ID: 429540 Cookbook: browseurl.jbs Time: 09:22:24 Date: 04/06/2021 Version: 32.0.0 Black Diamond Table of Contents

Table of Contents 2 Analysis Report http://indiainfra.wireconnect.co.in/misc/pages/ 4 Overview 4 General Information 4 Detection 4 Signatures 4 Classification 4 Process Tree 4 Malware Configuration 4 Yara Overview 4 Sigma Overview 4 Signature Overview 4 Mitre Att&ck Matrix 5 Behavior Graph 5 Screenshots 6 Thumbnails 6 Antivirus, Machine Learning and Genetic Malware Detection 7 Initial Sample 7 Dropped Files 7 Unpacked PE Files 7 Domains 7 URLs 7 Domains and IPs 8 Contacted Domains 8 Contacted URLs 8 URLs from Memory and Binaries 8 Contacted IPs 9 Public 9 General Information 9 Simulations 10 Behavior and APIs 10 Joe Sandbox View / Context 10 IPs 10 Domains 10 ASN 10 JA3 Fingerprints 10 Dropped Files 11 Created / dropped Files 11 Static File Info 19 No static file info 19 Network Behavior 19 Network Port Distribution 19 TCP Packets 19 UDP Packets 21 DNS Queries 22 DNS Answers 22 HTTP Request Dependency Graph 22 HTTP Packets 22 Code Manipulations 38 Statistics 38 Behavior 38 System Behavior 39 Analysis Process: iexplore.exe PID: 6012 Parent PID: 792 39 General 39 File Activities 39 Copyright Joe Security LLC 2021 Page 2 of 40 Registry Activities 39 Analysis Process: iexplore.exe PID: 6064 Parent PID: 6012 39 General 39 File Activities 39 Registry Activities 40 Disassembly 40

Copyright Joe Security LLC 2021 Page 3 of 40 Analysis Report http://indiainfra.wireconnect.co.in/misc…/pages/

Overview

General Information Detection Signatures Classification

Sample URL: indiainfra.wireconnec No high impact signatures. t.co.in/misc/pages/ Analysis ID: 429540 Infos:

Most interesting Screenshot: Ransomware

Miner Spreading

mmaallliiiccciiioouusss

malicious

Evader Phishing

sssuusssppiiiccciiioouusss

suspicious

cccllleeaann

clean

Exploiter Banker

Spyware Trojan / Bot

Adware

Score: 0 Range: 0 - 100 Whitelisted: false Confidence: 100%

Process Tree

System is w10x64 iexplore.exe (PID: 6012 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 6064 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6012 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Copyright Joe Security LLC 2021 Page 4 of 40 • Compliance • Networking • System Summary

Click to jump to signature section

There are no malicious signatures, click here to show all signatures .

Mitre Att&ck Matrix

Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Windows Path Process Masquerading 1 OS File and Remote Data from Exfiltration Non- Eavesdrop on Remotely Modify Accounts Management Interception Injection 1 Credential Directory Services Local Over Other Application Insecure Track Device System Instrumentation Dumping Discovery 1 System Network Layer Network Without Partition Medium Protocol 3 Communication Authorization Default Scheduled Boot or Boot or Process LSASS Application Remote Data from Exfiltration Application Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Injection 1 Memory Window Desktop Removable Over Layer Redirect Phone Wipe Data Lockout Initialization Initialization Discovery Protocol Media Bluetooth Protocol 3 Calls/SMS Without Scripts Scripts Authorization Domain At (Linux) Logon Script Logon Obfuscated Files Security Query SMB/Windows Data from Automated Ingress Exploit SS7 to Obtain Delete Accounts (Windows) Script or Information Account Registry Admin Shares Network Exfiltration Tool Track Device Device Device (Windows) Manager Shared Transfer 2 Location Cloud Data Drive Backups

Behavior Graph

Copyright Joe Security LLC 2021 Page 5 of 40 Hide Legend Legend: Behavior Graph Process ID: 429540 Signature URL: http://indiainfra.wireconne... Created File Startdate: 04/06/2021 DNS/IP Info Architecture: WINDOWS Is Dropped Score: 0 Is Windows Process

Number of created Registry Values started Number of created Files

Visual Basic iexplore.exe Delphi

Java

2 61 .Net C# or VB.NET C, C++ or other language

started Is malicious Internet

iexplore.exe

2 49

maildirect.co.in

66.7.148.195, 49694, 49695, 49696 indiainfra.wireconnect.co.in WEBWERKSAS1US United States

Screenshots

Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Copyright Joe Security LLC 2021 Page 6 of 40 Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source Detection Scanner Label Link indiainfra.wireconnect.co.in/misc/pages/ 0% Virustotal Browse indiainfra.wireconnect.co.in/misc/pages/ 0% Avira URL Cloud safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source Detection Scanner Label Link indiainfra.wireconnect.co.in/images/md_white_logo.png 0% Avira URL Cloud safe fontforge.sf.net)IoniconsIoniconsMediumMediumFontForge 0% Avira URL Cloud safe indiainfra.wireconnect.co.in/css/adminlte/css/AdminLTE.min.css 0% Avira URL Cloud safe

Copyright Joe Security LLC 2021 Page 7 of 40 Source Detection Scanner Label Link fontforge.sf.net) 0% Avira URL Cloud safe indiainfra.wireconnect.co.in/css/adminlte/skins/_all-skins.min.css 0% Avira URL Cloud safe indiainfra.wireconnect.co.in/js/alt_common.js 0% Avira URL Cloud safe indiainfra.wireconnect.co.in/images/favicon-md.ico 0% Avira URL Cloud safe indiainfra.wireconnect.co.in/js/adminlte/jquery-ui.min.js 0% Avira URL Cloud safe indiainfra.wireconnect.co.in/images/loading.gif 0% Avira URL Cloud safe indiainfra.wireconnect.co.in/js/adminlte/jquery.min.js 0% Avira URL Cloud safe indiainfra.wireconnect.co.in/js/adminlte/jquery-migrate.js 0% Avira URL Cloud safe indiainfra.wireconnect.co.in/misc/pages/Root 0% Avira URL Cloud safe indiainfra.wireconnect.co.in/css/adminlte/css/style.css 0% Avira URL Cloud safe indiainfra.wireconnect.co.in/css/adminlte/fonts/ionicons.eot?v=2.0.0 0% Avira URL Cloud safe indiainfra.wireconnect.co.in/css/adminlte/css/bootstrap.min.css 0% Avira URL Cloud safe indiainfra.wireconnect.co.in/js/adminlte/bootstrap.min.js 0% Avira URL Cloud safe indiainfra.wireconnect.co.in/css/adminlte/css/font-awesome.min.css 0% Avira URL Cloud safe getbootstrap.com) 0% Avira URL Cloud safe indiainfra.wireconnect.co.in/js/common.js 0% Avira URL Cloud safe fontforge.sf.net)Created 0% Avira URL Cloud safe indiainfra.wireconnect.co.in/css/adminlte/css/ionicons.min.css 0% Avira URL Cloud safe indiainfra.wireconnect.co.in/images/favicon-md.ico~ 0% Avira URL Cloud safe indiainfra.wireconnect.co.in/js/adminlte/waitingfor.js 0% Avira URL Cloud safe

Domains and IPs

Contacted Domains

Name IP Active Malicious Antivirus Detection Reputation maildirect.co.in 66.7.148.195 true false unknown indiainfra.wireconnect.co.in unknown unknown false unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation indiainfra.wireconnect.co.in/images/md_white_logo.png false Avira URL Cloud: safe unknown indiainfra.wireconnect.co.in/css/adminlte/css/AdminLTE.min.css false Avira URL Cloud: safe unknown indiainfra.wireconnect.co.in/css/adminlte/skins/_all-skins.min.css false Avira URL Cloud: safe unknown indiainfra.wireconnect.co.in/js/alt_common.js false Avira URL Cloud: safe unknown indiainfra.wireconnect.co.in/images/favicon-md.ico false Avira URL Cloud: safe unknown indiainfra.wireconnect.co.in/js/adminlte/jquery-ui.min.js false Avira URL Cloud: safe unknown indiainfra.wireconnect.co.in/images/loading.gif false Avira URL Cloud: safe unknown indiainfra.wireconnect.co.in/js/adminlte/jquery.min.js false Avira URL Cloud: safe unknown indiainfra.wireconnect.co.in/js/adminlte/jquery-migrate.js false Avira URL Cloud: safe unknown indiainfra.wireconnect.co.in/misc/pages/ false unknown indiainfra.wireconnect.co.in/css/adminlte/css/style.css false Avira URL Cloud: safe unknown indiainfra.wireconnect.co.in/css/adminlte/fonts/ionicons.eot?v=2.0.0 false Avira URL Cloud: safe unknown indiainfra.wireconnect.co.in/css/adminlte/css/bootstrap.min.css false Avira URL Cloud: safe unknown indiainfra.wireconnect.co.in/js/adminlte/bootstrap.min.js false Avira URL Cloud: safe unknown indiainfra.wireconnect.co.in/css/adminlte/css/font-awesome.min.css false Avira URL Cloud: safe unknown indiainfra.wireconnect.co.in/misc/pages/ false unknown indiainfra.wireconnect.co.in/js/common.js false Avira URL Cloud: safe unknown

indiainfra.wireconnect.co.in/css/adminlte/css/ionicons.min.css false Avira URL Cloud: safe unknown indiainfra.wireconnect.co.in/js/adminlte/waitingfor.js false Avira URL Cloud: safe unknown

URLs from Memory and Binaries

Name Source Malicious Antivirus Detection Reputation ionicons[1].eot.2.dr false Avira URL Cloud: safe low fontforge.sf.net)IoniconsIoniconsMediumMediumFontForge fontawesome.io font-awesome.min[1].css.2.dr false high fontforge.sf.net) ionicons[1].eot.2.dr false Avira URL Cloud: safe low https://github.com/google/material-design-icons ionicons.min[1].css.2.dr false high https://twitter.com/benjsperry ionicons.min[1].css.2.dr false high https://adminlte.io AdminLTE.min[1].css.2.dr false high Copyright Joe Security LLC 2021 Page 8 of 40 Name Source Malicious Antivirus Detection Reputation jqueryui.com jquery-ui.min[1].js.2.dr false high opensource.org/licenses/MIT AdminLTE.min[1].css.2.dr false high ionicons.com/ ionicons.min[1].css.2.dr false high indiainfra.wireconnect.co.in/misc/pages/Root {2A9834B3-C551-11EB-90E4-ECF4B false Avira URL Cloud: safe unknown B862DED}.dat.1.dr https://github.com/driftyco/ionicons ionicons.min[1].css.2.dr false high https://twitter.com/ionicframework ionicons.min[1].css.2.dr false high fontawesome.io/license font-awesome.min[1].css.2.dr false high getbootstrap.com) bootstrap.min[1].js.2.dr false Avira URL Cloud: safe low https://github.com/twbs/bootstrap/blob/master/LICENSE) bootstrap.min[1].css.2.dr false high fontforge.sf.net)Created ionicons[1].eot.2.dr false Avira URL Cloud: safe low creativecommons.org/licenses/by/4.0/ ionicons.min[1].css.2.dr false high indiainfra.wireconnect.co.in/images/favicon-md.ico~ imagestore.dat.2.dr false Avira URL Cloud: safe unknown

Contacted IPs

No. of IPs < 25% 25% < No. of IPs < 50%

50% < No. of IPs < 75% 75% < No. of IPs

Public

IP Domain Country Flag ASN ASN Name Malicious 66.7.148.195 maildirect.co.in United States 33480 WEBWERKSAS1US false

General Information

Joe Sandbox Version: 32.0.0 Black Diamond Analysis ID: 429540 Start date: 04.06.2021 Start time: 09:22:24 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 2m 59s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs Sample URL: indiainfra.wireconnect.co.in/misc/pages/

Copyright Joe Security LLC 2021 Page 9 of 40 Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 Number of analysed new started processes analysed: 5 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled AMSI enabled Analysis Mode: default Analysis stop reason: Timeout Detection: CLEAN Classification: clean0.win@3/25@1/1 Cookbook Comments: Adjust boot time Enable AMSI Warnings: Show All Exclude process from analysis (whitelisted): taskhostw.exe, ielowutil.exe, svchost.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 104.42.151.234, 40.88.32.150, 168.61.161.212, 104.43.193.48, 88.221.62.148, 104.43.139.144, 13.64.90.137, 52.147.198.201, 152.199.19.161 Excluded domains from analysis (whitelisted): skypedataprdcolwus17.cloudapp.net, ie9comview.vo.msecnd.net, skypedataprdcolcus17.cloudapp.net, skypedataprdcolcus16.cloudapp.net, skypedataprdcolcus15.cloudapp.net, e11290.dspg.akamaiedge.net, skypedataprdcoleus16.cloudapp.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, watson.telemetry.microsoft.com, skypedataprdcolwus16.cloudapp.net, cs9.wpc.v0cdn.net Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

Copyright Joe Security LLC 2021 Page 10 of 40 No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2A9834B1-C551-11EB-90E4-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 30296 Entropy (8bit): 1.8503943777469942 Encrypted: false SSDEEP: 192:rGZhZ3C23O1W3OY5t3OY2Tf3OY2f5tM3OYTqfw3OYTffy3OYTfqfff3OYTfqfq0A:rCnRP9WBxAiP MD5: 2B5C85DBED16A479BF00171FC24EFA6D SHA1: BED2ECF0CE9139BE14259DDF8E32B5B538AE1059 SHA-256: 3E17923A5CE9F291C349A921B925B3C4B242DB9B1C7ECA8C7886E51869D6C442 SHA-512: 706E376F7093E21205D389C7EFCEB10603C84C8556BE793558BCEFCCF171BAA93C10991C436D6324D742077294B05E50C26868FD5E7E348906C9DE29A16008EE Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2A9834B3-C551-11EB-90E4-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 27472 Entropy (8bit): 1.7811367071167878 Encrypted: false SSDEEP: 48:IwEGcprhGwpa9G4pQLhGrapbSgZGQpB7WGHHpcIaTGUp86GzYpmtBOGopZLkvDQ1:rYZ7Q/6LxBSsj7V2FWGMCvm60hgdr MD5: F9F907228C79F3FD19579B89A9720E10 SHA1: 51E097D22F5E1C9F42DEEEC61D753D42DED6D035 SHA-256: 485558AAB60A2D8F0ABA9BDCB55BF7AC874D2E09020760CA59A1CE136515715D SHA-512: 3521271FCABC2B054A62E634FC730B07F966B68EBFB3CFF6E95AC0813EDEE905CB36C9AFE623B31ED311D74F5367C12FE071BDDC6038C6BDE513CD0B488106 60 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2A9834B4-C551-11EB-90E4-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 16984 Entropy (8bit): 1.563971372935136 Encrypted: false SSDEEP: 48:Iw0GcprhGwpa8G4pQsGrapbSlZGQpKJG7HpRQaTGIpG:roZ7Qc6qBSdAoTpA MD5: C83B771B9D847F7124E4DC4CAF44C955 SHA1: 3FCDE135A94CE9169DE2B367B3416EB1EB4C1BD5 SHA-256: 27B8053DD26D90CD4D6228257BCF6872A6C55A5080FEF79F74916494B2024EA0 SHA-512: FF2079595C2013613F4374A13090FA271F53200B293EFD0CD507AFDC5CAD2F84493379469BFC3EDD0EDD699815DF5E59FAB5A7738DF92B5203F9E81F1CB11900 Malicious: false Reputation: low

Copyright Joe Security LLC 2021 Page 11 of 40 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2A9834B4-C551-11EB-90E4-ECF4BB862DED}.dat Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: data Category: dropped Size (bytes): 1302 Entropy (8bit): 5.157805477791301 Encrypted: false SSDEEP: 24:AvydBHmmmmmmmmmmmmm1ABNAAAzU4CLaprRG0Rx0i333333333333qJt:AveHmmmmmmmmmmmmm1A7AAAziuVRV338 MD5: 6D89DA7A63BCB8C6C11D489E657BD55A SHA1: FFDD21E836C1DB0B681A86231581E5C187AA963C SHA-256: 9571FA396B4C26985E51E270717C765E3F6E182589D74BD1369C24DCA7393041 SHA-512: B0DE528BD4A84AF0EF9256E6BAFAC1A467E41ACC9B444964D5341D31C804D2294CDCF874224D347810DD6A66357F3AA0DA8D15ACFCC5F1C2A4868C866B1D45 19 Malicious: false Reputation: low Preview: 9.h.t.t.p.:././.i.n.d.i.a.i.n.f.r.a...w.i.r.e.c.o.n.n.e.c.t...c.o...i.n./.i.m.a.g.e.s./.f.a.v.i.c.o.n.-.m.d...i.c.o.~...... h...... (...... `...... ` ...... k...... k...... $...... 7...... b...... e...... H...... H...... "..".."...... u...... ".."..&..&..&..&...... x...... &..&..*..*..*..*..*..*..*..._...... 7...... R..*..*../../../...V...c...c... c...}...... }...... /../../..3..3..3...... @..3..3..3..7..7..7...... ]..7..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\favicon-md[1].ico Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Category: downloaded Size (bytes): 1150 Entropy (8bit): 5.0392122633953385 Encrypted: false SSDEEP: 24:Ommmmmmmmmmmmm1ABNAAAzU4CLaprRG0Rx0i333333333333:Ommmmmmmmmmmmm1A7AAAziuVRV33333X MD5: 3869452DB4AACC5D0BD1CDB7905E44ED SHA1: 69224F7235EADF3F7414DA5F9C0997726339BBC5 SHA-256: E620DC23350398EDD5D0512172A11441B6B95A5E58A00E9A5F43B1E85611E558 SHA-512: A3B9F0D07BB7793E04627A6D304673F3A82606610C084DEF5B4F5CFB9EDDDB758F6C44ECE3A68F00F32A237948A4C7C2A920E82F8E15FD989EF7E70D57EEC88 C Malicious: false Reputation: low IE Cache URL: indiainfra.wireconnect.co.in/images/favicon-md.ico Preview: ...... h...... (...... `...... `...... k...... k...... $...... 7...... b...... e...... H...... H...... "..".."...... u...... ".."..&..&..&..&...... x...... &..&..*..*..*..*..*..*..*..._...... 7...... R..*..*../../../...V...c...c...c...}...... }...... /../../..3..3..3...... @..3..3..3..7..7..7...... ]..7..7..7..7.. 7...;...;...;...;...;...;...;...;...;...;...;...;...;...;...;...;...@...@...@...@...@...@...@...@...@...@...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\font-awesome.min[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 31000 Entropy (8bit): 4.746143404849733 Encrypted: false SSDEEP: 384:wHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:wwlr+Klk3Yi+fwYUf2l8yQ/e9vf MD5: 269550530CC127B6AA5A35925A7DE6CE SHA1: 512C7D79033E3028A9BE61B540CF1A6870C896F8 SHA-256: 799AEB25CC0373FDEE0E1B1DB7AD6C2F6A0E058DFADAA3379689F583213190BD SHA-512: 49F4E24E55FA924FAA8AD7DEBE5FFB2E26D439E25696DF6B6F20E7F766B50EA58EC3DBD61B6305A1ACACD2C80E6E659ACCEE4140F885B9C9E71008E9001FB F4B Malicious: false Reputation: low IE Cache URL: indiainfra.wireconnect.co.in/css/adminlte/css/font-awesome.min.css

Copyright Joe Security LLC 2021 Page 12 of 40 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\font-awesome.min[1].css Preview: /*!. * Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot?v=4.7.0');src:url('../fonts/fontawesome-webfont.eot?#iefix&v=4.7.0') format('embedded- opentype'),url('../fonts/fontawesome-webfont.woff2?v=4.7.0') format('woff2'),url('../fonts/fontawesome-webfont.woff?v=4.7.0') format('woff'),url('../fonts/fontawesome-web font.ttf?v=4.7.0') format('truetype'),url('../fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:inline- block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{ font-size:1.33333333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ionicons[1].eot Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: Embedded OpenType (EOT), Ionicons family Category: downloaded Size (bytes): 120724 Entropy (8bit): 6.287087751543086 Encrypted: false SSDEEP: 1536:AaXgEIdYIqdsNvGq1O2ogroUWg/E5YBwD2hNQflm60HDRDY6/dSbVB1uJaTDf:AO+dYjuGL2dcUJre2hL60HDRXpof MD5: 2C2AE068BE3B089E0A5B59ABB1831550 SHA1: 61532E89E212F8DD16BA31F3EBCF35C0A7334035 SHA-256: A4803D7BDEB478A5B9238FE74D8AAA98DAFE2E8E68FCCBD0E3F4DCED823F27F0 SHA-512: A4E744E0D7A1E135ABAEF3FA5685EA365A114C43E0F614A4F34C5B0EA0EA1201FB31C97FE3A66B26DC037F78DC15864DDEB3F5C21E40D4D5F57537385E0196A 1 Malicious: false Reputation: low IE Cache URL: indiainfra.wireconnect.co.in/css/adminlte/fonts/ionicons.eot?v=2.0.0 Preview: ...... LP...... G.%4...... I.o.n.i.c.o.n.s.....M.e.d.i.u.m... .V.e.r.s.i.o.n. .0.0.1...0.0.0...... I.o.n.i.c.o.n.s...... PFFTMm...... OS/2A9 a....X...`cmapm.n....8....cvt ...D...4....gasp...... glyf."&...... phead.k...... 6hhea...... $hmtxA..I...... ~loca..)....8....maxp.<.....8... name...n...l....post...... 4%.G_. <...... 3...... 3...... r...... @...... |...... L.f...G.L.f...... PfEd...... @...... @...... ` ...... `...... @...... `...... @...... @...... @...... N...... @..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\loading[1].gif Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: GIF image data, version 89a, 75 x 75 Category: downloaded Size (bytes): 4236 Entropy (8bit): 7.83208760807492 Encrypted: false SSDEEP: 96:LipYgjjk26ILkxSt5Ai1Xh6LCy8PUZqasixG4yGxKRt:LuYgnkjI1t55Xh+xMUZkixG4eRt MD5: DE2CAE5D84406E5C37B7B16F66530E3B SHA1: 811079FF1CDDD679D7400D1DE5892A3BACDFF762 SHA-256: 17E2421E46008294BF0BD941C112BEF16D0969CACCAA709479975A31983A77E6 SHA-512: 8272B2C36B166E257E3F42D101CD2802EB56C41F6B419563A05943979AAE2A19B7813D707515AFECB007EC05F41131A053845A0D279627D16FC1F7E9DD513411 Malicious: false Reputation: low IE Cache URL: indiainfra.wireconnect.co.in/images/loading.gif Preview: GIF89aK.K...... wwwmmmccc...... !...... !..NETSCAPE2.0... ..,[email protected],...... X..rJ.Z..&m.u....-.K.Z.2...... 1.|.$..h|.B/.n/...o.T....H..n.H....r. #...zI.fRE.6;..9*b...... Fv.1F2...8.W.!..D(.[(E...:.U...C...B-..8U...B).)D...-T....D...... )..9S..Y.R...... 8b. ....`...... k..@2!...?...gO...<...2..>5`.:0.C...... ![.y.S..+I...S.....&...*...... 0...... -"B...9n. ;...|..N4 C..!6H.,.B.c....*.Cd.` ...... v.2.'..S:..q....#..&.[.l!.o.Q...n..k..-.sM..h. .99...,;7.....c8..vv#.....{...#.".k....."$.....Pc...p.....,..t.h5...%..WE5H..F..Q5)....*h..>..d...f...S..Ssr< b..=...k`...... TMS.P..-.1..*.4...... V.#.H.dZ...... =.....a7.a!.3...(A..`...... +.8..fzGD5 .e.!..(..CT...2C8`..X....y..JbY...f(..aL.....!...U)D..R....D.$...... h9.....#..1`&...... V..g..w...U..x.$...... A..!...... ,....C

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bootstrap.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 37045 Entropy (8bit): 5.174934618594778 Encrypted: false SSDEEP: 768:o2rGy27UwlNqMl95qNmCFejhqs8snmi+CSFXfbx8Gf3Zq7Q:Jg73zhq0GvbJ3ZKQ MD5: 5869C96CC8F19086AEE625D670D741F9 SHA1: 430A443D74830FE9BE26EFCA431F448C1B3740F9 SHA-256: 53964478A7C634E8DAD34ECC303DD8048D00DCE4993906DE1BACF67F663486EF SHA-512: 8B3B64A1BB2F9E329F02D4CD7479065630184EBAED942EE61A9FF9E1CE34C28C0EECB854458977815CF3704A8697FA8A5D096D2761F032B74B70D51DA3E37F45 Malicious: false Reputation: low IE Cache URL: indiainfra.wireconnect.co.in/js/adminlte/bootstrap.min.js

Copyright Joe Security LLC 2021 Page 13 of 40 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bootstrap.min[1].js Preview: /*!. * Bootstrap v3.3.7 (http://getbootstrap.com). * Copyright 2011-2016 Twitter, Inc.. * Licensed under the MIT license. */.if("undefined"==typeof jQuery)throw new Error ("Bootstrap's JavaScript requires jQuery");+function(a){"use strict";var b=a.fn.jquery.split(" ")[0].split(".");if(b[0]<2&&b[1]<9||1==b[0]&&9==b[1]&&b[2]<1||b[0]>3)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}(jQuery),+function(a){"use strict";function b(){var a=document.creat eElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for( var c in b)if(void 0!==a.style[c])return{end:b[c]};return!1}a.fn.emulateTransitionEnd=function(b){var c=!1,d=this;a(this).one("bsTransitionEnd",function(){c=!0});var e=fu nction(){c||a(d).trigger(a.support.transition.end)};return setTimeout(e,b),this},a(function(){a.support.transition=b(),a.support.transition&&(a.event.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jquery-ui.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 240427 Entropy (8bit): 5.145707923960965 Encrypted: false SSDEEP: 3072:AUDKlUUSPVqCqoG3cYI70SDzOyAskRsIcQQ3+SuwC:yUNVEmYIHzQQ3Xu/ MD5: D935D506AE9C8DD9E0F96706FBB91F65 SHA1: 7F650EE30C6A4D3EEA04032039B20FF72997559B SHA-256: C4D8DBE77FEB63E5A61BEE0BEAD4E5F66E8FA6A927599BD1B74ACED52467273C SHA-512: 0470C258BB5DA745E900571C3F63627C26C97D8A1886C45264E50CDCA9C0C72D9BFC0CB7067F757EBB9DFB703DE5BAC0E300D6577C84399AC9AA057C6994575 1 Malicious: false Reputation: low IE Cache URL: indiainfra.wireconnect.co.in/js/adminlte/jquery-ui.min.js Preview: /*! jQuery UI - v1.11.4 - 2015-03-11.* http://jqueryui.com.* Includes: core.js, widget.js, mouse.js, position.js, accordion.js, autocomplete.js, button.js, datepicker.js, dialog.js, draggable.js, droppable.js, effect.js, effect-blind.js, effect-bounce.js, effect-clip.js, effect-drop.js, effect-explode.js, effect-fade.js, effect-fold.js, effect-highlight.js, effect-puf f.js, effect-pulsate.js, effect-scale.js, effect-shake.js, effect-size.js, effect-slide.js, effect-transfer.js, menu.js, progressbar.js, resizable.js, selectable.js, selectmenu.js, slider.js, sortable.js, spinner.js, tabs.js, tooltip.js.* Copyright 2015 jQuery Foundation and other contributors; Licensed MIT */..(function(e){"function"==typeof defin e&&define.amd?define(["jquery"],e):e(jQuery)})(function(e){function t(t,s){var n,a,o,r=t.nodeName.toLowerCase();return"area"===r?(n=t.parentNode,a=n.name,t.href &&a&&"map"===n.nodeName.toLowerCase()?(o=e("img[usemap='#"+a+"']")[0],!!o&&i(o)):!1):(/^(input|select|textarea|button|ob

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\md_white_logo[1].png Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 203 x 44, 8-bit/color RGBA, interlaced Category: downloaded Size (bytes): 2678 Entropy (8bit): 7.885228682877874 Encrypted: false SSDEEP: 48:3/6BpPixzAhXNU+qS+6izJj+pq9shN930t00oc8cPbgQLZlVgs5Swo:3SBpPwzAh6+p+6goI9shH30aTc0Wl6me MD5: DDB84350D93EDA9C528966CD749F76C3 SHA1: 538163889CC731F2AC36F955DFB15A1A9E149CE4 SHA-256: 719E980730FA305316A04F761340AAF4FFAF043AD134055EEFD7D05DC913A81A SHA-512: 964665E73CA854FCBB9693E32EE0E1A187C094840ECCCE617BF05607EC7D8BF3B5547FAC83CE1EE22D5A12B139C4128DF91133F5CAD3C693E1A4BAD9255D083 1 Malicious: false Reputation: low IE Cache URL: indiainfra.wireconnect.co.in/images/md_white_logo.png Preview: .PNG...... IHDR...... ,...... |.....pHYs...... tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...?.=....f.#5-b"B..$.4`[email protected]@S.d.0..C...T.,...... e#...... N@.#..$...P...4.&. ..M.4.#..b.G..%..H...G$S5.}D...x.=....G.;0 .Eq...... G...F,.5B-...@|.-.0"..F...@...... xO....@.....~b.0.R.K`.h.E...... (..sJ.....h..3.li....5}....8.1.ZBfDK..`.A..#.y...\..Q..@*.....X.|.,... .~\...4..p.9..(.[...<[email protected]$V...!.$.%.`+.?.Q.2.i...... f&...... G.....p...hE3.<,..@.`@.. .]Ol2k.b..e:.,..C...... f$#...5C..I.f..$..T.....n...... p...... Y]..}..8..\....`>.a...... C.l.S..b.".5 .@,[email protected]).2...q.&.....c.3j#.|...jD...4...2.*.HL.Il...$.L-.b=3h.2 ...=..A.....l`[email protected][email protected]...... $..K...... WLg..r...... m...... J.{..b.-.i...6..u.....lS.6...... *.u...... >.z..s.....# W.9QWM....d...$...(..,}..^o#..0SI.DZ.Bl...z..u...3.....=.h...?..!@"a..t...... T.....u....;.....'...&c~.-nE.. ]6..p"....J|fB.0.Ifm...v..y..*)...6*F#!.\...... J.dOztD...... oM.}.Mhwb]...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\waitingfor[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: downloaded Size (bytes): 4926 Entropy (8bit): 5.02753763548833 Encrypted: false SSDEEP: 96:Doq075WtgQlUmWA7KcCklYWqHlt/aK63wAI1cnOdH:DD0MhacCklYW+LaK63A1cn6 MD5: F530F48443244DAA464F98CA3DA8F5C0 SHA1: 92E82EC25A491B269B4B1B24C5257F11ADEF9881 SHA-256: DF6295C03D0D35E0F698D0D97955DCD65A90090D7439847897F42EF7B1740142 SHA-512: 00978F01CF01826B2BB8AA66066A907C407C8A556EE37C02F7F1A8D86DEC09E101BCA4C9660D91904DA645CFC7A4486FE5C9EE6C62F2563DF203564DBB4E6EC 4 Malicious: false Reputation: low

Copyright Joe Security LLC 2021 Page 14 of 40 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\waitingfor[1].js IE Cache URL: indiainfra.wireconnect.co.in/js/adminlte/waitingfor.js Preview: /**. * Module for displaying "Waiting for..." dialog using Bootstrap. *. * @author Eugene Maslovich . */..(function (root, factory) {..'use strict';...if (typeof defi ne === 'function' && define.amd) {...define(['jquery'], function ($) {....return (root.waitingDialog = factory($));...});..}..else {...root.waitingDialog = root.waitingDialog || fa ctory(root.jQuery);..}..}(this, function ($) {..'use strict';.../**.. * Dialog DOM constructor.. */..function constructDialog($dialog) {...// Deleting previous incarnation of the d ialog...if ($dialog) {....$dialog.remove();...}...return $(....'

' +.....'

' +...... '

' +...... '

' +...... '

' +...... '

Source Sans Pro',' Helvetica Neue',Helvetica,Arial,sans-serif;font-weight:400;overflow-x:hidden;overflow-y:auto}.wrapper{height:100%;position:relative;overflow-x:hidden;overflow-y:auto}.wra pper:before,.wrapper:after{content:" ";display:table}.wrapper:after{clear:both}.layout-boxed .wrapper{max-width:1250px;margin:0 auto;min-height:100%;box-shadow:0 0 8px rgba(0,0,0,0.5);position:relative}.layout-boxed{background:url('../img/boxed-bg.jpg') repeat fixed}.content-wrapper,.main-footer{-webkit-transition:-webkit-transform .3s ease-in-out,margin .3s ease-in-out;-moz-transition:-moz-transform .3s ease-in-out,margin .3s ease-in-out;-o-transition:-o-transform .3s ease-in-out,margin .3s eas

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\_all-skins.min[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 41627 Entropy (8bit): 4.954519668108552 Encrypted: false SSDEEP: 384:47Yp6/MX42WErrJFCEVTEBCyN/corPfOrqliWCQVGmZhyXbBbhxZp2q0jrJJE0+c:o/GAFtd90HS3M8 MD5: 9DFA3F4CB5DBBEA829DFDD813A6F026F SHA1: 20F16F741A80C1CA44BA8FE5057D3EEB80A6A3A7 SHA-256: 9778552B9CD9A372A4EA1099AEFAC7D33A318307A8D90CBDBB0E73AD910FE9B9 SHA-512: DACCA41B41A1720D3C49E5E66B48D8E339C57A4D25A09E2EED89EFF92A04811452CD9395DC45416AF6ED9754C9C272D5F75CB928811BEAC4C9C22029475CCB4 C Malicious: false Reputation: low IE Cache URL: indiainfra.wireconnect.co.in/css/adminlte/skins/_all-skins.min.css Preview: .skin-blue .main-header .navbar{background-color:#3c8dbc}.skin-blue .main-header .navbar .nav>li>a{color:#fff}.skin-blue .main-header .navbar .nav>li>a:hover,.skin-blue .main-header .navbar .nav>li>a:active,.skin-blue .main-header .navbar .nav>li>a:focus,.skin-blue .main-header .navbar .nav .open>a,.skin-blue .main-header .navbar .nav .open>a:hover,.skin-blue .main-header .navbar .nav .open>a:focus,.skin-blue .main-header .navbar .nav>.active>a{background:rgba(0,0,0,0.1);color:#f6f6f6}.skin-blue .main-header .navbar .sidebar-toggle{color:#fff}.skin-blue .main-header .navbar .sidebar-toggle:hover{color:#f6f6f6;background:rgba(0,0,0,0.1)}.skin-blue .main-header .n avbar .sidebar-toggle{color:#fff}.skin-blue .main-header .navbar .sidebar-toggle:hover{background-color:#367fa9}@media (max-width:767px){.skin-blue .main-header .navbar .dropdown-menu li.divider{background-color:rgba(255,255,255,0.1)}.skin-blue .main-header .navbar .dropdown-menu li a{color:#fff}.skin-blue .main-header .navbar .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\bootstrap.min[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 121200 Entropy (8bit): 5.0982146191887106 Encrypted: false SSDEEP: 768:Vy3Gxw/Vc/QWlJxtQOIuiHlq5mzI4X8OAduFKbv2ctg2Bd8JP7ecQVvH1FS:nw/a1fIuiHlq5mN8lDbNmPbh MD5: EC3BB52A00E176A7181D454DFFAEA219 SHA1: 6527D8BF3E1E9368BAB8C7B60F56BC01FA3AFD68 SHA-256: F75E846CC83BD11432F4B1E21A45F31BC85283D11D372F7B19ACCD1BF6A2635C SHA-512: E8C5DAF01EAE68ED7C1E277A6E544C7AD108A0FA877FB531D6D9F2210769B7DA88E4E002C7B0BE3B72154EBF7CBF01A795C8342CE2DAD368BD6351E956195F 8B

Copyright Joe Security LLC 2021 Page 15 of 40 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\bootstrap.min[1].css Malicious: false Reputation: low IE Cache URL: indiainfra.wireconnect.co.in/css/adminlte/css/bootstrap.min.css Preview: /*!. * Bootstrap v3.3.7 (http://getbootstrap.com). * Copyright 2011-2016 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin: 0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align :baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{margin:.67em 0;font-size:2em}mark{color:#000;background:#ff0}small{font-size:80%}sub,sup{position:relative;font- size:75%;line-height:0;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\ionicons.min[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 51284 Entropy (8bit): 4.573984507129134 Encrypted: false SSDEEP: 384:048l+hhJhjRqFdtYRjJIjsjaHnNfc2C4741mf5HRzL:04DhhjQFduRjJ7uHFcu7Smf5xzL MD5: 0D6763B67616CB9183F3931313D42971 SHA1: F0459300E39155DF7AA5E94B3BDB8C8594F49A60 SHA-256: DE2BBD8E0B32F53A53C1729BEDB350CEA59E9115FBA4F2BED8E2E3DD1F76D9FA SHA-512: 240A635919DFA2715E18163BB78CAAF125ABD40EB155810980EFD430860E371691DC2F461132948342E16AB6C99DC133245E4D9A2BFE3EBE5036E96BF352E319 Malicious: false Reputation: low IE Cache URL: indiainfra.wireconnect.co.in/css/adminlte/css/ionicons.min.css Preview: @charset "UTF-8";/*!. Ionicons, v2.0.0. Created by Ben Sperry for the Ionic Framework, http://ionicons.com/. https://twitter.com/benjsperry https://twitter.com/ionicf ramework. MIT License: https://github.com/driftyco/ionicons.. Android-style icons originally built by Google.s. Material Design Icons: https://github.com/google/material- design-icons. used under CC BY http://creativecommons.org/licenses/by/4.0/. Modified icons to fit ionicon.s grid from original..*/@font-face{font-family:"Ionicons";src:url(".. /fonts/ionicons.eot?v=2.0.0");src:url("../fonts/ionicons.eot?v=2.0.0#iefix") format("embedded-opentype"),url("../fonts/ionicons.ttf?v=2.0.0") format("truetype"),url("../fonts/ionic ons.woff?v=2.0.0") format("woff"),url("../fonts/ionicons.svg?v=2.0.0#Ionicons") format("svg");font-weight:normal;font-style:normal}.ion,.ionicons,.ion-alert:before,.ion-alert- circled:before,.ion-android-add:before,.ion-android-add-circle:before,.ion-android-alarm-clock:before,.ion-android-alert:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\style[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 10835 Entropy (8bit): 5.075415813525613 Encrypted: false SSDEEP: 192:2d5dsnOgPZHojK+phpT4dklQ84yXA/Me3esU:I5dsnOgP6jK+phpTeklQ9yv MD5: 0D2EF77AE22FF2BFB516F75FB904B5CD SHA1: 075F85EBE13D8C8DAA05D7BD08B29C5D1324868D SHA-256: 6CB0D5B75C2340FCA4F07B8873A0B787D369103874415CB4DE43BE8A02E54CCB SHA-512: EAFF85B235C9544797F0E1EFCB677A1C100E28577F22CFE874CC345F2B23E0B34CA8A1E68CA785B62B684E74D2BC8D48D9CF19DDACCF15B68EEF6233F5D45A 2C Malicious: false Reputation: low IE Cache URL: indiainfra.wireconnect.co.in/css/adminlte/css/style.css Preview: /*data tables with go to page style starts*/..paging_input{ display: inline-block; padding-left: 0; margin: 0px 0; border-radius: 4px;}..paging_input > span.fg-button { position: relative; float: left; padding: 6px 12px; margin-left: 10px; line-height: 1.42857143; color: #337ab7; text-decoration: none; background-color: #fff; border: 1px solid #ddd; }..paging_input > span.paginate_page { position: relative; float: left; padding: 6px 12px; margin-left: 5px; line-height: 1.42857143; text-decoration: none; background-color: #fff;}..paging_input > span.paginate_of { position: relative; float: left; padding: 6px 2px; line-height: 1.42857143; text-decoration: none; background-color: #fff;}..pa ging_input > div.paginate_input_span { position: relative; float: left; padding: 6px 2px; text-decoration: none; background-color: #fff;}..paging_input > div.paginate_inp ut_span .paginate_input { width:30px; height:20px; }...paging_input > span.fg-button {. display: inline-block;. padding: 5px 14p

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\alt_common[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: downloaded Size (bytes): 985 Entropy (8bit): 4.895947255008273 Encrypted: false SSDEEP: 24:1Dp+h0urkToCL0tDrmRPRRbi0eRRbig4yC2UwlmRS:1Dp+h0uARIW1vi0evig4L2Ubk MD5: 3E9EFFBEDE630D2B0F4E0D11D9D6CD88 SHA1: 6146A518FB7BA0FB8C9F5AC2E977F334114C31A5 SHA-256: E1BADF0D4CED1D4A2696F25CCA2B55552123A7163D5A4FE84DA43CDFD4867F65 SHA-512: FC3A276189B5ED6DB607054AB87BE5134A1B79CCB53F5B68ECDB2CA83AEF0563F7C71CF4562D63E9F3051A23658382F52DC8A58F0591FB081B60F4F2B4824C1F Copyright Joe Security LLC 2021 Page 16 of 40 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\alt_common[1].js Malicious: false Reputation: low IE Cache URL: indiainfra.wireconnect.co.in/js/alt_common.js Preview: .$(document).ready(function() {..// tool tip. $('[data-toggle="tooltip"]').tooltip();. $(document).on("hidden.bs.modal", ".bootbox.modal", function (e) {. $('body').css("padding-right", "0px");. });..$(".api_link").on('mouseup', function() {...setTimeout(function() {....window.scrollBy(0, -65);. ..}, 100);..});.});.// When the user scrolls down 20px from the top of the document, show the button.window.onscroll = function() {scrollFunction()};..function scrollFunction() {. if (document.body.scrollTop > 100 || document.documentElement.scrollTop > 100) {. document.getElementById("btn-top").style.display = "block";. } else {. document.getElementById("btn- top").style.display = "none";. }.}..// When the user clicks on the button, scroll to the top of the document.function topFunction() {. document.body.scrollTop = 0; // For Safari. document.documentElement.scrollTop = 0; // For Chrome, Firefox, IE and Opera.}.. .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\common[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: downloaded Size (bytes): 22936 Entropy (8bit): 4.6144752228278945 Encrypted: false SSDEEP: 384:ReUFDV2KiMI0mKN5VKf2RmKzEcJbnErBwLfJaUcrAujuNY1gbDsaEGq:ReUFDV2KiMI0tN5VKf2RmKzEcVECb9E MD5: 5209BDE54BC70A184CF368195E7250B6 SHA1: 877FDD33A37298354CA2503595E0580FF836F069 SHA-256: 29C24AB2D5030C70BC4458A9505480E8C2D7860BCB3D95E2501C8C5C6F7FE16D SHA-512: F4D7C0AE50907954C63E03CA723DAA364DE9C6EF72834986DC79ACCD773FCD263B3D6A7C192AFEACE906472C62E38B479FDF468B25555F008BAF7E136148DCB 4 Malicious: false Reputation: low IE Cache URL: indiainfra.wireconnect.co.in/js/common.js Preview: var ajax_process=0; .var no_ajax_process_alert=0; ..$(function () {. //setup ajax error handling. $.ajaxSetup({. error: function (x, status, error) {. if (x.status == 403) {. alert("Sorry, your session has expired. Please login again to continue");. window.location.href ="/users";. //window.location.reload();. }. else {...var error_message = "An error occurred: \n Error Type :" + status + "\n" + " Error Status : " + x.status;...if($.trim(error)=='') {....if (typeof x.responseTex t != 'undefined') {.....error_message += "\n Error Message : " + x.responseText;....}....else {.....if (x.status === 0) {. ....error_message += '\n Error Message : Not connected. Verify Network Status.';. ...} .....else if (x.status == 404) {. ... error_message += '\n Error Message : Requested page not found.';. ...} .. ...else if (x.status == 500) {. ...error_mess

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\jquery-migrate[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text Category: downloaded Size (bytes): 11422 Entropy (8bit): 4.664753896572159 Encrypted: false SSDEEP: 192:esxlfqrbhUlgvxOCy/ZLhZtA8D/cU+qOh7vLQ3aCmZLBVRCt:esxFqdpOnZK8bL+qYE3DmZW MD5: 92C093D9B4B65063FE004FA8A0228B6F SHA1: 84B2F9109089C3014EC590EA685AB6DBA3452791 SHA-256: BFBAABB08C0418FA804703C7DD5B0D4E96C9F45D169E5C9501C568CFBACF0ECE SHA-512: B75919846E194B2C66E31D1E8549DA4A8D9568CF2BD1D24ABD373F2A2EF792C8B8E51925DEEAE7D012158FCC2D3DCA864762BF938654867197F299B57995D3CC Malicious: false Reputation: low IE Cache URL: indiainfra.wireconnect.co.in/js/adminlte/jquery-migrate.js Preview: /*! jQuery Migrate v3.0.1 | (c) jQuery Foundation and other contributors | jquery.org/license */..void 0 === jQuery.migrateMute && (jQuery.migrateMute = !0), function(e) {. "function" == typeof define && define.amd ? define([ "jquery" ], window, e) : "object" == typeof module && module.exports ? module.exports = e(require("jquery"), window) : e(jQuery, window);.}(function(e, t) {. "use strict";. function r(r) {. var n = t.console;. o[r] || (o[r] = !0, e.migrateWarnings.push(r), n && n.warn && !e.migrat eMute && (n.warn("JQMIGRATE: " + r), . e.migrateTrace && n.trace && n.trace()));. }. function n(e, t, n, a) {. Object.defineProperty(e, t, {. configu rable: !0,. enumerable: !0,. get: function() {. return r(a), n;. },. set: function(e) {. r(a), n = e;. }. });. }. function a(e, t, n, a) {. e[t] = function() {. return r(a),

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\jquery.min[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 86659 Entropy (8bit): 5.36781915816204 Encrypted: false SSDEEP: 1536:YNhEyjjTikEJO4edXXe9J578go6MWX2xkj8e4c4j2ll2AckaXEP6n15HZ+FhFcQ7:uxc2yjx4j2uX/kcQDU8Cu9 MD5: C9F5AEECA3AD37BF2AA006139B935F0A SHA1: 1055018C28AB41087EF9CCEFE411606893DABEA2 SHA-256: 87083882CC6015984EB0411A99D3981817F5DC5C90BA24F0940420C5548D82DE

Copyright Joe Security LLC 2021 Page 17 of 40 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\jquery.min[1].js SHA-512: DCFF2B5C2B8625D3593A7531FF4DDCD633939CC9F7ACFEB79C18A9E6038FDAA99487960075502F159D44F902D965B0B5AED32B41BFA66A1DC07D85B5D5152B5 8 Malicious: false Reputation: low IE Cache URL: indiainfra.wireconnect.co.in/js/adminlte/jquery.min.js Preview: /*! jQuery v3.2.1 | (c) JS Foundation and other contributors | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports? module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasO wnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype= {jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\pages[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines Category: downloaded Size (bytes): 4116 Entropy (8bit): 4.772142190998932 Encrypted: false SSDEEP: 48:JqaFZcZ9ZnZlZG8030LXwzrfx3iQQwVOz3+eufq4EeBswtOxIOf/4nC9DjG:fOHNnopkLqrcBw6d41swtO3gnC9u MD5: D8834FB253A6231E030BD1810ED3635D SHA1: DE943D5F0F4E21A6B2176626BD4E106EF538CB46 SHA-256: 0CC1796CB72ACAAB2346763A8D4A61C36135F770B0F04D94B452CD3493D23481 SHA-512: 27076D66D7ABABBC4157C87D600D0BD59769A29A7E535BDBB8A42E34DF01F43409CEBEA926F5AFB345060BE515F9187C6B01B1421F9BCF822428E4F194528231 Malicious: false Reputation: low IE Cache URL: indiainfra.wireconnect.co.in/misc/pages/ Preview: ....... ... ...... ... .. Tell the browser to be responsive to screen width -->. .....