578996 Encrypted: false MD5: 82BC6D39E206F33109FD852F1614B841 SHA1: 43A57E8A26D71E850866D1D3237138A29AD6013E SHA-256: 8728556125F1B5DE9A7A60E1DCBC57F74FCC3C0E3E81A9BBF49BF06D8D23D729 SHA-512: F94BE1B441DA233B8F7D6E93DD09440B3A0451DB2FC3A31252A2A3A56860B86C082A27678F3E9A6737FA1A6DA10D86543E220D13E7CDF2A44BF8D7932F398887 Malicious: false Reputation: low Preview: ..0x80213786,0x01d5261f < accdate>0x80213786,0x01d5261f0x80213786,0x01d5261f 0 x802399c3,0x01d5261f
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 662 Entropy (8bit): 5.120732910366361 Encrypted: false MD5: 1ACBC823543FCF2E0111570F359F2EE5 SHA1: 514AF87785A16124C8FD191A58396DAA832C01FD SHA-256: 7358EA0ADD5BD05673F9CC96F6C933899A35A81A2B426A5943083EA10960197D SHA-512: 6315E061888ADC1B3091034B8391FBC87CFD98FD2774B4DF06E570B2A265850F90066C9D0D978851E1F8423D88D6355B02295EF7021BC4DB5592A98F090F8DF4 Malicious: false Reputation: low Preview: ..0x7ff115f5,0x01d5261f 0x7ff115f5,0x01d5261f 0x7ff115f5,0x01d5261f 0x7 ffbaabf,0x01d5261f
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 671 Entropy (8bit): 5.143250303804316 Encrypted: false MD5: B786813FD3B53C280284EAC64EB2651D SHA1: CDF82D8066F21886469882D5DC392E54EF47E5CB SHA-256: C2CFE3E5D5C8085F42147A7A64A7A3CB040E727A7DDF9CE3DA6BBFC2B4E3B578 SHA-512: B5705177D2682B5B4BD7652ED790B22A66494B4251A9C01200FAD3ABCAFFBD56F7BC7504D3AADFA5E4C1412741CD48D41ABB456F4B6123C2776EB2F283486415 Malicious: false Reputation: low Preview: ..0x80285e9e,0x01d5261f 0x80285e9e,0x01d5261f 0x80285e9e,0x01d5261f 0x80285e9e,0x01d5261f
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 419 Entropy (8bit): 5.202565202279732
Copyright Joe Security LLC 2019 Page 12 of 43 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml Encrypted: false MD5: 848E3711C5063F360180853EB0C8E768 SHA1: 80EEF46F8DFC45B09486E39868E330FE200B0E04 SHA-256: F42E771937BC61BE2ECAA7948E15DD489374A0C641BA8F0FB6D9EA1DBACAA389 SHA-512: 961F031E5887C085F4B092E491C6E45D6C5242EB6EB736BF96A6CA179399C99DE64570BAC90BA38EEDF22F7D0F3FE4F80A3BE125A89E9C0E67865E61354FCE16 Malicious: false Reputation: low Preview: ..0x48594ba7,0x01 d48263 0x7ffe0cde,0x01d5261f \lowres.png
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 656 Entropy (8bit): 5.1249593358674215 Encrypted: false MD5: D125F2C06F877247E4E82D651D3099BE SHA1: C4393B64FFCEBF923BC9E81AF1621AF95B654FB2 SHA-256: D4DE1ACB3830F821609E5AB4CD37B90D3D16B6CC669C4A58371F894A990FC844 SHA-512: 3E1FC4336BC8E31EB043E214EE0BBB23F12DA2F187923FDA6948B283C743848B2525EE734B53CF46E16448B7E5C6730DC8B08371538C901C785AA5AEAF898FFE Malicious: false Reputation: low Preview: ..0x8014a061,0x01d5261f 0x8014a061,0x01d5261f 0x8014a061,0x01d5261f 0x8014a 061,0x01d5261f
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 665 Entropy (8bit): 5.1613721995681985 Encrypted: false MD5: 8EA4638759AF3659A1C22BB7332194AF SHA1: 53280898BB0ADD909D351FA6957C12334C79EA52 SHA-256: 9CE6FEAF91DF0632E50C2356AD943576ED127541924EFA1D0B99E2C360AB6367 SHA-512: 668EDD1BCB7251F86254ACA0BB71960C1EC8A2DA61A2C263A18E25A9FFCDDF194319FA4861D236BB29D7547FAE22D2FA2ED8959DB80D5393AD179D04A17E68 3C Malicious: false Reputation: low Preview: ..0x802b2056,0x01d5261f < accdate>0x802b2056,0x01d5261f0x802b2056,0x01d5261f 0 x802d8328,0x01d5261f
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 662 Entropy (8bit): 5.107621500468183 Encrypted: false MD5: 3E19CD5E5671C9F5005F6818C2720918 SHA1: C61DE7312A81A3C70DE1FBED9891DA2DE097758F SHA-256: F9E8F52C052AE7C403CF77A43CA139226D593D4F2AA01EF461239A637766247B SHA-512: 0455B38219740739E3BF2E92B1ABA8B8941B6EBC6E9230E348CA268CB45D65737F0DC516B8AE227468CB8B740E7ED2691DBC4D55179D9517E743F7E6A63625C8 Malicious: false Reputation: low Preview: ..0x801c7108,0x01d5261f 0x801c7108,0x01d5261f 0x801c7108,0x01d5261f 0x8 01ec406,0x01d5261f
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Copyright Joe Security LLC 2019 Page 13 of 43 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Size (bytes): 665 Entropy (8bit): 5.168319917895616 Encrypted: false MD5: 3B0933516587292B0CF98CD2CD52483F SHA1: 9E8066F211F63684FB77A3D7EA18CC35BC7C9206 SHA-256: 4089793F288AC471185698BE048BD3689F99A990549A17D5AA1B92D6C80BD309 SHA-512: 0A288C304C1106CF3EF9A797E777C0E5A964328C56DC2D2602EB5E44B10D524159D0F68F49010DE86B1E2C97D261EB1355CFEB2AEE840F11B7AD8F9F85FB2A07 Malicious: false Reputation: low Preview: ..0x801702d9,0x01d5261f < accdate>0x801702d9,0x01d5261f0x801702d9,0x01d5261f 0 x801977e8,0x01d5261f
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 668 Entropy (8bit): 5.118564786406621 Encrypted: false MD5: 5BF25BAD37DE2E7F544F82339D56F105 SHA1: 45BBCC4E5AFA148B9CB6BED4D9D88CD2E4E1881C SHA-256: 0C19B196E2D8D4E7F6A6BCEA772D10F16712FAC87B51CD788D51A2E8155CCC77 SHA-512: 1FF363B6A7B7F319456F03E14552BBBE11C6711C5CE18342FA0C03800BE2C148B57FE1889062EBC8C531DA44528263C3B54B6517BD8D2033BC8384BAF86CAA25 Malicious: false Reputation: low Preview: ..0x8000702f,0x01d5261f 0x8000702f,0x01d5261f 0x8000702f,0x01d5261f 0x8002f6cb,0x01d5261f
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): 662 Entropy (8bit): 5.108132276943754 Encrypted: false MD5: 18C27FB2781682178D5F6C29369A2133 SHA1: CBDCBFEB6AAE75124CABC331875C4AA4EA53BCAF SHA-256: 630B990A73325444371968BF0D3A74E06796F710A1CD9654FE0A5F4B8C3A872E SHA-512: 7933FF0E4719BB4F0BF6FB9859B5581485AD995FC4846946F5229D3B6EB0A65C647D3733E2CEC10CD369B26AA3ECE651DEAB5BB86BAEC38CB637BBB56BFE54 7E Malicious: false Reputation: low Preview: ..0x800f7c81,0x01d5261f 0x800f7c81,0x01d5261f 0x800f7c81,0x01d5261f 0x8 011de89,0x01d5261f
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6o07ku1\imagestore.dat Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: data Size (bytes): 49147 Entropy (8bit): 7.56796340440445 Encrypted: false MD5: 7811868363F7097D162BF081E00D6022 SHA1: 9552C719A33DF655236375DF07CCDBC884B8812B SHA-256: 365A756F8443941A24FDE94986197C40DAE2FD646439AF49A7B24E1B46C82143 SHA-512: BBCD86D136463743DC28D52A8C3E611EBE14DA1CFC9F1A9484E1BF6672F848D5F8458057DDFF1DA5E6C18EB77A9BB02F30071256FD262AD276E9702F615B5D8 2 Malicious: false Reputation: low
Copyright Joe Security LLC 2019 Page 14 of 43 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6o07ku1\imagestore.dat Preview: #.h.t.t.p.:././.f.t.p...w.e.b.o.l.t.o.n...c.o.m./.f.a.v.i.c.o.n...i.c.o.~...... h...... (...... gVGF_PB.^OA._OB.\[email protected] <.QD8.QC8F...... 60EC=4D.XLN.eWY..qg...v...w...l..m[.fUG.SE:.WH< ...... m[ 0A...-...&m.D_..0>p..[...M...{.....y.yeT.YJ>.YJ> ...... r_.m...i...T|...... ?`....K...55..e...(l.zv.FBg.QEG.Y J>...... {h.}...j....G....n..,....W.8Z..Jz....K.0J../J....M.dTK.\M@F.....}i.zv|.@c....[.%>..h...... j...... w.z...q.....S.p^W.bQD...... ua...... ]...Sz...... U...Jf...... !E..\...... x.bV^.hWI...... n[.u..}....x...Q}...... 1P...... 3\..<\...... 3..aXg.o\M...... lZ.du.[...... Iu...... 1Q...... 1Y..+I...... &C..aZl.t`P...... q^.bSFc...... Dp...... {...2R...... 3[..Ht...... "<..ypw.vbR...... }j.eTF...... S...... {...R}...... 4_..f...... 1P...qi.zfU...... |hV.ai~.....v...... o...... u...Q...... zx..r_.m[F...... y.s`P.dn{.m..~...... O...z..d..`wcRz.q_.zf..vb...... z.{gU.][email protected]
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3PRWWXOM\ME9V31H5.htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with CRLF, LF line terminators Size (bytes): 227 Entropy (8bit): 5.235866058577928 Encrypted: false MD5: 0F8BA3DA5EC9C4330A36CEFACDAC783F SHA1: 6E4B5B387A0526ED1AD8E2A6D4CF0E01945CDD21 SHA-256: 8213FC7F4340216DE2C6E83C25C362D05D66663CBB7126A6ECD4A7D0A276802F SHA-512: F1FAED20A402DD75E994D3A4B56D4035C88097492C39C946F7A3A3CFAC4DE48CFEB0A5063EC2AC05E5131CA9DC9F42981C20DBF73D6142A0E32BBC3956ED49 25 Malicious: false Reputation: low Preview:
.
301 Moved .
301 Moved .The document has moved.
here .....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3PRWWXOM\ScrollMagic.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 126520 Entropy (8bit): 5.5237313210945445 Encrypted: false MD5: 9D91942108CFF1E555948B71BC4D7022 SHA1: 0FA452D321AA33C177A1260B32A7259F9D08D621 SHA-256: B21C1903AD1851FB0D398CC82CCC468BA3EB0D1DF1C5162371C06DC7A544B18E SHA-512: 474C50414A06F32E3858065639539BB2C6A2BE96DA2B5A0422674B989933BA52A8A82BDDA2473A50A4F27A36CC263C7F2A6E75D817A5833380FC2E1BFB3B5651 Malicious: false Reputation: low Preview: /** @license ScrollMagic v2.0.6 | (c) 2018 Jan Paepke (@janpaepke) | license & info: http://scrollmagic.io. *. * Copyright (c) 2018 Jan Paepke. *. * Permission is hereby granted, free of charge, to any person obtaining a copy. * of this software and associated documentation files (the "Software"), to deal. * in the Software without restriction, including without limitation the rights. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell. * copies of the Software, and to permit persons to whom the Software is. * furnished to do so, subject to the following conditions:. *. * The above copyright notice and this permission notice shall be included in. * all copies or subst antial portions of the Software.. *. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE. * AUTHORS OR COPYRIGHT HOLDERS
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3PRWWXOM\T7X6C4O1.htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text Size (bytes): 275 Entropy (8bit): 5.214504929184093 Encrypted: false MD5: 287C8C8EBDDC8E6F8FFB1B2BA98653C2 SHA1: 456AFFEC384F373A29060E3D2B1330AA169941FA SHA-256: CEE7C5C490EFDA96D45DF99DFFF74910A7F5634F104FCDFA76EEC3220A3E76D2 SHA-512: FA35A963127D6BEB8C368E671367E5D810A1DF2EB6671DDCAE0849276348100DF925951D3F4245D72BC73B441D93C65AD445A72A7F7FDF17E09A1F99D2A1ED3B Malicious: false Reputation: low Preview: .
.
301 Moved Permanently ..
Moved Permanently .
The document has moved here .
..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3PRWWXOM\activityi;src=2542116;type=chrom322;cat=chrom01g;ord=732795946 4668;gtm=2wg651;auiddc=1064299426.1560894470;~oref=https___www.google[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines, with no line terminators Size (bytes): 931 Entropy (8bit): 5.459718168743297 Encrypted: false MD5: 3DFD4A40DA346A54C3C586FB74D60880 SHA1: C58F9C4B750C16BE4C48A4BDFCA7CDA12355BC0E SHA-256: 8FDC954939D8A40B0164B879A1553F7AB95BC5DAF5C769ECD4C3C1AD27D49FFA SHA-512: 25322544CA8E9E7449FD41F59F539568A639A492232DF92F0D58C9527014BE50337B74CB6FBD4029776DA7A67A14EA7F32FDFACCA73355BEC72AA484C8887930
Copyright Joe Security LLC 2019 Page 15 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3PRWWXOM\activityi;src=2542116;type=chrom322;cat=chrom01g;ord=732795946 4668;gtm=2wg651;auiddc=1064299426.1560894470;~oref=https___www.google[1].htm Malicious: false Reputation: low Preview:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3PRWWXOM\dbab-desktop[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x380, frames 3 Size (bytes): 106881 Entropy (8bit): 7.782232754112955 Encrypted: false MD5: 826BECF73A8BF9B463FAF9202588F897 SHA1: D66E69F298C214565C7462ED0604441239E0831B SHA-256: B5328CDDAD0EE9FABCBE1E9EC01CB9DFDA250FBA592175310486A48A76C5CC2E SHA-512: DDDDBC8CD2341EAF96785471CC7BC6A787E8E879D5ED6A655F25936C12D5B3F9066FBE6058213F4C259EDA12F7597D42A842429A982EA9BF43A25A80547DCD0 7 Malicious: false Reputation: low Preview: ...... JFIF...... C...... C...... |...... |...}./G e.BM...f.}.t..\g.]....'...... l.J5.<....t..|...... Y...sy..s..P...~.a...<..'2.....,....5e.....a.Np.7upV..WO..]...bj.....ZF#'...5...... W.AV!.=li.>.'....iT..#.)..M.....iZ..Z...7;.h...H...l6.|....[.5.M...... VJ.7Sr.%.(.K3.N.=m.my$[...b.n.t/C.?@u<..v...)~$.. V..9AWI..7q...... ]...... F'5....G...... $.+]...... t.B...e...l.+..Yt2=u..x{d!.7..K.Q...... a.tv./..Nd./L6...h...../...... %...,.pp....? .....S.>t..W.UX9A.Y..W-~.<...l.e.W?....888L.C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3PRWWXOM\down-arrow-blue.3bcea1f6c2e8[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 194 Entropy (8bit): 5.027909707638084 Encrypted: false MD5: 3BCEA1F6C2E81D1BDC6B710FE72293BA SHA1: 2AA1D368E4267E49E55D406AB899CA293F063326 SHA-256: DB78115A50BA6CF6579D4445EC47039213F04DE9FA179EB50201CB7F5AC49BE1 SHA-512: C896EBB9D9C1FB28C9C76D81834EB3D50346B1FF38122F9DFCF54515465E7FC2059B166E58541D6A6858CD0CA030BFC6FC89FB5746269749684C81BE28453D1D Malicious: false Reputation: low Preview:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3PRWWXOM\hero-bg.8482ec731bb3[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 1847 Entropy (8bit): 5.049376086793591 Encrypted: false MD5: 8482EC731BB3A78ABE06F62605104037 SHA1: 8AEDB10E6ED0F1D8F7CE3B2E417A93D1E3BBDBA2 SHA-256: 1677901CD45701B2A42C8756B417123D6A4D96495D816E41B0D92FE840197862 SHA-512: A2B519E1401EC0F4166243C198AFBF64FF32EC5963E95DF698ED01A3AEF410496A7E11A441FA93CB4AECA11E01642D04BB102124C75CCA14F54BFAF1EE50444 2 Malicious: false Reputation: low Preview: serif;..}..div#login {.. margin:110px auto 0;.. width:5 46px;..}..div#signup {.. margin:20px auto 0;.. width:90%;..}..div#signup #branding..{.. padding:10px 0px;.. *padding:0px;.. *margin:0px;..}..div#signup #pa nelSignup..{.. border-top: 1px solid #eee;.. margin:10px 0px;.. clear:both;.. font-size: 12px;..}..div#panelbody, div#changepasswordPanel {.. background-co lor:#fff;.. padding:0px 10px 10px 10px;.. border: 1px solid #eee;.. -moz-border-radius: 10px 10px 10px 10px;.. border-radius: 10px 10px 10px 10px;.. -webkit- border-radius: 10px 10px 10px 10px;.. box-shadow: 2px 5px 5px #888;.. -webkit-box-shadow: 2px 5px 5px #888;.. -moz-box-shadow: 2px 5px 5px #888;..}....* html d iv#panelbody {.. background-image:none;.. *padding:0px;.. *margin:0px;..}..div#login div#panelLogin div, div#login div#panelResetPass div, di
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3PRWWXOM\modernizr[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 10683 Entropy (8bit): 5.316848908326755 Encrypted: false MD5: F6D9D298E8BC837593B05A491A4603BB SHA1: 0820414C58CBE79D0894A891350FAE8C8B48ABE1 SHA-256: 0E155D486A16556BF559FA721996DE15BB19EDFA603804E7DD62D3F86AAD24F5 SHA-512: 87F0A0B47A74F393AF5E5ACA7FD51F3703F9A27CFA568832A09FB3ECEEB9D01D04D09BC5E154B2F27C13270B616B87B070C6FE6097E0F5510C2C25F1ADB72F4 6 Malicious: false Reputation: low Preview: },s.websqldatabase=function(){return!!a.openDatabase},s.indexedDB=function(){return!!J("indexedDB",a)},s.hashchange=function(){return A("hashchange",a)&&(b.docu mentMode===c||b.documentMode>7)},s.history=function(){return!!a.history&&!!history.pushState},s.draganddrop=function(){var a=b.createElement("div");return"dragg able"in a||"ondragstart"in a&&"ondrop"in a},s.websockets=function(){return"WebSocket"in a||"MozWebSocket"in a},s.rgba=function(){return D("background-color:rgba (150,255,150,.5)"),G(j.backgroundColor,"rgba")},s.hsla=function(){return D("background-color:hsla(120,40%,100%,.5)"),G(j.backgroundColor,"rgba")||G(j.background Color,"hsla")},s.multiplebgs=function(){return D("background:url(https://),url(https://),red url(https://)"),/(url\s*\(.*?){3}/.test(j.background)},s.backgroundsize=function(){return J("backgroundSize")},s.borderimage=function(){return J("borderImage")},s.borderradius=function(){return J("borderRadius")},s.boxshadow=function(){return J("b oxShadow")},s.textsh
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3PRWWXOM\protocol-core.53277c093e21[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 74594 Entropy (8bit): 5.052494971211022 Encrypted: false MD5: DDFEC9FD43CF38761BFA2AC481CBFA09 SHA1: BDEA531735FF38197F3A3CD23A610C44DAF4B083 SHA-256: 6E6AFD4DFC2C5FC86CD37EBC26C0C6DCFCA11659D30149C7A49E27529B1E8963 SHA-512: B2784EAA0B6AD56F18C86388B7E60EC8E7F6C9CD235EAE0B4E5CB9DD948137623742DE800B53E210326F8538C6B60169ED3AF045F94299BAF5661337FAAF8A88 Malicious: false Reputation: low Preview: @font-face{font-display:swap;font-family:'Zilla Slab';font-style:normal;font-weight:400;src:url("/media/fonts/ZillaSlab-Regular.f9de6143fdfa.woff2") format("woff2"),url(" /media/fonts/ZillaSlab-Regular.f7120c75de27.woff") format("woff")}@font-face{font-display:swap;font-family:'Zilla Slab';font-style:normal;font-weight:700;src:url("/media/ fonts/ZillaSlab-Bold.8d7f01331d2b.woff2") format("woff2"),url("/media/fonts/ZillaSlab-Bold.be1d6507cb98.woff") format("woff")}@font-face{font-display:swap;font-family:Int er;font-style:normal;font-weight:400;src:url("/media/fonts/Inter-Regular.d55e957612a3.woff2") format("woff2"),url("/media/fonts/Inter-Regular.1a7f90ff1f1e.woff") format(" woff")}@font-face{font-display:swap;font-family:Inter;font-style:normal;font-weight:700;src:url("/media/fonts/Inter-Bold.0564381b22b2.woff2") format("woff2"),url("/media/ fonts/Inter-Bold.2767206dcd8d.woff") format("woff")}@font-face{font-display:swap;font-family:Inter;font-style:italic;font-weight:400;src:url("/media/f
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3PRWWXOM\site.42d7dbd806b5[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 5122 Entropy (8bit): 5.495493529265438 Encrypted: false MD5: 42D7DBD806B5AC9E2807B704EFB853A5 SHA1: 95C10798CDEACD881E9666C076EB5ADB82D1B287 SHA-256: 85EB69A2D06550B00A6ECD8E78846402A1A362B47FCD4244577FED72692F21AA SHA-512: 976C5529639578DA45132B3168F37E431050A1243B6CF2530AEA074AFFA1A00C332C29D4C72F2B44C90930DDEDA8D3143CC127ED29A48361C1DC176495B9AD9B Malicious: false Reputation: low
Copyright Joe Security LLC 2019 Page 17 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3PRWWXOM\site.42d7dbd806b5[1].js Preview: !function(){"use strict";window.site={getPlatform:function(e,t){return t=""===t?"":t||navigator.platform,e=e||navigator.userAgent,/Win(16|9[x58]|NT( [1234]| 5\.0| [^0-9]|[^ - ]|$))/.test(e)||/Windows ([MC]E|9[x58]|3\.1|4\.10|NT( [1234]\D| 5\.0| [^0-9]|[^ ]|$))/.test(e)||/Windows_95/.test(e)?"oldwin":-1!==t.indexOf("Win32")||-1!==t.indexOf("Win64")?" windows":/android/i.test(e)?"android":/linux/i.test(t)||/linux/i.test(e)?"linux":-1!==t.indexOf("MacPPC")?"oldmac":/Mac OS X 10.[0-8]\D/.test(e)?"oldmac":-1!==t.indexOf(" iPhone")||-1!==t.indexOf("iPad")||-1!==t.indexOf("iPod")?"ios":-1!==e.indexOf("Mac OS X")?"osx":-1!==e.indexOf("MSIE 5.2")?"oldmac":-1!==t.indexOf("Mac")?"oldma c":""===t&&/Firefox/.test(e)?"fxos":"other"},getPlatformVersion:function(e){var t=(e=e||navigator.userAgent).match(/Windows\ NT\ (\d+\.\d+)/)||e.match(/Mac\ OS\ X\ (\d+[\ ._]\d+)/)||e.match(/Android\ (\d+\.\d+)/);return t?t[1].replace("_","."):undefined},getArchType:function(e,t){var o;return t=""===t?"":t||navigator.pl
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3PRWWXOM\white.799723d2198f[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 1425 Entropy (8bit): 4.588512308486136 Encrypted: false MD5: 799723D2198F5924508965427C1A73C4 SHA1: 77122090D03ED1C4F3584CD1B34A4E0E4D13DCB6 SHA-256: D6C6F9824AD3BCF5B5A6465549E024135AB81E64FF208C7574202A7FE8844F29 SHA-512: 70C7A3398253776914E81AA16892E63A54B274667B4E5D0545602DC51C621A28B5F2259AA68DEF7570F55F14612D213A169D961EE29D9AF49A9D18DB0FE097B0 Malicious: false Reputation: low Preview: icon/social/twitter/white
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\close-icon[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 21 x 21, 4-bit colormap, non-interlaced Size (bytes): 10059 Entropy (8bit): 7.934456847615957 Encrypted: false MD5: CCDA5D83133BCCC96C2959B729BBFB1A SHA1: C82D10621C7CFA220CA7419AA2AC7E287533D759 SHA-256: B7F1F211E9F4BE57C4A6AFC3E95AED219FF73E84520E3AE3AB305839ADB33573 SHA-512: A73E5DC626A78449DBAE921F5619EA6D9E8046D53F68AC1C44683C5496DB21362A1DC289550EDDEF0E4DABD115D3514A88C1A0AF5C6F05EF5300C3AB3321747 B Malicious: false Reputation: low Preview: .PNG...... IHDR...... [9...... PLTE...... O...... tRNS..n.M...... DIDAT..c .....FG0.Y.H....BF.... &..... a...H.*a..F..j..".D...... O...L...... IEND.B`..PNG...... [email protected] .....[.v.... .PLTE...... X.D7..@B...... =6.....L.g^.. [email protected] ...... >.n.O>c....[.JA...... l..b._Y}...... x...c.....O...... 1.b...... Z..N....z.P.ZO..M...i..bN.Z..U...... Y...... n...rh.._..T..Mz...k%.\0.T.M..L.eC...a..T..P.RL....r. cwyU.cIs...\.n..n..k..WVyR.gR.UC...... tRNS.333333333
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\common-protocol.934ad83c3126[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Size (bytes): 462072 Entropy (8bit): 5.2583887590683 Encrypted: false MD5: 661777B12F34B64F265522BAF9FC9C0D SHA1: AAA64D3ABBAF4BE83725F6E454B5EA9A0409E983
Copyright Joe Security LLC 2019 Page 18 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\common-protocol.934ad83c3126[1].js SHA-256: A01EE60A88D4EEF4F4AB1F6C6973B4468073C97B6F2BEEE53F5FFAE2118D935B SHA-512: 382E53D829E8C97A0AF148081A2AC920AE28F4957664FA3977859C03CD4CFFBCE0F21EC7739C8D750E38F7EE509F424C14EBFD8EDF27F0E39F3787EEAE47283 D Malicious: false Reputation: low Preview: if(function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Er ror("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(A,e){"use strict";var t=[],k=A.document,o=Object.getPro totypeOf,s=t.slice,m=t.concat,u=t.push,l=t.indexOf,n={},i=n.toString,E=n.hasOwnProperty,r=E.toString,a=r.call(Object),g={};function v(e,t){var n=(t=t||k).createElement("s cript");n.text=e,t.head.appendChild(n).parentNode.removeChild(n)}var c="3.2.1",D=function(e,t){return new D.fn.init(e,t)},f=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,d=/^-ms-/ ,p=/-([a-z])/g,h=function(e,t){return t.toUpperCase()};function y(e){var t=!!e&&"length"in e&&e.length,n=D.type(e);return"function"!==n&&!D.isWindow(e)&&("array "===n||0===t||"number"==typeof t&&0C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\favicon-16x16[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 16 x 16, 8-bit colormap, non-interlaced Size (bytes): 711 Entropy (8bit): 7.4911673943513915 Encrypted: false MD5: 988D28184980A93CA829A9BDC2A300A4 SHA1: 9681B2963D0FB24A11F18EF5F8F408619FA02F13 SHA-256: 534A229E57245A665AAD607B16288D90AD0476653B3A4866C1B7276D22F67214 SHA-512: B4BDC67AB606A3EBF61023E7CB5B6E676D0AC8F7033CC138D6A40FB751BDF94ADB00CB161B21F8B3A94BBC08CA0B819F24AAF0C21C2BF42FD5A40D5BCD00 E6E3 Malicious: false Reputation: low Preview: .PNG...... IHDR...... (-.S...YPLTE...z.Q.K..A..[.RK.I>.PD..A..\..a..A..a.K@..[..@..[[email protected] [email protected] @..\.l;[email protected] ..=.PC.VJ..A! [email protected] .<.QE.YN..@/.e..?T.L.<.RF.WK..B..[.MAK....^I..".d..a.QE.RF.h;F...... >.v..u.~s.J=..;e..[..q..c..H...... ?.ud.t.m..k.si.yd?.\/.[n.W..V..T.`T..S#.Qz.LlqL.G.SG [email protected] ?.:..s....9tRNS...%...... {i=;1)$...... RPFE?8#..../...... [email protected] .{[email protected] ...`..C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\favicon-196.c6d9abffb769[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 196 x 196, 8-bit/color RGBA, non-interlaced Size (bytes): 32658 Entropy (8bit): 7.987396508282397 Encrypted: false MD5: C6D9ABFFB76957208B620EB994F611A9 SHA1: 0F170C1AB24F037F091FC94664D5ABAF717D03A8 SHA-256: ED2D683F1A9F7C7B2BDEB375CAD2E7C2249AF0FB7FE4D2BBF9C0E97DC46F0DAC SHA-512: C53BA1842D6C41277511621FCE2025226540E915BA574F959DE3A042D6E1715E62CEEC910CC9540F1A9D9AEB0951CF7F43C5E673D89333F70E92CC362BF938E2 Malicious: false Reputation: low Preview: .PNG...... IHDR...... k....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp..... YG....|.IDATx... .$Wu...N...... I..$...... 3.1..$...m@$c..(...... Va....;...S.}..u...{vV......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\gtm-snippet.9f9cf2026c5f[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Size (bytes): 514 Entropy (8bit): 5.088023472781701 Encrypted: false MD5: 9F9CF2026C5FCAD6AF9F12A2E861FFDA SHA1: C93A6E6D6F5CB799700A0C3AFBF1966A0426AFB1 SHA-256: 5FF0C822CE892BAE85CA52C2616F7603787FFFD8C072A886A2607E0F630CE730 SHA-512: 305C776B1898EE46D7F249B316D8F601A3203AF610F362C9585C9913A08D3695CE79B4E78934390C6D25F051C86D6A0DB6F1574329F74835CACACC1D048C9633 Malicious: false Reputation: low Preview: !function(){"use strict";var e=document.getElementsByTagName("html")[0].getAttribute("data-gtm-container-id");"function"==typeof Mozilla.dntEnabled&&!Mozilla.dn tEnabled()&&e&&function(e,t,n,a,o,g,m,r,i,l){for(e[a]=e[a]||[],e[a].push({"gtm.start":(new Date).getTime(),event:"gtm.js"}),m=t.getElementsByTagName(n)[0],i=o.length,l="/ /www.googletagmanager.com/gtm.js?id=@&l="+a;i--;)(g=t.createElement(n)).async=!0,g.src=l.replace("@",o[i]),m.parentNode.insertBefore(g,m)}(window,document,"scri pt","dataLayer",[e])}();
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\hero-back-mobile[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 599x544, frames 3
Copyright Joe Security LLC 2019 Page 19 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\hero-back-mobile[1].jpg Size (bytes): 9532 Entropy (8bit): 7.166017988879874 Encrypted: false MD5: 1B5D77BF3EBAE3CE4A7D78A660519FC7 SHA1: 3D5EBF61A9145BD50E62D93ADE39F03CE8B64600 SHA-256: BE30C8F3D193ED884D99BCAEAD408E07F6BD37190DEB5E9292B933E6002A5D26 SHA-512: EF5E22844616FA19E17E6E51DF6BF6D110DE54D940CC42DF4971FB167FE23F878D2B62273DBC5C5C313A70180EF07720C13502B8BF353D22A7C23976FA22CD40 Malicious: false Reputation: low Preview: ...... JFIF...... C...... $ &%# #"(-90(*6+"#2D26;=@@@&0FKE>J9?@=...C...... =)#)======...... W...... `...... *.N@OJ...... e{...... M...... (...... 5 c{...3.*...... F...... O..vy.7g...U.4...... S...N.....Hm.q.Z..U4.A+...... %.?..<^/g...=....J...... 8~]..W...... /...... c}]...... _:....{....@...... S..o....pz...7..+....r.~%9> ..C.7.z.....@..[...... |,..0.[...}@...... @.Q....S.OM...... ?;...... T..>_77...... =i.+...... ?6.:s .....P.....f@...... Zm.B..c.2...... 9.N.v.v.f.m+E.P...... Z.nZ...... "j..Y...... 6ep...... j_...... @...... [Y......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\jquery-1.4.2.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 77746 Entropy (8bit): 5.383737067000433 Encrypted: false MD5: E4958BD2E32D9FCD6115A585ED17A9CC SHA1: 97BE02D1785B7BB4F41AE116A6A9BEF74CB018D6 SHA-256: F800B399E5C7A5254FC66BB407117FE38DBDE0528780E68C9F7C87D299F8486A SHA-512: C6A447C20F0F834250FA79DEE66072DD21AB1838A1A6CAF9518B8C8087158F548C7D22AB44936FBBBB458AD68AEF4C43A52B010485694DC4C65E79B1EFF436C7 Malicious: false Reputation: low Preview: /*!. * jQuery JavaScript Library v1.4.3. * http://jquery.com/. *. * Copyright 2010, John Resig. * Dual licensed under the MIT or GPL Version 2 licenses.. * http://jquery. org/license. *. * Includes Sizzle.js. * http://sizzlejs.com/. * Copyright 2010, The Dojo Foundation. * Released under the MIT, BSD, and GPL Licenses.. *. * Date: Thu Oct 14 23:10:06 2010 -0400. */.(function(E,A){function U(){return false}function ba(){return true}function ja(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ga(a){var b,d,e=[],f=[],h,k,l,n,s,v,B,D;k=c.data(this,this.nodeType?"events":"__events__");if(typeof k==="function")k=k.events;if(!(a.liveFired===this||!k||!k.live||a.button&&a.type== ="click")){if(a.namespace)D=RegExp("(^|\\.)"+a.namespace.split(".").join("\\.(?:.*\\.)?")+"(\\.|$)");a.liveFired=this;var H=k.live.slice(0);for(n=0;nC:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\jquery-ui-1.8.2.custom.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with CRLF, LF line terminators Size (bytes): 215284 Entropy (8bit): 5.312120092823386 Encrypted: false MD5: 9FF2FE27DE11BC1750E2618C537ECB6E SHA1: 2295DD895602DA6C910A3FB668E179A7BFB2313E SHA-256: 0EFD62F30D53D85065AF55EC018162EE2E8B09FEB6AC93AB24D640A82FDB5B13 SHA-512: C97C6C903D285F35D5B1A2724D5D9D053FD2946FE94EC273C46278AA385F4F03B6599E6F8B1AC9A1C6BABFCA86F5A611F58FA1D47D7F630784D6D8210C473A74 Malicious: false Reputation: low Preview: /*!. * jQuery UI 1.8.2. *. * Copyright (c) 2010 AUTHORS.txt (http://jqueryui.com/about). * Dual licensed under the MIT (MIT-LICENSE.txt). * and GPL (GPL-LICENSE.txt) licenses.. *. * http://docs.jquery.com/UI. */.(function(c){c.ui=c.ui||{};if(!c.ui.version){c.extend(c.ui,{version:"1.8.2",plugin:{add:function(a,b,d){a=c.ui[a].prototype;for(var e in d) {a.plugins[e]=a.plugins[e]||[];a.plugins[e].push([b,d[e]])}},call:function(a,b,d){if((b=a.plugins[b])&&a.element[0].parentNode)for(var e=0;e0)return true;a[b]=1;d=a[b]>0;a[b]=0;return d}, isOverAxis:function(a,b,d){return a>b&&aC:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\jquery.blockUI[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with CRLF line terminators Size (bytes): 12302 Entropy (8bit): 4.8279042862117425 Encrypted: false MD5: 4874558190AF9AC8016F74F5B9112689 SHA1: 6C66B0B98B94FFF887111BE96231C63FAC7E8D36 SHA-256: A9A4B0B80612BA9A1934D134A4344911C045F7AFFBA47F50CCF0BDE619206545 SHA-512: 8EA9F717A1E4E2C407FEB135489865C11F5C8649D9CDB23B722F6E616B01C5258D7ABB32D0FDA6BE1CC0B15CBE0995EAF12536FBD1CEC0A66CADECB580ABF 249 Malicious: false Reputation: low
Copyright Joe Security LLC 2019 Page 20 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\jquery.blockUI[1].js Preview: /*!.. * jQuery blockUI plugin.. * Version 2.33 (29-MAR-2010).. * @requires jQuery v1.2.3 or later.. *.. * Examples at: http://malsup.com/jquery/block/.. * Copyright (c) 2007- 2008 M. Alsup.. * Dual licensed under the MIT and GPL licenses:.. * http://www.opensource.org/licenses/mit-license.php.. * http://www.gnu.org/licenses/gpl.html.. *.. * Thanks to Amir-Hossein Sobhi for some excellent contributions!.. */....;(function($) {.... if (/1\.(0|1|2)\.(0|1|2)/.test($.fn.jquery) || /^1.1/.test($.fn.jquery)) {.. alert('blo ckUI requires jQuery v1.2.3 or later! You are using v' + $.fn.jquery);.. return;.. }.... $.fn._fadeIn = $.fn.fadeIn;.... var noOp = function() { };.... // this bit is to ensure we don't call setExpression when we shouldn't (with extra muscle to handle.. // retarded userAgent strings on Vista).. var mode = document.documentMode || 0; .. var setExpr = $.browser.msie && (($.browser.version < 8 && !mode) || mode < 8);.. var ie6 = $.browser
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\linkid[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 1569 Entropy (8bit): 5.369127779967127 Encrypted: false MD5: 0CC3A63FE10060AF4A349E5DF666EEFE SHA1: 3E8D3925B550345123F2CAB26568221FD4154F9C SHA-256: 92FCA55833F48B4289AC8F1CEDD48752B580FCE4EC4B5D81670B8193D6E51B54 SHA-512: 5801C9DB98C4998480772CA5AD71F0E400C4756AE713AAB0358CA6593B3A3426499D6DEC81A768C861CBBCD8394DD8C6D647628A13F124FF3A1119F9B7793E8C Malicious: false Reputation: low Preview: (function(){var e=window,h=document,k="replace";var m=function(a,c,d,b,g){c=encodeURIComponent(c)[k](/\(/g,"%28")[k](/\)/g,"%29");a=a+"="+c+"; path="+(d||"/")+"; ";g&&(a+="expires="+(new Date((new Date).getTime()+g)).toGMTString()+"; ");b&&"none"!=b&&(a+="domain="+b+";");b=h.cookie;h.cookie=a;return b!=h.cookie},p=func tion(a){var c=h.body;try{c.addEventListener?c.addEventListener("click",a,!1):c.attachEvent&&c.attachEvent("onclick",a)}catch(d){}};var q=function(a,c,d,b){this.get=functi on(){for(var b=void 0,c=[],d=h.cookie.split(";"),l=new RegExp("^\\s*"+a+"=\\s*(.*?)\\s*$"),f=0;fC:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\stub_attribution_code[1].json Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with no line terminators Size (bytes): 211 Entropy (8bit): 5.361204634409198 Encrypted: false MD5: 60084D461EBC8E5F37024C2CE2E8998E SHA1: 128651FD0E695C57004897A2DF0D3499467195DA SHA-256: 4FCAE2D986083C9649F0CCA3F11A2259CF0F0252ABA45999DBF6AC7DF24CD47E SHA-512: 54BE13B7087FD1345212D5475B61F52B630E269D0C5CC86CB75A812CE51FAE50E287D48AE9DF4BFFC6CABB945311C865BC9911096D508F269B7733F016423389 Malicious: false Reputation: low Preview: {"attribution_code": "c291cmNlPXd3dy5tb3ppbGxhLm9yZyZtZWRpdW09KG5vbmUpJmNhbXBhaWduPShub3Qgc2V0KSZjb250ZW50PShub3Qgc2V0KQ..", "attribution_si g": "24f20c1791256511cbb5047975f1f4003fc1cb8cd216aba0cb34f9baa206a5f9"}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8WQYDQEU\wheel[1].gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 16 x 16 Size (bytes): 1553 Entropy (8bit): 6.9562362184240465 Encrypted: false MD5: 03CE3DCC84AF110E9DA8699A841E5200 SHA1: D2B7E4E31FE8E1C6B720E33448674102879E4246 SHA-256: D3E3944D4649450DEE66A55C69EECED2D825B6CA1A349F72C75FD3780AE3F006 SHA-512: 03E154E27BE6B79745B3DF1A1C28984C3E778696BAAF193ECE7EE781EE253E9ED5DDF4897F0FC19E78CB406713E0FA107338B24D944C07401BEDDCB7B911B40 7 Malicious: false Reputation: low Preview: GIF89a...... wwwfffUUUDDD333"""...... !..NETSCAPE2.0.....!...... ,...... w $B..$.B.#..#..(C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATZL2J9G\GoogleSans-Medium[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Google Sans Medium family Size (bytes): 102222 Entropy (8bit): 7.979076241520261 Encrypted: false MD5: 13CF372FCEE2FC8D7EC18F1B49511702 SHA1: 15E5BED185EC9888B10B4C35EE60F0F534C512C4
Copyright Joe Security LLC 2019 Page 21 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATZL2J9G\GoogleSans-Medium[1].eot SHA-256: CA757E2F5EE9C38CF725C400279C25272A16ED488F2426AF106606640B57FB2D SHA-512: 45BBE7373A0721F02FD7D3F3108D2E457993A28C8BACFD03E976CEA3877E4D6893BE26C464C93323A3DC602A7085925582CA1E10AEDA0AAC11A3B6265E5EB92 8 Malicious: false Reputation: low Preview: 4...L...... LP...... I0...... $.G.o.o.g.l.e. .S.a.n.s. .M.e.d.i.u.m.....R.e.g.u.l.a.r.....1...0.2.7...4.G.o.o.g.l.e. .S.a.n.s. .M.e.d.i.u.m. .R.e.g.u.l.a.r... ..BSGP...... \....xZg.icyR..&c..4o4F..w....[[email protected] >j.9j.J8.eL.!^6..D79g*.ep97Dyj$..o.x....Y.7.'Z....1'.Q.H.O...$G.b...;.]Ox..5*".V...Eh ..QJ..G../.B+.-t&...'..^u.%[email protected] :...... J.l.$35.|..[....n..c.=.O..r>..s.m.7..Y.H8....Cl..Qx@....@!..|.1^.9..1.YM.FCV.z...GI@i...... g....::.k.t.l..=.t.a?...Qd....f....t..B.L..ei^...Hl..M ..s.....h..t...... N..(y#d... .2...~jdC.X..o..08y.u0f./J$.):vp...~.c....BwG.Y`.w....Y..Y...j...... h2../.\..b+{w9K.%%...W..lax-I...+.3AH.LY,_.(...... yQ...E..R.NR...... )....;.."....$...H... 4.D...1Bai[.a..n..1.z.[...]@.&...+...... 6..\..+.7..!v...p.C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATZL2J9G\GoogleSans-Regular[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: data Size (bytes): 3827 Entropy (8bit): 7.923265175795099 Encrypted: false MD5: A4C43C26C19B990A35176C7A70CF369F SHA1: D2A0D01A37CAB778B35421D722594FBE22A76E4E SHA-256: 8368805593FF32569CD95A9323E2F1BC52AE5E6FCC893B9BF32DFFF6AB6BA04B SHA-512: 5E9A3E446C2526C5FB0F7472411D46F7923F8E2E9D609DE767D4D1D681497202CCC138F6AD9160C59B35D6ECC07A2DD80EAF32056FD8FDCB254B297EAE0FD2B 4 Malicious: false Reputation: low Preview: .....5f.N4....P...... '..'..L.....O.++7../..t/t...RJ.0..yC/....~\=.].Vd/.HJ...... `...... zq..6.2.XkD...... AY9Fl.H.\!M.<..e.E(5p.Rr.n.;.C.....5.Z.= .K.Z.r.0.U4r.....D\M^.q..H4Y.a.1.U_DP.....6(.C9...J!,\...+Y.x9.#.8.....f..2$q.h.].0...HF...`F.D02iu ....R.'TtN.#Jr.3..#5z..:;.._.V46...G...... d [email protected] ....`.....;&bp!+.0...i..6...G.'..#1..G..90%...... :.g.x+....W,8..3...... D..!#.{.`.J.]....HF..\J:D.D.....r(0.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATZL2J9G\Inter-Bold.2767206dcd8d[1].woff
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: data Size (bytes): 106461 Entropy (8bit): 7.990220531173599 Encrypted: true MD5: 64C53695F4CDB85EDB374930C2DCCF9C SHA1: 679AF4141C291E53A0437C4B3D180B198FD357E5 SHA-256: 6273915DA271AF2F3EFA078D0CEFC499AB024F715F0D4662875C6BE198583B62 SHA-512: 6E45159F474C2ED3D683EA2E93993067848E8B8CBDBBE9D4D6ADBE3353CCD53EFAEAE0E9D7919EA03647476290EB69F4036AFB59C01F685ECA7D8CF7AB72E4 55 Malicious: false Reputation: low Preview: .a..&,.e.!...*...Di;.z..# JH..8...c...... @?.`...6.|F.3a..q.!0K.I.A.7..#...... +P...8$.33Rh...Q41{.8<.=X.B...9...*...s.iN.([email protected] [o`...f,..B .."a..K..I..].U<.....;..u..]a... .X..PZ....".$..+...$...... ? .. ..3.t....2.}l.....Qp.N...... ?...."[email protected] .$...... @[email protected] .*.2...... Ka)"..wi....U.m(..k.nG..7.+...<9...)S:.L. >...j.....u.9..q.!Yy\.d.O6)f.d!.Mi ..+M.W.a..>....WC.s..c..INI..K..[Q...Y.A...&g..C...o....b..,.:....U._.QK...... c..;|U.U.Ol7a.1.."dH.u...... /4...... VlV.n..u.};..1.j..:.D..%[.q...... 3....T..z..LnI..9i.1..i.`.l....(6.b....X1..Dj.H .....`....W...b$..K.4...... v.M..=.|...Rl".*..?..C~.M...P....d....M.)...)6E.wQ8*m.W..T...e....i{.....y..L...... xP_..6..WW.8...&.?ZY;..X..?..c17.4.$.*..n.....b.q=..D.k..?1....`[..}..e3n5 _.M..B.R.T`..v.(=1\.u'(....U..V.!Lw.L]...C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATZL2J9G\Inter-BoldItalic.d4f1ac27c3c1[1].woff
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Web Open Font Format, TrueType, length 134752, version 0.0 Size (bytes): 404735 Entropy (8bit): 7.994101811067346 Encrypted: true MD5: 5AAD0ED543BA855FF12EFEA6EF1B91ED SHA1: E9C83183EFD79158A4878AE18D17B58686AA6677 SHA-256: BA8C582628D0FE698C252B963901D3B3B8B9B83C2A845DBEB29D7296FD22F43B SHA-512: 2140D56818F787EB37CBB4AAECD4C9FAF1B84F474818AD8C9137B140501E244B5200B62FC35E8803233CDBFC6E6BAEBB256A7016BF8B191128E2EAB2B429A07 E Malicious: false Reputation: low Preview: wOFF...... `...... GDEF...0...... '..GPOS...... 9....v..zeGSUB..<...... 3.Fq-.OS/2..V....[...`#.p.cmap..WH..*B..n.....glyf...... ?.....w...head...d...4...6....hhea...... $...$ .J..hmtx...... %....Aloca...... w.....ON.maxp...... name...8...G....6Od.post.....%...d.i...x.%..D.Q...s.=..W.o..J"@...^..I..L..`3S)d.*.b.e... .d+H...z..G.cc.".e_v.|...... N.K .nR. %..RyA*c..T>..gR.B*G..Tk..3..z..Vm.6m.vm...... 9..e].5]...P...%<.c.h./..o.V.5..lv.uY.s}8.0.r.wy\p...p.`.....q..a....x....]...... {q...... ?.y..u..._.....~...... L}.g....5..;...E...... #..Z|l..dM.b-. e]..,.. ..8..,..<..*...[.._...... >...~..X.2V....xn...~.V..i.{..u....ex.#a.G.(.B._.7...... S...... w..d...)..t2..."~J*.&.x.\...R|..!f...... 8..D..0..Yx...... U...33....v-X...$.... m.<..P.....%A...... B.T.....(...J...7c.....'.....{..3..9....]..!....!a4j.....K...O.O.H!.?.e..M.L4.wu.p....J.s..A..J.5..M(."".....e..j.8...P...-#..*...u.r...3...... Ds.>..ln.'.I?d
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATZL2J9G\bolton-logo[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Copyright Joe Security LLC 2019 Page 22 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATZL2J9G\bolton-logo[1].jpg File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 144x51, frames 3 Size (bytes): 3390 Entropy (8bit): 7.869390785631055 Encrypted: false MD5: EA6CEDD053B4BC17F4E302748C16779E SHA1: 8020FE2198E5BCDCE7E51567D79A6352AE820654 SHA-256: 684ED8B45AA666584AB6D3015B77B54A51FE05409B88945FA8E00AD1977D795A SHA-512: 11BA03CAF9565C76BC606B2522A83C21A03C2C53D72BABAEFE7D832DA5C369F7C8536ECB0BF0BDEA256F38D96EB6FE5B07C0CBE07FB04174179A0B3C6F1A0 348 Malicious: false Reputation: low Preview: ...... JFIF.....`.`.....C...... $.' ",#..(7),01444.'9=82<.342...C...... 2!.!22222222222222222222222222222222222222222222222222...... 3...."...... }...... !1A..Qa."q.2....#B...R..$3br...... %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...... w...... !1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...... ?...(...... m.GM.mj.L.g.?.K..B....k..uit..4.7.u.j.G!.`X/.l.....7.g5..x..H.N...r...I.b...... u.-g...... jW"8R.0...+..G/...... !.mw...... j.%...Z.J!UC.I...... w..Js....k..6...O...... -..8.....(. .W..SO....Z.rJ.mA..W....2C..R|d.n$>.....-.E...S|lT.q....._...... ?...^.^...@{o.....(.n...@{o.....+^...... t.SW....hc.. Y.F.'h..Q..._...... ?...B.f...@._..?.E.k.?..j
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATZL2J9G\browser-window.c0dbff1968d6[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 30519 Entropy (8bit): 5.4434307615341355 Encrypted: false MD5: E99873238F90196B1EBA400EF565C538 SHA1: 68B6F026D416C960E1FEFB840B6F492BB21736A9 SHA-256: 9209D54E9F6EC8D2F8DE3FD2B24C2DEDAC05C444CEFB679B1FF7BB40224B30D4 SHA-512: FFA505DA819108C145E153BA1D1C907F465D5546B7E25AFA9FD1847EFA2CC17E1D5CA50AFCFB1F7830690AF9228C9CDFE89BD9F218586E9D5EA11C3DD3B84C 76 Malicious: false Reputation: low Preview: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATZL2J9G\chrome[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines Size (bytes): 160543 Entropy (8bit): 5.249801926051717 Encrypted: false MD5: 0AA5E58295824F3A0BB1FAC6CDC04AFC SHA1: E9DEEC64CEF85D8834D6FBDB83A3425C7D9C0CDF SHA-256: 26F2390F5922A2D265EA8F930762F882D091563124F8462552B6D24694E17495 SHA-512: 0C7B42B9A59E1373B5A4A3BD52B29AB3165FA1E574046A520893D090B03782D9F39B8DB83F32420456939E589D868664D4D15953C263E717BCCBCC831923EBF0 Malicious: false Reputation: low Preview: [if IE 9 ]>. [if IE 8 ]>. [if IE 7 ]>. [if IE 6 ]>. [if (gte IE 10)|!(IE)]> >. .
.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATZL2J9G\icon-lockwise.fd3cb415598a[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 6488 Entropy (8bit): 4.143864658703291 Encrypted: false MD5: FD3CB415598ACB7C621DE0138EB58B21 SHA1: 84B377E7ADF7F17E5A54F0A899BF7F4081561577 SHA-256: 9CD49AFC7A5B079B87AAA2D756216AB73CDE6D9C7C4D40C4CC2D171C8DD128CF SHA-512: 9C1263403170072A8DD3B0113748A86021DDA91A5E140DC6648715D1CF0D79D2DECC126AB822BDA98F8B60D7F0BA326F2BA15A604BBAF001FC29C20931DF9A18 Malicious: false Reputation: low Preview: . .
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATZL2J9G\src=2542116;type=chrom322;cat=chrom01g;ord=7327959464668;gtm=2 wg651;auiddc=1064299426.1560894470;_dc_1=3;~oref=https___www.google[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with no line terminators Size (bytes): 194 Entropy (8bit): 5.144203472842556 Encrypted: false MD5: 5EDEA4CDE2C1A9C8E8150DEAF71CE73D SHA1: 725019DAAF24DED79DCAAC96C897CC4727CC8B35 SHA-256: 05978957C6C8B028F2785DC77271C286BFAC76E30B7BCD7E835C2927FBE897CF SHA-512: E55349AB79FEF70C5DF45009E9EA2E4CA57678305A25B3279CFFAD472192654FE86E30B9471313243FB081D7B2C2958E8F888F87C648AAE5FF00E289C69B615E Malicious: false Reputation: low Preview:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATZL2J9G\white.612a25fa976b[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Size (bytes): 1681 Entropy (8bit): 4.260998654106102 Encrypted: false MD5: 612A25FA976BDE642CFC704BD0D7B444 SHA1: FA48738D778FC15C647AAB7D2ED37010CDF476EF SHA-256: 10E83E7200E5F2061C4A3CFDE2B1F62CDE199B863882A2BF4AC566AD8FCAD993 SHA-512: D3BCD412A98E778A3CFFE7D1A71F1EF81AF92F76C272A21606479C2D27F50192F2004C888D73AE99250FE8B7C7DB2D2851B5EE5256505F565FAE795E88B155CF Malicious: false Reputation: low Preview: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LTYLVBDO\chrome-logo[1].svg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: SVG Scalable Vector Graphics image Copyright Joe Security LLC 2019 Page 25 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LTYLVBDO\chrome-logo[1].svg Size (bytes): 28227 Entropy (8bit): 5.398523627630675 Encrypted: false MD5: 92A8B48851B6D9E9CC4E229084B92245 SHA1: B708B84FF84D93CDD9DA76EEAC4B70EDA3FB238B SHA-256: 620A5BEDF60CF042423F8DC536BF082618C64DAE1B4B7415EC11F8C1921C25CD SHA-512: 2FF8BCAEE9ACEE8CAC0159FDD456CB4BFE3B4925B47F7410D33FE6D0EE632AFD3E873E0B3B0BFEEBD0283AADA9EA1092AD862A452FB92245841EE085187FC A24 Malicious: false Reputation: low Preview: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LTYLVBDO\font[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 1959 Entropy (8bit): 5.216495712274938 Encrypted: false MD5: BF0AC8E1946A44C360867007ECC961B5 SHA1: A908CBF912E3DC9C216B768F8AAB998C74291CD7 SHA-256: B6D401B57268B4D24DA99878D41E4C4DC9746073868786FA5776CC280B7F20EE SHA-512: 0A655E26BDC15F13EAACF8E6B15AD637D9C8C879FDA923586F307945A74B52121E15A92204176C8C82C39D34AE2FEAE9267696EEAD3BAED26930448FB3DE13B 5 Malicious: false Reputation: low Preview: /*. * See: https://fonts.google.com/license/googlerestricted. */.@font-face {. font-display: swap;. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. src: l ocal('Google Sans Regular'), local('GoogleSans-Regular'),. url(/chrome/static/fonts/google-sans/web-font/GoogleSans-Regular.eot) format('embedded-opentype'),. url(/chrome/static/fonts/google-sans/web-font/GoogleSans-Regular.woff2) format('woff2'),. url(/chrome/static/fonts/google-sans/web-font/GoogleSans-Regular.woff) fo rmat('woff'),. url(/chrome/static/fonts/google-sans/web-font/GoogleSans-Regular.ttf) format('truetype');. unicode-range: U+0370-03FF, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116, U+0102-0103, U+0110-0111, U+1EA0-1EF9, U+20AB, U+0100-024F, U+0259, U+1E00-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF, U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LTYLVBDO\font[2].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Size (bytes): 1087 Entropy (8bit): 4.720763780308308 Encrypted: false MD5: 4D75B0704934E3635945DDAC5AF0AA66 SHA1: C1E5EAD73FAE0DFF2549F7824DC64AFE59D9E4A0 SHA-256: D65FC27531DAFA04262CB3966BF5ECDEF0AC5484B7BC2DE54B780E0CD85062C6 SHA-512: 0087836A40C775D60932E587CD1A4468840FA8C5A1296CDD26E68A54B143BDA25E94AA60A5C854B72E7F9BACAC12F64F0EFDF79060AC76425F3550FC20821CC3 Malicious: false Reputation: low Preview: /*. * See: https://fonts.google.com/license/googlerestricted. */.@font-face {. font-display: swap;. font-family: 'Roboto ';. font-style: normal;. font-weight: 400;. src: local( 'Roboto'), local('Roboto-Regular'),. url(/chrome/static/fonts/roboto/web-font/Roboto-Regular.eot) format('embedded-opentype'),. url(/chrome/static/fonts/robot o/web-font/Roboto-Regular.woff2) format('woff2'),. url(/chrome/static/fonts/roboto/web-font/Roboto-Regular.woff) format('woff'),. url(/chrome/static/fonts/rob oto/web-font/Roboto-Regular.ttf) format('truetype');.}.@font-face {. font-display: swap;. font-family: 'Roboto';. font-style: normal;. font-weight: 500;. src: local('Roboto Me dium'), local('Roboto-Medium'),. url(/chrome/static/fonts/roboto/web-font/Roboto-Medium.eot) format('embedded-opentype'),. url(/chrome/static/fonts/roboto/web- font/Roboto-Medium.woff2) format('woff2'),. url(/chrome/static/fonts/roboto/web-font/Roboto-Medium.woff) format('woff'),.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LTYLVBDO\google-chrome-logo[1].jpg Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 160x24, frames 3 Size (bytes): 2745 Entropy (8bit): 7.741604826071945 Encrypted: false MD5: DABB508820425E63D8138A1F7E94FDE0 SHA1: E16615B860F2C203488E000CA7C489D49B2B5521 SHA-256: 84D5A4525BE1835AE8F3DEA212A449572B0200C0AA1CBD5D0CFB68783B6034F9 SHA-512: 6723552796917C2841DAD928F7912DE2E6F1B9967DF099BC6D49C724B84275AF807E44B503F30B50ADE8F12645394B709EB72B33C51262D8BE795FF5DBD4A49C Malicious: false Reputation: low Copyright Joe Security LLC 2019 Page 26 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LTYLVBDO\google-chrome-logo[1].jpg Preview: ...... JFIF...... C...... C...... x.N..Z.o 9[..{.`{...MM..Xs..5A"...... 3.B...?D..2.\...... W.C...O./..Ve-...... T/..l"6ftkq..TV.^o.,-..Z...L...*.7 %FTZ..sj.@.....$...... !12"...... G.v.m..[.W...!.7....[.~..h.E..f.^... T#..y|...Y"....#..3.*.U..b...F.X........v*...e)m.]k.....O.9.,M.7...Ek....;..YJe...... R..:...... K.n..;..*QF.0...N.G7./._..O>=#.V#...UF....O^.$~.z#|.^...5.?...... )...1g.N....2.Qc...... A....XL.R.)$....N. ~(X..^sch...u....|.G*.1..2..a.d.Tf.._.'.?.._..+..:.f...+.#....LM-... ..|.lo..Lt|.J.4._....VzH.....g.....J.NH.....8!o.!...... *.&.C.~c+.p....5...GsA.5.%n.:} E...=...g1...}....:.P...... f.b..r.X..;.P..].2.".t3D..h.8.:.....)3.IW...l(l.|..7,fD..5xL...6...h..d.q
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LTYLVBDO\installer.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Size (bytes): 88794 Entropy (8bit): 5.485377435706364 Encrypted: false MD5: A784FEEF4923CC535FAFA54CA9A7B64D SHA1: DDC19EFFB954EE0397A53C2B53C2272FD3B96F4D SHA-256: DEE564A46EF60B0AABB6962B206648975C47D942EFB6DDDBA7D1EE147BE763DF SHA-512: 7D72E396BA5AF7D5ECD7C81C04F96151F8BF8DD7B9644B678C6512DFB1B1DB6FD58EF3D36B932E12083606C458B9560FC542720279C05A76EC968E385DED0A5F Malicious: false Reputation: low Preview: (function(){var h,aa="function"==typeof Object.create?Object.create:function(a){function b(){}b.prototype=a;return new b},ba;if("function"==typeof Object.setPrototypeOf)b a=Object.setPrototypeOf;else{var ca;a:{var da={Db:!0},ea={};try{ea.__proto__=da;ca=ea.Db;break a}catch(a){}ca=!1}ba=ca?function(a,b){a.__proto__=b;if(a.__proto_ _!==b)throw new TypeError(a+" is not extensible");return a}:null}var fa=ba,k=this;function m(a){return"string"==typeof a}function ha(){}.function n(a){var b=typeof a;if(" object"==b)if(a){if(a instanceof Array)return"array";if(a instanceof Object)return b;var c=Object.prototype.toString.call(a);if("[object Window]"==c)return"object";if("[object Array]"==c||"number"==typeof a.length&&"undefined"!=typeof a.splice&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("splice"))return"array";if(" [object Function]"==c||"undefined"!=typeof a.call&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("call"))return"function"}else return"nul
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LTYLVBDO\login[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text, with very long lines Size (bytes): 16399 Entropy (8bit): 5.222331525604706 Encrypted: false MD5: E6762E6D4C522B76E9CA95E72B5582C4 SHA1: 4363211BC9FE1D703D44F202608A391856B347EF SHA-256: 0709B04082EAC5D79ADD5D3FFAC2A32CA41233A4C2659B7D9F6F2004521C7078 SHA-512: FF856D93BF0748E8C000F149BC57A2AF358D25E243E624D04B23FD71FE47A955EA1468082CD95A9E1C387B72B9D6F3A748192521E86FFADC4B7FB4785B834FD0 Malicious: false Reputation: low Preview: ..
. Bolton FTP WebInterface .. C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LTYLVBDO\main.v2.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Size (bytes): 35946 Entropy (8bit): 5.393661023745603
Copyright Joe Security LLC 2019 Page 27 of 43 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\LTYLVBDO\main.v2.min[1].js Encrypted: false MD5: BC8A3A09444356F0557AE8B024D1359C SHA1: 9EE9DF08CDF6E2D6CA0965E09F8A36C3254428EA SHA-256: EE8874B817189D5B5252926C1C0E2C5AA3534890B4846168587B003E3AE310EA SHA-512: FC9BE5D0A1C3EC723BB5A912B1A77388A3658CBD56303758BB5D608F4902E38283956A992402733159804FDC477E9F703A170A7D60EFF1C660FEF4D58A17A59F Malicious: false Reputation: low Preview: (function(){var aa="function"==typeof Object.create?Object.create:function(a){function b(){}b.prototype=a;return new b},h;if("function"==typeof Object.setPrototypeOf)h=Ob ject.setPrototypeOf;else{var l;a:{var ba={J:!0},ca={};try{ca.__proto__=ba;l=ca.J;break a}catch(a){}l=!1}h=l?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new TypeE rror(a+" is not extensible");return a}:null}var da=h;.function m(a,b){a.prototype=aa(b.prototype);a.prototype.constructor=a;if(da)da(a,b);else for(var c in b)if("prototyp e"!=c)if(Object.defineProperties){var d=Object.getOwnPropertyDescriptor(b,c);d&&Object.defineProperty(a,c,d)}else a[c]=b[c];a.F=b.prototype}var ea="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){a!=Array.prototype&&a!=Object.prototype&&(a[b]=c.value)},n="undefined"!=typeof window&&windo w===this?this:"undefined"!=typeof global&&null!=global?global:this;.function fa(){fa=function(){};n.Symbol||(n.Symbol=ha)}var ha=function(){var a=0;return function(b){ret
C:\Users\user\AppData\Local\Temp\~DF2B74FBCEE662ADDE.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Size (bytes): 64520 Entropy (8bit): 1.0768094211337296 Encrypted: false MD5: DD5BA842AFB6E0404BB03583B0EDF21E SHA1: 9C4F205F494930C24B04664D658EC440235E6DD8 SHA-256: FDAA00AAB050A97ADC7308043E730F80A6E1EB51DFF5435B1874C102D75F6E54 SHA-512: 75B4E3B6131DB80FC48DD79701894173324474EDD398D0AAB5745C36CEA84BA9D469E9B49DE40458D325D460CA8311483E763E9CC4B1159928B4116B5DFE0704 Malicious: false Reputation: low Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(......
C:\Users\user\AppData\Local\Temp\~DF60D318C04115785C.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Size (bytes): 25441 Entropy (8bit): 0.27918767598683664 Encrypted: false MD5: AB889A32AB9ACD33E816C2422337C69A SHA1: 1190C6B34DED2D295827C2A88310D10A8B90B59B SHA-256: 4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA SHA-512: BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6 Malicious: false Reputation: low Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(......
C:\Users\user\AppData\Local\Temp\~DF99011B036D2C8037.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Size (bytes): 13029 Entropy (8bit): 0.4793602534133037 Encrypted: false MD5: 990DCD54A94AC47ADD51B8D8994F563B SHA1: 556C60ECCB0960EBFD946BF55BB559328A4133F9 SHA-256: 10776AA0E903E6C84FEEEC0A77C683B526DCFE9B37CF98E5AABE810D5D1A5A16 SHA-512: 5222DF44FA9D7D67C61BC4AACA260659EB30233AA9F884F3A6982BC3C0D21BC3ABB36975BEEB67F3E0707F81CF9663BCA6FC9D82E3DEE7312B6E9ED13876A4 6B Malicious: false Reputation: low Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(......
Copyright Joe Security LLC 2019 Page 28 of 43 Domains and IPs
Contacted Domains
Name IP Active Malicious Antivirus Detection Reputation dart.l.doubleclick.net 216.58.208.102 true false high pagead46.l.doubleclick.net 172.217.17.98 true false high ftp.webolton.com 70.62.117.198 true false 0%, virustotal, Browse unknown stats.l.doubleclick.net 172.217.218.157 true false high getfirefox.com 63.245.208.212 true false high www.google.ch 172.217.20.67 true false high mozilla.org 63.245.208.195 true false high 2542116.fls.doubleclick.net unknown unknown false high adservice.google.ch unknown unknown false high www.getfirefox.com unknown unknown false high stats.g.doubleclick.net unknown unknown false high
Contacted URLs
Name Malicious Antivirus Detection Reputation ftp.webolton.com/WebInterface/login.html false 0%, virustotal, Browse unknown Avira URL Cloud: safe ftp.webolton.com/WebInterface/jQuery/js/jquery.blockUI.js false Avira URL Cloud: safe unknown ftp.webolton.com/favicon.ico false Avira URL Cloud: safe unknown ftp.webolton.com/WebInterface/jQuery/images/button-bg.png false Avira URL Cloud: safe unknown www.getfirefox.com/ false high ftp.webolton.com/WebInterface/jQuery/js/jquery-ui-1.8.2.custom.min.js false Avira URL Cloud: safe unknown ftp.webolton.com/WebInterface/images/wheel.gif false Avira URL Cloud: safe unknown ftp.webolton.com/WebInterface/jQuery/js/jquery-1.4.2.min.js false Avira URL Cloud: safe unknown ftp.webolton.com/WebInterface/images/bolton-logo.JPG false Avira URL Cloud: safe unknown ftp.webolton.com/WebInterface/jQuery/css/login.css false Avira URL Cloud: safe unknown ftp.webolton.com/ false 0%, virustotal, Browse unknown Avira URL Cloud: safe
URLs from Memory and Binaries
Name Source Malicious Antivirus Detection Reputation docs.jquery.com/UI/Dialog jquery-ui-1.8.2.custom.min[1].js.2.dr false high docs.jquery.com/UI/Effects/Clip jquery-ui-1.8.2.custom.min[1].js.2.dr false high {A77869D5-9212-11E9-AADD-44C1B false Avira URL Cloud: safe unknown ftp.webolton.com/WebInterface/login.html/chrome/face/login.ht 3FB757B}.dat.1.dr mlRoot docs.jquery.com/UI/Effects/Transfer jquery-ui-1.8.2.custom.min[1].js.2.dr false high https://stats.g.doubleclick.net/r/collect? ScrollMagic.min[1].js.2.dr false high t=dc&aip=1&_r=3& docs.jquery.com/UI/Accordion jquery-ui-1.8.2.custom.min[1].js.2.dr false high https://blog.google/products/chrome/ chrome[1].htm.2.dr false high ftp.weboltRoot {A77869D5-9212-11E9-AADD-44C1B false Avira URL Cloud: safe unknown 3FB757B}.dat.1.dr docs.jquery.com/UI/Tabs jquery-ui-1.8.2.custom.min[1].js.2.dr false high https://www.youtube.com chrome[1].htm.2.dr false high https://www.youtube.com/iframe_api main.v2.min[1].js.2.dr false high www.opensource.org/licenses/mit-license.php jquery.blockUI[1].js.2.dr false high https://careers.mozilla.org new[1].htm.2.dr false high docs.jquery.com/UI/Effects/Blind jquery-ui-1.8.2.custom.min[1].js.2.dr false high https://www.chromium.org/chromium-os chrome[1].htm.2.dr false high scrollmagic.io installer.min[1].js.2.dr false high https://mozilla.org/set_hsts.gif new[1].htm.2.dr false high https://www.instagram.com/mozilla/ new[1].htm.2.dr false high ScrollMagic.min[1].js.2.dr false high https://github.com/krux/postscribe/blob/master/LICENSE. ftp.webolton.com/WebInterface/login.htmlRoot {A77869D5-9212-11E9-AADD-44C1B false Avira URL Cloud: safe unknown 3FB757B}.dat.1.dr https://stats.g.doubleclick.net/j/collect ScrollMagic.min[1].js.2.dr false high www.reddit.com/ msapplication.xml5.1.dr false high https://chromium.googlesource.com/chromium/src/ chrome[1].htm.2.dr false high https://www.youtube.com/googlechrome chrome[1].htm.2.dr false high
Copyright Joe Security LLC 2019 Page 29 of 43 Name Source Malicious Antivirus Detection Reputation HTTP://WWW.MPEGLA.COM. chrome[1].htm.2.dr false high https://www.chromium.org/ chrome[1].htm.2.dr false high https://twitter.com/mozilla new[1].htm.2.dr false high https://bugzilla.mozilla.org/show_bug.cgi? new[1].htm.2.dr false high id=1122305#c8 docs.jquery.com/UI jquery-ui-1.8.2.custom.min[1].js.2.dr false high https://support.mozilla.org/kb/refresh-firefox-reset-add- new[1].htm.2.dr false high ons-and-settings?utm_source=mozilla.org& https://www.wikidata.org/wiki/Q777 chrome[1].htm.2.dr false high docs.jquery.com/UI/Effects/Highlight jquery-ui-1.8.2.custom.min[1].js.2.dr false high docs.jquery.com/UI/Effects/Fold jquery-ui-1.8.2.custom.min[1].js.2.dr false high https://s.ytimg.com chrome[1].htm.2.dr false high https://www.google.%/ads/ga-audiences ScrollMagic.min[1].js.2.dr false high docs.jquery.com/UI/Mouse jquery-ui-1.8.2.custom.min[1].js.2.dr false high ~DF2B74FBCEE662ADDE.TMP.1.dr false high https://2542116.fls.doubleclick.net/activityi;src=2542116;type= chrom322;cat=chrom01g;ord=73279594646 docs.jquery.com/UI/Effects/Drop jquery-ui-1.8.2.custom.min[1].js.2.dr false high ftp.webolton.com/WebInterface/login.htmlg/en- {A77869D5-9212-11E9-AADD-44C1B false Avira URL Cloud: safe unknown US/firefox/new/?redirect_soon.com/WebInterface/l 3FB757B}.dat.1.dr docs.jquery.com/UI/Sortables jquery-ui-1.8.2.custom.min[1].js.2.dr false high www.youtube.com/ msapplication.xml8.1.dr false high malsup.com/jquery/block/ jquery.blockUI[1].js.2.dr false high https://support.mozilla.org/products/ios/? new[1].htm.2.dr false high utm_source=mozilla.org&utm_medium=referral&utm_cam jqueryui.com/about) jquery-ui-1.8.2.custom.min[1].js.2.dr false high www.gnu.org/licenses/gpl.html jquery.blockUI[1].js.2.dr false high docs.jquery.com/UI/Selectables jquery-ui-1.8.2.custom.min[1].js.2.dr false high https://support.mozilla.org/kb/install-firefox-linux new[1].htm.2.dr false high docs.jquery.com/UI/Effects/Slide jquery-ui-1.8.2.custom.min[1].js.2.dr false high https://www.youtube.com/user/googlechrome chrome[1].htm.2.dr false high jquery.org/license jquery-1.4.2.min[1].js.2.dr false high sizzlejs.com/ jquery-1.4.2.min[1].js.2.dr false high https://www.getfirefox.com/ 0OT1P45M.htm.2.dr false high www.amazon.com/ msapplication.xml.1.dr false high www.twitter.com/ msapplication.xml6.1.dr false high https://foundation.mozilla.org new[1].htm.2.dr false high docs.jquery.com/UI/Resizables jquery-ui-1.8.2.custom.min[1].js.2.dr false high docs.jquery.com/UI/Effects/Shake jquery-ui-1.8.2.custom.min[1].js.2.dr false high docs.jquery.com/UI/Datepicker jquery-ui-1.8.2.custom.min[1].js.2.dr false high schema.org chrome[1].htm.2.dr false high docs.jquery.com/UI/Droppables jquery-ui-1.8.2.custom.min[1].js.2.dr false high docs.jquery.com/UI/Autocomplete jquery-ui-1.8.2.custom.min[1].js.2.dr false high ftp.webolton.com/favicon.ico~ imagestore.dat.2.dr false Avira URL Cloud: safe unknown modernizr.com/download/#-fontface-backgroundsize- installer.min[1].js.2.dr false high borderimage-borderradius-boxshadow-flexbox-f docs.jquery.com/UI/Widget jquery-ui-1.8.2.custom.min[1].js.2.dr false high https://twitter.com/googlechrome chrome[1].htm.2.dr false high www.mpegla.com chrome[1].htm.2.dr false high https://blog.mozilla.org/press/ new[1].htm.2.dr false high https://2542116.fls.doubleclick.net chrome[1].htm.2.dr false high https://www.mozilla.or {A77869D5-9212-11E9-AADD-44C1B false high 3FB757B}.dat.1.dr https://static.doubleclick.net chrome[1].htm.2.dr false high www.apache.org/licenses/LICENSE-2.0 installer.min[1].js.2.dr false high https://schema.org/WebPage chrome[1].htm.2.dr false high www.nytimes.com/ msapplication.xml4.1.dr false high docs.jquery.com/UI/Position jquery-ui-1.8.2.custom.min[1].js.2.dr false high https://support.mozilla.org/kb/firefox-osx new[1].htm.2.dr false high https://bugzilla.mozilla.org/ new[1].htm.2.dr false high https://googleads.g.doubleclick.net chrome[1].htm.2.dr false high docs.jquery.com/UI/Effects/Bounce jquery-ui-1.8.2.custom.min[1].js.2.dr false high ftp.webolton.com/WebInterface/login.html.Bolton ~DF2B74FBCEE662ADDE.TMP.1.dr false Avira URL Cloud: safe unknown docs.jquery.com/UI/Slider jquery-ui-1.8.2.custom.min[1].js.2.dr false high docs.jquery.com/UI/Effects/Pulsate jquery-ui-1.8.2.custom.min[1].js.2.dr false high docs.jquery.com/UI/Effects/ jquery-ui-1.8.2.custom.min[1].js.2.dr false high
Copyright Joe Security LLC 2019 Page 30 of 43 Name Source Malicious Antivirus Detection Reputation https://developer.chrome.com/webstore/?hl=en chrome[1].htm.2.dr false high {A77869D5-9212-11E9-AADD-44C1B false Avira URL Cloud: safe unknown ftp.webolton.com/WebInterface/login.htmlon.com/WebInterfac 3FB757B}.dat.1.dr e/login.html docs.jquery.com/UI/Effects/Scale jquery-ui-1.8.2.custom.min[1].js.2.dr false high docs.jquery.com/UI/Draggables jquery-ui-1.8.2.custom.min[1].js.2.dr false high https://support.mozilla.org/products/mobile/? new[1].htm.2.dr false high utm_source=mozilla.org&utm_medium=referral&utm_ www.wikipedia.com/ msapplication.xml7.1.dr false high www.live.com/ msapplication.xml3.1.dr false high
Contacted IPs
No. of IPs < 25% 25% < No. of IPs < 50%
50% < No. of IPs < 75% 75% < No. of IPs
Public
IP Country Flag ASN ASN Name Malicious 216.58.208.98 United States 15169 unknown false 63.245.208.212 United States 36856 unknown false 172.217.218.157 United States 15169 unknown false 216.58.208.102 United States 15169 unknown false 70.62.117.198 United States 11426 unknown false 172.217.20.67 United States 15169 unknown false 172.217.17.98 United States 15169 unknown false 63.245.208.195 United States 36856 unknown false
Static File Info
No static file info
Network Behavior
Network Port Distribution
Copyright Joe Security LLC 2019 Page 31 of 43 Total Packets: 91 • 53 (DNS) • 80 (HTTP)
TCP Packets
Timestamp Source Port Dest Port Source IP Dest IP Jun 18, 2019 14:47:26.366147995 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:26.366647005 CEST 49722 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:26.711462975 CEST 80 49722 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:26.711522102 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:26.711963892 CEST 49722 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:26.712021112 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:26.718832016 CEST 49722 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:26.934998035 CEST 80 49722 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:26.935189009 CEST 49722 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:26.936326981 CEST 80 49722 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:26.936471939 CEST 49722 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:26.947793961 CEST 49722 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:26.953205109 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.075557947 CEST 80 49722 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:27.176364899 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:27.176651955 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.186201096 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:27.186479092 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.296655893 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:27.296843052 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.306041956 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:27.306076050 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:27.306246042 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.592641115 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.605679035 CEST 49723 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.606555939 CEST 49724 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.607465982 CEST 49725 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.608505011 CEST 49726 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.612884045 CEST 49727 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.735049009 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:27.735236883 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.735644102 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:27.735735893 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:27.735766888 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.736202955 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.855895996 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:27.856108904 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.858741999 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.957418919 CEST 80 49723 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:27.957583904 CEST 49723 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.958661079 CEST 49723 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.976756096 CEST 80 49725 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:27.976799011 CEST 80 49724 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:27.976819038 CEST 80 49726 70.62.117.198 192.168.2.7
Copyright Joe Security LLC 2019 Page 32 of 43 Timestamp Source Port Dest Port Source IP Dest IP Jun 18, 2019 14:47:27.976838112 CEST 80 49727 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:27.977058887 CEST 49725 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.977087975 CEST 49724 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.977099895 CEST 49726 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.977111101 CEST 49727 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.977751970 CEST 49725 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.980592966 CEST 49724 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.983314991 CEST 49726 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.988137960 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:27.988243103 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.996423960 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:27.996552944 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.997947931 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:27.998074055 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.999067068 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:27.999198914 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:27.999538898 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:27.999708891 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:28.000076056 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:28.000219107 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:28.000631094 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:28.000732899 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:28.116837978 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:28.117017031 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:28.117355108 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:28.117470026 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:28.125648022 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:28.125749111 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:28.125809908 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:28.126283884 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:28.126535892 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:28.126708031 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:28.126758099 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:28.126903057 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:28.127520084 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:28.127649069 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:28.135945082 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:28.136081934 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:28.136089087 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:28.136182070 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:28.136945009 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:28.137063980 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:28.137420893 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:28.137543917 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:28.137949944 CEST 80 49725 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:28.137984991 CEST 80 49724 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:28.138006926 CEST 80 49723 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:28.138067961 CEST 80 49721 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:28.138149023 CEST 49725 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:28.138170958 CEST 49724 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:28.138183117 CEST 49723 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:28.138277054 CEST 49721 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:28.138741970 CEST 80 49725 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:28.138876915 CEST 49725 80 192.168.2.7 70.62.117.198 Jun 18, 2019 14:47:28.146224976 CEST 80 49724 70.62.117.198 192.168.2.7 Jun 18, 2019 14:47:28.146292925 CEST 80 49724 70.62.117.198 192.168.2.7
UDP Packets
Timestamp Source Port Dest Port Source IP Dest IP Jun 18, 2019 14:47:24.472171068 CEST 53749 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:24.494585991 CEST 53 53749 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:26.207073927 CEST 50979 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:26.343472958 CEST 53 50979 8.8.8.8 192.168.2.7
Copyright Joe Security LLC 2019 Page 33 of 43 Timestamp Source Port Dest Port Source IP Dest IP Jun 18, 2019 14:47:44.122507095 CEST 55889 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:44.151441097 CEST 53 55889 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:44.407238960 CEST 64824 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:44.421639919 CEST 53 64824 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:44.775870085 CEST 49878 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:44.805104017 CEST 53 49878 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:45.081790924 CEST 59897 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:45.095984936 CEST 53 59897 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:45.882920027 CEST 64246 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:45.911474943 CEST 53 64246 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:50.198077917 CEST 50037 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:50.227400064 CEST 53 50037 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:50.312448978 CEST 54422 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:50.341638088 CEST 53 54422 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:50.367649078 CEST 60622 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:50.382045031 CEST 53 60622 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:50.595069885 CEST 58629 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:50.623500109 CEST 53 58629 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:51.211102962 CEST 51456 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:51.213234901 CEST 50037 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:51.225684881 CEST 53 51456 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:51.242280960 CEST 53 50037 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:51.497271061 CEST 63134 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:51.526902914 CEST 53 63134 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:52.018050909 CEST 54959 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:52.032546043 CEST 53 54959 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:52.219347954 CEST 50037 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:52.233854055 CEST 53 50037 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:53.149914980 CEST 49491 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:53.164288998 CEST 53 49491 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:53.834160089 CEST 56754 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:53.849282980 CEST 53 56754 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:54.418314934 CEST 50037 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:54.432879925 CEST 53 50037 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:54.980578899 CEST 58902 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:54.998951912 CEST 53 58902 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:55.112061977 CEST 59334 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:55.125895023 CEST 53 59334 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:56.050851107 CEST 58902 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:56.065359116 CEST 53 58902 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:56.104806900 CEST 59334 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:56.118598938 CEST 53 59334 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:57.097754002 CEST 58902 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:57.111515999 CEST 59334 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:57.111928940 CEST 53 58902 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:57.125930071 CEST 53 59334 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:58.421087980 CEST 50037 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:58.435652018 CEST 53 50037 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:59.108982086 CEST 58902 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:59.123096943 CEST 53 58902 8.8.8.8 192.168.2.7 Jun 18, 2019 14:47:59.124536991 CEST 59334 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:47:59.138118029 CEST 53 59334 8.8.8.8 192.168.2.7 Jun 18, 2019 14:48:03.120167971 CEST 58902 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:48:03.134434938 CEST 53 58902 8.8.8.8 192.168.2.7 Jun 18, 2019 14:48:03.135577917 CEST 59334 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:48:03.149688959 CEST 53 59334 8.8.8.8 192.168.2.7 Jun 18, 2019 14:48:14.108633041 CEST 53228 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:48:14.131361961 CEST 53 53228 8.8.8.8 192.168.2.7 Jun 18, 2019 14:48:15.118146896 CEST 53228 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:48:15.132508039 CEST 53 53228 8.8.8.8 192.168.2.7 Jun 18, 2019 14:48:16.149926901 CEST 53228 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:48:16.164513111 CEST 53 53228 8.8.8.8 192.168.2.7 Jun 18, 2019 14:48:18.138437033 CEST 53228 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:48:18.153758049 CEST 53 53228 8.8.8.8 192.168.2.7
Copyright Joe Security LLC 2019 Page 34 of 43 Timestamp Source Port Dest Port Source IP Dest IP Jun 18, 2019 14:48:22.149892092 CEST 53228 53 192.168.2.7 8.8.8.8 Jun 18, 2019 14:48:22.163768053 CEST 53 53228 8.8.8.8 192.168.2.7
DNS Queries
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class Jun 18, 2019 14:47:26.207073927 CEST 192.168.2.7 8.8.8.8 0x4746 Standard query ftp.webolton.com A (IP address) IN (0x0001) (0) Jun 18, 2019 14:47:50.312448978 CEST 192.168.2.7 8.8.8.8 0xb769 Standard query 2542116.fl A (IP address) IN (0x0001) (0) s.doubleclick.net Jun 18, 2019 14:47:50.367649078 CEST 192.168.2.7 8.8.8.8 0x942d Standard query stats.g.do A (IP address) IN (0x0001) (0) ubleclick.net Jun 18, 2019 14:47:50.595069885 CEST 192.168.2.7 8.8.8.8 0x203e Standard query www.google.ch A (IP address) IN (0x0001) (0) Jun 18, 2019 14:47:51.497271061 CEST 192.168.2.7 8.8.8.8 0xf373 Standard query adservice. A (IP address) IN (0x0001) (0) google.ch Jun 18, 2019 14:47:52.018050909 CEST 192.168.2.7 8.8.8.8 0xf621 Standard query www.getfir A (IP address) IN (0x0001) (0) efox.com Jun 18, 2019 14:47:53.834160089 CEST 192.168.2.7 8.8.8.8 0xe936 Standard query mozilla.org A (IP address) IN (0x0001) (0)
DNS Answers
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Jun 18, 2019 8.8.8.8 192.168.2.7 0x4746 No error (0) ftp.webolt 70.62.117.198 A (IP address) IN (0x0001) 14:47:26.343472958 on.com CEST Jun 18, 2019 8.8.8.8 192.168.2.7 0xb769 No error (0) 2542116.fl dart.l.doubleclick.net CNAME IN (0x0001) 14:47:50.341638088 s.doubleclick.net (Canonical CEST name) Jun 18, 2019 8.8.8.8 192.168.2.7 0xb769 No error (0) dart.l.dou 216.58.208.102 A (IP address) IN (0x0001) 14:47:50.341638088 bleclick.net CEST Jun 18, 2019 8.8.8.8 192.168.2.7 0x942d No error (0) stats.g.do stats.l.doubleclick.net CNAME IN (0x0001) 14:47:50.382045031 ubleclick.net (Canonical CEST name) Jun 18, 2019 8.8.8.8 192.168.2.7 0x942d No error (0) stats.l.do 172.217.218.157 A (IP address) IN (0x0001) 14:47:50.382045031 ubleclick.net CEST Jun 18, 2019 8.8.8.8 192.168.2.7 0x942d No error (0) stats.l.do 172.217.218.156 A (IP address) IN (0x0001) 14:47:50.382045031 ubleclick.net CEST Jun 18, 2019 8.8.8.8 192.168.2.7 0x942d No error (0) stats.l.do 172.217.218.155 A (IP address) IN (0x0001) 14:47:50.382045031 ubleclick.net CEST Jun 18, 2019 8.8.8.8 192.168.2.7 0x942d No error (0) stats.l.do 172.217.218.154 A (IP address) IN (0x0001) 14:47:50.382045031 ubleclick.net CEST Jun 18, 2019 8.8.8.8 192.168.2.7 0x203e No error (0) www.google.ch 172.217.20.67 A (IP address) IN (0x0001) 14:47:50.623500109 CEST Jun 18, 2019 8.8.8.8 192.168.2.7 0x4886 No error (0) pagead46.l 172.217.17.98 A (IP address) IN (0x0001) 14:47:51.225684881 .doubleclick.net CEST Jun 18, 2019 8.8.8.8 192.168.2.7 0xf373 No error (0) adservice. pagead46.l.doubleclick.ne CNAME IN (0x0001) 14:47:51.526902914 google.ch t (Canonical CEST name) Jun 18, 2019 8.8.8.8 192.168.2.7 0xf373 No error (0) pagead46.l 216.58.208.98 A (IP address) IN (0x0001) 14:47:51.526902914 .doubleclick.net CEST Jun 18, 2019 8.8.8.8 192.168.2.7 0xf621 No error (0) www.getfir getfirefox.com CNAME IN (0x0001) 14:47:52.032546043 efox.com (Canonical CEST name) Jun 18, 2019 8.8.8.8 192.168.2.7 0xf621 No error (0) getfirefox.com 63.245.208.212 A (IP address) IN (0x0001) 14:47:52.032546043 CEST Jun 18, 2019 8.8.8.8 192.168.2.7 0xe936 No error (0) mozilla.org 63.245.208.195 A (IP address) IN (0x0001) 14:47:53.849282980 CEST
HTTP Request Dependency Graph
ftp.webolton.com www.getfirefox.com
Copyright Joe Security LLC 2019 Page 35 of 43 HTTP Packets
Session ID Source IP Source Port Destination IP Destination Port Process 0 192.168.2.7 49722 70.62.117.198 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
kBytes Timestamp transferred Direction Data Jun 18, 2019 1 OUT GET / HTTP/1.1 14:47:26.718832016 CEST Accept: text/html, application/xhtml+xml, image/jxr, */* Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: ftp.webolton.com Connection: Keep-Alive Jun 18, 2019 1 IN HTTP/1.0 302 Redirect 14:47:26.934998035 CEST
Session ID Source IP Source Port Destination IP Destination Port Process 1 192.168.2.7 49721 70.62.117.198 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
kBytes Timestamp transferred Direction Data Jun 18, 2019 1 OUT GET /WebInterface/login.html HTTP/1.1 14:47:26.953205109 CEST Accept: text/html, application/xhtml+xml, image/jxr, */* Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: ftp.webolton.com Connection: Keep-Alive Cookie: mainServerInstance=; CrushAuth=1560862095762_3YrdWX7Q6kavQdNGUfEN3J7Wb2vO50 Jun 18, 2019 2 IN HTTP/1.1 200 OK 14:47:27.176364899 CEST Jun 18, 2019 7 OUT GET /WebInterface/jQuery/css/login.css HTTP/1.1 14:47:27.592641115 CEST Accept: text/css, */* Referer: http://ftp.webolton.com/WebInterface/login.html Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: ftp.webolton.com Connection: Keep-Alive Cookie: mainServerInstance=; CrushAuth=1560862095762_3YrdWX7Q6kavQdNGUfEN3J7Wb2vO50 Jun 18, 2019 8 IN HTTP/1.1 200 OK 14:47:27.735049009 CEST Jun 18, 2019 10 OUT GET /WebInterface/jQuery/js/jquery-1.4.2.min.js HTTP/1.1 14:47:27.858741999 CEST Accept: application/javascript, */*;q=0.8 Referer: http://ftp.webolton.com/WebInterface/login.html Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: ftp.webolton.com Connection: Keep-Alive Cookie: mainServerInstance=; CrushAuth=1560862095762_3YrdWX7Q6kavQdNGUfEN3J7Wb2vO50 Jun 18, 2019 13 IN HTTP/1.1 200 OK 14:47:27.988137960 CEST
Session ID Source IP Source Port Destination IP Destination Port Process 2 192.168.2.7 49723 70.62.117.198 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
kBytes Timestamp transferred Direction Data Jun 18, 2019 11 OUT GET /WebInterface/jQuery/js/jquery-ui-1.8.2.custom.min.js HTTP/1.1 14:47:27.958661079 CEST Accept: application/javascript, */*;q=0.8 Referer: http://ftp.webolton.com/WebInterface/login.html Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: ftp.webolton.com Connection: Keep-Alive Cookie: mainServerInstance=; CrushAuth=1560862095762_3YrdWX7Q6kavQdNGUfEN3J7Wb2vO50 Jun 18, 2019 38 IN HTTP/1.1 200 OK 14:47:28.138006926 CEST
Copyright Joe Security LLC 2019 Page 36 of 43 kBytes Timestamp transferred Direction Data Jun 18, 2019 110 OUT GET /WebInterface/jQuery/images/button-end.png HTTP/1.1 14:47:29.988617897 CEST Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5 Referer: http://ftp.webolton.com/WebInterface/login.html Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: ftp.webolton.com Connection: Keep-Alive Cookie: mainServerInstance=; CrushAuth=1560862095762_3YrdWX7Q6kavQdNGUfEN3J7Wb2vO50 Jun 18, 2019 112 IN HTTP/1.1 200 OK 14:47:30.367721081 CEST Jun 18, 2019 114 OUT GET /favicon.ico HTTP/1.1 14:47:30.869659901 CEST Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: ftp.webolton.com Connection: Keep-Alive Cookie: mainServerInstance=; CrushAuth=1560862095762_3YrdWX7Q6kavQdNGUfEN3J7Wb2vO50 Jun 18, 2019 114 IN HTTP/1.1 200 OK 14:47:31.237109900 CEST
Session ID Source IP Source Port Destination IP Destination Port Process 3 192.168.2.7 49725 70.62.117.198 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
kBytes Timestamp transferred Direction Data Jun 18, 2019 12 OUT GET /WebInterface/jQuery/js/jquery.blockUI.js HTTP/1.1 14:47:27.977751970 CEST Accept: application/javascript, */*;q=0.8 Referer: http://ftp.webolton.com/WebInterface/login.html Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: ftp.webolton.com Connection: Keep-Alive Cookie: mainServerInstance=; CrushAuth=1560862095762_3YrdWX7Q6kavQdNGUfEN3J7Wb2vO50 Jun 18, 2019 38 IN HTTP/1.1 200 OK 14:47:28.137949944 CEST Jun 18, 2019 111 OUT GET /WebInterface/jQuery/images/button-bg.png HTTP/1.1 14:47:29.991956949 CEST Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5 Referer: http://ftp.webolton.com/WebInterface/login.html Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: ftp.webolton.com Connection: Keep-Alive Cookie: mainServerInstance=; CrushAuth=1560862095762_3YrdWX7Q6kavQdNGUfEN3J7Wb2vO50 Jun 18, 2019 111 IN HTTP/1.1 200 OK 14:47:30.136892080 CEST
Session ID Source IP Source Port Destination IP Destination Port Process 4 192.168.2.7 49724 70.62.117.198 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
kBytes Timestamp transferred Direction Data Jun 18, 2019 12 OUT GET /WebInterface/images/wheel.gif HTTP/1.1 14:47:27.980592966 CEST Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5 Referer: http://ftp.webolton.com/WebInterface/login.html Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: ftp.webolton.com Connection: Keep-Alive Cookie: mainServerInstance=; CrushAuth=1560862095762_3YrdWX7Q6kavQdNGUfEN3J7Wb2vO50 Jun 18, 2019 38 IN HTTP/1.1 200 OK 14:47:28.137984991 CEST
Session ID Source IP Source Port Destination IP Destination Port Process 5 192.168.2.7 49726 70.62.117.198 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
kBytes Timestamp transferred Direction Data
Copyright Joe Security LLC 2019 Page 37 of 43 kBytes Timestamp transferred Direction Data Jun 18, 2019 13 OUT GET /WebInterface/images/bolton-logo.JPG HTTP/1.1 14:47:27.983314991 CEST Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5 Referer: http://ftp.webolton.com/WebInterface/login.html Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: ftp.webolton.com Connection: Keep-Alive Cookie: mainServerInstance=; CrushAuth=1560862095762_3YrdWX7Q6kavQdNGUfEN3J7Wb2vO50 Jun 18, 2019 45 IN HTTP/1.1 200 OK 14:47:28.215934992 CEST
Session ID Source IP Source Port Destination IP Destination Port Process 6 192.168.2.7 49750 63.245.208.212 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
kBytes Timestamp transferred Direction Data Jun 18, 2019 911 OUT GET / HTTP/1.1 14:47:52.212820053 CEST Accept: text/html, application/xhtml+xml, image/jxr, */* Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: www.getfirefox.com Connection: Keep-Alive Jun 18, 2019 912 IN HTTP/1.1 307 Temporary Redirect 14:47:52.395232916 CEST Server: Apache/2.4.6 (CentOS) X-Backend-Server: redirect1.webapp.mdc1.mozilla.com Cache-Control: max-age=600 Content-Type: text/html; charset=iso-8859-1 Date: Tue, 18 Jun 2019 12:47:52 GMT Location: https://www.getfirefox.com/ Keep-Alive: timeout=5, max=83 Connection: Keep-Alive X-Cache-Info: not cacheable; response code not cacheable Content-Length: 237 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 37 20 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 65 74 66 69 72 65 66 6f 78 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii:
307 Temporary Redirect Temporary Redirect The document has moved here .
HTTPS Packets
Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Jun 18, 2019 216.58.208.102 443 192.168.2.7 49740 CN=*.doubleclick.net, CN=Google Internet Tue May Tue Aug 771,49196- 9e10692f1b7f78228b2d4e 14:47:50.423918009 O=Google LLC, Authority G3, O=Google 21 13 49195-49200- 424db3a98c CEST L=Mountain View, Trust Services, C=US 22:55:47 22:32:00 49199-49188- ST=California, C=US CN=GlobalSign, CEST CEST 49187-49192- CN=Google Internet O=GlobalSign, 2019 2019 49191-49162- Authority G3, O=Google OU=GlobalSign Root Thu Jun Wed 49161-49172- Trust Services, C=US CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=Google Internet CN=GlobalSign, Thu Jun Wed 24,0 Authority G3, O=Google O=GlobalSign, 15 Dec 15 Trust Services, C=US OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Jun 18, 2019 216.58.208.102 443 192.168.2.7 49741 CN=*.doubleclick.net, CN=Google Internet Tue May Tue Aug 771,49196- 9e10692f1b7f78228b2d4e 14:47:50.424293995 O=Google LLC, Authority G3, O=Google 21 13 49195-49200- 424db3a98c CEST L=Mountain View, Trust Services, C=US 22:55:47 22:32:00 49199-49188- ST=California, C=US CN=GlobalSign, CEST CEST 49187-49192- CN=Google Internet O=GlobalSign, 2019 2019 49191-49162- Authority G3, O=Google OU=GlobalSign Root Thu Jun Wed 49161-49172- Trust Services, C=US CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- 24,0
Copyright Joe Security LLC 2019 Page 38 of 43 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest CN=Google Internet CN=GlobalSign, Thu Jun Wed Authority G3, O=Google O=GlobalSign, 15 Dec 15 Trust Services, C=US OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Jun 18, 2019 172.217.218.157 443 192.168.2.7 49742 CN=*.g.doubleclick.net, CN=Google Internet Tue May Tue Aug 771,49196- 9e10692f1b7f78228b2d4e 14:47:50.468734980 O=Google LLC, Authority G3, O=Google 21 13 49195-49200- 424db3a98c CEST L=Mountain View, Trust Services, C=US 22:50:18 22:32:00 49199-49188- ST=California, C=US CN=GlobalSign, CEST CEST 49187-49192- CN=Google Internet O=GlobalSign, 2019 2019 49191-49162- Authority G3, O=Google OU=GlobalSign Root Thu Jun Wed 49161-49172- Trust Services, C=US CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=Google Internet CN=GlobalSign, Thu Jun Wed 24,0 Authority G3, O=Google O=GlobalSign, 15 Dec 15 Trust Services, C=US OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Jun 18, 2019 172.217.218.157 443 192.168.2.7 49743 CN=*.g.doubleclick.net, CN=Google Internet Tue May Tue Aug 771,49196- 9e10692f1b7f78228b2d4e 14:47:50.469984055 O=Google LLC, Authority G3, O=Google 21 13 49195-49200- 424db3a98c CEST L=Mountain View, Trust Services, C=US 22:50:18 22:32:00 49199-49188- ST=California, C=US CN=GlobalSign, CEST CEST 49187-49192- CN=Google Internet O=GlobalSign, 2019 2019 49191-49162- Authority G3, O=Google OU=GlobalSign Root Thu Jun Wed 49161-49172- Trust Services, C=US CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=Google Internet CN=GlobalSign, Thu Jun Wed 24,0 Authority G3, O=Google O=GlobalSign, 15 Dec 15 Trust Services, C=US OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Jun 18, 2019 172.217.20.67 443 192.168.2.7 49745 CN=*.google.ch, O=Google CN=Google Internet Tue May Tue Aug 771,49196- 9e10692f1b7f78228b2d4e 14:47:50.724129915 LLC, L=Mountain View, Authority G3, O=Google 21 13 49195-49200- 424db3a98c CEST ST=California, C=US Trust Services, C=US 22:40:52 22:31:00 49199-49188- CN=Google Internet CN=GlobalSign, CEST CEST 49187-49192- Authority G3, O=Google O=GlobalSign, 2019 2019 49191-49162- Trust Services, C=US OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=Google Internet CN=GlobalSign, Thu Jun Wed 24,0 Authority G3, O=Google O=GlobalSign, 15 Dec 15 Trust Services, C=US OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Jun 18, 2019 172.217.20.67 443 192.168.2.7 49744 CN=*.google.ch, O=Google CN=Google Internet Tue May Tue Aug 771,49196- 9e10692f1b7f78228b2d4e 14:47:50.726135969 LLC, L=Mountain View, Authority G3, O=Google 21 13 49195-49200- 424db3a98c CEST ST=California, C=US Trust Services, C=US 22:40:52 22:31:00 49199-49188- CN=Google Internet CN=GlobalSign, CEST CEST 49187-49192- Authority G3, O=Google O=GlobalSign, 2019 2019 49191-49162- Trust Services, C=US OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=Google Internet CN=GlobalSign, Thu Jun Wed 24,0 Authority G3, O=Google O=GlobalSign, 15 Dec 15 Trust Services, C=US OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Jun 18, 2019 172.217.17.98 443 192.168.2.7 49746 CN=*.google.com, CN=Google Internet Tue May Tue Aug 771,49196- 9e10692f1b7f78228b2d4e 14:47:51.318708897 O=Google LLC, Authority G3, O=Google 21 13 49195-49200- 424db3a98c CEST L=Mountain View, Trust Services, C=US 22:43:22 22:31:00 49199-49188- ST=California, C=US CN=GlobalSign, CEST CEST 49187-49192- CN=Google Internet O=GlobalSign, 2019 2019 49191-49162- Authority G3, O=Google OU=GlobalSign Root Thu Jun Wed 49161-49172- Trust Services, C=US CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=Google Internet CN=GlobalSign, Thu Jun Wed 24,0 Authority G3, O=Google O=GlobalSign, 15 Dec 15 Trust Services, C=US OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021
Copyright Joe Security LLC 2019 Page 39 of 43 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Jun 18, 2019 172.217.17.98 443 192.168.2.7 49747 CN=*.google.com, CN=Google Internet Tue May Tue Aug 771,49196- 9e10692f1b7f78228b2d4e 14:47:51.324840069 O=Google LLC, Authority G3, O=Google 21 13 49195-49200- 424db3a98c CEST L=Mountain View, Trust Services, C=US 22:43:22 22:31:00 49199-49188- ST=California, C=US CN=GlobalSign, CEST CEST 49187-49192- CN=Google Internet O=GlobalSign, 2019 2019 49191-49162- Authority G3, O=Google OU=GlobalSign Root Thu Jun Wed 49161-49172- Trust Services, C=US CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=Google Internet CN=GlobalSign, Thu Jun Wed 24,0 Authority G3, O=Google O=GlobalSign, 15 Dec 15 Trust Services, C=US OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Jun 18, 2019 216.58.208.98 443 192.168.2.7 49749 CN=*.google.ch, O=Google CN=Google Internet Tue May Tue Aug 771,49196- 9e10692f1b7f78228b2d4e 14:47:51.606031895 LLC, L=Mountain View, Authority G3, O=Google 21 13 49195-49200- 424db3a98c CEST ST=California, C=US Trust Services, C=US 22:40:52 22:31:00 49199-49188- CN=Google Internet CN=GlobalSign, CEST CEST 49187-49192- Authority G3, O=Google O=GlobalSign, 2019 2019 49191-49162- Trust Services, C=US OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=Google Internet CN=GlobalSign, Thu Jun Wed 24,0 Authority G3, O=Google O=GlobalSign, 15 Dec 15 Trust Services, C=US OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Jun 18, 2019 216.58.208.98 443 192.168.2.7 49748 CN=*.google.ch, O=Google CN=Google Internet Tue May Tue Aug 771,49196- 9e10692f1b7f78228b2d4e 14:47:51.606091976 LLC, L=Mountain View, Authority G3, O=Google 21 13 49195-49200- 424db3a98c CEST ST=California, C=US Trust Services, C=US 22:40:52 22:31:00 49199-49188- CN=Google Internet CN=GlobalSign, CEST CEST 49187-49192- Authority G3, O=Google O=GlobalSign, 2019 2019 49191-49162- Trust Services, C=US OU=GlobalSign Root Thu Jun Wed 49161-49172- CA - R2 15 Dec 15 49171-157-156- 02:00:42 01:00:42 61-60-53-47- CEST CET 10,0-10-11-13- 2017 2021 35-16-23-24- 65281,29-23- CN=Google Internet CN=GlobalSign, Thu Jun Wed 24,0 Authority G3, O=Google O=GlobalSign, 15 Dec 15 Trust Services, C=US OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Jun 18, 2019 63.245.208.212 443 192.168.2.7 49752 CN=redirect- CN=DigiCert SHA2 Tue Apr Mon Apr 771,49196- 9e10692f1b7f78228b2d4e 14:47:52.872637987 san.mozilla.org, Secure Server CA, 09 13 49195-49200- 424db3a98c CEST OU=WebOps, O=Mozilla O=DigiCert Inc, C=US 02:00:00 14:00:00 49199-49188- Foundation, L=Mountain CN=DigiCert Global CEST CEST 49187-49192- View, ST=California, C=US Root CA, 2019 Fri 2020 49191-49162- CN=DigiCert SHA2 Secure OU=www.digicert.com, Mar 08 Wed 49161-49172- Server CA, O=DigiCert Inc, O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- C=US CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023 Jun 18, 2019 63.245.208.195 443 192.168.2.7 49755 CN=mozilla.org, CN=DigiCert SHA2 Fri Nov Fri Nov 771,49196- 9e10692f1b7f78228b2d4e 14:47:54.241394043 OU=WebOps, O=Mozilla Secure Server CA, 09 13 49195-49200- 424db3a98c CEST Foundation, L=Mountain O=DigiCert Inc, C=US 01:00:00 13:00:00 49199-49188- View, ST=California, C=US CN=DigiCert Global CET CET 49187-49192- CN=DigiCert SHA2 Secure Root CA, 2018 Fri 2020 49191-49162- Server CA, O=DigiCert Inc, OU=www.digicert.com, Mar 08 Wed 49161-49172- C=US O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023
Copyright Joe Security LLC 2019 Page 40 of 43 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Jun 18, 2019 63.245.208.195 443 192.168.2.7 49756 CN=mozilla.org, CN=DigiCert SHA2 Fri Nov Fri Nov 771,49196- 9e10692f1b7f78228b2d4e 14:47:54.249274015 OU=WebOps, O=Mozilla Secure Server CA, 09 13 49195-49200- 424db3a98c CEST Foundation, L=Mountain O=DigiCert Inc, C=US 01:00:00 13:00:00 49199-49188- View, ST=California, C=US CN=DigiCert Global CET CET 49187-49192- CN=DigiCert SHA2 Secure Root CA, 2018 Fri 2020 49191-49162- Server CA, O=DigiCert Inc, OU=www.digicert.com, Mar 08 Wed 49161-49172- C=US O=DigiCert Inc, C=US 13:00:00 Mar 08 49171-157-156- CET 13:00:00 61-60-53-47- 2013 CET 10,0-10-11-13- 2023 35-16-23-24- 65281,29-23- CN=DigiCert SHA2 Secure CN=DigiCert Global Fri Mar Wed 24,0 Server CA, O=DigiCert Inc, Root CA, 08 Mar 08 C=US OU=www.digicert.com, 13:00:00 13:00:00 O=DigiCert Inc, C=US CET CET 2013 2023
Code Manipulations
Statistics
Behavior
• iexplore.exe • iexplore.exe
Click to jump to process
System Behavior
Analysis Process: iexplore.exe PID: 4196 Parent PID: 692
General
Start time: 14:47:23 Start date: 18/06/2019 Path: C:\Program Files\internet explorer\iexplore.exe Wow64 process (32bit): false Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding Imagebase: 0x7ff7a6460000 File size: 823560 bytes MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596 Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low
Copyright Joe Security LLC 2019 Page 41 of 43 File Activities
Source File Path Access Attributes Options Completion Count Address Symbol
Source File Path Offset Length Value Ascii Completion Count Address Symbol
Source File Path Offset Length Completion Count Address Symbol
Registry Activities
Source Key Path Completion Count Address Symbol
Source Key Path Name Type Data Completion Count Address Symbol
Source Key Path Name Type Old Data New Data Completion Count Address Symbol
Analysis Process: iexplore.exe PID: 2372 Parent PID: 4196
General
Start time: 14:47:24 Start date: 18/06/2019 Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Wow64 process (32bit): true Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4196 CREDAT:17410 /prefetch:2 Imagebase: 0xc30000 File size: 822536 bytes MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low
File Activities
Source File Path Access Attributes Options Completion Count Address Symbol
Source File Path Offset Length Value Ascii Completion Count Address Symbol
Source File Path Offset Length Completion Count Address Symbol
Registry Activities
Source Key Path Completion Count Address Symbol
Source Key Path Name Type Data Completion Count Address Symbol
Source Key Path Name Type Old Data New Data Completion Count Address Symbol
Disassembly
Copyright Joe Security LLC 2019 Page 42 of 43 Copyright Joe Security LLC 2019 Page 43 of 43
