Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
ID: 213282Cookbook: browseurl.jbsTime: 18:30:07Date: 05/03/2020Version: 28.0.0 Lapis Lazuli
2
33
4445566666
7777777888888888899999999
1010181819222323232323242526262728282930303030303030
31313131
313131
32
3
Table of Contents
Table of ContentsAnalysis Reporthttp://cardpayments.microransom.us/XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw
OverviewGeneral InformationDetectionConfidenceClassification SpiderchartAnalysis AdviceMitre Att&ck MatrixSignature Overview
Phishing:Networking:System Summary:Hooking and other Techniques for Hiding and Protection:
Malware ConfigurationBehavior Graph
SimulationsBehavior and APIs
Antivirus, Machine Learning and Genetic Malware DetectionInitial SampleDropped FilesUnpacked PE FilesDomainsURLs
Yara OverviewInitial SamplePCAP (Network Traffic)Dropped FilesMemory DumpsUnpacked PEs
Sigma OverviewJoe Sandbox View / Context
IPsDomainsASNJA3 FingerprintsDropped Files
ScreenshotsThumbnails
StartupCreated / dropped FilesDomains and IPs
Contacted DomainsURLs from Memory and BinariesContacted IPsPublic
Static File InfoNo static file info
Network BehaviorNetwork Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTP Request Dependency GraphHTTP PacketsHTTPS Packets
Code ManipulationsStatistics
BehaviorSystem Behavior
Analysis Process: iexplore.exe PID: 1352 Parent PID: 700GeneralFile ActivitiesRegistry Activities
Analysis Process: iexplore.exe PID: 3608 Parent PID: 1352GeneralFile ActivitiesRegistry Activities
Analysis Process: ssvagent.exe PID: 4576 Parent PID: 3608GeneralRegistry Activities
Disassembly
Copyright Joe Security LLC 2020 Page 2 of 32
Analysis Report http://cardpayments.microransom.us/XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw
Overview
General Information
Joe Sandbox Version: 28.0.0 Lapis Lazuli
Analysis ID: 213282
Start date: 05.03.2020
Start time: 18:30:07
Joe Sandbox Product: CloudBasic
Overall analysis duration: 0h 6m 51s
Hypervisor based Inspection enabled: false
Report type: light
Cookbook file name: browseurl.jbs
Sample URL:cardpayments.microransom.us/XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw
Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed: 6
Number of new started drivers analysed: 0
Number of existing processes analysed: 0
Number of existing drivers analysed: 0
Number of injected processes analysed: 0
Technologies: EGA enabled
Analysis stop reason: Timeout
Detection: SUS
Classification: sus21.phis.win@5/28@6/3
Cookbook Comments: Adjust boot timeEnable AMSIBrowsing link: https://submit.protected-forms.com/pages/9ec91759e8a89/XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw#
Copyright Joe Security LLC 2020 Page 3 of 32
Warnings:
Detection
Strategy Score Range Reporting Whitelisted Detection
Threshold 21 0 - 100 false
Confidence
Strategy Score Range Further Analysis Required? Confidence
Threshold 3 0 - 5 true
Exclude process from analysis (whitelisted): ielowutil.exe, conhost.exe, CompatTelRunner.exeTCP Packets have been reduced to 100Excluded IPs from analysis (whitelisted): 23.61.218.119, 172.217.23.234, 23.37.55.203, 23.62.132.180, 152.199.19.161, 93.184.221.240, 52.109.88.40, 52.109.124.21, 52.109.76.33Excluded domains from analysis (whitelisted): www.cdc.gov.edgekey.net, prod-w.nexus.live.com.akadns.net, ajax.googleapis.com, ie9comview.vo.msecnd.net, secure.aadcdn.microsoftonline-p.com.edgekey.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, wu.azureedge.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, e9313.dscb.akamaiedge.net, go.microsoft.com.edgekey.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, e13761.dscg.akamaiedge.net, hlb.apr-52dd2-0.edgecastdns.net, nexus.officeapps.live.com, wu.wpc.apr-52dd2.edgecastdns.net, cs9.wpc.v0cdn.netReport size getting too big, too many NtCreateKey calls found.Report size getting too big, too many NtDeviceIoControlFile calls found.Report size getting too big, too many NtSetValueKey calls found.
Show All
Classification Spiderchart
Copyright Joe Security LLC 2020 Page 4 of 32
Analysis Advice
Initial sample is implementing a service and should be registered / started as service
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Mitre Att&ck Matrix
InitialAccess Execution Persistence
PrivilegeEscalation
DefenseEvasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
Commandand Control
NetworkEffects
RemoteServiceEffects
ValidAccounts
Graphical UserInterface 1
WinlogonHelper DLL
ProcessInjection 1
Masquerading 1 CredentialDumping
File andDirectoryDiscovery 1
Remote FileCopy 1
Data fromLocalSystem
DataCompressed
StandardCryptographicProtocol 2
Eavesdrop onInsecureNetworkCommunication
RemotelyTrack DeviceWithoutAuthorization
ReplicationThroughRemovableMedia
ServiceExecution
PortMonitors
AccessibilityFeatures
ProcessInjection 1
NetworkSniffing
ApplicationWindowDiscovery
RemoteServices
Data fromRemovableMedia
ExfiltrationOver OtherNetworkMedium
StandardNon-ApplicationLayerProtocol 2
Exploit SS7 toRedirect PhoneCalls/SMS
RemotelyWipe DataWithoutAuthorization
Ransomware
Spreading
Phishing
Banker
Trojan / Bot
Adware
Spyware
Exploiter
Evader
Miner
clean
clean
clean
clean
clean
clean
clean
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
malicious
malicious
malicious
malicious
malicious
malicious
malicious
Copyright Joe Security LLC 2020 Page 5 of 32
ExternalRemoteServices
WindowsManagementInstrumentation
AccessibilityFeatures
PathInterception
Rootkit InputCapture
QueryRegistry
WindowsRemoteManagement
Data fromNetworkSharedDrive
AutomatedExfiltration
StandardApplicationLayerProtocol 3
Exploit SS7 toTrack DeviceLocation
ObtainDeviceCloudBackups
Drive-byCompromise
ScheduledTask
SystemFirmware
DLL SearchOrderHijacking
Obfuscated Filesor Information
Credentialsin Files
SystemNetworkConfigurationDiscovery
LogonScripts
InputCapture
DataEncrypted
Remote FileCopy 1
SIM CardSwap
InitialAccess Execution Persistence
PrivilegeEscalation
DefenseEvasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
Commandand Control
NetworkEffects
RemoteServiceEffects
Signature Overview
• Phishing
• Networking
• System Summary
• Hooking and other Techniques for Hiding and Protection
Click to jump to signature section
Phishing:
Phishing site detected (based on logo template match)
HTML body contains low number of good links
HTML title does not match URL
Invalid T&C link found
META author tag missing
META copyright tag missing
Networking:
Downloads files from webservers via HTTP
Found strings which match to known social media urls
Performs DNS lookups
Urls found in memory or binary data
Uses HTTPS
System Summary:
Classification label
Creates files inside the user directory
Creates temporary files
Reads ini files
Spawns processes
Found graphical window changes (likely an installer)
Uses new MSVCR Dlls
Hooking and other Techniques for Hiding and Protection:
Copyright Joe Security LLC 2020 Page 6 of 32
Disables application error messsages (SetErrorMode)
Malware Configuration
No configs have been found
Behavior GraphID: 213282
URL: http://cardpayments.microra...
Startdate: 05/03/2020
Architecture: WINDOWS
Score: 21
submit.protected-forms.com landing.training.knowbe4.com
Phishing site detected(based on logo template
match)
iexplore.exe
10 74
started
iexplore.exe
4 46
started
ipv4.imgur.map.fastly.net
151.101.12.193, 443, 49874, 49875
unknown
United States
52.72.211.130, 443, 49870, 49871
unknown
United States
6 other IPs or domains
ssvagent.exe
501
started
Legend:
Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Hide Legend
No simulations
No Antivirus matches
No Antivirus matches
Behavior Graph
Simulations
Behavior and APIs
Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Dropped Files
Copyright Joe Security LLC 2020 Page 7 of 32
Sigma Overview
No Sigma rule has matched
No Antivirus matches
Source Detection Scanner Label Link
ipv4.imgur.map.fastly.net 0% Virustotal Browse
secure.aadcdn.microsoftonline-p.com 0% Virustotal Browse
submit.protected-forms.com 0% Virustotal Browse
cardpayments.microransom.us 1% Virustotal Browse
Source Detection Scanner Label Link
https://submit.protect 0% Avira URL Cloud safe
https://w3c.github.io/IntersectionObserver/#intersection-observer-interface 0% URL Reputation safe
docs.closure-library.googlecode.com/git/closure_goog_date_date.js.source.html 0% Virustotal Browse
docs.closure-library.googlecode.com/git/closure_goog_date_date.js.source.html 0% Avira URL Cloud safe
https://www.nathanaeljones.com/blog/2013/reading-max-width-cross-browser 0% Avira URL Cloud safe
https://www.anujgakhar.com/2014/03/01/binary-search-in-javascript/ 0% Avira URL Cloud safe
https://https.protected-forms.com/pages/607e1759c7f3a 0% Avira URL Cloud safe
www.robertpenner.com/easing/ 0% Virustotal Browse
www.robertpenner.com/easing/ 0% URL Reputation safe
https://w3c.github.io/IntersectionObserver/#calculate-intersection-rect-algo 0% URL Reputation safe
flightschool.acylt.com/devnotes/caret-position-woes/ 0% URL Reputation safe
www.robertpenner.com/easing) 0% Virustotal Browse
www.robertpenner.com/easing) 0% URL Reputation safe
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.4653.2/content/images/microsoft_logo.png 0% Virustotal Browse
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.4653.2/content/images/microsoft_logo.png 0% Avira URL Cloud safe
https://w3c.github.io/IntersectionObserver/#intersection-observer-entry 0% URL Reputation safe
https://submit.protectcroransom.us/XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQt
0% Avira URL Cloud safe
No yara matches
No yara matches
No yara matches
No yara matches
No yara matches
Unpacked PE Files
Domains
URLs
Yara Overview
Initial Sample
PCAP (Network Traffic)
Dropped Files
Memory Dumps
Unpacked PEs
Copyright Joe Security LLC 2020 Page 8 of 32
No context
No context
No context
No context
No context
ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
Joe Sandbox View / Context
IPs
Domains
ASN
JA3 Fingerprints
Dropped Files
Screenshots
Copyright Joe Security LLC 2020 Page 9 of 32
System is w10x64
iexplore.exe (PID: 1352 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
iexplore.exe (PID: 3608 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1352 CREDAT:17410 /prefetch:2 MD5:
071277CC2E3DF41EEEA8013E2AB58D5A)ssvagent.exe (PID: 4576 cmdline: 'C:\PROGRA~2\Java\JRE18~1.0_1\bin\ssvagent.exe' -new MD5: 64338C266AE1E640E4D8CCE50FA9DF9F)
cleanup
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\BHYH095B\submit.protected-forms[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Size (bytes): 26
Entropy (8bit): 2.469670487371862
Encrypted: false
MD5: 132294CA22370B52822C17DCB5BE3AF6
SHA1: DD26B82638AD38AD471F7621A9EB79FED448A71C
SHA-256: 451ABBE0AEFC000F49967DABF8D42344D146429F03C8C8D4AE5E33FF9963CF77
SHA-512: 6D5808CAD199A785C82763C68F0AE1F4938C304B46B70529EA26B3D300EF9430AD496C688D95D01588576B3A577001D62245D98137FD5CD825AD62E17D36F15C
Malicious: false
Reputation: low
Startup
Created / dropped Files
Copyright Joe Security LLC 2020 Page 10 of 32
Preview:<root></root><root></root>
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\BHYH095B\submit.protected-forms[1].xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3DDC76F6-5F07-11EA-AAE3-9CC1A2A860C6}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 30296
Entropy (8bit): 1.8517459636013631
Encrypted: false
MD5: 45F105741D1544F946FB45282DD812BE
SHA1: AF17BB7AA1DCEDB859BDF9A673B903495ADB4A09
SHA-256: E0558F73C61D8D8DEB324B950D9B8837E86F58242CDB063A489DAC6E1B3B70D1
SHA-512: DDEB0F2C245DB78CD7B000B7FD98ACFB7667F5595FECE90DDFD172E71B574175C57AF4E33592566B069DD0E3F636BCE8FAFA4235F8C4B584F253D73FA4F79CE2
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3DDC76F8-5F07-11EA-AAE3-9CC1A2A860C6}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 46306
Entropy (8bit): 2.4557297751950493
Encrypted: false
MD5: C49863F6C1D7819BEFF9BB167411253E
SHA1: 9B8994809184D7FC9231E0DB03BEFC5897ADD870
SHA-256: A1195B521814449B10217B0C829A80854CABF8E7E816EB43908EE0059409F362
SHA-512: 204F4A61E78EDFD5EF41306C5A095AE031DCFC9C5A43CB2A00DBAB6DFA7AE0407C68149AFA2E14B51FD17DCEAA5B0DFE57B74981010271C69D375699ED47EE56
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{47A539C1-5F07-11EA-AAE3-9CC1A2A860C6}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 16984
Entropy (8bit): 1.5656362173014988
Encrypted: false
MD5: F06242D33B961245F751A5A25F91ACED
SHA1: 6EA370D0FCC4CB55FBF9EC11B826E94D8B9DDFF3
SHA-256: 938513E7754D7AB61A0DDC8CE551760CB5AF2B655E9AB0194BB01BEBE156AFB7
SHA-512: 564A9F41E5F2AF89CA24F571CB3CB3E2938163283EF8C9AA50DCBA034531040402A05CFCBB371D4A296EBD637A819B940E2E73058122454CD4194391E558296F
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.105953292373523
Encrypted: false
MD5: 662EC4B7816B94FF939EEAF00095D2B0
SHA1: 9902E16BD9CE7754F8D177D777ABCF6EE09C3DAF
SHA-256: 50E7F75F2C39720CCE2E93B83E0CB15307E214EB8E54CE7A6FC1E841A7709BEF
SHA-512: 874FA6AD3FB1DD5B4619E61E6B7E9651D3F0F8E4E93FBB7B4EF1E369650F3A7CB3062E0753344272553A39181C94F12E29E84A94FAF76D91D4EAFFFFA53DF076
Copyright Joe Security LLC 2020 Page 11 of 32
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x1822b4cd,0x01d5f314</date><accdate>0x1822b4cd,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x1822b4cd,0x01d5f314</date><accdate>0x1822b4cd,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.150428275242517
Encrypted: false
MD5: 65D1F9DB3BF657CD59CD60145F09C5CB
SHA1: 7C984CD47C388C7BBE1A7459349AEC0EC618CABD
SHA-256: C6D401068949F5F0A212ECFFB8C90A1C6B926657784825F409A3FC272310712C
SHA-512: CD63FFC943E883B24974A49725281CF568AB1048F925E456D1D03D62D9B00D4781BC4A6950330CA33B3EB2798F27A5AB639486EDC78B7ED39428FEBA91BB8B4D
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x18040229,0x01d5f314</date><accdate>0x18040229,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x18040229,0x01d5f314</date><accdate>0x1806643d,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 662
Entropy (8bit): 5.127150216711775
Encrypted: false
MD5: 424BA640DA1525985037E125D3D8A866
SHA1: CFF613442D7C37D301584F7E67C6F6924E938FE6
SHA-256: 9FAE11FBF87FC51D8624B142E16D2E99E963655949DC3078F28EE4806271C771
SHA-512: 99AFDF66DE156B716334D33EA369A6E46D81FF82D37670497E1AB1D495E072D283221882ADC00001BFE8A635E4954ACD90E333B65EBD6A10F99B90E405EE30C9
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x18253c91,0x01d5f314</date><accdate>0x18253c91,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x18253c91,0x01d5f314</date><accdate>0x1827feab,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 410
Entropy (8bit): 5.1682731780856255
Encrypted: false
MD5: 72A13DED2C2EAF389D63694A0F674ACD
SHA1: 3827A07C2FAAFEF5AACB445C84FEB08931C2529B
SHA-256: A682DE67601C92B11CD00B11F1ED479ED205BC1311CF761A441A055898A42F16
SHA-512: C9283B08C24885AF5AB01C57A48FBECCDB81592370ED681A5825F80FAF0A0F6F3359A45C6D532B3BACED9FCC16636505F41E0E7EC04BDB660A34FB464077AC20
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://go.microsoft.com/fwlink/p/?LinkId=255142"/><date>0x42a19dc3,0x01d5d568</date><accdate>0x180938ce,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Bing.url"/><selection>\lowres.png</selection></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 647
Entropy (8bit): 5.125408565696732
Copyright Joe Security LLC 2020 Page 12 of 32
Encrypted: false
MD5: 8CDA4C37332289E719A4A73D1066C28B
SHA1: 7F211453DE644F860F1F343AC33AC7345057039C
SHA-256: DC36BCD3F8557F09DA579758450A70F3D339E3B210B7057EC420CAF3F510B34E
SHA-512: 1D345053ECB977CF2A74EA9B4B6B83DD6C993975F23ADF3900AA9514616D4BF36228650D44C17DACEA1E71ADCF5C2C66D05E45A2E60EB44CE096079FA03CC75D
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x181642c3,0x01d5f314</date><accdate>0x181642c3,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x181642c3,0x01d5f314</date><accdate>0x181642c3,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.131598546801389
Encrypted: false
MD5: 8047C43781A2C0306E2288960436C10D
SHA1: F5E8428044F2DE5C561242F65EE15C55921B5906
SHA-256: 71926AF0855FD329FCC9995927ECC16D5F127F9B227F2218A71115F7D7B3F85C
SHA-512: CAA09310D1C670750786171E665CF0F92CF388DC3A37C15CEAD20E8E8265FA3A674BB34C1091659E00BED125B19BAC1C7F5F04723A61D42CBA16F8CE4DDDA0A5
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x182ae615,0x01d5f314</date><accdate>0x182ae615,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x182ae615,0x01d5f314</date><accdate>0x182ae615,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.093248801389679
Encrypted: false
MD5: D0DF72337CB9A609AB6721A0709F0FF1
SHA1: 8A181994852A73ED5188B4245918643D49924867
SHA-256: 68AAE9620203FB25CAC793E30BAB8CDCD0FD21B76A0B8C3D59CAE60761BDA235
SHA-512: AD652FFE0CC9D620E414E6CD8A930858249E998314B762371C2E52EB32A8DE52AAF7111E18AB0A454F9CEAFCED57B2C4DC4A63DBF43F66E9160D6DAF785CEC82
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x18203f38,0x01d5f314</date><accdate>0x18203f38,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x18203f38,0x01d5f314</date><accdate>0x18203f38,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.152443139017706
Encrypted: false
MD5: C071EBE06BB2B7CE76E485E88B591E6A
SHA1: 07C796FB2045660D294896BDA1C7504F8B587C3D
SHA-256: F8ED50AE9268C02AEA2B39EA66A2867370027AB62F1B26DE1218FBB77A58DB2F
SHA-512: DB40DFEE44D34D24B9ACFD6BAD4CED2A9BCFE20C41D946FF9F861647DFDC3088AFD7620668F5AB4433DFF704920D518F10ACBAF8430BCE320CD59551E3457880
Malicious: false
Reputation: low
Copyright Joe Security LLC 2020 Page 13 of 32
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x181b0827,0x01d5f314</date><accdate>0x181b0827,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x181b0827,0x01d5f314</date><accdate>0x181d69d3,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 659
Entropy (8bit): 5.109907478132504
Encrypted: false
MD5: B28A9C0E37EF2534CF6AB4E74C1B3907
SHA1: 68694A45F3B376D86D179B6C2F21410D8BB1D318
SHA-256: 8BC0A0F71AE77D1BB71702C7F516CEF36EB50B45595E7763D937BD0B08B05AEF
SHA-512: 5E12AB0CFF5BF38232267C2E098BB2AEA6225E19B73EBD5F070B843E18B537B026797CE172132D29E0F52D86592BFB5FCD4CFDFD474D8DC135A46F30AF13218C
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x180938ce,0x01d5f314</date><accdate>0x180938ce,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x180938ce,0x01d5f314</date><accdate>0x1810d22b,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.081885907607568
Encrypted: false
MD5: D0774A20B2D9125A7A28886ED5F88725
SHA1: E73191D03596B579BC499C52D518A56DE425E0DE
SHA-256: 42D8948BB5235AE336577C287100E7A8787584D48EAF5E97C54349452790C7BF
SHA-512: C81DF34CE879B465DE9A8D369196B1A83905F70ABD493928A2837245639ADACE098189C5157B5697E26897C70E308B6C488758196F38F93C68446FE3F253AD22
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x1813812a,0x01d5f314</date><accdate>0x1813812a,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x1813812a,0x01d5f314</date><accdate>0x1813812a,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text
Size (bytes): 326
Entropy (8bit): 5.6676872252913
Encrypted: false
MD5: 680686D0AEBAF4E4918001B20AFE3694
SHA1: B6F277E9C602D81AFFDF37FD2F734FBFF924247F
SHA-256: F436C63EBF2B0F17E700BC091B92D26E02799184D0892C56327898D297CAC40D
SHA-512: FEEB3146DCA87B27EED5AD95DE3553F84AD71FB745A51E024D2295439E3BD0BEB60A424FB34A2F78DF88BAB8355A840601DBC111E4EC3EF43A18D42F05F0AD44
Malicious: false
Reputation: low
Preview:<html>. <head>. <script>window.location.href = 'https://submit.protected-forms.com/pages/9ec91759e8a89/XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw';</script>. </head>. <body>. </body>.</html>.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines
Size (bytes): 4174659
Copyright Joe Security LLC 2020 Page 14 of 32
Entropy (8bit): 5.094369244435523
Encrypted: false
MD5: F68A91E86DE0F8068AF3DE6DB4AAC6B5
SHA1: FBDB87094AD4A96735C5E1AD5E4FF6A00B20947A
SHA-256: FDE3C8B694424902E64C29A427A46B6EF3C593F1FFEFBDD989847B4F1B8B2310
SHA-512: 0FE53E53837DCC30B9BC1B763B15262B115818A63FB689E710EA618BA057D5CF1562FBEAEFD5D413A9FF2704081AD74FB9F30D69FE2C43E6ADB1FFAB9100375F
Malicious: false
Reputation: low
Preview:// Array.fill.if (!Array.prototype.fill) {. Object.defineProperty(Array.prototype, 'fill', {. value: function(value) {.. // Steps 1-2.. if (this == null) {. throw new TypeError('this is null or not defined');. }.. var O = Object(this);.. // Steps 3-5.. var len = O.length >>> 0;.. // Steps 6-7.. var start = arguments[1];. var relativeStart = start >> 0;.. // Step 8.. var k = relativeStart < 0 ?. Math.max(len + relativeStart, 0) :. Math.min(relativeStart, len);.. // Steps 9-10.. var end = arguments[2];. var relativeEnd = end === undefined ?. len : end >> 0;.. // Step 11.. var final = relativeEnd < 0 ?. Math.max(len + relativeEnd, 0) :. Math.min(relativeEnd, len);.. // Step 12.. while (k < final) {. O[k] = value;. k++;. }.. // Step 13.. return O;. }. });.}..// Object.values.Object.values = Object.values ? Object.values : f
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\jquery.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 95786
Entropy (8bit): 5.393689635062045
Encrypted: false
MD5: 8101D596B2B8FA35FE3A634EA342D7C3
SHA1: D6C1F41972DE07B09BFA63D2E50F9AB41EC372BD
SHA-256: 540BC6DEC1DD4B92EA4D3FB903F69EABF6D919AFD48F4E312B163C28CFF0F441
SHA-512: 9E1634EB02AB6ACDFD95BF6544EEFA278DFDEC21F55E94522DF2C949FB537A8DFEAB6BCFECF69E6C82C7F53A87F864699CE85F0068EE60C56655339927EEBCDB
Malicious: false
Reputation: low
Preview:/*! jQuery v1.11.1 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l="1.11.1",m=function(a,b){return new m.fn.init(a,b)},n=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,o=/^-ms-/,p=/-([\da-z])/gi,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,constructor:m,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map(this,function(b,c){ret
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with CRLF, LF line terminators
Size (bytes): 4386
Entropy (8bit): 5.5961788600873055
Encrypted: false
MD5: 5CC8E2C9F77C111612B9E1C0C4392536
SHA1: 62701D660ECC4EC1BB40781AA2D7767C1CB35658
SHA-256: 9E5E0835848F6ED9BCAECC378E732AC5EE370BB6F6981BAB9D55A7D90BA81F37
SHA-512: 29BC9AC184510FC7CDCEE813D5B7F5F142A97EF36A3FD2DBFFCB7DA07649983BEECD260D39C16230E8A685F96170EF73B095F7EA33F967A8EEAAB4BAE1E0C358
Malicious: false
Reputation: low
Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">. <meta name="IMPORTANT" content="This page is part of a simulated phishing attack initiated by KnowBe4 on behalf of its customers." />. <meta name="IMPORTANT" content="If you have any questions please contact [email protected]." />. <meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"/>.. <head>. <script src="/assets/application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310.js"></script>. <script src="/packs/js/vendor-a6da5c38e4a40255d339.js"></script>. <script src="/assets/modernizr-654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97.js"></script>. <link rel="stylesheet" media="all" href="/assets/landing-watermark-16f13e16a7ef02fb6f94250aa1931ded83dbee5d9fad278e33dd5792d085194f.css" />.. </head>. .<script class="jsbin" src="http://ajax.googleapis.com/ajax/libs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\P24S97MI\5M7BhDX[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 159 x 35, 8-bit/color RGBA, non-interlaced
Size (bytes): 4564
Entropy (8bit): 7.923695684546112
Encrypted: false
MD5: 8562D0594B9B1A0D99C18D9FEBF54322
SHA1: 5DD751FB397A3CD010FA2DE9B9C56AF52DB73215
Copyright Joe Security LLC 2020 Page 15 of 32
SHA-256: F34EB312B5B5B4819C3DC3F737821E0F265F87B9E66A96C1587EC0DA07063B42
SHA-512: DCACB7AECAC91F6C47F8CE67B6D6E271C8C5EA97D5F2625C6EDFBD2B971E3845213742957B7F09F5D8D9E5996F74D6604304541EEA1D39078C165435F6498309
Malicious: false
Reputation: low
Preview:.PNG........IHDR.......#............OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\[email protected]..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..([email protected]..._-..."[email protected]~..,/...;..m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/[email protected]..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., +.....3...!.[..b@q
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\P24S97MI\5M7BhDX[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\G45IjEI[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, baseline, precision 8, 1420x1080, frames 3
Size (bytes): 202093
Entropy (8bit): 7.969189272688472
Encrypted: false
MD5: E6015E372A2DCCA952341F198D34F8E1
SHA1: 21E3B80BC60024D827557BFE2D30DEEE61E89BFB
SHA-256: 456631379D447C7C74D94DB93EFADEDC91F24A22C61ED3BD7B48EAC8A1A3EA9F
SHA-512: EC08FE574B5C6EF55D6D3EA65E21BBC5787B80718079F0F9AD8FA7673CF435506C61C163615537897E38EDF9C53A99D2EAED71BB771B2A429827151D26326598
Malicious: false
Reputation: low
Preview:......Adobe.d...............................................#$&$#.//22//@@@@@@@@@@@@@@@......................%.....%/"...."/*-&&&-*44//44@@>@@@@@@@@@@@@......8...."..................................................................................!1..AQ.aq"2...B....Rr#..b.3...S4...Cc$5...s..TD%..d...t6.....................!1..AQaq.."....2R.r3....Bb..#.S...4.C.c$.............?....N..lTQE.R.E....tc@*([email protected]........(..(..T|..P.}..j(.E:\h....J.(.....f.(.(...}(.D.5@R.,9..xS.h..L.3...H......F4cT.{.eO.e...@(4E8......`..T...t..T.)[email protected]........(..b..U(...)T.1@..(..h.H.@*QR..P.............qT....u ....R.....&[email protected]@:[email protected].([email protected]....*...(..([email protected].(..qDP.Q. *@....EL.F..QN....t...P.....E...".P..x...P........D[~QQ.P....j......6.m......;..X4Ua.....edm...a..h..dv+.\..kx...K.fm./.......ur....Y...NB...{[email protected]....]...?5wF.+..46....s....m.##.}t3)......\/;2..'...Z.U.H7....|.J..qsL..:guv...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\cdc_badge[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 256 x 150, 8-bit/color RGBA, non-interlaced
Size (bytes): 15618
Entropy (8bit): 7.959546057755388
Encrypted: false
MD5: 3601AFF883A98B61E4C7099AAF2C9662
SHA1: AFB81744E50DA4609ACA55AE4D6A58DB1478BF58
SHA-256: 59ADEFE016E0F04C11750233CEFF574B744B96F45A4CD54637EB6A1AF6C5AB66
SHA-512: C6BB5EA5355462CFCD52ED47CF40E3A4100C110064658D1675200043E5EFBD8E1F6B45F0CFA68BBFDDF21FF346A58AAEAA0CC0F8596946D822617429E2422FB1
Malicious: false
Reputation: low
Preview:.PNG........IHDR.............1:V.....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*[email protected]`[email protected]'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\landing-watermark-16f13e16a7ef02fb6f94250aa1931ded83dbee5d9fad278e33dd5792d085194f[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Size (bytes): 1471
Entropy (8bit): 4.754611179426391
Encrypted: false
MD5: 15E89F9684B18EC43EE51F8D62A787C3
SHA1: 9CBAAACEAE96845ECD3497F41EE3B02588ABEC11
SHA-256: 16F13E16A7EF02FB6F94250AA1931DED83DBEE5D9FAD278E33DD5792D085194F
SHA-512: 79E0110A045F28437D192290AC9789270CB0D4E676A985564746DB439992D867BA89639D7738E2A7F7D83BBF37D9A02CAA2AE1DC4E0EE2519797E5840A47FABE
Malicious: false
Reputation: low
Copyright Joe Security LLC 2020 Page 16 of 32
Preview:/* line 1, app/assets/stylesheets/landing-watermark.scss */..watermark {. -webkit-writing-mode: vertical-rl;. -ms-writing-mode: tb-rl;. writing-mode: vertical-rl;. text-orientation: sideways;.}../* line 4, app/assets/stylesheets/landing-watermark.scss */..watermark.left {. left: 0;.}../* line 7, app/assets/stylesheets/landing-watermark.scss */..watermark.right {. right: 0;.}../* line 10, app/assets/stylesheets/landing-watermark.scss */..watermark.top {. text-align: center;. -webkit-writing-mode: horizontal-tb;. -ms-writing-mode: lr-tb;. writing-mode: horizontal-tb;. top: -38px;.}../* line 15, app/assets/stylesheets/landing-watermark.scss */..watermark h1 {. -webkit-user-select: none;. -moz-user-select: none;. -ms-user-select: none;. user-select: none;. font-size: 15px;. color: #fdfdfa;. font-weight: bold;.}../* line 24, app/assets/stylesheets/landing-watermark.scss */.#template_sei .watermark.left {. margin-left: -10px;.}../* li
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\landing-watermark-16f13e16a7ef02fb6f94250aa1931ded83dbee5d9fad278e33dd5792d085194f[1].css
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\microsoft_logo[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 100 x 22, 8-bit/color RGBA, non-interlaced
Size (bytes): 1040
Entropy (8bit): 7.741613352296269
Encrypted: false
MD5: E4B675007DC6492EE590131D1F7DFBB3
SHA1: 9397E98E13074C09072F6A50E7267C612738C455
SHA-256: 988E349F2BF4E87154738C7B2C1FA86618713A8CFA0CEF60A046F5ADD89BD9DE
SHA-512: B880DB21F612F257FA94656D632D11FE63841493E7B0443EF8AB5CB753CAB717625D1873866C7DC00EC4596C1E148690B4C4231B0DD8636F4A86EEC33F6A0CF4
Malicious: false
Reputation: low
Preview:.PNG........IHDR...d.........6.9.....pHYs.................tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Y;n.@....\.....n.*..*.n.H.z..('...7}.Sm........s.yGx.<OHi..... ..]........,.?.}[email protected]./G..8t..5.._]].7...([email protected]...\.,..;.|..`d....CD...<B....d.ZTWx...R.......`...W..t...1^d....K`.E..N.).ob.o..%.9..O@:.%+.B./,.....+.\(....-...f.....<.....i~i]...I.&...v..'&.t...x.....|34..tJ......-a..c.g4..U..&........\....If.....M..S\O.h..).m].L.....3.4.....a.....g....i.;..0..F5....<.=.<[email protected]..}..o..8..q....[..x......L...<.'._lr..$........d....XO..z.....h.8..M."1.)4.c(@.(em...&..5.W$..r.[. .'...V..l.k:.NA^....YX...U..."}Z...a.......I!...?+.\.I......Z:F.....>'.j..i.9..>.....^uDa.]"_.?.eMi..\`K...U..PX.-.)ocJ..n@]..s*.#2.'...g.../.Am.YV.P.z...*.3...b.J..3S..R.....T].......;...!W|5|!.y..+..Kd*6.!....Zcl..?PU3.M.S.9.c0d....yh.........q.JSr..=$)I.....G(&..#.u`..Y.*.W.:0.D..)'[email protected]=..i..<..Y.h........b/.............}..pW.zC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\modernizr-654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text
Size (bytes): 51365
Entropy (8bit): 4.63063774466206
Encrypted: false
MD5: 4FAE2A90728C528AA148C31466B7ED39
SHA1: 6BFC3FF0B0C367EA21003E42175486AE0B2B2BFC
SHA-256: 654222DEBE8018B12F1993CEDDFF30DC163A7D5008D79869C399D6D167321F97
SHA-512: 1B385498219AD468A9EDDB3D4D0747A91CA9F867C75F10715BFAA4BE369781B6788489A71350D9509AF7132AAC92A2B411E817E7928C782FA41E77DEBC0EE277
Malicious: false
Reputation: low
Preview:/*!. * Modernizr v2.7.1. * www.modernizr.com. *. * Copyright (c) Faruk Ates, Paul Irish, Alex Sexton. * Available under the BSD and MIT licenses: www.modernizr.com/license/. */../*. * Modernizr tests which native CSS3 and HTML5 features are available in. * the current UA and makes the results available to you in two ways:. * as properties on a global Modernizr object, and as classes on the. * <html> element. This information allows you to progressively enhance. * your pages with a granular level of control over the experience.. *. * Modernizr has an optional (not included) conditional resource loader. * called Modernizr.load(), based on Yepnope.js (yepnopejs.com).. * To get a build that includes Modernizr.load(), as well as choosing. * which tests to include, go to www.modernizr.com/download/. *. * Authors Faruk Ates, Paul Irish, Alex Sexton. * Contributors Ryan Seddon, Ben Alman. */...window.Modernizr = (function( window, document, undefined ) {.. var version = '2.7.1',..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\vendor-a6da5c38e4a40255d339[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 373379
Entropy (8bit): 5.3004291652441475
Encrypted: false
MD5: E6B59B3D7B6A4FEC88A8DF37A3E369B6
SHA1: 5EE1B9542969661BD10348E2AD78D0E4202FBD37
SHA-256: 645B5E8FC5F6FDDDB0777D2680C3188725335F5476621C628DB1C49B8887BC02
SHA-512: F255E90E0C8EC9B9F188C8C9DDE3849C132745E5FCC7C89B4EF4EC7E339A058B73D293C4503E85A028CCB5C258791D257991E5EF65B104CEAA3BED20080ADB64
Malicious: false
Reputation: low
Preview:!function(t){var e={};function i(n){if(e[n])return e[n].exports;var r=e[n]={i:n,l:!1,exports:{}};return t[n].call(r.exports,r,r.exports,i),r.l=!0,r.exports}i.m=t,i.c=e,i.d=function(t,e,n){i.o(t,e)||Object.defineProperty(t,e,{enumerable:!0,get:n})},i.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},i.t=function(t,e){if(1&e&&(t=i(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var n=Object.create(null);if(i.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var r in t)i.d(n,r,function(e){return t[e]}.bind(null,r));return n},i.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return i.d(e,"a",e),e},i.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},i.p="/packs/",i(i.s=1216)}([,,,,,,,,,function(t,e,i){function n(t,e,i){var c,u,p,d,f=t&n.F,g=t&n.G,m=t&n.P
C:\Users\user\AppData\Local\Temp\~DF357EF3C3770B6933.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
Copyright Joe Security LLC 2020 Page 17 of 32
File Type: data
Size (bytes): 25441
Entropy (8bit): 0.2885044112543459
Encrypted: false
MD5: 5EA2BC490F0118B429DD1C54863559A5
SHA1: E1C6CBC12FD8D32E132CE32EEEB70309298BACDF
SHA-256: EB55C7C32E588D6EB2701BDEE46022DF92D10BB3B1EB549865A464422A450B95
SHA-512: 6D2645925221DF4056734D16DFABA7394523DD5CC9DC9A962C33DD0419323A8B8F85548472F31415A218D72CB542EE9FE43762DDF737C4C2A4ADFDF910F802C5
Malicious: false
Reputation: low
Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\~DF357EF3C3770B6933.TMP
C:\Users\user\AppData\Local\Temp\~DF5D503E65E2666DEB.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Size (bytes): 53901
Entropy (8bit): 1.082387278326424
Encrypted: false
MD5: 4F6044985E6833810DBBE267D83FB49E
SHA1: B7AED75A98BD766D188E330019CD047EB8E626CD
SHA-256: 69AB5859C306CDFEEAE90EA0E0D2D015A8A0CA7A3EB6FEFB53353DE719AC6370
SHA-512: A921D650AF074CB66315CB6B73668E88A91BF3A5A2A9CE2792F6605A8D23A77824885DC0D33157291B9C42FB77A5D269A0FED7C1EE77B4B1CF8D4861628C01F1
Malicious: false
Reputation: low
Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\~DFFC67F01ACB13F7F4.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Size (bytes): 13029
Entropy (8bit): 0.480975985298636
Encrypted: false
MD5: 1507E8CE45A22ED0C142FEACBFE50A42
SHA1: 8C9CE422B1BA160C26F276635D33D3696253BC74
SHA-256: 54AC4A82D39A0F884E8FDA8931BEDAA492180D4BD678398105FAE226F0174AED
SHA-512: 768EEFD7CF0451B4A86C33AE456D516DEC5AC46106065E7CA55DD18652F04E8E898B0E1E0EE5614F7A105578299B4C3BAF737CF5B226C9BD8ADEA14DBBD87C07
Malicious: false
Reputation: low
Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Name IP Active Malicious Antivirus Detection Reputation
landing.training.knowbe4.com 54.175.123.26 true false high
ipv4.imgur.map.fastly.net 151.101.12.193 true false 0%, Virustotal, Browse low
secure.aadcdn.microsoftonline-p.com unknown unknown false 0%, Virustotal, Browse unknown
www.cdc.gov unknown unknown false high
submit.protected-forms.com unknown unknown false 0%, Virustotal, Browse unknown
i.imgur.com unknown unknown false high
cardpayments.microransom.us unknown unknown false 1%, Virustotal, Browse unknown
Domains and IPs
Contacted Domains
Copyright Joe Security LLC 2020 Page 18 of 32
Name Source Malicious Antivirus Detection Reputation
api.jqueryui.com/slide-effect/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/moment/moment/issues/1423 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/chartjs/Chart.js/pull/4507 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
stackoverflow.com/a/32954565/96342 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/madrobby/zepto/blob/master/src/zepto.jsapplication-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://stackoverflow.com/questions/30464750/chartjs-line-chart-set-background-color
application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/chartjs/Chart.js/issues/5597 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
stackoverflow.com/a/26707753 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/jquery/jquery-color application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/select2/select2/blob/master/LICENSE.mdapplication-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
api.jqueryui.com/jQuery.widget/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
blog.jquery.com/2012/08/09/jquery-1-8-released/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
codereview.stackexchange.com/q/13338 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://bugzilla.mozilla.org/show_bug.cgi?id=561664 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
dev.w3.org/csswg/cssom/#resolved-values application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://submit.protect {3DDC76F8-5F07-11EA-AAE3-9CC1A2A860C6}.dat.1.dr
false Avira URL Cloud: safe unknown
https://caniuse.com/download application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/chartjs/Chart.js/issues/2538 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
dev.w3.org/csswg/css-color/#hwb-to-rgb application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
www.apache.org/licenses/LICENSE-2.0) application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/kriskowal/es5-shim/blob/master/es5-shim.js
modernizr-654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97[1].js.2.dr
false high
api.jqueryui.com/button/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://bugzilla.mozilla.org/show_bug.cgi?id=687787 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://blog.alexmaccaw.com/css-transitions application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
URLs from Memory and Binaries
Copyright Joe Security LLC 2020 Page 19 of 32
https://github.com/bassjobsen/Bootstrap-3-Typeahead application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://getbootstrap.com/docs/3.4/javascript/#transitions application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/chartjs/Chart.js/issues/4152 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
bugs.jquery.com/ticket/9917 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
www.reddit.com/ msapplication.xml5.1.dr false high
api.jqueryui.com/size-effect/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/Do/iso8601.js application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/addEventListener#Safely_detecting_optio
application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
momentjs.com/guides/#/warnings/zone/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
bugs.jquery.com/ticket/12359 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/removeEventListener
application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://w3c.github.io/IntersectionObserver/#intersection-observer-interface
application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false URL Reputation: safe low
creativecommons.org/licenses/by/3.0/) application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
docs.closure-library.googlecode.com/git/closure_goog_date_date.js.source.html
application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false 0%, Virustotal, BrowseAvira URL Cloud: safe
low
https://www.nathanaeljones.com/blog/2013/reading-max-width-cross-browser
application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false Avira URL Cloud: safe unknown
https://github.com/truckingsim/Ajax-Bootstrap-Select application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://bugzilla.mozilla.org/show_bug.cgi?id=649285 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://getbootstrap.com/docs/3.4/javascript/#tooltip application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/chartjs/Chart.js/issues/6104 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
jsperf.com/diacritics/18 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
api.jqueryui.com/category/ui-core/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/twbs/bootstrap/issues/20280 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/chartjs/Chart.js/issues/4287 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://getbootstrap.com/docs/3.4/javascript/#modals application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/chartjs/Chart.js/issues/2435#issuecomment-216718158
application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://stackoverflow.com/q/181348 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://getbootstrap.com/docs/3.4/javascript/#collapse application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
Name Source Malicious Antivirus Detection Reputation
Copyright Joe Security LLC 2020 Page 20 of 32
https://www.anujgakhar.com/2014/03/01/binary-search-in-javascript/
application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false Avira URL Cloud: safe low
https://github.com/chartjs/Chart.js/issues/4737 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/kkapsner/CanvasBlocker application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://https.protected-forms.com/pages/607e1759c7f3a XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw[1].htm0.2.dr, {3DDC76F8-5F07-11EA-AAE3-9CC1A2A860C6}.dat.1.dr
false Avira URL Cloud: safe unknown
https://www.cdc.gov/TemplatePackage/contrib/widgets/images/cdc_badge.png
XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw[1].htm0.2.dr
false high
www.robertpenner.com/easing/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false 0%, Virustotal, BrowseURL Reputation: safe
low
https://w3c.github.io/IntersectionObserver/#calculate-intersection-rect-algo
application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false URL Reputation: safe low
https://github.com/chartjs/Chart.js/issues/3887 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://getbootstrap.com/docs/3.4/javascript/#scrollspy application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/w3c/IntersectionObserver/issues/211 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/twbs/bootstrap/blob/master/LICENSE) application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
flightschool.acylt.com/devnotes/caret-position-woes/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false URL Reputation: safe unknown
api.jqueryui.com/transfer-effect/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/rails/jquery-ujs application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://stackoverflow.com/questions/8506881/nice-label-algorithm-for-charts-with-minimum-ticks
application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://bugzilla.mozilla.org/show_bug.cgi?id=491668 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/marcj/css-element-queries application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
www.robertpenner.com/easing) application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false 0%, Virustotal, BrowseURL Reputation: safe
low
momentjs.com/guides/#/warnings/min-max/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/truckingsim/Ajax-Bootstrap-Select/issues/155
application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/truckingsim/Ajax-Bootstrap-Select/issues/156
application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/truckingsim application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/chartjs/Chart.js/issues/4102 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
Name Source Malicious Antivirus Detection Reputation
Copyright Joe Security LLC 2020 Page 21 of 32
https://stackoverflow.com/q/3922139 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
api.jqueryui.com/drop-effect/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
www.amazon.com/ msapplication.xml.1.dr false high
stackoverflow.com/questions/846221/logarithmic-slider application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
www.twitter.com/ msapplication.xml6.1.dr false high
jsperf.com/getall-vs-sizzle/2 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://getbootstrap.com/docs/3.4/javascript/#buttons application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.4653.2/content/images/microsoft_logo.png
XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw[1].htm0.2.dr
false 0%, Virustotal, BrowseAvira URL Cloud: safe
unknown
https://github.com/jquery/jquery/pull/557) application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://www.html5canvastutorials.com/advanced/html5-canvas-mouse-coordinates/
application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
api.jqueryui.com/menu/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://getbootstrap.com/docs/3.4/javascript/#alerts application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/chartjs/Chart.js/issues/5208 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
api.jqueryui.com/category/effects-core/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
bugs.jquery.com/ticket/8235 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://chartjs.gitbooks.io/proposals/content/Platform.htmlapplication-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
api.jqueryui.com/dialog/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://w3c.github.io/IntersectionObserver/#intersection-observer-entry
application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false URL Reputation: safe low
api.jqueryui.com/shake-effect/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
www.nytimes.com/ msapplication.xml4.1.dr false high
https://github.com/Microsoft/tslib/blob/v1.6.0/tslib.js application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://stackoverflow.com/questions/10149963/adding-event-listener-cross-browser
application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://github.com/markcarver application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
https://submit.protectcroransom.us/XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQt
{3DDC76F8-5F07-11EA-AAE3-9CC1A2A860C6}.dat.1.dr
false Avira URL Cloud: safe unknown
https://github.com/imulus/retinajs/issues/8 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr
false high
Name Source Malicious Antivirus Detection Reputation
Contacted IPs
Copyright Joe Security LLC 2020 Page 22 of 32
Static File Info
No static file info
Network Port Distribution
Total Packets: 72
• 53 (DNS)
• 443 (HTTPS)
• 80 (HTTP)
No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs
IP Country Flag ASN ASN Name Malicious
52.72.211.130 United States 14618 unknown false
151.101.12.193 United States 54113 unknown false
54.175.123.26 United States 14618 unknown false
Network Behavior
Public
Copyright Joe Security LLC 2020 Page 23 of 32
Timestamp Source Port Dest Port Source IP Dest IP
Mar 5, 2020 18:32:17.798790932 CET 49868 80 192.168.2.6 54.175.123.26
Mar 5, 2020 18:32:17.800245047 CET 49869 80 192.168.2.6 54.175.123.26
Mar 5, 2020 18:32:17.896975994 CET 80 49868 54.175.123.26 192.168.2.6
Mar 5, 2020 18:32:17.897263050 CET 49868 80 192.168.2.6 54.175.123.26
Mar 5, 2020 18:32:17.898238897 CET 49868 80 192.168.2.6 54.175.123.26
Mar 5, 2020 18:32:17.900656939 CET 80 49869 54.175.123.26 192.168.2.6
Mar 5, 2020 18:32:17.901170969 CET 49869 80 192.168.2.6 54.175.123.26
Mar 5, 2020 18:32:17.996350050 CET 80 49868 54.175.123.26 192.168.2.6
Mar 5, 2020 18:32:18.245170116 CET 80 49868 54.175.123.26 192.168.2.6
Mar 5, 2020 18:32:18.245193005 CET 80 49868 54.175.123.26 192.168.2.6
Mar 5, 2020 18:32:18.249054909 CET 49868 80 192.168.2.6 54.175.123.26
Mar 5, 2020 18:32:18.858881950 CET 49871 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:18.873951912 CET 49870 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:18.957015038 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:18.963874102 CET 49871 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:18.971785069 CET 443 49870 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:18.980437994 CET 49870 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:18.990631104 CET 49871 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:18.991415024 CET 49870 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.088773012 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.089198112 CET 443 49870 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.089966059 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.090145111 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.090154886 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.090162039 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.090171099 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.090385914 CET 443 49870 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.090396881 CET 443 49870 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.090404034 CET 443 49870 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.090411901 CET 443 49870 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.090419054 CET 443 49870 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.090939045 CET 49871 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.091039896 CET 49870 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.139651060 CET 49871 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.140045881 CET 49870 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.151316881 CET 49871 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.152050972 CET 49871 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.152219057 CET 49870 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.237958908 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.238106966 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.238127947 CET 443 49870 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.238290071 CET 443 49870 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.244887114 CET 49871 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.244972944 CET 49870 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.246470928 CET 49871 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.248181105 CET 49870 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.249403954 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.250006914 CET 443 49870 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.261004925 CET 49871 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.261060953 CET 49870 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.288105011 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.288129091 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.288149118 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.288166046 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.288178921 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.296346903 CET 49871 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.313908100 CET 49871 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.316286087 CET 49871 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.316728115 CET 49871 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.317161083 CET 49871 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.385253906 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.388989925 CET 443 49870 52.72.211.130 192.168.2.6
TCP Packets
Copyright Joe Security LLC 2020 Page 24 of 32
Mar 5, 2020 18:32:19.390655994 CET 49874 443 192.168.2.6 151.101.12.193
Mar 5, 2020 18:32:19.391753912 CET 49875 443 192.168.2.6 151.101.12.193
Mar 5, 2020 18:32:19.411109924 CET 443 49874 151.101.12.193 192.168.2.6
Mar 5, 2020 18:32:19.412008047 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.412327051 CET 443 49875 151.101.12.193 192.168.2.6
Mar 5, 2020 18:32:19.414304018 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.414688110 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.414712906 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.414727926 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.414738894 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.414772034 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.414793015 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.414808989 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.414828062 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.414844036 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.414958000 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.414973974 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.415333033 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.415824890 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.415848970 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.415966034 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.415987015 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.416003942 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.416023016 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.416033030 CET 443 49871 52.72.211.130 192.168.2.6
Mar 5, 2020 18:32:19.420058012 CET 49874 443 192.168.2.6 151.101.12.193
Mar 5, 2020 18:32:19.420105934 CET 49871 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.420183897 CET 49875 443 192.168.2.6 151.101.12.193
Mar 5, 2020 18:32:19.433974981 CET 49871 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.446726084 CET 49875 443 192.168.2.6 151.101.12.193
Mar 5, 2020 18:32:19.447251081 CET 49874 443 192.168.2.6 151.101.12.193
Mar 5, 2020 18:32:19.449129105 CET 49871 443 192.168.2.6 52.72.211.130
Mar 5, 2020 18:32:19.467281103 CET 443 49875 151.101.12.193 192.168.2.6
Mar 5, 2020 18:32:19.467749119 CET 443 49874 151.101.12.193 192.168.2.6
Mar 5, 2020 18:32:19.470125914 CET 443 49874 151.101.12.193 192.168.2.6
Mar 5, 2020 18:32:19.470148087 CET 443 49874 151.101.12.193 192.168.2.6
Mar 5, 2020 18:32:19.470504045 CET 443 49874 151.101.12.193 192.168.2.6
Mar 5, 2020 18:32:19.470685005 CET 443 49875 151.101.12.193 192.168.2.6
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source Port Dest Port Source IP Dest IP
Mar 5, 2020 18:32:11.665510893 CET 56164 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:11.700239897 CET 53 56164 8.8.8.8 192.168.2.6
Mar 5, 2020 18:32:17.746396065 CET 52639 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:17.784657955 CET 53 52639 8.8.8.8 192.168.2.6
Mar 5, 2020 18:32:18.797174931 CET 49253 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:18.837444067 CET 53 49253 8.8.8.8 192.168.2.6
Mar 5, 2020 18:32:19.326378107 CET 62981 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:19.343367100 CET 57632 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:19.359961987 CET 53 62981 8.8.8.8 192.168.2.6
Mar 5, 2020 18:32:19.380549908 CET 53 57632 8.8.8.8 192.168.2.6
Mar 5, 2020 18:32:19.382976055 CET 56595 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:19.414227962 CET 52626 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:19.417556047 CET 53 56595 8.8.8.8 192.168.2.6
Mar 5, 2020 18:32:19.448956013 CET 53 52626 8.8.8.8 192.168.2.6
Mar 5, 2020 18:32:34.723143101 CET 60828 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:34.771647930 CET 53 60828 8.8.8.8 192.168.2.6
Mar 5, 2020 18:32:41.646348953 CET 58528 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:41.680030107 CET 53 58528 8.8.8.8 192.168.2.6
Mar 5, 2020 18:32:42.202629089 CET 56442 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:42.236156940 CET 53 56442 8.8.8.8 192.168.2.6
Mar 5, 2020 18:32:42.864155054 CET 58528 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:42.897784948 CET 53 58528 8.8.8.8 192.168.2.6
UDP Packets
Copyright Joe Security LLC 2020 Page 25 of 32
Mar 5, 2020 18:32:43.194410086 CET 56442 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:43.228064060 CET 53 56442 8.8.8.8 192.168.2.6
Mar 5, 2020 18:32:44.532155991 CET 56442 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:44.536592960 CET 58528 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:44.561945915 CET 53 58528 8.8.8.8 192.168.2.6
Mar 5, 2020 18:32:44.565819979 CET 53 56442 8.8.8.8 192.168.2.6
Mar 5, 2020 18:32:46.887409925 CET 56442 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:46.913017988 CET 53 56442 8.8.8.8 192.168.2.6
Mar 5, 2020 18:32:47.035861015 CET 58528 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:47.069421053 CET 53 58528 8.8.8.8 192.168.2.6
Mar 5, 2020 18:32:50.887967110 CET 56442 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:50.923654079 CET 53 56442 8.8.8.8 192.168.2.6
Mar 5, 2020 18:32:51.042659998 CET 58528 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:51.076320887 CET 53 58528 8.8.8.8 192.168.2.6
Mar 5, 2020 18:32:51.741703987 CET 50566 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:51.767047882 CET 53 50566 8.8.8.8 192.168.2.6
Mar 5, 2020 18:32:52.748507023 CET 50566 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:52.773802996 CET 53 50566 8.8.8.8 192.168.2.6
Mar 5, 2020 18:32:53.753449917 CET 50566 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:53.778856993 CET 53 50566 8.8.8.8 192.168.2.6
Mar 5, 2020 18:32:55.830307007 CET 50566 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:55.855667114 CET 53 50566 8.8.8.8 192.168.2.6
Mar 5, 2020 18:32:59.827959061 CET 50566 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:32:59.853387117 CET 53 50566 8.8.8.8 192.168.2.6
Mar 5, 2020 18:34:03.905637026 CET 63642 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:34:03.931004047 CET 53 63642 8.8.8.8 192.168.2.6
Mar 5, 2020 18:34:04.917284012 CET 63642 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:34:04.942586899 CET 53 63642 8.8.8.8 192.168.2.6
Mar 5, 2020 18:34:05.941621065 CET 63642 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:34:05.966892004 CET 53 63642 8.8.8.8 192.168.2.6
Mar 5, 2020 18:34:06.895236969 CET 55500 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:34:06.936671972 CET 53 55500 8.8.8.8 192.168.2.6
Mar 5, 2020 18:34:07.911479950 CET 55500 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:34:07.943634987 CET 63642 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:34:07.960453033 CET 53 55500 8.8.8.8 192.168.2.6
Mar 5, 2020 18:34:07.969115019 CET 53 63642 8.8.8.8 192.168.2.6
Mar 5, 2020 18:34:08.921179056 CET 55500 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:34:08.954937935 CET 53 55500 8.8.8.8 192.168.2.6
Mar 5, 2020 18:34:11.149825096 CET 55500 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:34:11.185880899 CET 53 55500 8.8.8.8 192.168.2.6
Mar 5, 2020 18:34:11.943869114 CET 63642 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:34:11.969229937 CET 53 63642 8.8.8.8 192.168.2.6
Mar 5, 2020 18:34:15.166383028 CET 55500 53 192.168.2.6 8.8.8.8
Mar 5, 2020 18:34:15.199979067 CET 53 55500 8.8.8.8 192.168.2.6
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Mar 5, 2020 18:32:17.746396065 CET 192.168.2.6 8.8.8.8 0x8feb Standard query (0)
cardpayments.microransom.us
A (IP address) IN (0x0001)
Mar 5, 2020 18:32:18.797174931 CET 192.168.2.6 8.8.8.8 0x6c0a Standard query (0)
submit.protected-forms.com
A (IP address) IN (0x0001)
Mar 5, 2020 18:32:19.343367100 CET 192.168.2.6 8.8.8.8 0xc374 Standard query (0)
i.imgur.com A (IP address) IN (0x0001)
Mar 5, 2020 18:32:19.382976055 CET 192.168.2.6 8.8.8.8 0x42f8 Standard query (0)
www.cdc.gov A (IP address) IN (0x0001)
Mar 5, 2020 18:32:19.414227962 CET 192.168.2.6 8.8.8.8 0xd11b Standard query (0)
secure.aadcdn.microsoftonline-p.com
A (IP address) IN (0x0001)
Mar 5, 2020 18:32:34.723143101 CET 192.168.2.6 8.8.8.8 0x274a Standard query (0)
submit.protected-forms.com
A (IP address) IN (0x0001)
DNS Queries
DNS Answers
Copyright Joe Security LLC 2020 Page 26 of 32
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Mar 5, 2020 18:32:17.784657955 CET
8.8.8.8 192.168.2.6 0x8feb No error (0) cardpayments.microransom.us
landing.training.knowbe4.com
CNAME (Canonical name)
IN (0x0001)
Mar 5, 2020 18:32:17.784657955 CET
8.8.8.8 192.168.2.6 0x8feb No error (0) landing.training.knowbe4.com
54.175.123.26 A (IP address) IN (0x0001)
Mar 5, 2020 18:32:17.784657955 CET
8.8.8.8 192.168.2.6 0x8feb No error (0) landing.training.knowbe4.com
35.174.160.131 A (IP address) IN (0x0001)
Mar 5, 2020 18:32:17.784657955 CET
8.8.8.8 192.168.2.6 0x8feb No error (0) landing.training.knowbe4.com
54.86.187.243 A (IP address) IN (0x0001)
Mar 5, 2020 18:32:17.784657955 CET
8.8.8.8 192.168.2.6 0x8feb No error (0) landing.training.knowbe4.com
52.0.116.226 A (IP address) IN (0x0001)
Mar 5, 2020 18:32:17.784657955 CET
8.8.8.8 192.168.2.6 0x8feb No error (0) landing.training.knowbe4.com
54.172.155.14 A (IP address) IN (0x0001)
Mar 5, 2020 18:32:17.784657955 CET
8.8.8.8 192.168.2.6 0x8feb No error (0) landing.training.knowbe4.com
52.72.211.130 A (IP address) IN (0x0001)
Mar 5, 2020 18:32:18.837444067 CET
8.8.8.8 192.168.2.6 0x6c0a No error (0) submit.protected-forms.com
landing.training.knowbe4.com
CNAME (Canonical name)
IN (0x0001)
Mar 5, 2020 18:32:18.837444067 CET
8.8.8.8 192.168.2.6 0x6c0a No error (0) landing.training.knowbe4.com
52.72.211.130 A (IP address) IN (0x0001)
Mar 5, 2020 18:32:18.837444067 CET
8.8.8.8 192.168.2.6 0x6c0a No error (0) landing.training.knowbe4.com
52.0.116.226 A (IP address) IN (0x0001)
Mar 5, 2020 18:32:18.837444067 CET
8.8.8.8 192.168.2.6 0x6c0a No error (0) landing.training.knowbe4.com
54.172.155.14 A (IP address) IN (0x0001)
Mar 5, 2020 18:32:18.837444067 CET
8.8.8.8 192.168.2.6 0x6c0a No error (0) landing.training.knowbe4.com
54.175.123.26 A (IP address) IN (0x0001)
Mar 5, 2020 18:32:18.837444067 CET
8.8.8.8 192.168.2.6 0x6c0a No error (0) landing.training.knowbe4.com
54.86.187.243 A (IP address) IN (0x0001)
Mar 5, 2020 18:32:18.837444067 CET
8.8.8.8 192.168.2.6 0x6c0a No error (0) landing.training.knowbe4.com
35.174.160.131 A (IP address) IN (0x0001)
Mar 5, 2020 18:32:19.380549908 CET
8.8.8.8 192.168.2.6 0xc374 No error (0) i.imgur.com ipv4.imgur.map.fastly.net CNAME (Canonical name)
IN (0x0001)
Mar 5, 2020 18:32:19.380549908 CET
8.8.8.8 192.168.2.6 0xc374 No error (0) ipv4.imgur.map.fastly.net
151.101.12.193 A (IP address) IN (0x0001)
Mar 5, 2020 18:32:19.417556047 CET
8.8.8.8 192.168.2.6 0x42f8 No error (0) www.cdc.gov www.cdc.gov.edgekey.net
CNAME (Canonical name)
IN (0x0001)
Mar 5, 2020 18:32:19.448956013 CET
8.8.8.8 192.168.2.6 0xd11b No error (0) secure.aadcdn.microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com.edgekey.net
CNAME (Canonical name)
IN (0x0001)
Mar 5, 2020 18:32:34.771647930 CET
8.8.8.8 192.168.2.6 0x274a No error (0) submit.protected-forms.com
landing.training.knowbe4.com
CNAME (Canonical name)
IN (0x0001)
Mar 5, 2020 18:32:34.771647930 CET
8.8.8.8 192.168.2.6 0x274a No error (0) landing.training.knowbe4.com
35.174.160.131 A (IP address) IN (0x0001)
Mar 5, 2020 18:32:34.771647930 CET
8.8.8.8 192.168.2.6 0x274a No error (0) landing.training.knowbe4.com
52.0.116.226 A (IP address) IN (0x0001)
Mar 5, 2020 18:32:34.771647930 CET
8.8.8.8 192.168.2.6 0x274a No error (0) landing.training.knowbe4.com
54.175.123.26 A (IP address) IN (0x0001)
Mar 5, 2020 18:32:34.771647930 CET
8.8.8.8 192.168.2.6 0x274a No error (0) landing.training.knowbe4.com
54.172.155.14 A (IP address) IN (0x0001)
Mar 5, 2020 18:32:34.771647930 CET
8.8.8.8 192.168.2.6 0x274a No error (0) landing.training.knowbe4.com
52.72.211.130 A (IP address) IN (0x0001)
Mar 5, 2020 18:32:34.771647930 CET
8.8.8.8 192.168.2.6 0x274a No error (0) landing.training.knowbe4.com
54.86.187.243 A (IP address) IN (0x0001)
HTTP Request Dependency Graph
Copyright Joe Security LLC 2020 Page 27 of 32
cardpayments.microransom.us
Session ID Source IP Source Port Destination IP Destination Port Process
0 192.168.2.6 49868 54.175.123.26 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Mar 5, 2020 18:32:17.898238897 CET
1 OUT GET /XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cardpayments.microransom.usConnection: Keep-Alive
Mar 5, 2020 18:32:18.245170116 CET
2 IN HTTP/1.1 200 OKDate: Thu, 05 Mar 2020 17:32:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveReferrer-Policy: no-referrer-when-downgradeX-Frame-Options: SAMEORIGINETag: W/"f436c63ebf2b0f17e700bc091b92d26e"Cache-Control: max-age=0, private, must-revalidateContent-Security-Policy: X-Request-Id: b3619323-96df-479a-a877-22c49a13c67aX-Runtime: 0.247000Data Raw: 31 34 36 0d 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 68 74 74 70 73 3a 2f 2f 73 75 62 6d 69 74 2e 70 72 6f 74 65 63 74 65 64 2d 66 6f 72 6d 73 2e 63 6f 6d 2f 70 61 67 65 73 2f 39 65 63 39 31 37 35 39 65 38 61 38 39 2f 58 59 57 4e 66 30 61 57 39 75 50 57 77 4e 73 61 57 4e 72 4a 6e 65 56 79 62 44 31 6f 6e 64 64 48 52 77 6f 63 7a 6f 76 4c 33 4e 31 6f 59 6d 77 31 70 64 43 35 77 63 6d 39 30 5a 57 4e 30 5a 57 51 74 68 5a 6d 39 79 62 58 4d 75 59 32 39 74 4c 33 42 68 5a 32 56 7a 4c 7a 6c 6c 59 7a 6b 78 4e 7a 55 35 5a 54 68 68 4f 44 6b 6d 63 6d 56 6a 61 58 42 70 5a 57 35 30 58 32 6c 6b 50 54 55 34 4d 6a 51 35 4f 44 6b 35 4f 53 5a 6a 59 57 31 77 59 57 6c 6e 62 6c 39 79 64 57 35 66 61 57 51 39 4d 6a 67 35 4d 54 63 31 4d 77 27 3b 3c 2f 73 63 72 69 70 74 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: 146<html> <head> <script>window.location.href = 'https://submit.protected-forms.com/pages/9ec91759e8a89/XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw';</script> </head> <body> </body></html>
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Mar 5, 2020 18:32:19.090162039 CET
52.72.211.130 443 192.168.2.6 49871 CN=authentlcation.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Fri Nov 22 01:00:00 CET 2019 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Tue Dec 22 13:00:00 CET 2020 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
HTTP Packets
HTTPS Packets
Copyright Joe Security LLC 2020 Page 28 of 32
Code Manipulations
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Mar 5, 2020 18:32:19.090411901 CET
52.72.211.130 443 192.168.2.6 49870 CN=authentlcation.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Fri Nov 22 01:00:00 CET 2019 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Tue Dec 22 13:00:00 CET 2020 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Mar 5, 2020 18:32:19.470504045 CET
151.101.12.193 443 192.168.2.6 49874 CN=*.imgur.com, O="Imgur, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Jan 15 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013
Wed Mar 16 13:00:00 CET 2022 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
Mar 5, 2020 18:32:19.470865965 CET
151.101.12.193 443 192.168.2.6 49875 CN=*.imgur.com, O="Imgur, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Jan 15 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013
Wed Mar 16 13:00:00 CET 2022 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2020 Page 29 of 32
Statistics
StatisticsBehavior
• iexplore.exe
• iexplore.exe
• ssvagent.exe
Click to jump to process
System Behavior
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 18:32:10
Start date: 05/03/2020
Path: C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit): false
Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase: 0x7ff7b8120000
File size: 823560 bytes
MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596
Has administrator privileges: false
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
Analysis Process: iexplore.exe PID: 1352 Parent PID: 700Analysis Process: iexplore.exe PID: 1352 Parent PID: 700
General
Copyright Joe Security LLC 2020 Page 30 of 32
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 18:32:10
Start date: 05/03/2020
Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit): true
Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1352 CREDAT:17410 /prefetch:2
Imagebase: 0xd00000
File size: 822536 bytes
MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A
Has administrator privileges: false
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
Registry ActivitiesRegistry Activities
Start time: 18:32:11
Start date: 05/03/2020
Path: C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssvagent.exe
Wow64 process (32bit): true
Commandline: 'C:\PROGRA~2\Java\JRE18~1.0_1\bin\ssvagent.exe' -new
Imagebase: 0x1310000
File size: 58312 bytes
MD5 hash: 64338C266AE1E640E4D8CCE50FA9DF9F
Has administrator privileges: false
Programmed in: C, C++ or other language
Reputation: low
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
Analysis Process: iexplore.exe PID: 3608 Parent PID: 1352Analysis Process: iexplore.exe PID: 3608 Parent PID: 1352
General
Analysis Process: ssvagent.exe PID: 4576 Parent PID: 3608Analysis Process: ssvagent.exe PID: 4576 Parent PID: 3608
General
Copyright Joe Security LLC 2020 Page 31 of 32
Disassembly
Copyright Joe Security LLC 2020 Page 32 of 32