Version: 28.0.0 Lapis Lazuli - Joe Sandbox

ID: 231150Cookbook: browseurl.jbsTime: 18:59:38Date: 18/05/2020Version: 28.0.0 Lapis Lazuli

2

333444556666

6777777778888899999999999

101030303131323233333333333536363737384343434343434444

44444444

44

Table of Contents

Table of ContentsAnalysis Report https://l.facebook.com/l.php?u=https%3A%2F%2Fpage.dagmaar.com%2Ftundra%2F%3Ffbclid%3DIwAR0ibFew8p_xPNe0PRhTlrDIVnOwzwLQrHRnimIhKKmR0VId6RXzV1BrzBg&h=AT3Z5D1122EKedyHgzhaptwcCVWeJbxG4qUO6AUjkcO0py0i04KmGRi0WyVA15reYwbTjwud0UkxJ2CWc_Qjy8focTcMyoKDNRkyIlIlhO3WzNYdk1kOBEDdCL-SFmvLd6-TG4PP1NEvZR-Z-hdPJSoVdr2Ua7tTxf8pJhsQSppD7KEyP18ORHGo0l9GGC6_nwGx0I4oZGhJn3LT1gN__z4lB1Qj3zd3LS0g-9sB9v5jK07zIQjwrNTfpy8_HrVMMwK9w5os1Eqtz0Gc6_cTl3lgX2HccPhOeG2AC-TDAMewir3l9SnAw5EwqHlqWxDRZpSZ__g_SvK-xrwFNncoSRpOAqeOMZAw0p2GOvgV_ZQlUh8tqxCyyV2IN6bW8V1eJYb-8iUC3B9_5Ii560g82q13nQJr6g8bsGP7LALH3FCYbSK20DXzuiq2zRv1tObbo3y5UPPrgGT0HEw7EUTABmBDPPPdTJiSK6kc_C-A2AcuZkIjEQ7X11mYBck7FccJIdRnf1XewJPiYYWca4g-KcroI6AZNVmC_-8iNAL9Ee0iMXn5-YTTQMLNdSq_USwLkwUvQrmfJp1bV0FXN4m0B6vEaKIIFoIUsBylb3u6VZCLhETTOrkigLnj9K_fVoDBrahiQn4qL_gABg

OverviewGeneral Information

DetectionConfidenceClassification SpiderchartAnalysis AdviceMitre Att&ck MatrixSignature Overview

Phishing:Networking:System Summary:

Malware ConfigurationBehavior GraphSimulations

Behavior and APIsAntivirus, Machine Learning and Genetic Malware Detection

Initial SampleDropped FilesUnpacked PE FilesDomainsURLs

Yara OverviewInitial SamplePCAP (Network Traffic)Dropped FilesMemory DumpsUnpacked PEs

Sigma OverviewJoe Sandbox View / Context

IPsDomainsASNJA3 FingerprintsDropped Files

ScreenshotsThumbnails

StartupCreated / dropped FilesDomains and IPs

Contacted DomainsContacted URLsURLs from Memory and BinariesContacted IPsPublic

Static File InfoNo static file info

Network BehaviorNetwork Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTP Request Dependency GraphHTTP PacketsHTTPS Packets

Code ManipulationsStatistics

BehaviorSystem Behavior

Analysis Process: iexplore.exe PID: 4380 Parent PID: 696GeneralFile ActivitiesRegistry Activities

Analysis Process: iexplore.exe PID: 4880 Parent PID: 4380GeneralFile ActivitiesRegistry Activities

Disassembly

Copyright Joe Security LLC 2020 of 44

Analysis Report https://l.facebook.com/l.php?u=https%3A%2F%2Fpage.dagmaar.com%2Ftundra%2F%3Ffbclid%3DIwAR0ibFew8p_xPNe0PRhTlrDIVnOwzwLQrHRnimIhKKmR0VId6RXzV1BrzBg&h=AT3Z5D1122EKedyHgzhaptwcCVWeJbxG4qUO6AUjkcO0py0i04KmGRi0WyVA15reYwbTjwud0UkxJ2CWc_Qjy8focTcMyoKDNRkyIlIlhO3WzNYdk1kOBEDdCL-SFmvLd6-TG4PP1NEvZR-Z-hdPJSoVdr2Ua7tTxf8pJhsQSppD7KEyP18ORHGo0l9GGC6_nwGx0I4oZGhJn3LT1gN__z4lB1Qj3zd3LS0g-9sB9v5jK07zIQjwrNTfpy8_HrVMMwK9w5os1Eqtz0Gc6_cTl3lgX2HccPhOeG2AC-TDAMewir3l9SnAw5EwqHlqWxDRZpSZ__g_SvK-xrwFNncoSRpOAqeOMZAw0p2GOvgV_ZQlUh8tqxCyyV2IN6bW8V1eJYb-8iUC3B9_5Ii560g82q13nQJr6g8bsGP7LALH3FCYbSK20DXzuiq2zRv1tObbo3y5UPPrgGT0HEw7EUTABmBDPPPdTJiSK6kc_C-A2AcuZkIjEQ7X11mYBck7FccJIdRnf1XewJPiYYWca4g-KcroI6AZNVmC_-8iNAL9Ee0iMXn5-YTTQMLNdSq_USwLkwUvQrmfJp1bV0FXN4m0B6vEaKIIFoIUsBylb3u6VZCLhETTOrkigLnj9K_fVoDBrahiQn4qL_gABg…

Overview

General Information

Joe Sandbox Version: 28.0.0 Lapis Lazuli

Analysis ID: 231150

Start date: 18.05.2020

Start time: 18:59:38

Joe Sandbox Product: CloudBasic

Overall analysis duration: 0h 5m 11s

Hypervisor based Inspection enabled: false

Report type: light

Cookbook file name: browseurl.jbs

Sample URL: https://l.facebook.com/l.php?u=https://page.dagmaar.com/tundra/?fbclid=IwAR0ibFew8p_xPNe0PRhTlrDIVnOwzwLQrHRnimIhKKmR0VId6RXzV1BrzBg&h=AT3Z5D1122EKedyHgzhaptwcCVWeJbxG4qUO6AUjkcO0py0i04KmGRi0WyVA15reYwbTjwud0UkxJ2CWc_Qjy8focTcMyoKDNRkyIlIlhO3WzNYdk1kOBEDdCL-SFmvLd6-TG4PP1NEvZR-Z-hdPJSoVdr2Ua7tTxf8pJhsQSppD7KEyP18ORHGo0l9GGC6_nwGx0I4oZGhJn3LT1gN__z4lB1Qj3zd3LS0g-9sB9v5jK07zIQjwrNTfpy8_HrVMMwK9w5os1Eqtz0Gc6_cTl3lgX2HccPhOeG2AC-TDAMewir3l9SnAw5EwqHlqWxDRZpSZ__g_SvK-xrwFNncoSRpOAqeOMZAw0p2GOvgV_ZQlUh8tqxCyyV2IN6bW8V1eJYb-8iUC3B9_5Ii560g82q13nQJr6g8bsGP7LALH3FCYbSK20DXzuiq2zRv1tObbo3y5UPPrgGT0HEw7EUTABmBDPPPdTJiSK6kc_C-A2AcuZkIjEQ7X11mYBck7FccJIdRnf1XewJPiYYWca4g-KcroI6AZNVmC_-8iNAL9Ee0iMXn5-YTTQMLNdSq_USwLkwUvQrmfJp1bV0FXN4m0B6vEaKIIFoIUsBylb3u6VZCLhETTOrkigLnj9K_fVoDBrahiQn4qL_gABg

Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

Number of analysed new started processes analysed: 5

Number of new started drivers analysed: 0

Number of existing processes analysed: 0

Number of existing drivers analysed: 0

Number of injected processes analysed: 0

Technologies: EGA enabled

Analysis Mode: default

Analysis stop reason: Timeout

Detection: MAL

Classification: mal56.phis.win@3/70@14/11

Cookbook Comments: Adjust boot timeEnable AMSIBrowsing link: https://page.dagmaar.com/tundra/wait.html


Warnings:

Detection

Strategy Score Range Reporting Whitelisted Threat Detection

Threshold 56 0 - 100 falsePhisherPhisher

Confidence

Strategy Score Range Further Analysis Required? Confidence

Threshold 5 0 - 5 false

Exclude process from analysis (whitelisted): taskhostw.exe, ielowutil.exe, WMIADAP.exeTCP Packets have been reduced to 100Excluded IPs from analysis (whitelisted): 2.16.212.108, 104.103.81.66, 172.217.22.110, 152.199.19.161, 172.217.18.10, 209.197.3.24, 172.217.22.74, 209.197.3.15, 172.217.16.136, 172.217.16.131, 8.248.113.254, 67.26.137.254, 8.248.131.254, 67.27.159.126, 67.27.157.126Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, fonts.googleapis.com, cds.s5x3j6q5.hwcdn.net, fs.microsoft.com, www-google-analytics.l.google.com, ie9comview.vo.msecnd.net, ajax.googleapis.com, fonts.gstatic.com, www-googletagmanager.l.google.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, www.googletagmanager.com, go.microsoft.com.edgekey.net, audownload.windowsupdate.nsatc.net, cds.j3z9t3p6.hwcdn.net, auto.au.download.windowsupdate.com.c.footprint.net, prod.fs.microsoft.com.akadns.net, www.google-analytics.com, cs9.wpc.v0cdn.netReport size getting too big, too many NtDeviceIoControlFile calls found.

Show All

Classification Spiderchart


Analysis Advice

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Mitre Att&ck Matrix

InitialAccess Execution Persistence

PrivilegeEscalation

DefenseEvasion

CredentialAccess Discovery

LateralMovement Collection Exfiltration

Commandand Control

NetworkEffects

RemoteServiceEffects

ValidAccounts

Graphical UserInterface 1

WinlogonHelper DLL

ProcessInjection 1

Masquerading 1 CredentialDumping

File andDirectoryDiscovery 1

Remote FileCopy 1

Data fromLocalSystem

DataCompressed

StandardCryptographicProtocol 2

Eavesdrop onInsecureNetworkCommunication

RemotelyTrack DeviceWithoutAuthorization

ReplicationThroughRemovableMedia

ServiceExecution

PortMonitors

AccessibilityFeatures

ProcessInjection 1

NetworkSniffing

ApplicationWindowDiscovery

RemoteServices

Data fromRemovableMedia

ExfiltrationOver OtherNetworkMedium

StandardNon-ApplicationLayerProtocol 2

Exploit SS7 toRedirect PhoneCalls/SMS

RemotelyWipe DataWithoutAuthorization

Ransomware

Spreading

Phishing

Banker

Trojan / Bot

Adware

Spyware

Exploiter

Evader

Miner

clean

clean

clean

clean

clean

clean

clean

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

malicious

malicious

malicious

malicious

malicious

malicious

malicious


ExternalRemoteServices

WindowsManagementInstrumentation

AccessibilityFeatures

PathInterception

Rootkit InputCapture

QueryRegistry

WindowsRemoteManagement

Data fromNetworkSharedDrive

AutomatedExfiltration

StandardApplicationLayerProtocol 3

Exploit SS7 toTrack DeviceLocation

ObtainDeviceCloudBackups

Drive-byCompromise

ScheduledTask

SystemFirmware

DLL SearchOrderHijacking

Obfuscated Filesor Information

Credentialsin Files

SystemNetworkConfigurationDiscovery

LogonScripts

InputCapture

DataEncrypted

Remote FileCopy 1

SIM CardSwap

InitialAccess Execution Persistence

PrivilegeEscalation

DefenseEvasion

CredentialAccess Discovery

LateralMovement Collection Exfiltration

Commandand Control

NetworkEffects

RemoteServiceEffects

Signature Overview

• Phishing

• Networking

• System Summary

Click to jump to signature section

Phishing:

Yara detected HtmlPhish_9

Yara detected Phisher

Networking:

Downloads files from webservers via HTTP

Found strings which match to known social media urls

Performs DNS lookups

Urls found in memory or binary data

Uses HTTPS

System Summary:

Classification label

Creates files inside the user directory

Creates temporary files

Reads ini files

Spawns processes

Found graphical window changes (likely an installer)

Uses new MSVCR Dlls

Malware Configuration

No configs have been found


Behavior GraphID: 231150

URL: https://l.facebook.com/l.ph...

Startdate: 18/05/2020

Architecture: WINDOWS

Score: 56

page.dagmaar.com

Yara detected HtmlPhish_9 Yara detected Phisher

iexplore.exe

3 84

started

iexplore.exe

2 89

started

cdnjs.cloudflare.com

104.16.132.229, 443, 49777, 49778

unknown

United States

spotdiets.com

104.18.171.73, 443, 49769, 49770

unknown

United States

13 other IPs or domains

C:\Users\user\AppData\Local\...\show[1].htm, HTML

dropped

C:\Users\user\AppData\Local\...\wait1[1].htm, ASCII

dropped

Legend:

Process

Signature

Created File

DNS/IP Info

Is Dropped

Is Windows Process

Number of created Registry Values

Number of created Files

Visual Basic

Delphi

Java

.Net C# or VB.NET

C, C++ or other language

Is malicious

Internet

Hide Legend

No simulations

No Antivirus matches



Source Detection Scanner Label Link

unlocklink.com 0% Virustotal Browse

Behavior Graph

Simulations

Behavior and APIs

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains


https://www.virustotal.com/url/a0ef5c967566960788617533c900088d9a73f39b8571d371bd854b73c6b72ebb/analysis/1587958489/

www.exclusiveyouroffers.com 0% Virustotal Browse

routeserve.info 0% Virustotal Browse

page.dagmaar.com 0% Virustotal Browse

spotdiets.com 0% Virustotal Browse

ipv4.imgur.map.fastly.net 0% Virustotal Browse



https://page.dagmaar.com/tundra/wait.htmlRhttps://page.dagmaar.com/tundra/wait.html 0% Avira URL Cloud safe

https://page.dagmaar.com/tundra/wait.html 0% Avira URL Cloud safe

https://page.dagmaRoot 0% Avira URL Cloud safe

https://page.dagmaar.com/tundra/wait1.htmlTht/redirect/action/1Ind2My0uJSRhZzar.com/tundra/wait1.htm

0% Avira URL Cloud safe

https://page.dagmaar.com/tundra/wait1.htmlThtRoot 0% Avira URL Cloud safe

https://unlocklink.com/redirect/action/1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi?uc=1016191004&tsid=7420


https://page.dagmaar.c 0% Avira URL Cloud safe

https://page.dagmaar.com/tundra/?fbclid=IwAR0ibFeRoot 0% Avira URL Cloud safe

https://page.dagmaar.com/tundra/?fbclid=IwAR0ibFettps://page.dagmaar.com/tundra/?fbclid=IwAR0ibFew8p


https://spotdiets.com/img/assets/favicon.ico~ 0% Avira URL Cloud safe

https://unlocklink.com 0% Virustotal Browse

https://unlocklink.com 0% Avira URL Cloud safe

https://www.exclusiveyouroffers.com/DFBHL/2CTPL/?uid=44&sub2=18051831_19_0_16dc_684671_af0_206_5ec2b


https://page.dagmaar.com/tundra/wait1.htmlThtregistration?theme=f-2-fitness&var.com/tundra/wait1.htm


routeserve.info/fit?affid=2162rtty146&page=f-2-fitness&clickid=6dc7a59fe2dd4a30b403ef5409309466&pubid=9-1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi%3A%3A7420-


https://page.dagmaar.com/tundra/wait1.htmlThtm/show.php?l=0&u=7420&id=7769Root 0% Avira URL Cloud safe

https://getbootstrap.com) 0% URL Reputation safe

https://page.dagmaar.com/tundra/wait1.htmlThttps://page.dagmaar.com/tundra/wait1.html 0% Avira URL Cloud safe

https://www.cpagrip.co 0% Avira URL Cloud safe

https://page.dagmaar.com/tundra/wait1.html 0% Avira URL Cloud safe

https://spotdiets.com/registration?theme=f-2-fitness&v_id=bd5da739-77ef-3160-f695-b0599716f68d&page=


www.wikipedia.com/ 0% Virustotal Browse

www.wikipedia.com/ 0% URL Reputation safe

https://page.dagmaar.com/tundra/wait1.htmlThtar.com/tundra/wait1.html 0% Avira URL Cloud safe

https://spotdiets.com/ 0% Virustotal Browse

https://spotdiets.com/ 0% Avira URL Cloud safe

https://page.dagmaar.com/tundra/?fbclid=IwAR0ibFem/tundra/wait.html 0% Avira URL Cloud safe

No yara matches

No yara matches

Source Rule Description Author Strings

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\wait1[1].htm

JoeSecurity_Phisher_1 Yara detected Phisher

Joe Security

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\show[1].htm

JoeSecurity_Phisher_1 Yara detected Phisher

Joe Security


JoeSecurity_HtmlPhish_9 Yara detected HtmlPhish_9

Joe Security

URLs

Yara Overview

Initial Sample

PCAP (Network Traffic)

Dropped Files


https://www.virustotal.com/url/efb64dd6f92cc29e8c9f3299c3b63f25ce9979be20891de41ba9e137c475db2f/analysis/1573734246/

https://www.virustotal.com/url/0509f689149f73c2449e86a0f1f40c8b4a557d039313cf523c8985f184a3663b/analysis/1589324195/

https://www.virustotal.com/url/67804dfb2f088359b7238796f669c720942a1f2118e179d5594d2bbafd7bf0c5/analysis/1586969957/

https://www.virustotal.com/url/d4535dc4bbafc94cd826374f00043d928645bcebe2962ac0b0dd848eff5dee92/analysis/1572265870/

https://www.virustotal.com/url/79dab10c23399200facf3b1772cd231e39f4e6612b1cb43adb307f111797a7e8/analysis/1589355091/

https://www.virustotal.com/url/2a5e2e6f047614992e28beac34ae7060b6e2d5bd6fa17f44854ec7b07bad1e3f/analysis/1589599862/

https://www.virustotal.com/url/fcf59eb699472e40619d5d35de48bf5885241f377445e30b95e1ebdea1c76205/analysis/1588155749/

https://www.virustotal.com/url/cc557b3e13235418396cfc5e3d5190bc9da12c26a1ec50f66da6aaa2fc00cb80/analysis/1530829470/

Sigma Overview

No Sigma rule has matched

No yara matches

No yara matches

No context

No context

No context

No context

No context

ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.

Memory Dumps

Unpacked PEs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Screenshots


System is w10x64

iexplore.exe (PID: 4380 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 4880 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4380 CREDAT:17410 /prefetch:2 MD5:

071277CC2E3DF41EEEA8013E2AB58D5A)cleanup

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{921968EC-9974-11EA-AADD-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: Microsoft Word Document

Size (bytes): 30296

Entropy (8bit): 1.8561992067081474

Encrypted: false

MD5: 75F304AABAF28F44AA41F38C9401B666

SHA1: A17EFC5A400C318C60F78C8586081275FC29658B

SHA-256: E8D523FFA7D8056B4BD0E98380040E77A1F76D3E00F6B03E2B19B4F3F91DD71A

SHA-512: A53814332A2926DD7501D72F4802336CD9CECE59A04517E750C544170399ECC272793BE1AA47FB7D624470E8A753BDC9C0E76A885EE0D2557714B00B0AE7C5A7

Malicious: false

Reputation: low

Startup

Created / dropped Files


Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{921968EC-9974-11EA-AADD-C25F135D3C65}.dat

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{921968EE-9974-11EA-AADD-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe


Size (bytes): 87994

Entropy (8bit): 2.8492016657649497

Encrypted: false

MD5: 9C6A468AA7ACB43C013562F874F8919C

SHA1: 2EF66AA4BAE6651DEC15DF1C841857BFDB555CB0

SHA-256: 3518C7499AF070E94FF34A24A9C0E4D86BACA7554D73C6F472329F478032ABFF

SHA-512: 2F329CF33B52E8CE6C387466073B645E4789E335B5D02A5B57D448EA6C8FBCB3FE023FEC6CA58E51F3C0826F44E1423DD2A0D5F26FB3C54CC1FA74769703A70A

Malicious: false

Reputation: low


C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9846A536-9974-11EA-AADD-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe


Size (bytes): 16984

Entropy (8bit): 1.566497218435423

Encrypted: false

MD5: 3452AD58DCB708E5B9402AD91B6C8669

SHA1: 7526089F71D85EAFE9D2A3194BF8E58FC35AFAF3

SHA-256: D2880BBEC0C093F60F7497DB9B2F4C329E2DEE637B532F84DA65C74D326C750B

SHA-512: 2C245F241ED2B8A400A74B00126957A04B81D1CC4E7470DC1618DC4C24546527455CC93A8E581D5C26E74DD54E13BE2E318A86B9B8136B80F79E7D8429A0F1AB

Malicious: false

Reputation: low


C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

Size (bytes): 656

Entropy (8bit): 5.085317890062384

Encrypted: false

MD5: D466B842474FBE197099F4FBF624EFCC

SHA1: 10A4CEDA516C0E3CA051E424810F63F21BE96805

SHA-256: 21F279F105D4BA3D8B088A756F9C4B1832E1AF2C501195016DD4FF83A42837C5

SHA-512: 3E092FA7BCF976F36004E0F4CA5A0077807D36A38FAE4815D86CA4B50F14A17AD281FCF8F6C5B429932875846A04F81A04E808259083C5E70DFCCABBC02949AA

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x69aeeaa4,0x01d62d81</date><accdate>0x69aeeaa4,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x69aeeaa4,0x01d62d81</date><accdate>0x69aeeaa4,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..



Size (bytes): 653

Entropy (8bit): 5.138595317461507

Encrypted: false

MD5: DA33B0FCB7C5806E82C70E0C74E91B9D

SHA1: 2DFF38FA564DF985F784830FC13522A33911CB78


SHA-256: CB9C908BC8386E7EE89876103CD10891A1FBF631D7FD0B47FF84EC1CF91D9048

SHA-512: 543503F4D8196C0E23F457E8479BDC2B294640FD0FAC31A2D1AB79C6C797C818D45CD20A04B7580591FD1B0B2C409A83247F907BDA2E5DCE3D4B0AE0226CF77A

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x696ef612,0x01d62d81</date><accdate>0x696ef612,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x696ef612,0x01d62d81</date><accdate>0x697be19c,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml



Size (bytes): 662

Entropy (8bit): 5.144806708476002

Encrypted: false

MD5: B690AEA19FD1AE89B893A0DF8A476D54

SHA1: EFACE100F5F78957177F5C012426E8CBBABCE020

SHA-256: CFFD397D9B607E57427097E3BBE7D07706539F9D75869C0BCF174B5457CBBE38

SHA-512: CBD3A0BD93CC9A4795A9207B05D8DF5C332B897D8C89FA91383EF7A15CDA3ADEAB8690AC5D20E63F96BC401F98F82D7E68A342D17AB5D6E497DE95AF9F1CB1DF

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x69b5eb63,0x01d62d81</date><accdate>0x69b5eb63,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x69b5eb63,0x01d62d81</date><accdate>0x69b5eb63,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..



Size (bytes): 647

Entropy (8bit): 5.111665494285493

Encrypted: false

MD5: 7956D1321F93F8CA860DB65A2C7EE0CD

SHA1: BDDE5DD0D8D0E0F2ABFF89790DD4D88E9D911535

SHA-256: 7FF4F4E507E808C10E15CAAFF0BA7D33937238DF2B5010E7C8733F005900F435

SHA-512: DABA7FA15AD92B063EA0D9E1868BF9D9201830BF027713AEA7BD4B9598E64A97C8B39E084255EEDD0CC51136A1A62B9A292318A2CFD2E36131967F8D20A41FB4

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x699ccfa2,0x01d62d81</date><accdate>0x699ccfa2,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x699ccfa2,0x01d62d81</date><accdate>0x69a1e0f1,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..



Size (bytes): 656

Entropy (8bit): 5.149012333658265

Encrypted: false

MD5: 5FF96714667F4C7ED8BD5F4EDC4B302E

SHA1: 60E0DB2CCE3610FCBFF8EC3CD20835153155550A

SHA-256: F1E3D6BD0563D3A8C2F4E27F1452CA2240CCE723FF77E64B33377BD2228B782A

SHA-512: 11508D4D1A72E8EEF67920E631D29C22D7A781523184DAD3FB2C95959A43B20BC780E195690571AEF6E7E9C9056B85629011129881C17F55E2913B665589720D

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x69b5eb63,0x01d62d81</date><accdate>0x69b5eb63,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x69b5eb63,0x01d62d81</date><accdate>0x69ba63ea,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..




Size (bytes): 653

Entropy (8bit): 5.086490210298073

Encrypted: false

MD5: 0BBC1B678C847C85E58CDBC7AB83F66A

SHA1: 86727D78D3768BAF52360C1E5F5C13BF445765A0

SHA-256: A69C5A9B3573F894B5549E36ABEA01F7E1EAAA714F1D9830407592786F2F8E2E

SHA-512: D5F3155F16F335167F23D13231FC2FE13ADDA7AD8CDE6870666BA375CF0121FDA60DCC79A5F9DA89A9B8D383C2CA5B55672073CD02559AA48BC11D904EAEF593

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x69aeeaa4,0x01d62d81</date><accdate>0x69aeeaa4,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x69aeeaa4,0x01d62d81</date><accdate>0x69aeeaa4,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe


Size (bytes): 656

Entropy (8bit): 5.185636129204842

Encrypted: false

MD5: B48E226B2FC0E0C485F05347B4EF3821

SHA1: A0AD2FCA77B93CDA7CF54A5557C210365998BB0B

SHA-256: 00FB55F3B7EEAEE88B13EE2D40704D014A103A7DCDC23B4350383737D9696480

SHA-512: EB2E0EBBBB19B7963E521B651578B968D77203B25752252D67D65D906D078968267FD8D1596F1DE35C1BD6D1D01D052B89D368DBE216634699EE35E71F72C8A0

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x69a4563b,0x01d62d81</date><accdate>0x69a4563b,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x69a4563b,0x01d62d81</date><accdate>0x69a4563b,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..



Size (bytes): 659

Entropy (8bit): 5.153062586124581

Encrypted: false

MD5: 945520EEE13ECECFE3337D206D537B14

SHA1: CFAD4A5A87A12E376C4B28D486D0136A465E6C8C

SHA-256: 0BC30493F54E4144E6B530940159A79D007F7BECAF001900D66BFA71192D8AD0

SHA-512: 16407159C020FF31D707A33DF7F4D44D9991F5AB19DEADB6C4C26F758039F70CDA394507CCC353FDE0EFE00EC1D38C01EE1BF6B036C76FDF75D6CB953C96FDA1

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x6986af4f,0x01d62d81</date><accdate>0x6986af4f,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x6986af4f,0x01d62d81</date><accdate>0x6989375d,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..



Size (bytes): 653

Entropy (8bit): 5.117905931040674

Encrypted: false

MD5: AC4B5810F028D478EA37269E3F4E73AB

SHA1: 6C601F8653DEFCBA1DD6A59B2E11B6BF539CB674

SHA-256: 1158E35067421D7958B183326EFAD908BB6844EB374A0A0E1E909CD77B75E66A

SHA-512: 61DBBD985242694563DD28C80FADDB555D06D3FF13D02B4973DEAC4D4EA85A523A2A35B39C30BE2197ED804A1237BC5A56662C15EC7BB1926185687922ACDE69


Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x698bc072,0x01d62d81</date><accdate>0x698bc072,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x698bc072,0x01d62d81</date><accdate>0x698bc072,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6aw4uvh\imagestore.datProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: data

Size (bytes): 1276

Entropy (8bit): 5.836665332112721

Encrypted: false

MD5: B34CDF4818402AFA0032B4EA2EBA5D12

SHA1: 236EE52E6E7DD796351491EB9905D467B113AC3F

SHA-256: 987AA8FA6161876001551905F35766F2DAF612CEC649CA0EDEAD4B51DE008BCC

SHA-512: 511685868C73949D5F69280B276EFD474FAADB44A9F6CA5912F06E2D68A1EDDFDB10F2B3D19E8D9E552F4FB454468364D25D8C119FCF747FE38B9F81638710C0

Malicious: false

Reputation: low

Preview:,.h.t.t.p.s.:././.s.p.o.t.d.i.e.t.s...c.o.m./.i.m.g./.a.s.s.e.t.s./.f.a.v.i.c.o.n...i.c.o.~............... .h.......(....... ..... .........................................D.t.D.s,D.tLA.r\A.r\D.tHD.t&[email protected].'.a...X...U...U...Y.*[email protected].=.pZ&.b...P...J...L...O...O...L...J...T.*.d.<.oF............D.t>'.d...Q...N...U...Z...\...\...Y...T...N...R.'.d.D.s(....D.t /.j...T...U...`.!.s.K.....l...d...c...c...^...T...X.:.o.D.t.=.qZ..b...X...a...g.*.z........?.....k...g...g...`...X.".e.D.t>5.n...a...d...m...m...}................:.....q...l...b...c.9.p.7.q...f...m...r...r.2.......................d...!.x...l...g.9.r.;.x...o...v...x...x.7...................y...;.....y...t.".p.>.y.B...(.x. .{. .|. .|.:...............N...,...!.|. .|...z.-.x.F..~P..\<...(...'...'...<...y...R...1...'...'...'...'...)[email protected]..@P..$S...7..-..-..4...9.../..-..-..-..-..-..=..Q...Q.......Q..DX...G..6..3..3..3..3..3..3..7..K..[...Q..,........Q...T..`

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with very long lines

Size (bytes): 1163

Entropy (8bit): 5.804609336749054

Encrypted: false

MD5: 53C9F0028769EDC7688179A9FE9D43AA

SHA1: CA07FAF82C6E5C15704AFF7B82283DB1806B3621

SHA-256: 00A4E79D122170910A0029ADB66785415AE893985F743911ED4FACB48B683082

SHA-512: 40AB3D8E0EE141596249F6E0949B7BB458910A767D68EA97F2B6044528D867D9FDFE11BC0D0FD9A788213020456DCE6E32FAFCD3080F50EA90085C3370ADAE8D

Malicious: false

Reputation: low

Preview:<!DOCTYPE html><html><head><meta http-equiv='refresh' content='0;URL=https://www.exclusiveyouroffers.com/DFBHL/2CTPL/?uid=44&sub2=18051831_19_0_16dc_684671_af0_206_5ec2bf63_54113416_0_0_0_64_64_0_2_2&sub1=1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi::7420'></head><body><script type='text/javascript'>function redirect() { window.location='https://www.exclusiveyouroffers.com/DFBHL/2CTPL/?uid=44&sub2=18051831_19_0_16dc_684671_af0_206_5ec2bf63_54113416_0_0_0_64_64_0_2_2&sub1=1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi::7420'; }.setTimeout('redirect()',10);.(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){.(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),.m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m).})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');.ga('create', 'UA-1672790-14', 'auto');.ga('send', 'pageview');</script>.<a href='https://www.exclusiveyouroffers.com/DFBHL/2CTPL/?uid=44&su

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\bootstrap.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Size (bytes): 48944

Entropy (8bit): 5.272507874206726

Encrypted: false

MD5: 14D449EB8876FA55E1EF3C2CC52B0C17

SHA1: A9545831803B1359CFEED47E3B4D6BAE68E40E99

SHA-256: E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B

SHA-512: 00D9069B9BD29AD0DAA0503F341D67549CCE28E888E1AFFD1A2A45B64A4C1BC460D81CFC4751857F991F2F4FB3D2572FD97FCA651BA0C2B0255530209B182F22

Malicious: false

Reputation: low

IE Cache URL: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

Preview:/*!. * Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function r(){return(r=Object.assign||function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&e.hasOwnProperty("default")?e.default:e,n=n&&n.hasOwnProp


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\classic[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines, with no line terminators

Size (bytes): 11843

Entropy (8bit): 6.0442567192817656

Encrypted: false

MD5: 18B2AEEB4C577CF60BCE75D935066566

SHA1: BEA7EFDA46157F10DA472956C19474CC170A29AA

SHA-256: 1AC9D30429F149441D207DE5B86E67F4101468D6C4981B1BDDF33DB4352AD0C5

SHA-512: AA6FB191E8125C541A8196F818D3E616E9006DD32989466AB73411753EA504261E7BE5936E95AD90F5E1096FC4708F82020919A630F624953DB4CB2A1FAB960A

Malicious: false

Reputation: low

IE Cache URL: https://widgets.amung.us/classic.js

Preview:(function(f,a){f=f||"docReady";a=a||window;var g=[];var b=false;var e=false;function d(){if(!b){b=true;for(var h=0;h<g.length;h++){g[h].fn.call(window,g[h].ctx)}g=[]}}function c(){if(document.readyState==="complete"){d()}}a[f]=function(i,h){if(typeof i!=="function"){throw new TypeError("callback for docReady(fn) must be a function")}if(b){setTimeout(function(){i(h)},1);return}else{g.push({fn:i,ctx:h})}if(document.readyState==="complete"||(!document.attachEvent&&document.readyState==="interactive")){setTimeout(d,1)}else{if(!e){if(document.addEventListener){document.addEventListener("DOMContentLoaded",d,false);window.addEventListener("load",d,false)}else{document.attachEvent("onreadystatechange",c);window.attachEvent("onload",d)}e=true}}}})("docReady",window);if(typeof _wau!=="undefined"){var WAU_ren=WAU_ren||[];docReady(function(){WAU_la()})}function WAU_classic(b,g){if(typeof g==="undefined"){g=-1;docReady(function(){WAU_classic(b,-1)})}else{if(typeof(performance)!=="undefined"&&typeof

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\fit[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with CRLF line terminators

Size (bytes): 5

Entropy (8bit): 1.5219280948873621

Encrypted: false

MD5: FDA44910DEB1A460BE4AC5D56D61D837

SHA1: F6D0C643351580307B2EAA6A7560E76965496BC7

SHA-256: 933B971C6388D594A23FA1559825DB5BEC8ADE2DB1240AA8FC9D0C684949E8C9

SHA-512: 57DDA9AA7C29F960CD7948A4E4567844D3289FA729E9E388E7F4EDCBDF16BF6A94536598B4F9FF8942849F1F96BD3C00BC24A75E748A36FBF2A145F63BF904C1

Malicious: false

Reputation: low

Preview:0....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\img6[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: PNG image data, 36 x 17, 8-bit colormap, non-interlaced

Size (bytes): 331

Entropy (8bit): 6.665563375297106

Encrypted: false

MD5: 598A7EC128741EDD10210EC922851AF1

SHA1: 46C6A59B1E4EED83465BA17D23B9B821C06BDEC6

SHA-256: E146FDD078EA17C0DF392015D315D3282ECEB69AB48657A998F3245731C55690

SHA-512: 162154919A4C6E543E4D0EBC4C152C93FF622A5EB86A4A5123F72D175F1DAEEF7079F318A66D9533447F4DB62B39AC0A8875522A4818AA634761FADFE88CB045

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/theme/Health/FitnessReg/img/img6.png

Preview:.PNG........IHDR...$..........i......gAMA......a.....sRGB.........tEXtSoftware.Adobe ImageReadyq.e<...<PLTELiqL&%s2/e.+.62K&%?#".GB.XQ.63.B>.KEY*(.KE.SM.TM.?;.XQL&%[email protected]..:,F..z.Fn. ...`......kIDAT([email protected].?...U...qi.. ..".\W......RZ...H.H..._.q ./....\L"..M.F..UdwD......N.'..$j....K......cMS.."G.".....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\img7[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 509

Entropy (8bit): 7.235649883907381

Encrypted: false

MD5: 9BC872B8A6B2CB58E9751905726AA5E7

SHA1: 4CA4F93EFC76014A90B2D5C5D32731A84A67195C

SHA-256: EA0F0597FA207A26EA0CD36336DA67E8D58EF56E5459712CB096C0C1B33993EA

SHA-512: EF5DBBF0D16E1BBD1BBF3527964580237C106A10C40F8000C2586A33DAD28896DBFB7DD07A1562D3C51977E0530FCEAD743FA213269E096018031C0B8B1D0557

Malicious: false

Reputation: low



Preview:.PNG........IHDR....... .....6k.p....gAMA......a.....sRGB.........tEXtSoftware.Adobe ImageReadyq.e<...?PLTELiqVm8EU.q.F..P3<%..U..d_y=<H*..`z.Kh.BN`3..Z.._..Z..Pp.F..U..d...B....tRNS.6.Zr...B..fN(...rZ~..o.....IDAT(.e.... .EIGE....?.."X..b...( ..............._.75.X.."...<.....W..`x....`.qg..a.H...4A>7.....+.DY.SMD......m....YE..b@3...+Y.+...S:...a3..VX>..t...,........R...|.}...)......e.=.F....j.P.^:......D.\..c.|.f.<....... .2x....>|U...S(.<....1.!>^Y."...vw.z.6.."n..7..).?f..R.;.F....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\img7[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\img[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 125872

Entropy (8bit): 7.95891257952214

Encrypted: false

MD5: 62E9D685479665F71F3B007FCF5A9E2F

SHA1: 671644B0752FCF1214FA7F94647E6B171D0B1942

SHA-256: 78363F9C61A936890E9739EE49E747CA6F8EF237E14C714B5DFECEC504990654

SHA-512: BE559623B22528BB2C1D65EB1DCFDC2E636F5CFAC4AD55CF931720A97D9FADC331D423F659F9D1864C8E0A92D785B8F94C724645D73543F785ABB87E2C178E4B

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/theme/Health/FitnessReg/img/img.png

Preview:.PNG........IHDR.......4.....,.%.....gAMA......a.....sRGB.........tEXtSoftware.Adobe ImageReadyq.e<....PLTELiq.....................................................................................................................................................LKLqoohgh......YVWFFG...888......................................&&&...A.."""G5+**+:' @.&=+#E1(I..K7,:..XD82..nSF^H<6#.R..T?3fNBQ:.L;20..{cW^@3//0gI;t[NZ;.*..>@B...[.#.j_ ..L1%pL=...DFI.eUdD6...k[...rf456e.):;<.rbwRC...}YJ..E,"T5).yk.....& .....wg.^Np.-.........xy}.~n@3*..@&.z.4..qqt..z.........(....:hil.'L4...%G."@^`c0'!......LNP..u.......d.".....v.*Q.................TVZ...X+ .0]...........o=/.....}J&.....-V......gXN...6/)?...3d.......q..}ND=u-%....X..a..:n.Q..^HA:4.G.ZOG...;5...iZ...|r.IA.@{.z..P;.........Q.$k$3....?....j...`...z.VN..yU.d].nJ.ti...j.e..z.r........].....-......?tRNS.................."(.%..,*..2<!$'/58IAc{...]..R.{............O^T.. .IDATx...k.G...u...&..B.....:.Y.^r.....F

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\jquery-3.2.1.min.ca7563da[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode text, with very long lines, with no line terminators

Size (bytes): 86858

Entropy (8bit): 5.269241262418202

Encrypted: false

MD5: 59F28F7727EB059695920E6A63BD4F8E

SHA1: CA7563DA7419FB45A6FD44E115B50E4BECA24683

SHA-256: 2508FF028CF7ADF88EE8747221E0370328CBFC31B3596385819FF4C6B27D4BC4

SHA-512: 62A149C8A4F36349E80084442D052D5925DBA4A9FAA034576B01DAFA6CF55B48FE8D893DA818608F3494AF33160E1390F3AE7BEB67615653EE164B710176D651

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/theme/Health/FitnessReg/js/subscriptions/min-rev/jquery-3.2.1.min.ca7563da.js

Preview:!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";function n(e,t){var n=(t=t||te).createElement("script");n.text=e,t.head.appendChild(n).parentNode.removeChild(n)}function r(e){var t=!!e&&"length"in e&&e.length,n=he.type(e);return"function"!==n&&!he.isWindow(e)&&("array"===n||0===t||"number"==typeof t&&t>0&&t-1 in e)}function i(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()}function o(e,t,n){return he.isFunction(t)?he.grep(e,function(e,r){return!!t.call(e,r,e)!==n}):t.nodeType?he.grep(e,function(e){return e===t!==n}):"string"!=typeof t?he.grep(e,function(e){return ae.call(t,e)>-1!==n}):Ee.test(t)?he.filter(t,e,n):(t=he.filter(t,e),he.grep(e,function(e){return ae.call(t,e)>-1!==n&&1===e.nodeType}))}function a(e,t){for(;(e=e[t])&&1

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\l[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with no line terminators

Size (bytes): 238

Entropy (8bit): 5.379145665819873

Encrypted: false

MD5: E0291F3517D048AAE418CC2CD7B30F47

SHA1: 1363A835686DFC99C38FBEA932F6E4F916633004

SHA-256: 6365D789BFA1D4669C14A35F3A705BCBECA255F357F8469B91CB94FFF1EB2B0C

SHA-512: D96A299AF72553E0821D44304AB6F6630F2611987FAD86617D449ACBB03CE9C45E64484CE1E9651C29E847C4F0C35C11F26170AFD9E86C0ED08B2FDDEF2E7535

Malicious: false

Reputation: low

Preview:<html><head><meta charset="utf-8" /></head><body><script type="text/javascript">document.location.replace("https:\/\/page.dagmaar.com\/tundra\/?fbclid=IwAR0ibFew8p_xPNe0PRhTlrDIVnOwzwLQrHRnimIhKKmR0VId6RXzV1BrzBg");</script></body></html>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\popper.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 19188

Entropy (8bit): 5.212814407014048

Encrypted: false


MD5: 70D3FDA195602FE8B75E0097EED74DDE

SHA1: C3B977AA4B8DFB69D651E07015031D385DED964B

SHA-256: A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66

SHA-512: 51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14

Malicious: false

Reputation: low

IE Cache URL: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

Preview:/*. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode||e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\popper.min[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\regValidation.min.1a957052[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 1528

Entropy (8bit): 5.4337599138426

Encrypted: false

MD5: 6D01B54EE41A018CB33B238E784B0F96

SHA1: 1A9570520363595E1F27A6D5F5B6FAA331D42842

SHA-256: 9599A29CC6368DE0438FDF528F1BB69599B0BD1FB871FC80F2A768FCF880701F

SHA-512: 661BF4BF3F95EACFD4750A4DEA203EFF1AA5413228C06D4800657F4E28F9CAD3B0FEFCF8E1AF6B3F79958A90145F80A8E6CDF705EC6ABA24ECCB81BEAB450B41

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/theme/Health/FitnessReg/js/subscriptions/validation/min-rev/regValidation.min.1a957052.js

Preview:function checkPassword(){var s=$("#password"),r=$("#error-message-password");return s.val().length>=6?(s.removeClass("input-error").addClass("input-success"),r.text(""),!0):(s.removeClass("input-success").addClass("input-error"),0===s.val().length?r.text(errorMsg.ERROR_PASSWORD_ENTER):r.text(errorMsg.ERROR_PASSWORD_LENGHT),!1)}function checkEmail(){var s=$("#username"),r=$("#error-message-username"),e=s.val();return e=jQuery.trim(e),s.val(e),isValidEmailAddress(s.val())?(s.removeClass("input-error").addClass("input-success"),r.text(""),!0):(s.addClass("input-error"),0===s.val().length?r.text(errorMsg.ERROR_EMAIL_ENTER):r.text(errorMsg.ERROR_EMAIL_INVALID),!1)}function checkEmailonkeydown(){var s=$("#username"),r=$("#error-message-username");isValidEmailAddress(s.val())&&(s.removeClass("input-error").addClass("input-success"),r.text("")),isValidEmailAddress(s.val())||s.hasClass("input-error")||s.addClass("input-error")}function submitForm(){var s=checkEmail();return $("#password2").val(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\tundra[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with CRLF line terminators

Size (bytes): 2007

Entropy (8bit): 4.896963370587045

Encrypted: false

MD5: 7B3F2EBB03B9FCB180FA6CE3FB25DA60

SHA1: 94A4C81895C432ECA10E3CC16DF75C47AC0681E7

SHA-256: CDE5FBE1EAEB726FD36447B4CB043C93B42B2DA30C90CC17FD094932F0A90E4F

SHA-512: 2F3B3C52BE867AAEFA351D66C02DEE758DF3F49D593E9333100B528FB8B35F23F272BD9F39BB15858E16BEAAD96D7F260091AF87FC9C4E4A25294F03441F4992

Malicious: false

Reputation: low

IE Cache URL: https://page.dagmaar.com/tundra/?fbclid=IwAR0ibFew8p_xPNe0PRhTlrDIVnOwzwLQrHRnimIhKKmR0VId6RXzV1BrzBg

Preview:....<!DOCTYPE html>..<html lang="en">.... <head>.... <meta charset="utf-8">.. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.. <meta name="description" content="">.. <meta name="author" content="">.... <title>Win a Brand New 2020 Toyota Tundra 4WD</title>.... Bootstrap core CSS -->.. <link href="css/bootstrap.min.css" rel="stylesheet">.... Custom styles for this template -->.. <link href="css/heroic-features.css" rel="stylesheet">.... </head>.... <body>.... .... Page Content -->.. .. <div class="container">.... Jumbotron Header -->...... Page Features -->.. <div align="center">.. ..<div class="col-lg-6 col-md-8 mb-4">.. .. <div class="card">.. <img class="card-img-top" src="https://i.imgur.com/d17hczI.jpg" alt="">.. <div class="card-body">.. <h4 class="card-title">Win a Brand New 2020 Toyota Tundra 4WD</h4>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\wait[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 67

Entropy (8bit): 4.774367736069945

Encrypted: false

MD5: 85DEF80DF147A088DDEFA4B45D234FCB

SHA1: F7C1E79F75C592C71A84C36A7EB42CDFF8950D6D

SHA-256: CA3FFDF7B25EAB7573B7FACA9CB20B98EC39A6629F63BFEF7ED7BBF1BA8736D0

SHA-512: F62621B7FC564C32591A080F549C5F1D75A8494BB7EB5F8FFDCC5C7800A5DD7E4D85CAA81562758E065CCF94A456A7678BE9088C960CAA964790588444DC8C34


Malicious: false

Reputation: low

IE Cache URL: https://page.dagmaar.com/tundra/wait.html

Preview:..Loading....<meta http-equiv="refresh" content="3;url=wait1.html">

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\wait[1].htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\bootstrap.min[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines, with CRLF line terminators


Entropy (8bit): 5.059129831292051

Encrypted: false

MD5: E59AA29AC4A3D18D092F6BA813AE1997

SHA1: C4141255658403C38E1306D2FE196575522D6CC3

SHA-256: 9EF4FBE459177AF5F4E9647CBE584514FD36C7386AF6A1712D03AE4B42E45B24

SHA-512: F8F8D2D7951FD526B7C3684D6A7AC7CF7EC988597ACEF817ADE85B31092BBAD544D9D59A41E79D7A2D9024F9A717205818BE1A024C028BE04E251D68059C8137

Malicious: false

Reputation: low

IE Cache URL: https://page.dagmaar.com/tundra/css/bootstrap.min.css

Preview:/*!.. * Bootstrap v4.1.1 (https://getbootstrap.com/).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,::after,::before{box-sizing:border-box}html{font-famil

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\css[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text

Size (bytes): 1207

Entropy (8bit): 5.205387394855335

Encrypted: false

MD5: 9EC97FBA7E28F0046AD0F829EB5ED66B

SHA1: 6AC81F6B6AD8DCD02E6A0C11E8C82A3DE531552F

SHA-256: 0F85A4E5F380E84C2354ABF83F25947E488BF1BF75396BFC3D831C673BEC440F

SHA-512: 0F1433A678B3623372374852443FC543E7E837AB453CA0520A096B934BEE19123A5FF61881F06EA9ECFAD3F41A61181D557FBA15B143B0F61FF3B2C2DBFEA946

Malicious: false

Reputation: low

Preview:@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 300;. src: local('Open Sans Light'), local('OpenSans-Light'), url(https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN_r8OUuhv.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. src: local('Open Sans Regular'), local('OpenSans-Regular'), url(https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0d.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 600;. src: local('Open Sans SemiBold'), local('OpenSans-SemiBold'), url(https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOUuhv.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 700;. src: local('Open Sans Bold'), local('OpenSans-Bold'), url(https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOUuhv.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\d17hczI[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: JPEG image data, progressive, precision 8, 1024x768, frames 3


Entropy (8bit): 7.979799960205383

Encrypted: false

MD5: EFDD9CCE4ABECE74929E793663C8A50E

SHA1: 489482A3768D335BDB93E8062DAACDD2FAF611F1

SHA-256: 405B5E6656380F774E78191E80E967663D897167184A9032B5AB19637C66CF26

SHA-512: 34F282BFCB992A8C74300B0343D61C8F341FB9357C44A806089F4037A12E932C853276C5FD7C2D3AB8703014C2C8067BAF9603825C06E122BED276B02A5C92C5

Malicious: false

Reputation: low

IE Cache URL: https://i.imgur.com/d17hczI.jpg

Preview:......ICC_PROFILE...............mntrRGB XYZ .........$..acsp.......................................-....).=..U.xB...9.................................desc...D...ybXYZ........bTRC........dmdd........gXYZ...h....gTRC........lumi...|....meas.......$bkpt........rXYZ........rTRC........tech........vued........wtpt...p....cprt.......7chad.......,desc........sRGB IEC61966-2-1 black scaled..................................................................................XYZ ......$.........curv.......................#.(.-.2.7.;[email protected].^.c.h.m.r.w.|...............................................................%.+.2.8.>.E.L.R.Y.`.g.n.u.|.........................................&./.8.A.K.T.].g.q.z...............................!.-.8.C.O.Z.f.r.~......................... .-.;.H.U.c.q.~.......................+.:.I.X.g.w.....................'.7.H.Y.j.{...................+.=.O.a.t...................2.F.Z.n.................%.:.O.d.y...............'.=.T.j...............".9.Q.i...............*.C.\


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\da[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced

Size (bytes): 352

Entropy (8bit): 7.115328530626043

Encrypted: false

MD5: AC122DCF0C9D72093852A94DF3F69001

SHA1: C808192D8F1BEFD3CCC20B4063D903E6B9F62062

SHA-256: 95253486AE74B2987697E95E810FB4E2C5866E7290D3E8C3BFA64B33ED7FB76B

SHA-512: F6EF0D1360A4D35D9BE07216DF5B0787BFD800337E629E56FD79D5C2343134E38368D9DB20F1EEDF2ED1BA9AA475F8066B175CF3F3BA324E16F31732349FC1D7

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/img/flags/min/da.png

Preview:.PNG........IHDR................n...'IDAT(.mR;N.Q...v...D..b.n.A. ...V)s.\!.AA.R...xl..[.@.\X.{.2.....G.v.....#....8Y,. ....:.......E.]..|Y.{...........<.a/RF.d.d..l....I....-.&c..,.M..r.;.T..{[email protected].$I..2..(...].......?.)3.m..noc....NW+....&..m..............rjfG....LNx bbI.:.....t].......^#.....3..t......_..~....+....Y..#......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\gtm[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 90208

Entropy (8bit): 5.440426033733675

Encrypted: false

MD5: 783598E9822E66A83ACDA112931D995A

SHA1: D91FE25056343889D044F9D40DC4F1AE4CFEDEE8

SHA-256: 431CFCFCBAC9838558AE3EF9282BABB8F52699282B48BDFAFB0D9C18F94ADC70

SHA-512: 374AA86CDB098175E28577BE1BFFAFF2B63D7E33C6C1F803EED3963095D0D15B408D826A38B28320E47BBBDC178B5DE8FE66C2C827F5C5AC77ACB7F6A088BF26

Malicious: false

Reputation: low

IE Cache URL: https://www.googletagmanager.com/gtm.js?id=GTM-MMPL24Z

Preview:.// Copyright 2012 Google Inc. All rights reserved..(function(w,g){w[g]=w[g]||{};w[g].e=function(s){return eval(s);};})(window,'google_tag_manager');(function(){..var data = {."resource": {. "version":"19",. . "macros":[{. "function":"__jsm",. "vtp_javascript":["template","(function(){var a=new Date;return a.getTime()})();"]. },{. "function":"__u",. "vtp_component":"HOST",. "vtp_enableMultiQueryKeys":false,. "vtp_enableIgnoreEmptyQueryParam":false. },{. "function":"__e". },{. "function":"__u",. "vtp_component":"PATH",. "vtp_enableMultiQueryKeys":false,. "vtp_enableIgnoreEmptyQueryParam":false. },{. "function":"__u",. "vtp_component":"URL",. "vtp_enableMultiQueryKeys":false,. "vtp_enableIgnoreEmptyQueryParam":false. },{. "function":"__f",. "vtp_component":"URL". },{. "function":"__e". }],. "tags":[{. "function":"__hjtc",. "metadata":["map"],. "once_per_event"

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\img1[1].png

Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 53424

Entropy (8bit): 7.992114772293269

Encrypted: true

MD5: 127E8D260A9F917823E14489E93EA754

SHA1: 5B77CC2903E7880E89B6CC01C8B7AEFF4DC0F07E

SHA-256: 1CC18B8FBE39D616675BECF16CCE519107E0BEB309F3B2DE1A956C4FD3CF3B99

SHA-512: 2029DAE8ABE67AEA55620A42FC008114219768480C027B9019B90D8D13EEBF4876387C25D08FAE107B9984770B19F95D2B1F2A4658998B5376CD24130FC12156

Malicious: false

Reputation: low


Preview:.PNG........IHDR...].........{&......gAMA......a.....sRGB.........tEXtSoftware.Adobe ImageReadyq.e<....PLTE...0&.?3&P=-......"...........8-!...%...iOq]C.....Liq.v\VG4..pdL6......{Y?.lW|pb..q..........mUv`H% .....pXt^F.w_0'..oX...TG5..................!..............$...........(.....*"....&.........../'.).....5,"2).-%./".=0'...8*">4)9/!5) F7-I:03%.C6,;,$!..UE6...P?490&=3%M?..v[%...|bjX?J<+.sWfT=L=3SC4..PB0WH9......wbHG9)^M7..szeJ..m..h...A3*..p....|....pVB5&..d...3".....jPI=2...E:.p[A...B8)..xZJ4~hLbP9...../....xN6#p^F..k=*.)...nR.y]u_D...ya8&.".._C-_P=l[E....mU[>'.kOH2 YL>WD/..{gOS<)...a?}Y<fVC.l..NC7B/!..f.\:`RCU9$tcPC,.q_LqL/..[.....uS8.r....sLgF+..hG......jDgJ3.{R.x....u.pNziW.P7EgXI.b~T3.u_.......p_.......~i........zX.aD.......klP8..j.{W....a....y...p...whk^PB.9.......s..4#-|Yo...sg[...*.$....n.cEU.......~..}uvo/..<..W..i.....[c.....+tRNS.............................q..LMPT.L....pE.... .IDATx..}L.i..p..23.....dw..?y).U..`+.]..".T.*".B.....R.\...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\img3[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 81762

Entropy (8bit): 7.372679650939617

Encrypted: false

MD5: 61A7DCBBE99FAD70B660D57957EFF72A

SHA1: 1AFF8033734DD37E6387BFA7C5079F3495856CF8

SHA-256: 36FD356C5C49C219199BE035ABED52E32294D529F34D8B01DE227871A47447A5


SHA-512: 2CD96CD3B2A221E86386C8C078B459B658898FC495B17E50EBB70D28FB8849D02D9F07A29C207A6F1AA68846E6EE270DBDB0D5B51D20938F48F57787E122F052

Malicious: false

Reputation: low


Preview:.PNG........IHDR...].........{&......gAMA......a.....sRGB.......8.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2018-02-09T12:45:33+05:00</xmp:CreateDate>. <xmp:ModifyDate>2018-02-09T15:09:08+05:00</xmp:ModifyDate>. <xm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\img3[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\jquery.main.min.b9656064[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 31494

Entropy (8bit): 5.07180639127144

Encrypted: false

MD5: A6540656C9887F0A4D0D50EEC13D3381

SHA1: B9656064B23623DCBE5097CBDFE1E20C08E6D475

SHA-256: BC23A5C3092D03D96E2148D1CC7233BA669E64DE941FAE3D7551A16BB01A63A7

SHA-512: B6F42F4F29CAC4E760D984DCB93B864DC670BB13EC228666B83421BCAEC5D62203EF6A20D22EB4F179F3C64C176183D207F87C0D72C2C236F03E3872C0722FC2

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/theme/Health/FitnessReg/js/subscriptions/min-rev/jquery.main.min.b9656064.js

Preview:function initCustomForms(){jcf.setOptions("Select",{wrapNative:!1,wrapNativeOnMobile:!1}),jcf.replaceAll()}function initFormValidation(){jQuery(".form-validation").formValidation({errorClass:"input-error"})}function initRetinaCover(){jQuery(".bg-stretch").retinaCover()}jQuery(function(){initCustomForms(),initFormValidation(),initRetinaCover()}),window.addEventListener("load",function(){var e=document.querySelector("html.loader");e&&e.classList.add("loaded")}),function(e){"use strict";var t=function(){var t=function(e,t){this.$field=e,this.$fields=t};t.prototype={reg:{email:"^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+.[a-zA-Z]{2,6}$",number:"^[0-9]+$"},checkField:function(){return{state:this.run(),$fields:this.$field.add(this.additionalFields)}},run:function(){var t;switch(this.$field.get(0).tagName.toUpperCase()){case"SELECT":t="select";break;case"TEXTAREA":t="text";break;default:t=this.$field.data("type")||this.$field.attr("type")}var s="check_"+t,i=!0;return e.isFunction(this[s])&&(i=this[s]())&

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\mem5YaGs126MiZpBA-UN7rgOUuhv[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: Web Open Font Format, TrueType, length 18900, version 1.1

Size (bytes): 18900

Entropy (8bit): 7.96514104643824

Encrypted: false

MD5: 1F85E92D8FF443980BC0F83AD7B23B60

SHA1: EE8642C4FAE325BB460EC29C0C2C9AD8A4C7817D

SHA-256: EA20E5DB3BA915C503173FAE268445FC2745FC9A5DCE2F58D47F5A355E1CDB18

SHA-512: F34099C30F35F782C8BB2B92D7F44549013D90E9EEDE13816D4C7380147D5B2C8373CC4D858CDF3248AAA8A73948350340EE57DAE9734038FC80615848C7133E

Malicious: false

Reputation: low

IE Cache URL: https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOUuhv.woff

Preview:wOFF......I.......p.........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`....cmap...`.........X..cvt .......].....-..fpgm...t........s.ugasp................glyf...$..9...Y..(.head..A....6...6.%I.hhea..B,.......$.)..hmtx..BL..........O,loca..D`........9yfmaxp..F$... ... .q..name..FD........#.>.post..G4.......x.U..prep..H............k........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`f.g......:....Q.B3_dHc.........................@`......../..?....^...... [email protected]..!..x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g``..$KY...e@.,[email protected]@<..O.H.t.................c [email protected].}.M...!...!....x.TGw.F........)..)7.W..`*.j.-...=*'_..sI...2...O>....[tt....TK]..|...G..............^.m..=..x.q...+./].p...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\mem5YaGs126MiZpBA-UN8rsOUuhv[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 19072

Entropy (8bit): 7.966673384993769

Encrypted: false

MD5: 05EBDBE10796850F045FCD484F35788D

SHA1: 07744CFE76B8C37096443A6BCC3FBD04F93AD05B

SHA-256: 35EB714D45479FE35586513C7D372CED0AE3E26EB05883950BEA2669C6E802AA

SHA-512: D4F293115640C05E3134D635AA077BC91BF35E80463C93C14646D97784CD9FC8D4CD4E10EEAA7BE621DBD9FA0DE5BE943328014ED505C217E61769F76BFA7F40

Malicious: false

Reputation: low

IE Cache URL: https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN8rsOUuhv.woff


Preview:wOFF......J.......p.........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`...vcmap...`.........X..cvt .......g.....o.[fpgm...|........s.ugasp... ...........#glyf...0..:"..Yr....head..BT...6...6....hhea..B........$....hmtx..B....*....#.C.loca..D.........n..maxp..F.... ... ....name..F.........%.@cpost..G........x.U..prep..Ip.......1..S........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`f.cV``e``..j...(.../2.11s01qs.1s.01.400.300x......:.;380(...&.O.....)B..q>H.%.u..R``........x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g``..$K..(..`.e.a.a`[email protected]..&..............1\gta.e....320.0...2.g.j...=...x.TGw.F........)..)7.W..`*.j.-...=*'_..sI...2...O>....[tt....TK]..|...G..............^.m..=..x.q...+.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\mem5YaGs126MiZpBA-UN8rsOUuhv[1].woff

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\mem5YaGs126MiZpBA-UN_r8OUuhv[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 18668

Entropy (8bit): 7.969106009002288

Encrypted: false

MD5: A7622F60C56DDD5301549A786B54E6E6

SHA1: D55574524345932DB3968C675E1AEA08C68A456F

SHA-256: 6E8A28A0638C920E5B76177E5F03BA94FCDEDD3E3ECD347C333D82876B51C9C0

SHA-512: 1A842E5EDFFFFBAE353AD16545D9886E3E176755F22B86ECCC9B8B010FC79DB7194B7C5518CC190BF5B78B332C7D542B70A6A53B3BAF23366708DF348C2C2D49

Malicious: false

Reputation: low

IE Cache URL: https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN_r8OUuhv.woff

Preview:wOFF......H.......n0........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`}...cmap...`.........X..cvt .......]........fpgm...t........~a..gasp...............#glyf... [email protected]........$...chmtx..A8.........._{loca..CL........K.4&maxp..E.... ... ....name..E0........"c?Jpost..F........x.U..prep..G........:..]........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`fig.a`e``..j...(.../2.1..`b.ffcfeabbi``Pg``..b.. 0t.vfp`P...M...C.G/S....|...=.6 .....m/....x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$K..$..`.g.e........ .......R.g......?......x.)d...........$...."....0.#[email protected]........)..)7.W.$`*.....G.Kz.)e....t.|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\mem5YaGs126MiZpBA-UNirkOUuhv[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 18696

Entropy (8bit): 7.96597476007567

Encrypted: false

MD5: 449D681CD6006390E1BEE3C3A660430B

SHA1: 2A9777AFC07BF0BB4BB48F233ED7C4BCBDB60760

SHA-256: 57C79375B1419EE1D984F443CDA77C04B9B38C0BE5330B2D41D65103115FFD72

SHA-512: 8B8436670BB4D742AFA60ABA29D7A78F3788CBEF9353C2896AA492618CF1B22E9A0679972AB930E2F2D4732F3B979C023D25AA0FA86C813AC674524FD4ECA2BE

Malicious: false

Reputation: low

IE Cache URL: https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOUuhv.woff

Preview:wOFF......I.......m.........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`.-..cmap...`.........X..cvt .......[.......4fpgm...p........~a..gasp................glyf......8...W.J.4.head..A....6...6...Mhhea..A<.......$...#hmtx..A\... .....lT.loca..C|........6..umaxp..E@... ... .t..name..E`........#.@Ppost..FP.......x.U..prep..H.........x..n........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`fy.......:....Q.B3_dHc.........................@`........./..?....^...... 9. [email protected].\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$KY...e@.,A.".m....x.......3......?.[.o...2...:...a..b.)@.Y.....v1.b4d...36 ..x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N.KG.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\mem8YaGs126MiZpBA-UFVZ0d[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 18100

Entropy (8bit): 7.962027637722169

Encrypted: false

MD5: DE0869E324680C99EFA1250515B4B41C

SHA1: 8033A128504F11145EA791E481E3CF79DCD290E2

SHA-256: 81F0EC27796225EA29F9F1C7B74F083EDCD7BC97A09D5FC4E8D03C0134E62445

SHA-512: CD616DB99B91C6CBF427969F715197D54287BAFA60C3B58B93FF7837C21A6AAC1A984451AEEB9E07FD5B1B0EC465FE020ACBE1BFF8320E1628E970DDF37B0F0E

Malicious: false

Reputation: low

IE Cache URL: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0d.woff

Preview:wOFF......F.......i.........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`~]..cmap...`.........X..cvt .......Y.....M..fpgm...p........~a..gasp...............#glyf......6...S...]head..>....6...6..cphhea..>........$....hmtx..?...........[$loca..A4.........f..maxp..B.... ... ....name..C.........&:A.post..D........x.U..prep..E.........C...........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`f..8.....u..1...<.f...................A......5....1...A.._6..".-..L.....Ar,......3..(....x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$KY...e@.,.."..........?....%.g....Z.....(".o..Y..Bu342.e......0..........M=.....x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N.KG.


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\pk1EcBw[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: GIF image data, version 89a, 350 x 350


Entropy (8bit): 7.869826759603402

Encrypted: false

MD5: D74916815C4653AC304A834F56A8FC4E

SHA1: CE3605916EFC416F660CC5056302A2AF5651FF2B

SHA-256: 767FA8FF358C39C0356795F6DB19ADEE99CC5FE1C751C1718618C23F3519B6E2

SHA-512: 32545A6F69534C9EAA3046D9EDB8CE4C8C130F89C57E852FBF162A569ABA720922D3DD60EC5D371798FFDCE915A87B34A22DE695BB1E805A54552B78320D0C0D

Malicious: false

Reputation: low

IE Cache URL: https://i.imgur.com/pk1EcBw.gif

Preview:GIF89a^.^.......FFF777......UUU&&&.....................ZZZ......{{{.........rrrccc...kkk.....................!..NETSCAPE2.0.....!.......,....^.^.....'.di.h..l.p,.MU.N.hr....pH,..H"...8.7.."!<..v..z..A$J.....z.n.....j..,..~......tvfO.......s.........D...v.<......c.......|.........Y6........0...u.........e.i...=.........k....k.........n.........y`...7..`.0.Po......[.....=...e_.:..$...`.r.C..P.cD....X.X&#...LF4&.f...eF..._?.Z.....7.H_l.I.".-+YF...A..-$...*...D......_#>.........3.U$..B...m..L..;p....F.8.\.._.o....0.X.... (...[[email protected](...5....=r.bj!.....t@pz<-.&v....!Tf...s....).......o....w.E..?.A......}^...C............n.AP.j..R......m....U.E`Z..L..G...a;[email protected] `!....N....Z|.n.....W.z6Js.w...`YFp.#k......>..|.....*.)e2.`.\o...c..0.Yt_...s.|6...i.C.3z.&5..)..W....1\g..^[email protected].@.)!.0T`ax........i..P....*......i......s.:..$~.f....kW.>..T....p.. c...2....J.e.fV........X`a..B*...Z.-...]...k.&8........0PC.......a.......v.D6.0.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\ar[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 428

Entropy (8bit): 7.390936046390801

Encrypted: false

MD5: 4E110E39A343E4D63FE179EE1878A808

SHA1: A09C49969D0FB253614F3E7BB2206151177B40C6

SHA-256: D42BE6E56327FEF927ABFCDBED9A90FF588ED85EB7DC6D4FD977F23484B53776

SHA-512: BCFA7798E30054BF97DD4E15BF818F40F7A7253AE2ECBCB228025A536D44D47080385D4B81E89595444D170DEEC494B571F672DE6899DA38FCF64B545183300E

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/img/flags/min/ar.png

Preview:.PNG........IHDR................n...sIDAT(.}..jTq...~d..."q..1FBj.U.l}.T~4y.}....@*..,T..[...U....&{.93.oa..q.a...3.... @....BhP.x..i....B.. [email protected]?G..#..i{j....5....xe.*....R....;.7...w_..\...;E.....n..<....s....Rr..l..\..+z....t6.QO..&[email protected]=....W..|.......p..H.A.....U.2.Mfn$..y.ON&..H.........bJ..V.....<n.2..t...l3...9.d[.........J4..r...NR.r..Nq..KQ.K........9.-.._0z7.........IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\bootstrap.14d4753b[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe



Entropy (8bit): 5.129520310559513

Encrypted: false

MD5: 6108B440AFE51859EE0889FAE9265E81

SHA1: 14D4753B803D46F3441639723FA19A937C4DF310

SHA-256: E6BF0F8BD2A16E31A7FC2A869BA8607B371EF2E44304BA48BFC25486BC40743D

SHA-512: 430AAE75DA96F04C02E7D619F8C474A244A0076977DA2C321A3D8E1C97D183BEE58EF2DAAA974BC7EB4D1300480708F74B2AC783B3F553185B562F8BC5D797DC

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/theme/Health/FitnessReg/css/subscriptions/theme-rev/bootstrap.14d4753b.css

Preview:/*!. * Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors. * Copyright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.:root {..--blue: #007bff;..--indigo: #6610f2;..--purple: #6f42c1;..--pink: #e83e8c;..--red: #dc3545;..--orange: #fd7e14;..--yellow: #ffc107;..--green: #28a745;..--teal: #20c997;..--cyan: #17a2b8;..--white: #fff;..--gray: #6c757d;..--gray-dark: #343a40;..--primary: #6573ba;..--secondary: #6c757d;..--success: #28a745;..--info: #17a2b8;..--warning: #ffc107;..--danger: #dc3545;..--light: #f8f9fa;..--dark: #343a40;..--breakpoint-xs: 0;..--breakpoint-sm: 576px;..--breakpoint-md: 768px;..--breakpoint-lg: 992px;..--breakpoint-xl: 1200px;..--font-family-sans-serif: "Open Sans", Arial, Helvetica, sans-serif;..--font-family-monospace: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace;.}..*,.*::before,.*::after {..box-sizing: border-box;.}..html {..fon

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\favicon[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel

Size (bytes): 1150

Entropy (8bit): 5.9407331384504385

Encrypted: false

MD5: 2BEEED1F0640E3095B73F9570D754E99

SHA1: A6523FFB83F4E9DCB40849547AF1F4B5E872068D

SHA-256: 3A4289C96DA14DFD7D158A3F353808A8688AD5DFDB7D3499257188130336221A


SHA-512: C5EA319B5A957E27807448CC722EA24366AD583E6615A5D8ED33D4DA617947F24C4DC5ACD092343EE4637D71CF8FF268655F99DA618CCE9A949279FEA1EEC324

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/img/assets/favicon.ico

Preview:............ .h.......(....... ..... .........................................D.t.D.s,D.tLA.r\A.r\D.tHD.t&[email protected].'.a...X...U...U...Y.*[email protected].=.pZ&.b...P...J...L...O...O...L...J...T.*.d.<.oF............D.t>'.d...Q...N...U...Z...\...\...Y...T...N...R.'.d.D.s(....D.t /.j...T...U...`.!.s.K.....l...d...c...c...^...T...X.:.o.D.t.=.qZ..b...X...a...g.*.z........?.....k...g...g...`...X.".e.D.t>5.n...a...d...m...m...}................:.....q...l...b...c.9.p.7.q...f...m...r...r.2.......................d...!.x...l...g.9.r.;.x...o...v...x...x.7...................y...;.....y...t.".p.>.y.B...(.x. .{. .|. .|.:...............N...,...!.|. .|...z.-.x.F..~P..\<...(...'...'...<...y...R...1...'...'...'...'...)[email protected]..@P..$S...7..-..-..4...9.../..-..-..-..-..-..=..Q...Q.......Q..DX...G..6..3..3..3..3..3..3..7..K..[...Q..,........Q...T..`\...]..J..:..7..7..;..L..]..]...U..N................Q...Q..(S...d..l..k..k..l..c.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\favicon[1].ico

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\heroic-features[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 401

Entropy (8bit): 5.1421536940795685

Encrypted: false

MD5: 69520D0DCBD09B66A98CF84CFE925B00

SHA1: FA6D3DF70D12B790FEBF9D88AFB2AF93D2BDD2BD

SHA-256: 120E8C72EA40892C6142086F5F926531E011E7AAB9778FD5D1C2A3CEDC3DD16E

SHA-512: 1F414EA98E539BFE34DD601AE349A2C5857BC7B8A8FE9BB24B0C8CB956FDF8AD3C40A8070032F9F8EE8E013EBD24A81A84A9EA38655DE484C1DDB8D1E5C7E7B3

Malicious: false

Reputation: low

IE Cache URL: https://page.dagmaar.com/tundra/css/heroic-features.css

Preview:/*!.. * Start Bootstrap - Heroic Features (https://startbootstrap.com/template-overviews/heroic-features).. * Copyright 2013-2017 Start Bootstrap.. * Licensed under MIT (https://github.com/BlackrockDigital/startbootstrap-heroic-features/blob/master/LICENSE).. */....body {.. padding-top: 54px;..}....@media (min-width: 992px) {.. body {.. padding-top: 56px;.. }..}.....card {.. height: 100%;..}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\jquery.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 86659

Entropy (8bit): 5.36781915816204

Encrypted: false

MD5: C9F5AEECA3AD37BF2AA006139B935F0A

SHA1: 1055018C28AB41087EF9CCEFE411606893DABEA2

SHA-256: 87083882CC6015984EB0411A99D3981817F5DC5C90BA24F0940420C5548D82DE

SHA-512: DCFF2B5C2B8625D3593A7531FF4DDCD633939CC9F7ACFEB79C18A9E6038FDAA99487960075502F159D44F902D965B0B5AED32B41BFA66A1DC07D85B5D5152B58

Malicious: false

Reputation: low

IE Cache URL: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js

Preview:/*! jQuery v3.2.1 | (c) JS Foundation and other contributors | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\main.d9eaf96a[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 12147

Entropy (8bit): 5.05656275283049

Encrypted: false

MD5: F42A3D0DEB8E28B27C4F10412DFEAE34

SHA1: D9EAF96A49A78EA342E108B05DB33B957EF15DEC

SHA-256: 5C684B6BBBE8A097B93EFF169290E6ACB7B22B62368A9D9EFD519F88E21ABD3A

SHA-512: F5C66B6D7F87BB84156755FAB04D6FEA68B06B37F5591D07FFB32370AEEF5CDFCF1BC0106D4F628C9256AFBD44AF0F28F0B1110C6607B2CCA5BAE8B7EE5BE44F

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/theme/Health/FitnessReg/css/subscriptions/theme-rev/main.d9eaf96a.css


Preview:.clearfix:after {..content: "";..display: block;..clear: both;.}...ellipsis {..white-space: nowrap; /* 1 */..text-overflow: ellipsis; /* 2 */..overflow: hidden;.}..body {..min-width: 320px;.}..a {..-webkit-transition: all .4s ease;..transition: all .4s ease;.}..#wrapper {..padding: 57px 0;..position: relative;..overflow: hidden;..width: 100%;..min-height: 100vh;.}..#main {..position: relative;.}...bg-stretch {..position: absolute;..top: 0;..right: 0;..bottom: 0;..left: 0;..background-size: cover;.}...btn {..min-width: 220px;..height: 60px;..position: relative;..display: block;..border-radius: 6px;..font-size: 19px;.}...btn .free {..font-weight: 600;.}...btn-green {..background-color: #a5da64;.}...fitness-images-wrap {..-webkit-transition: all 1s ease;..transition: all 1s ease;..position: absolute;..top: 0;..bottom: 0;..right: 84px;..width: 50%;..opacity: 0;..visibility: hidden;.}...loaded .fitness-images-wrap {..opacity: 1;..visibility: visible;.}...fitness-images-wrap img {..display:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\main.d9eaf96a[1].css

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\pingjs[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with no line terminators

Size (bytes): 30

Entropy (8bit): 4.240223928941852

Encrypted: false

MD5: 212B45290EB3B781AE57D221510C9454

SHA1: 8946A3B83F116FE4A35AA2D7FCA13790460A0676

SHA-256: EDEBB1254A2DE280DBB795B3C16A42F108051A32B94B421EC8B14B6937C68E88

SHA-512: F7054E9771141AE0B819194692AE5CD4831AC5D606D05B85AA16CB1F1DCBF0D4181C029071239397281462C30114C420FD70AD52E6C6782D24F9504E9F83384D

Malicious: false

Reputation: low

IE Cache URL: https://whos.amung.us/pingjs/?k=tftfgaler1&t=Win%20a%20Brand%20New%202020%20Toyota%20Tundra%204WD&c=c&y=https%3A%2F%2Fl.facebook.com%2Fl.php%3Fu%3Dhttps%253A%252F%252Fpage.dagmaar.com%252Ftundra%252F%253Ffbclid%253DIwAR0ibFew8p_xPNe0PRhTlrDIVnOwzwLQrHRnimIhKKmR0VId6RXzV1BrzBg%26h%3DAT3Z5D1122EKedyHgzhaptwcCVWeJbxG4qUO6AUjkcO0py0i04KmGRi0WyVA15reYwbTjwud0UkxJ2CWc_Qjy8focTcMyoKDNRkyIlIlhO3WzNYdk1kOBEDdCL-SFmvLd6-TG4PP1NEvZR-Z-hdPJSoVdr2Ua7tTxf8pJhsQSppD7KEyP18ORHGo0l9GGC6_nwGx0I4oZGhJn3LT1gN__z4lB1Qj3zd3LS0g-9sB9v5jK07zIQjwrNTfpy8_HrVMMwK9w5os1Eqtz0Gc6_cTl3lgX2HccPhOeG2AC-TDAMewir3l9SnAw5EwqHlqWxDRZpSZ__g_SvK-xrwFNncoSRpOAqeOMZAw0p2GOvgV_ZQlUh8tqxCyyV2IN6bW8V1eJYb-8iUC3B9_5Ii560g82q13nQJr6g8bsGP7LALH3FCYbSK20DXzuiq2zRv1tObbo3y5UPPrgGT0HEw7EUTABmBDPPPdTJiSK6kc_C-A2AcuZkIjEQ7X11mYBck7FccJIdRnf1XewJPiYYWca4g-KcroI6AZNVmC_-8iNAL9Ee0iMXn5-YTTQMLNdSq_USwLkwUvQrmfJp1bV0FXN4m0B6vEaKIIFoIUsBylb3u6VZCLhETTOrkigLnj9K_fVoDBrahiQn4qL_gABg&a=0&d=1.841&v=22&r=6418

Preview:WAU_r_c('233','tftfgaler1',0);

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\pl[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 374

Entropy (8bit): 6.604390146102738

Encrypted: false

MD5: FAD0E96C20F20BE196499D26A6C74CD1

SHA1: E383EBA9AF578ACED6F5E9B896B7FBB4D7EF120C

SHA-256: 34F6A1822D880608E7124D2EA0E3DA4CD9B3A3B3B7D18171B61031CEDBE6E72F

SHA-512: E6F25C2C165341AB56241518B5CF574623370CA68A1865DEFBD681210C8ED02DC080C3F998018E8278399F4D9A711051BA66F06BC345C32CFD6272188DB30B83

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/img/flags/min/pl.png

Preview:.PNG........IHDR................n....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...#.........?l. [email protected]._.=.. .........##.?.....H..).......VF.j0.... .X.......?{.....?.............. Yi........I........_..!.~......_ 6......9...v.X.d<."T....00...H.3...pE....5.e........i`...AR.l._.? ..`#. [email protected].........\..].....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\registration[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators

Size (bytes): 28521

Entropy (8bit): 5.4391377982316635

Encrypted: false

MD5: 10B521884EAE2B927AA9495D932EFFA6

SHA1: DCD3657BBDB1D092E55AF9EF97FCC81F09613664

SHA-256: 1A85DCD4A074F00DA414F0597E39F7E4314AC97557521B34826D9D917038E5E1

SHA-512: E44A31B1351B03D1DEC8F6348589C2AEA647A5310EA38C7B4E7009CF8F168DCEAADB253D3E45B9582260C8B9086AD0598E0659BB4A134BC1794573377BE73C22

Malicious: false

Reputation: low

Preview:<!DOCTYPE html>.<html class="loader">.<head>.. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">. <title>spotdiets - Get Instant Access To The Best Workout Tools</title>. <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800" rel="stylesheet">. <link rel="stylesheet" type="text/css" href="/theme/Health/FitnessReg/css/subscriptions/theme-rev/bootstrap.14d4753b.css"/> <link rel="stylesheet" type="text/css" href="/theme/Health/FitnessReg/css/subscriptions/theme-rev/main.d9eaf96a.css"/> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js" defer></script>. <script src="https://code.jquery.com/jquery-3.2.1.min.js" crossorigin="anonymous" defer></script>. <script>window.jQuery || document.write('<script type="text/javascript" src="/theme/Health/FitnessReg/js/subscriptions/min-rev/jquery-3.2.1.min.ca7563da.js" defer="defer"><\/script>')</script>. <scr


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\sv[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 389

Entropy (8bit): 7.252491369668283

Encrypted: false

MD5: FEB548AEAC88795159E9ED7EC2690710

SHA1: CB3EF0069BF1D1E35F2BF65D385E3B8AD1F389EF

SHA-256: 6F96FC8F9F474E8B8A6A82ED9BB5E22E19C6C5921FD363BB903FA693DFB9447A

SHA-512: 650308B78B845F5FE531C91926F76BBB4A46D60B9E03C83C43CF716AEE6B9106AE7CCCD95E7D40BC3D1DB037FFD6A18A0ADE569CCED0B64BF6206A01A546DB34

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/img/flags/min/sv.png

Preview:.PNG........IHDR................n...LIDAT(.M.?j.q....4EDAQ...s.K++....`...2n#(..6.z.4..E....!....l.?.fM..0.|^3...`-.z......Q."Vu..&./....;KX..{..P....[.4.0..r.s).'GI#:....Z*..nm_..j.mC.O..k.5.....*...Z.j.....u..a.q'.w\q..........Q...H.bg.....F.I..s..{.M..}.l..../...K:.{.{M..Y.-..y.....V..R..gUdQ-..!.sf.6...UMo].l..n!.......EG.d.........}.&n........0...y.F.Q.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\wait1[1].htm



Size (bytes): 168

Entropy (8bit): 5.1783030022820125

Encrypted: false

MD5: 3F4076858B01AD0F415C0A92CC0839C7

SHA1: 3D506D86438317FD9859EC343287195FCA5B16E9

SHA-256: 9D94D417902C885B49EC296D0E93649E3B0C2E9345F27275C13DEFD468CB3D21

SHA-512: ADDB91010EEBC0A7C03E3148D42F39E47A458A50DB86BB998121A89488F0A14EEA0B9732A51EA9191ABFBB06E2EBAED301AB15625100024364BD24576675ACC0

Malicious: true

Yara Hits: Rule: JoeSecurity_Phisher_1, Description: Yara detected Phisher, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\wait1[1].htm, Author: Joe Security

Reputation: low

IE Cache URL: https://page.dagmaar.com/tundra/wait1.html

Preview:<meta http-equiv="refresh" content="2;URL='https://www.cpagrip.com/show.php?l=0&u=7420&id=7769'" /> ..<center>..<img src="https://i.imgur.com/pk1EcBw.gif"/>.. </center>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\zh[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 349

Entropy (8bit): 7.137947750580898

Encrypted: false

MD5: 0C6D1AD678DE1C3807A7C832A014466E

SHA1: 9D8239ECC96B38F374FA066EE45091ED14ADF200

SHA-256: 0242F535F7EE0CC26BD88CC9F807ECE4A6D70129303B902A232B38C58E66EF51

SHA-512: 20FC7A78CACED6826E8B1823DD3B3BBB12C8BD0D1044FB5CDB8991C2FFBCC44E927651C4F6E7727EA3B37C4E90896C6319B99673C49A24CDD866DC939A22353A

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/img/flags/min/zh.png

Preview:.PNG........IHDR................n...$IDAT(.].1JCa..'.b...S.../.G.....Zx......RA....BE....3.k......3...y.......>....4..PKW..^..N0...^l.....&.).$CJ.....`0....`.g..n.z....&...Y..h..2...../;.O..1.a.\.Y]...@|....:[email protected].&.d.%.M|H.!])...}_3i.'...@Fm(-)[...%.7@*.A.Y=.p.Y.)Ow....z.a.]y.u|s..........zd[...h....:.s0i.......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\bootstrap.bundle.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 70688

Entropy (8bit): 5.2891603354712045

Encrypted: false

MD5: CE2D7DF84B9758B467F225E1F6EFBC4F

SHA1: 7DFC4DEBE685E651A8025CFA4851A3EFB9285A3C

SHA-256: 06147E458CD63785F841D0C92047BAEBEDAF5CB50654F6E92E6BB9B34112A356

SHA-512: 7C8B36D0CAE4982FC2D58B4EC568C4BAF03A4CC037F77447CE3083E8804BB013273F82C2F2FBCCCBCD427DDAEB200852575896B7E7FC876257F272D3D365B6DD

Malicious: false


Reputation: low

IE Cache URL: https://page.dagmaar.com/tundra/css/bootstrap.bundle.min.js

Preview:/*!.. * Bootstrap v4.1.1 (https://getbootstrap.com/).. * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors).. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */..!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery")):"function"==typeof define&&define.amd?define(["exports","jquery"],e):e(t.bootstrap={},t.jQuery)}(this,function(t,e){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function c(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enumerable}))),e.forEach(function(t){var e,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\bootstrap.bundle.min[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\de[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 364

Entropy (8bit): 7.262009674895804

Encrypted: false

MD5: DD6833F4D45B73BB67785C3235C9EA5C

SHA1: 1A1147EA7A1D9767F9B2BDB3640152A9014C660A

SHA-256: 21F38AE028ADB9455C66A185775D4EA208ADD60AAE4E4F2376F57227A48756A7

SHA-512: E1EF5033F68A786DBD4E27031D0F7112222273476EFCFCCB92788091154708DE858193DDABC80128562F18B5E288DC304EDEFB56A4D78439145EE41DF3F349B2

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/img/flags/min/de.png

Preview:.PNG........IHDR................n...3IDAT([email protected])Ab.(At+A.=...\.)..... ...c..d.....8....n.....0Js...DN..Zv.gT>.Y3[..C..|Q....{..?>....D..7.....mNX....gw.I.V$(e....0...<i.mTC$....\..\p...+m#.P.3.O4...=0...,|:...k./F.....[......n..#..sW.-E.z.d.P.^w.....g..pe...s.mY3z.-.I..4.P..WW=I...Qhd.m. ZN...S7.\..9..j.?...39.1.I..........8 .a........IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\en[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 545

Entropy (8bit): 7.404877085819139

Encrypted: false

MD5: 83E5633F13D8EED97AAAD89C42BDA148

SHA1: F98EBC926C3BDBDCB58AD2854AAA533226FABAAE

SHA-256: E6CF87F6B6F6C3CD542A6156D69257C1DBA10B58FA034D291BCF83B1713938E9

SHA-512: 4AB98F1786623E49D4E7950848780F10FB38539181A16B26AF8C0B0970E0EA0B059A2290D651783645C9CC469F643C40FDAB55CD7805E533A24C2AF301DF2B81

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/img/flags/min/en.png

Preview:.PNG........IHDR................n....IDAT(.c.4s..o...Ki.....n.}.6.qMB....#m.m...s....eX............E.n._....?..._+.1i....N.x.......6]`Hj9....K..?.....m..........tI./..|.....$i2..a.u..>.w.OS.........b.f.............Nd.:...4......M......k.k.O.....?>..d.....R.........ZZ~71....U[.g.[.....lm..Y@...........?'..`....3.|T.+W.....gr<H...o}C...O.....*!=+$a=.p6.y...A!..CWWL.1 ..../Mm........../.b...c.Lg........W.=p...`^.a....x..r...ox..............%.U..LqIv.\$.3.Gc2....^.J[......A..A..A8W..w.uW.<.<Lh.........IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\es[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 344

Entropy (8bit): 7.196382345881687

Encrypted: false

MD5: 029B93B89BB93E4DEC432ACB2AA95499

SHA1: 53822CA2AA8828B3DCE57D9FBE8C025CDCE3F1AC

SHA-256: D0326C79A8E173153873AA2B31581B54AEBC0BCBF4AB2D55807F5D84098D523B

SHA-512: 0AE76D13635D74BE74587A3585B4DE88E15D3D35326149B7BB70E34A9273A14CCA091C3A2EBBF45CE8867A6B8A65FA5521568AFC97962180778FE7974D70AA27

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/img/flags/min/es.png

Preview:.PNG........IHDR................n....IDAT(.}..N\Q...s..B%...H.....Y..+L&.cx.lUU-.gT+.0...g.,..:....%.^b.".&...*[email protected].!.......ww-..._D.!.....j.Y9<Lh.T...w./.....K&U..&.b.L....\y..M.z.Xwu...U........o/_'....y..n<...\.....Ir=..~n.Q.a.*.L.L.......u}.}.~[.Zm...K.N.`tu...C-C'.{.G9>.O.mBc........b.;=...H(..G......v.J.8.......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\fr[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 369

Entropy (8bit): 7.2730701627554035

Encrypted: false


MD5: 77723DB0C670FE456D47C49B1EDDA010

SHA1: B958D026F0D196C538600E85A2D05CE1FB9F5CD8

SHA-256: 3F414502D6C48E571DD4BAF8BFBDF6FB5DABDD791CF6C789A0264806B314CA58

SHA-512: 43B5B46C3362FFABAA1A4E121AE3EBA65066BCCAE16985EAAF0C3E957DA69B4624BAC48F1EB64AEC6859C8791943AD4BB67523F085EDBB72B5C7C92F79926F49

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/img/flags/min/fr.png

Preview:.PNG........IHDR................n...8IDAT..m.=.TA...[..`.'Q.....n..Xp#&&.".&2..i. fFN7U_.......w7........H...z.;p.......O..s<>H. ..$.>~........6._.%...t.......]35.....#...Tz.IZk..$...^3U.6.%K........9S.ZU.[..H^.......u.m.9..U.4..Me.I.........U.l.(.....$.|....Z.2..A.&....3\^.Q..s...W..do...q.....&..-....O.n.....W.Zc.TUc.._.. `....{f..H.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\fr[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\img2[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 29539

Entropy (8bit): 7.981707864111388

Encrypted: false

MD5: F2E08A24CECDA906D995CE24BA4A908E

SHA1: 255E14DE7A7CDFDA96C776B9DF303C3E59C675D7

SHA-256: C3EF58A649DAA83E33DBE0E0B8B6D5A500B9B11E8F81B8A17317F10E674FBA2D

SHA-512: E1019A0E9C605743FFB7DCA7E4662DC9D9182B19205A5B2B280486069871543AD3F501BB8CEF4413AB83DA17D178227EDFB6BC0D843B833A026E36FF6CF59BC0

Malicious: false

Reputation: low


Preview:.PNG........IHDR...].........{&......gAMA......a.....sRGB.........tEXtSoftware.Adobe ImageReadyq.e<....PLTE......Liq..............................*)*...B=>.........xd`............................................................"...........'.....,..........."..&..).........../.....5".2 ....%.....)..... .....E,"O2(+..<&....P5+8#....$!!......K1'$..A)..........W:1T8.aA7T5+<)"8%.H.$fD9E1)lH=|SB..x1" 5&$A+"]>4...yP?kE8'&'.YH8*(A.'.\K..|/...`OZD=....WE.YI|VG....eSuM<..osNA..qpL@.|l-,-I5-._Pa>2..];0.TC- .S>8..wwRD.dTfB6pJ:..N:3...iX.ud..t.....z...[N....~sZ=3...wg...o[..Z9/`LF<.,W7-.r`.zh.le.kW.fY.m]..[HD.`L..{......jZ.n_..dQLeH?...nRK..t<:;..l.....|f~`XQA?...eO...\H....re...phJ;[email protected]^oXR.........wa..-'&.yms^[email protected]]x[S...iMF..z....|.fRyda...HEF.tphUS...zr\Y[....um....jg...PLM.{}wWMhcd...spq..............................i..y4).h>q....tRNS.............._..O.o.#.M.. .IDATx..Oh#.........B.$[R[.[AS.,.}i\}i.J.......a...,.6..`.9...!..X..$7%.E.$.6.e.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\img5[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 443

Entropy (8bit): 7.054690541169671

Encrypted: false

MD5: 2816C03032DAAD377EB076FD6C6DB0E4

SHA1: C955122CB0100C71A675BB182E3815A0F130FAFF

SHA-256: 9E6B7E95D008722AF0B172A41786BDF0CBA6BB1DC8DFDF60F8FE3EE281895FDE

SHA-512: A75CCE9EDEC0FADF4D5BA17772DCA2133E945D9958A08D669D1657C3E87BC7DA3656E4E03BE57C26E5A1DD15782DFEDFD0309DC36A89FECD6E3BDC207B602A42

Malicious: false

Reputation: low


Preview:.PNG........IHDR...$.........#.......gAMA......a.....sRGB.........tEXtSoftware.Adobe ImageReadyq.e<...fPLTE..l..gD:&..l.a.[Liq.V.uAo]5...'$...FSF+o]5..Q.\..g.uA6/!RE+.[.V.V..g.aD:&..KaR0.a..K`Q0}i;..F.{......tRNS.......R62.[.....IDAT(.....0.D.a.I............[.`[email protected])..0.;[email protected].....{O....^@.}."7D..u..G............,..J@..|J7b..I.`^.(...P.......?..}`.Z?.=.....3.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\it[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 420

Entropy (8bit): 6.603113117388936

Encrypted: false

MD5: 784F7EB333F0591558BCCE9616A3C105

SHA1: C786C15B1B86629C1BBB6AC12BE5FBA39181DEC0

SHA-256: C7992F57D67156F994A38C6BB4EC72FA57601A284558DB5E065C02DC36EE9D8C

SHA-512: 0F3FEAA63385520F2565C7AED0D6D7A0B6F66B78FB6C8845A026199C375707911822B93534033C15F0F517677C1E9A400263C1B6022794401CBF8D7367639B6D

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/img/flags/min/it.png

Preview:.PNG........IHDR................n....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...6IDATx.bd........10.ax....*.RU.... ..ba..P.Z.R....IJJ........bb....... .e.&..ba`[email protected][email protected]..@.`.....5.............B.1....b..b.z.h....%..(....@ [email protected]`.. [email protected].....>[email protected]...?.. o....B.FFF.8PR.).#...........([email protected]`.


C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\ja[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 420

Entropy (8bit): 6.8687287667848596

Encrypted: false

MD5: 10958397BC7C25C746E6E122365C003C

SHA1: 3C5B175471D77C6E813A140C6859BCA53952D9D3

SHA-256: 5EFCE88AC7228EA159BCF7FD1CC56D73C19428394218706524BAC0E9151D4C61

SHA-512: DE6380D995A3F7BA70E05112332A4BA72F88AC2AA2F502A308D3F979197DC0A75C9822012B491C7F2F95519571AD6CA15B757B10A05CB95DC7006B0BDE650EA3

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/img/flags/min/ja.png

Preview:.PNG........IHDR................n....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...6IDATx.b...+.......Df.........(....$..........SH.......S.......#....of.........h.@....^..............?}.?9....B..b...$.........../([email protected]...`.......Y.T..@,@...g......V...h..,)).....*.. &[email protected]........... ....:...sq........L...@[email protected].}.......e@.....?B......@ ..{..H... .....&.l..=....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\jquery-3.2.1.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 86659

Entropy (8bit): 5.36781915816204

Encrypted: false

MD5: C9F5AEECA3AD37BF2AA006139B935F0A

SHA1: 1055018C28AB41087EF9CCEFE411606893DABEA2

SHA-256: 87083882CC6015984EB0411A99D3981817F5DC5C90BA24F0940420C5548D82DE

SHA-512: DCFF2B5C2B8625D3593A7531FF4DDCD633939CC9F7ACFEB79C18A9E6038FDAA99487960075502F159D44F902D965B0B5AED32B41BFA66A1DC07D85B5D5152B58

Malicious: false

Reputation: low

IE Cache URL: https://code.jquery.com/jquery-3.2.1.min.js

Preview:/*! jQuery v3.2.1 | (c) JS Foundation and other contributors | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\jquery.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 86927

Entropy (8bit): 5.289249727087309

Encrypted: false

MD5: A46FB81762396B7BF2020774A2FB4D9E

SHA1: FB5EDD7A663DC8DDA7EC10815A7CD82A30FC98A7

SHA-256: D30B6114FB9496AE46B2A8CDF59379C8FFDB957534BD1DD73E626C7C61C7E67D

SHA-512: 40759595B05808DD911075918BDCC32FB91362019BDFCA24827043B8E54116E6EBE7362050EC72182B66481F1DC8D4EC4C8942C984FD597659313D71AD60DC33

Malicious: false

Reputation: low

IE Cache URL: https://page.dagmaar.com/tundra/css/jquery.min.js

Preview:/*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */..!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t||r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[c.call(e)]||"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\nl[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 310

Entropy (8bit): 7.061834083172866

Encrypted: false

MD5: CC26AC6AD68E968750752C0CDE0D6892

SHA1: DD4896BE40309671612C6DEEE312DA6FAB236CED

SHA-256: E188F98C3D1C722D93CF24BB7C2561584A6FC3EA2D1AB35A7FD52B3BBB2188CD


SHA-512: E419973DDBB45E15A1D88AAB2F1EA817B1DB19D9C4FCCDDB4B81C180F6EC667051DF6F1F8B17B4064EB6A2DB1A803CB4ABE9227522FB71AAB8C51F5DB8F79B9C

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/img/flags/min/nl.png

Preview:.PNG........IHDR................n....IDAT(.}..*.a...OR.$...\..2..025t....$18EG..~.>.....i..j..K..N...s..aA..1...C.j.......=@.."T)...t.zz.z..10`.(..X.@..)T..0....4....t:[email protected].*....M...........>_..]r.{..N/.4...*.8.......r....H.-./[email protected]......$js........IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\nl[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\no[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 397

Entropy (8bit): 7.302234244872349

Encrypted: false

MD5: 37DE62B530E99E86F8786099B2DCA8C3

SHA1: F505131AD7B0E731B2B31AD9308D5CD4EE622A9C

SHA-256: F59E4CF0FA6EE21A54BA82946499F611B0333A1FC15E55590567A812D464B6FB

SHA-512: 743A8D4BDAFBA4C9D95DDC71004715CBE11188EFF738E5FB7372602BF426C7847E6E9CDF9F6E48AFF2851D0BFB9FEC23C1983F4D0C7D859E058C46FD702F4ACD

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/img/flags/min/no.png

Preview:.PNG........IHDR................n...TIDAT(.uQ=K.A..=....-...m,..F.O.Y.`'Z(v./P...X..!.B....3FP.",..w....,tX......./f.s..._W.}...J....0.lqr,..g.ukm.........I0.V;O..^.... 2...a...-'P...k6G.0(,[email protected][....;....)y&..|(. E.d....^."bY...]..n.....{.......s....`}..vl..8j#B.......&...Um1.w...T.>H..j.*..j.dfJ.....u.&...(...y...p..b.fp..X..x....%~...Z..4*n....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\pt[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 407

Entropy (8bit): 7.291217478642379

Encrypted: false

MD5: 215E6C09FF86C0A60C97FF966C4BBD82

SHA1: AA22D321174EC605630B69CCD65373C3ED619C71

SHA-256: 2AF22923899EEA4A4997481BAE73840AB2F4294798B85509F3CB63C05FE68E2C

SHA-512: 55DCC042B98E846B9DE030A0539196C94100EA66979D5F15EF62D68487A853BF690AAF1C219E9B8A59527526059A71B7550F3E8BAB91B7BC6107B81AFEC7C289

Malicious: false

Reputation: low

IE Cache URL: https://spotdiets.com/img/flags/min/pt.png

Preview:.PNG........IHDR................n...^IDAT(.m.1k.a.....mR+.B:.!..".....:.t. ..3v)[email protected]..:$.K...3.;..O.)[email protected]..,.f0....H....Zu.8....q.%-...d...O.t6..{u..'...v.`[email protected]>..\[email protected].}..G~..p....7K.-.C6d........w9yrr....wv>Y.]lCJI.....[|...M....c.[.KA....*......E.+..+............0...............FvC.z&....IEND.B`.



File Type: HTML document, ASCII text, with CRLF line terminators

Size (bytes): 629

Entropy (8bit): 5.487124080188551

Encrypted: false

MD5: 0F1B548A8832C0AE06DC904BA2DEF90B

SHA1: C4FB122ACAA0FCDDF018C00F49E0F7EF20BD6AF1

SHA-256: 4BF82AF36C8F96949F78949289ED3D4D40157C458C09BF4CFF56F69703C23A3A

SHA-512: FCF04BA79F6915C6CF27F63EB67B025CD06FC58D7D1512BCCA18E051B0900BC10C40B2B419C52A0FDACD4E3A955892F5BDCCD3063CE3E5E96512A4BDDF5A26BB

Malicious: true

Yara Hits: Rule: JoeSecurity_Phisher_1, Description: Yara detected Phisher, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\show[1].htm, Author: Joe SecurityRule: JoeSecurity_HtmlPhish_9, Description: Yara detected HtmlPhish_9, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\show[1].htm, Author: Joe Security

Reputation: low

IE Cache URL: https://www.cpagrip.com/show.php?l=0&u=7420&id=7769

Preview:<html>...<head>....<title>Loading Offer..</title>.......<meta http-equiv="refresh" content="0;url=https://unlocklink.com/redirect/action/1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi?uc=1016191004&tsid=7420" />.....<script type="text/javascript">......window.location.href = 'https://unlocklink.com/redirect/action/1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi?uc=1016191004&tsid=7420';.....</script>.....</head>...<body>......<noscript><center>Auto-Redirect failed, Please <a href="https://unlocklink.com/redirect/action/1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi?uc=1016191004&tsid=7420">Click Here</a> to continue.</center></noscript>...</body>..</html>


C:\Users\user\AppData\Local\Temp\~DF3221657AE6454236.TMPProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: data

Size (bytes): 25441

Entropy (8bit): 0.2879935234493843

Encrypted: false

MD5: 242AF7E5E246AE90237288D6DF062392

SHA1: 7E0DDC41DF56C93D832A6034D6082D213641AAC8

SHA-256: 07897F0E6213FD6FCC99B1121EB116EBA021628FC79B50080AF7A9D6C8A67A7B

SHA-512: EA3D3BED4DE6E74ADC6821D791B3CD53C401AD06F4E6B933E833E84902E7C8BC968F7EEB284FAA9EB70159D3BA662E608689BADC7AC90D7B2EFD0816B0279A33

Malicious: false

Reputation: low

Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF7ACBE8CBF521B15D.TMPProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: data

Size (bytes): 85807

Entropy (8bit): 1.6489256987138232

Encrypted: false

MD5: DC52BB9EBB00630B290EE16C02A47885

SHA1: 3378CAC9A360079F09EB06A5643B340260FED1D6

SHA-256: E0E5925850B1F0F1F84945A1A5B1C835C3100AB8227352D7AA491CC4E9B3247E

SHA-512: 7448280872D651907EB9CA6B22C41F82E14E5025B8E43380727839BBE9F40D0A1E108020E5F08715408B16BCB24B93E6C21D7B7405CD5E299172F4A0E43499BC

Malicious: false

Reputation: low

Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF8FB6BD296836E842.TMPProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: data

Size (bytes): 13029

Entropy (8bit): 0.4821675208773517

Encrypted: false

MD5: 50718A16F986EF2450F6E78AE4837ABA

SHA1: 97B1E5238BDAA3E24FACD3A4AFAF677FB9142D62

SHA-256: 57C44A08BC94F9E2C735F56C24EEE148066FA2ED42D8635A0DA30EB05354A0D6

SHA-512: 60544313ECB87B7B33CCFF8EAAED487DACA774C361D46E7E1065D42FDEA26F9F5ECB16E940DBCB0A5D958A9F542FC2A9D7DF7A7DBC3474575727125DF7F52005

Malicious: false

Reputation: low

Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Name IP Active Malicious Antivirus Detection Reputation

unlocklink.com 104.27.191.231 true false 0%, Virustotal, Browse unknown

www.exclusiveyouroffers.com 104.24.126.214 true false 0%, Virustotal, Browse unknown

cdnjs.cloudflare.com 104.16.132.229 true false high

whos.amung.us 67.202.94.94 true false high

routeserve.info 104.18.222.81 true false 0%, Virustotal, Browse unknown

z-m.c10r.facebook.com 31.13.92.37 true false high

Domains and IPs

Contacted Domains


https://www.virustotal.com/url/a0ef5c967566960788617533c900088d9a73f39b8571d371bd854b73c6b72ebb/analysis/1587958489/

https://www.virustotal.com/url/efb64dd6f92cc29e8c9f3299c3b63f25ce9979be20891de41ba9e137c475db2f/analysis/1573734246/

https://www.virustotal.com/url/0509f689149f73c2449e86a0f1f40c8b4a557d039313cf523c8985f184a3663b/analysis/1589324195/

www.cpagrip.com 104.26.3.51 true false high

page.dagmaar.com 162.213.251.209 true false 0%, Virustotal, Browse unknown

widgets.amung.us 50.23.131.235 true false high

spotdiets.com 104.18.171.73 true false 0%, Virustotal, Browse low

ipv4.imgur.map.fastly.net 151.101.12.193 true false 0%, Virustotal, Browse low

l.facebook.com unknown unknown false high

maxcdn.bootstrapcdn.com unknown unknown false high

code.jquery.com unknown unknown false high

i.imgur.com unknown unknown false high

Name IP Active Malicious Antivirus Detection Reputation

Name Malicious Antivirus Detection Reputation

routeserve.info/fit?affid=2162rtty146&page=f-2-fitness&clickid=6dc7a59fe2dd4a30b403ef5409309466&pubid=9-1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi%3A%3A7420-

false Avira URL Cloud: safe unknown

Name Source Malicious Antivirus Detection Reputation

https://page.dagmaar.com/tundra/wait.htmlRhttps://page.dagmaar.com/tundra/wait.html

~DF7ACBE8CBF521B15D.TMP.1.dr false Avira URL Cloud: safe unknown

https://github.com/BlackrockDigital/startbootstrap-heroic-features/blob/master/LICENSE)

heroic-features[1].css.2.dr false high

www.nytimes.com/ msapplication.xml3.1.dr false high

https://page.dagmaar.com/tundra/wait.html ~DF7ACBE8CBF521B15D.TMP.1.dr false Avira URL Cloud: safe unknown

https://page.dagmaRoot {921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr


https://page.dagmaar.com/tundra/wait1.htmlTht/redirect/action/1Ind2My0uJSRhZzar.com/tundra/wait1.htm

{921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr


https://page.dagmaar.com/tundra/wait1.htmlThtRoot {921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr


https://unlocklink.com/redirect/action/1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi?uc=1016191004&tsid=7420

show[1].htm.2.dr false Avira URL Cloud: safe unknown

https://static.hotjar.com/c/hotjar- gtm[1].js.2.dr false high

www.amazon.com/ msapplication.xml.1.dr false high

https://page.dagmaar.c {921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr


https://page.dagmaar.com/tundra/?fbclid=IwAR0ibFeRoot



https://getbootstrap.com/) bootstrap.bundle.min[1].js.2.dr, bootstrap.min[1].css.2.dr

false high

www.twitter.com/ msapplication.xml5.1.dr false high

https://i.imgur.com/d17hczI.jpg tundra[1].htm.2.dr false high

https://page.dagmaar.com/tundra/?fbclid=IwAR0ibFettps://page.dagmaar.com/tundra/?fbclid=IwAR0ibFew8p



https://spotdiets.com/img/assets/favicon.ico~ imagestore.dat.2.dr false Avira URL Cloud: safe low

https://unlocklink.com {921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr

false 0%, Virustotal, BrowseAvira URL Cloud: safe

unknown

https://startbootstrap.com/template-overviews/heroic-features)

heroic-features[1].css.2.dr false high

https://www.exclusiveyouroffers.com/DFBHL/2CTPL/?uid=44&sub2=18051831_19_0_16dc_684671_af0_206_5ec2b

1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi[1].htm.2.dr


https://page.dagmaar.com/tundra/wait1.htmlThtregistration?theme=f-2-fitness&var.com/tundra/wait1.htm



https://github.com/twbs/bootstrap/graphs/contributors) bootstrap.bundle.min[1].js.2.dr false high

https://page.dagmaar.com/tundra/wait1.htmlThtm/show.php?l=0&u=7420&id=7769Root



https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

registration[1].htm.2.dr false high

https://code.jquery.com/jquery-3.2.1.min.js registration[1].htm.2.dr false high

https://getbootstrap.com) bootstrap.14d4753b[1].css.2.dr, bootstrap.min[1].js.2.dr

false URL Reputation: safe low

Contacted URLs

URLs from Memory and Binaries


https://www.virustotal.com/url/67804dfb2f088359b7238796f669c720942a1f2118e179d5594d2bbafd7bf0c5/analysis/1586969957/

https://www.virustotal.com/url/d4535dc4bbafc94cd826374f00043d928645bcebe2962ac0b0dd848eff5dee92/analysis/1572265870/

https://www.virustotal.com/url/79dab10c23399200facf3b1772cd231e39f4e6612b1cb43adb307f111797a7e8/analysis/1589355091/

https://www.virustotal.com/url/2a5e2e6f047614992e28beac34ae7060b6e2d5bd6fa17f44854ec7b07bad1e3f/analysis/1589599862/

https://page.dagmaar.com/tundra/wait1.htmlThttps://page.dagmaar.com/tundra/wait1.html

~DF7ACBE8CBF521B15D.TMP.1.dr false Avira URL Cloud: safe unknown

https://www.cpagrip.co {921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr


https://www.cpagrip.com/show.php?l=0&u=7420&id=7769

~DF7ACBE8CBF521B15D.TMP.1.dr, wait1[1].htm.2.dr

false high

www.youtube.com/ msapplication.xml7.1.dr false high

https://page.dagmaar.com/tundra/wait1.html ~DF7ACBE8CBF521B15D.TMP.1.dr false Avira URL Cloud: safe unknown

https://spotdiets.com/registration?theme=f-2-fitness&v_id=bd5da739-77ef-3160-f695-b0599716f68d&page=

~DF7ACBE8CBF521B15D.TMP.1.dr, {921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr

false Avira URL Cloud: safe low

https://i.imgur.com/pk1EcBw.gif wait1[1].htm.2.dr false high

https://github.com/krux/postscribe/blob/master/LICENSE.gtm[1].js.2.dr false high

https://github.com/twbs/bootstrap/blob/master/LICENSE) bootstrap.bundle.min[1].js.2.dr, bootstrap.14d4753b[1].css.2.dr

false high

www.wikipedia.com/ msapplication.xml6.1.dr false 0%, Virustotal, BrowseURL Reputation: safe

low

www.live.com/ msapplication.xml2.1.dr false high

opensource.org/licenses/MIT). popper.min[1].js.2.dr false high

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

registration[1].htm.2.dr false high

www.reddit.com/ msapplication.xml4.1.dr false high

https://page.dagmaar.com/tundra/wait1.htmlThtar.com/tundra/wait1.html



https://spotdiets.com/ {921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr

false 0%, Virustotal, BrowseAvira URL Cloud: safe

low

https://page.dagmaar.com/tundra/?fbclid=IwAR0ibFem/tundra/wait.html



Name Source Malicious Antivirus Detection Reputation

No. of IPs < 25%

25% < No. of IPs < 50%

50% < No. of IPs < 75%

75% < No. of IPs

IP Country Flag ASN ASN Name Malicious

50.23.131.235 United States 36351 unknown false

31.13.92.37 Ireland 32934 unknown false



Contacted IPs

Public


https://www.virustotal.com/url/fcf59eb699472e40619d5d35de48bf5885241f377445e30b95e1ebdea1c76205/analysis/1588155749/

https://www.virustotal.com/url/cc557b3e13235418396cfc5e3d5190bc9da12c26a1ec50f66da6aaa2fc00cb80/analysis/1530829470/

Static File Info

No static file info

Network Port Distribution

Total Packets: 89

• 53 (DNS)

• 443 (HTTPS)








IP Country Flag ASN ASN Name Malicious

Network Behavior

Timestamp Source Port Dest Port Source IP Dest IP

May 18, 2020 19:00:56.698769093 CEST 49744 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.699970961 CEST 49745 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.716296911 CEST 443 49744 31.13.92.37 192.168.2.5

May 18, 2020 19:00:56.716543913 CEST 49744 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.717619896 CEST 443 49745 31.13.92.37 192.168.2.5

May 18, 2020 19:00:56.717736006 CEST 49745 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.730534077 CEST 49744 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.730575085 CEST 49745 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.748023987 CEST 443 49744 31.13.92.37 192.168.2.5

May 18, 2020 19:00:56.748214006 CEST 443 49745 31.13.92.37 192.168.2.5

May 18, 2020 19:00:56.748795033 CEST 443 49744 31.13.92.37 192.168.2.5

May 18, 2020 19:00:56.748816967 CEST 443 49744 31.13.92.37 192.168.2.5

May 18, 2020 19:00:56.748830080 CEST 443 49744 31.13.92.37 192.168.2.5

May 18, 2020 19:00:56.748934031 CEST 49744 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.749072075 CEST 443 49745 31.13.92.37 192.168.2.5

May 18, 2020 19:00:56.749104023 CEST 443 49745 31.13.92.37 192.168.2.5

May 18, 2020 19:00:56.749130011 CEST 443 49745 31.13.92.37 192.168.2.5

May 18, 2020 19:00:56.749191999 CEST 49745 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.749305964 CEST 49745 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.798038960 CEST 49745 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.802212000 CEST 49744 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.810204029 CEST 49745 443 192.168.2.5 31.13.92.37

TCP Packets


May 18, 2020 19:00:56.810750008 CEST 49744 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.810920954 CEST 49745 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.816154003 CEST 443 49745 31.13.92.37 192.168.2.5

May 18, 2020 19:00:56.816216946 CEST 443 49745 31.13.92.37 192.168.2.5

May 18, 2020 19:00:56.816364050 CEST 49745 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.817723989 CEST 49745 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.819885969 CEST 443 49744 31.13.92.37 192.168.2.5

May 18, 2020 19:00:56.819971085 CEST 443 49744 31.13.92.37 192.168.2.5

May 18, 2020 19:00:56.820036888 CEST 49744 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.820123911 CEST 49744 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.822103977 CEST 49744 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.827945948 CEST 443 49745 31.13.92.37 192.168.2.5

May 18, 2020 19:00:56.828142881 CEST 49745 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.828205109 CEST 443 49744 31.13.92.37 192.168.2.5

May 18, 2020 19:00:56.828329086 CEST 49744 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.828871965 CEST 443 49745 31.13.92.37 192.168.2.5

May 18, 2020 19:00:56.829039097 CEST 49745 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.867152929 CEST 443 49745 31.13.92.37 192.168.2.5

May 18, 2020 19:00:56.867296934 CEST 49745 443 192.168.2.5 31.13.92.37

May 18, 2020 19:00:56.881292105 CEST 443 49744 31.13.92.37 192.168.2.5

May 18, 2020 19:00:57.358274937 CEST 49747 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:57.359458923 CEST 49746 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:57.536346912 CEST 443 49747 162.213.251.209 192.168.2.5

May 18, 2020 19:00:57.536545992 CEST 49747 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:57.539290905 CEST 443 49746 162.213.251.209 192.168.2.5

May 18, 2020 19:00:57.542825937 CEST 49746 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:57.568377018 CEST 49746 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:57.569494009 CEST 49747 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:57.746613026 CEST 443 49747 162.213.251.209 192.168.2.5

May 18, 2020 19:00:57.746637106 CEST 443 49747 162.213.251.209 192.168.2.5

May 18, 2020 19:00:57.746645927 CEST 443 49747 162.213.251.209 192.168.2.5

May 18, 2020 19:00:57.746654987 CEST 443 49747 162.213.251.209 192.168.2.5

May 18, 2020 19:00:57.746823072 CEST 49747 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:57.748781919 CEST 443 49747 162.213.251.209 192.168.2.5

May 18, 2020 19:00:57.748887062 CEST 49747 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:57.749747038 CEST 443 49746 162.213.251.209 192.168.2.5

May 18, 2020 19:00:57.749799967 CEST 443 49746 162.213.251.209 192.168.2.5

May 18, 2020 19:00:57.749814987 CEST 443 49746 162.213.251.209 192.168.2.5

May 18, 2020 19:00:57.749840975 CEST 49746 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:57.749875069 CEST 443 49746 162.213.251.209 192.168.2.5

May 18, 2020 19:00:57.749907970 CEST 49746 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:57.749999046 CEST 49746 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:57.751029015 CEST 443 49746 162.213.251.209 192.168.2.5

May 18, 2020 19:00:57.751105070 CEST 49746 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:57.855838060 CEST 49747 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:57.856568098 CEST 49747 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:57.857006073 CEST 49747 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:57.862418890 CEST 49746 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:57.863055944 CEST 49746 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:58.033832073 CEST 443 49747 162.213.251.209 192.168.2.5

May 18, 2020 19:00:58.033945084 CEST 49747 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:58.034128904 CEST 443 49747 162.213.251.209 192.168.2.5

May 18, 2020 19:00:58.034205914 CEST 49747 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:58.035177946 CEST 49747 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:58.039412975 CEST 443 49747 162.213.251.209 192.168.2.5

May 18, 2020 19:00:58.039582014 CEST 49747 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:58.041568041 CEST 443 49746 162.213.251.209 192.168.2.5

May 18, 2020 19:00:58.041708946 CEST 49746 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:58.041877031 CEST 443 49746 162.213.251.209 192.168.2.5

May 18, 2020 19:00:58.041991949 CEST 49746 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:58.047224045 CEST 49746 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:58.049676895 CEST 49747 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:58.051670074 CEST 49747 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:58.063723087 CEST 49747 443 192.168.2.5 162.213.251.209



May 18, 2020 19:00:58.063993931 CEST 49747 443 192.168.2.5 162.213.251.209

May 18, 2020 19:00:58.122407913 CEST 49748 443 192.168.2.5 151.101.12.193

May 18, 2020 19:00:58.124073029 CEST 49749 443 192.168.2.5 151.101.12.193

May 18, 2020 19:00:58.143219948 CEST 443 49748 151.101.12.193 192.168.2.5

May 18, 2020 19:00:58.143413067 CEST 49748 443 192.168.2.5 151.101.12.193

May 18, 2020 19:00:58.144175053 CEST 49748 443 192.168.2.5 151.101.12.193

May 18, 2020 19:00:58.144478083 CEST 443 49749 151.101.12.193 192.168.2.5

May 18, 2020 19:00:58.144601107 CEST 49749 443 192.168.2.5 151.101.12.193

May 18, 2020 19:00:58.145534992 CEST 49749 443 192.168.2.5 151.101.12.193

May 18, 2020 19:00:58.164697886 CEST 443 49748 151.101.12.193 192.168.2.5

May 18, 2020 19:00:58.165896893 CEST 443 49749 151.101.12.193 192.168.2.5

May 18, 2020 19:00:58.166069984 CEST 443 49748 151.101.12.193 192.168.2.5

May 18, 2020 19:00:58.166100979 CEST 443 49748 151.101.12.193 192.168.2.5

May 18, 2020 19:00:58.166126013 CEST 443 49748 151.101.12.193 192.168.2.5



May 18, 2020 19:00:55.264405012 CEST 56104 53 192.168.2.5 8.8.8.8

May 18, 2020 19:00:55.297919035 CEST 53 56104 8.8.8.8 192.168.2.5

May 18, 2020 19:00:56.646878004 CEST 62623 53 192.168.2.5 8.8.8.8

May 18, 2020 19:00:56.683629036 CEST 53 62623 8.8.8.8 192.168.2.5

May 18, 2020 19:00:57.193551064 CEST 59949 53 192.168.2.5 8.8.8.8

May 18, 2020 19:00:57.349813938 CEST 53 59949 8.8.8.8 192.168.2.5

May 18, 2020 19:00:58.070395947 CEST 61115 53 192.168.2.5 8.8.8.8

May 18, 2020 19:00:58.119961977 CEST 53 61115 8.8.8.8 192.168.2.5

May 18, 2020 19:00:58.977972984 CEST 57276 53 192.168.2.5 8.8.8.8

May 18, 2020 19:00:59.013902903 CEST 53 57276 8.8.8.8 192.168.2.5

May 18, 2020 19:00:59.790981054 CEST 54857 53 192.168.2.5 8.8.8.8

May 18, 2020 19:00:59.824680090 CEST 53 54857 8.8.8.8 192.168.2.5

May 18, 2020 19:01:03.272253990 CEST 55750 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:03.308784962 CEST 53 55750 8.8.8.8 192.168.2.5

May 18, 2020 19:01:14.425446033 CEST 50153 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:14.570280075 CEST 53 50153 8.8.8.8 192.168.2.5

May 18, 2020 19:01:22.938826084 CEST 51561 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:22.982498884 CEST 53 51561 8.8.8.8 192.168.2.5

May 18, 2020 19:01:23.616693974 CEST 65129 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:23.652899981 CEST 53 65129 8.8.8.8 192.168.2.5

May 18, 2020 19:01:24.032777071 CEST 52656 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:24.058211088 CEST 53 52656 8.8.8.8 192.168.2.5

May 18, 2020 19:01:24.068845987 CEST 63177 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:24.107284069 CEST 53 63177 8.8.8.8 192.168.2.5

May 18, 2020 19:01:24.750864029 CEST 56380 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:24.797308922 CEST 53 56380 8.8.8.8 192.168.2.5

May 18, 2020 19:01:25.004285097 CEST 62481 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:25.043401003 CEST 53 62481 8.8.8.8 192.168.2.5

May 18, 2020 19:01:25.289129019 CEST 57208 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:25.314541101 CEST 53 57208 8.8.8.8 192.168.2.5

May 18, 2020 19:01:25.377485037 CEST 50600 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:25.388895035 CEST 63741 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:25.395987988 CEST 62828 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:25.411294937 CEST 53 50600 8.8.8.8 192.168.2.5

May 18, 2020 19:01:25.417443037 CEST 59454 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:25.421360970 CEST 53 62828 8.8.8.8 192.168.2.5

May 18, 2020 19:01:25.422580957 CEST 53 63741 8.8.8.8 192.168.2.5

May 18, 2020 19:01:25.442765951 CEST 53 59454 8.8.8.8 192.168.2.5

May 18, 2020 19:01:25.457312107 CEST 61686 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:25.482611895 CEST 53 61686 8.8.8.8 192.168.2.5

May 18, 2020 19:01:26.227576017 CEST 55283 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:26.261362076 CEST 53 55283 8.8.8.8 192.168.2.5

May 18, 2020 19:01:26.298474073 CEST 57208 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:26.323878050 CEST 53 57208 8.8.8.8 192.168.2.5

May 18, 2020 19:01:27.229345083 CEST 55283 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:27.254648924 CEST 53 55283 8.8.8.8 192.168.2.5

UDP Packets


May 18, 2020 19:01:27.307250023 CEST 57208 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:27.332684040 CEST 53 57208 8.8.8.8 192.168.2.5

May 18, 2020 19:01:27.796940088 CEST 57733 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:27.810307026 CEST 58376 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:27.822233915 CEST 53 57733 8.8.8.8 192.168.2.5

May 18, 2020 19:01:27.852420092 CEST 53 58376 8.8.8.8 192.168.2.5

May 18, 2020 19:01:28.302391052 CEST 55283 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:28.327668905 CEST 53 55283 8.8.8.8 192.168.2.5

May 18, 2020 19:01:30.094886065 CEST 57208 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:30.120320082 CEST 53 57208 8.8.8.8 192.168.2.5

May 18, 2020 19:01:30.304434061 CEST 55283 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:30.329737902 CEST 53 55283 8.8.8.8 192.168.2.5

May 18, 2020 19:01:34.097407103 CEST 57208 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:34.122750998 CEST 53 57208 8.8.8.8 192.168.2.5

May 18, 2020 19:01:34.305964947 CEST 55283 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:34.331238031 CEST 53 55283 8.8.8.8 192.168.2.5

May 18, 2020 19:01:37.763890982 CEST 62387 53 192.168.2.5 8.8.8.8

May 18, 2020 19:01:37.789201021 CEST 53 62387 8.8.8.8 192.168.2.5


Timestamp Source IP Dest IP Trans ID OP Code Name Type Class

May 18, 2020 19:00:56.646878004 CEST 192.168.2.5 8.8.8.8 0x49f7 Standard query (0)

l.facebook.com A (IP address) IN (0x0001)

May 18, 2020 19:00:57.193551064 CEST 192.168.2.5 8.8.8.8 0x918b Standard query (0)

page.dagmaar.com

A (IP address) IN (0x0001)

May 18, 2020 19:00:58.070395947 CEST 192.168.2.5 8.8.8.8 0x6a3c Standard query (0)

i.imgur.com A (IP address) IN (0x0001)

May 18, 2020 19:00:58.977972984 CEST 192.168.2.5 8.8.8.8 0x5218 Standard query (0)

widgets.amung.us


May 18, 2020 19:00:59.790981054 CEST 192.168.2.5 8.8.8.8 0x446b Standard query (0)

whos.amung.us A (IP address) IN (0x0001)


page.dagmaar.com



www.cpagrip.com A (IP address) IN (0x0001)

May 18, 2020 19:01:23.616693974 CEST 192.168.2.5 8.8.8.8 0x2c2 Standard query (0)

unlocklink.com A (IP address) IN (0x0001)

May 18, 2020 19:01:24.068845987 CEST 192.168.2.5 8.8.8.8 0x988c Standard query (0)

www.exclusiveyouroffers.com


May 18, 2020 19:01:24.750864029 CEST 192.168.2.5 8.8.8.8 0x9b80 Standard query (0)

routeserve.info A (IP address) IN (0x0001)

May 18, 2020 19:01:25.004285097 CEST 192.168.2.5 8.8.8.8 0x2dc9 Standard query (0)

spotdiets.com A (IP address) IN (0x0001)

May 18, 2020 19:01:25.395987988 CEST 192.168.2.5 8.8.8.8 0x45f2 Standard query (0)

code.jquery.com A (IP address) IN (0x0001)

May 18, 2020 19:01:25.417443037 CEST 192.168.2.5 8.8.8.8 0xb276 Standard query (0)

cdnjs.cloudflare.com


May 18, 2020 19:01:25.457312107 CEST 192.168.2.5 8.8.8.8 0xb1b3 Standard query (0)

maxcdn.bootstrapcdn.com


Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

May 18, 2020 19:00:56.683629036 CEST

8.8.8.8 192.168.2.5 0x49f7 No error (0) l.facebook.com z-m.c10r.facebook.com CNAME (Canonical name)

IN (0x0001)

May 18, 2020 19:00:56.683629036 CEST

8.8.8.8 192.168.2.5 0x49f7 No error (0) z-m.c10r.facebook.com

31.13.92.37 A (IP address) IN (0x0001)

May 18, 2020 19:00:57.349813938 CEST

8.8.8.8 192.168.2.5 0x918b No error (0) page.dagmaar.com

162.213.251.209 A (IP address) IN (0x0001)

May 18, 2020 19:00:58.119961977 CEST

8.8.8.8 192.168.2.5 0x6a3c No error (0) i.imgur.com ipv4.imgur.map.fastly.net CNAME (Canonical name)

IN (0x0001)

May 18, 2020 19:00:58.119961977 CEST

8.8.8.8 192.168.2.5 0x6a3c No error (0) ipv4.imgur.map.fastly.net

151.101.12.193 A (IP address) IN (0x0001)

May 18, 2020 19:00:59.013902903 CEST

8.8.8.8 192.168.2.5 0x5218 No error (0) widgets.amung.us

50.23.131.235 A (IP address) IN (0x0001)

DNS Queries

DNS Answers


May 18, 2020 19:00:59.013902903 CEST

8.8.8.8 192.168.2.5 0x5218 No error (0) widgets.amung.us

173.192.200.70 A (IP address) IN (0x0001)

May 18, 2020 19:00:59.824680090 CEST

8.8.8.8 192.168.2.5 0x446b No error (0) whos.amung.us 67.202.94.94 A (IP address) IN (0x0001)

May 18, 2020 19:00:59.824680090 CEST


May 18, 2020 19:00:59.824680090 CEST


May 18, 2020 19:01:14.570280075 CEST

8.8.8.8 192.168.2.5 0x6892 No error (0) page.dagmaar.com

162.213.251.209 A (IP address) IN (0x0001)

May 18, 2020 19:01:22.982498884 CEST

8.8.8.8 192.168.2.5 0x3050 No error (0) www.cpagrip.com

104.26.3.51 A (IP address) IN (0x0001)

May 18, 2020 19:01:22.982498884 CEST

8.8.8.8 192.168.2.5 0x3050 No error (0) www.cpagrip.com

104.26.2.51 A (IP address) IN (0x0001)

May 18, 2020 19:01:23.652899981 CEST

8.8.8.8 192.168.2.5 0x2c2 No error (0) unlocklink.com 104.27.191.231 A (IP address) IN (0x0001)

May 18, 2020 19:01:23.652899981 CEST

8.8.8.8 192.168.2.5 0x2c2 No error (0) unlocklink.com 104.27.190.231 A (IP address) IN (0x0001)

May 18, 2020 19:01:24.107284069 CEST

8.8.8.8 192.168.2.5 0x988c No error (0) www.exclusiveyouroffers.com

104.24.126.214 A (IP address) IN (0x0001)

May 18, 2020 19:01:24.107284069 CEST

8.8.8.8 192.168.2.5 0x988c No error (0) www.exclusiveyouroffers.com

104.24.127.214 A (IP address) IN (0x0001)

May 18, 2020 19:01:24.797308922 CEST

8.8.8.8 192.168.2.5 0x9b80 No error (0) routeserve.info 104.18.222.81 A (IP address) IN (0x0001)

May 18, 2020 19:01:24.797308922 CEST

8.8.8.8 192.168.2.5 0x9b80 No error (0) routeserve.info 104.18.223.81 A (IP address) IN (0x0001)

May 18, 2020 19:01:25.043401003 CEST

8.8.8.8 192.168.2.5 0x2dc9 No error (0) spotdiets.com 104.18.171.73 A (IP address) IN (0x0001)

May 18, 2020 19:01:25.043401003 CEST

8.8.8.8 192.168.2.5 0x2dc9 No error (0) spotdiets.com 104.18.170.73 A (IP address) IN (0x0001)

May 18, 2020 19:01:25.421360970 CEST

8.8.8.8 192.168.2.5 0x45f2 No error (0) code.jquery.com cds.s5x3j6q5.hwcdn.net CNAME (Canonical name)

IN (0x0001)

May 18, 2020 19:01:25.442765951 CEST

8.8.8.8 192.168.2.5 0xb276 No error (0) cdnjs.cloudflare.com

104.16.132.229 A (IP address) IN (0x0001)

May 18, 2020 19:01:25.442765951 CEST

8.8.8.8 192.168.2.5 0xb276 No error (0) cdnjs.cloudflare.com

104.16.133.229 A (IP address) IN (0x0001)

May 18, 2020 19:01:25.482611895 CEST

8.8.8.8 192.168.2.5 0xb1b3 No error (0) maxcdn.bootstrapcdn.com

cds.j3z9t3p6.hwcdn.net CNAME (Canonical name)

IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

routeserve.info

Session ID Source IP Source Port Destination IP Destination Port Process

0 192.168.2.5 49766 104.18.222.81 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe

TimestampkBytestransferred Direction Data

HTTP Request Dependency Graph

HTTP Packets


May 18, 2020 19:01:24.820148945 CEST

472 OUT GET /fit?affid=2162rtty146&page=f-2-fitness&clickid=6dc7a59fe2dd4a30b403ef5409309466&pubid=9-1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi%3A%3A7420- HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: routeserve.info

May 18, 2020 19:01:24.854407072 CEST

473 IN HTTP/1.1 301 Moved PermanentlyDate: Mon, 18 May 2020 17:01:24 GMTTransfer-Encoding: chunkedConnection: keep-aliveCache-Control: max-age=3600Expires: Mon, 18 May 2020 18:01:24 GMTLocation: https://routeserve.info/fit?affid=2162rtty146&page=f-2-fitness&clickid=6dc7a59fe2dd4a30b403ef5409309466&pubid=9-1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi%3A%3A7420-Vary: Accept-EncodingServer: cloudflareCF-RAY: 595723d629bdc27c-FRAcf-request-id: 02ca54b9dc0000c27cb3338200000001Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

TimestampkBytestransferred Direction Data

Timestamp Source IPSourcePort Dest IP

DestPort Subject Issuer

NotBefore

NotAfter

JA3 SSL ClientFingerprint JA3 SSL Client Digest

May 18, 2020 19:00:56.748830080 CEST

31.13.92.37 443 192.168.2.5 49744 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US

CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Wed Apr 15 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013

Tue Jul 14 14:00:00 CEST 2020 Sun Oct 22 14:00:00 CEST 2028

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US

CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Tue Oct 22 14:00:00 CEST 2013

Sun Oct 22 14:00:00 CEST 2028

May 18, 2020 19:00:56.749130011 CEST

31.13.92.37 443 192.168.2.5 49745 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US

CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Wed Apr 15 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013

Tue Jul 14 14:00:00 CEST 2020 Sun Oct 22 14:00:00 CEST 2028

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US


Tue Oct 22 14:00:00 CEST 2013

Sun Oct 22 14:00:00 CEST 2028

May 18, 2020 19:00:57.748781919 CEST

162.213.251.209 443 192.168.2.5 49747 CN=page.dagmaar.com CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US

CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE

Mon Mar 16 01:00:00 CET 2020 Fri Nov 02 01:00:00 CET 2018 Tue May 30 12:48:38 CEST 2000

Wed Mar 17 00:59:59 CET 2021 Wed Jan 01 00:59:59 CET 2031 Sat May 30 12:48:38 CEST 2020

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB

CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US

Fri Nov 02 01:00:00 CET 2018

Wed Jan 01 00:59:59 CET 2031

HTTPS Packets



CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE

Tue May 30 12:48:38 CEST 2000

Sat May 30 12:48:38 CEST 2020

May 18, 2020 19:00:57.751029015 CEST





771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Fri Nov 02 01:00:00 CET 2018

Wed Jan 01 00:59:59 CET 2031



Tue May 30 12:48:38 CEST 2000

Sat May 30 12:48:38 CEST 2020

May 18, 2020 19:00:58.166126013 CEST

151.101.12.193 443 192.168.2.5 49748 CN=*.imgur.com, O="Imgur, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US

CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Wed Jan 15 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013

Wed Mar 16 13:00:00 CET 2022 Wed Mar 08 13:00:00 CET 2023

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US

CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Fri Mar 08 13:00:00 CET 2013

Wed Mar 08 13:00:00 CET 2023

May 18, 2020 19:00:58.167373896 CEST

151.101.12.193 443 192.168.2.5 49749 CN=*.imgur.com, O="Imgur, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US

CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Wed Jan 15 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013

Wed Mar 16 13:00:00 CET 2022 Wed Mar 08 13:00:00 CET 2023

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US

CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Fri Mar 08 13:00:00 CET 2013

Wed Mar 08 13:00:00 CET 2023

May 18, 2020 19:00:59.331677914 CEST

50.23.131.235 443 192.168.2.5 49750 CN=whos.amung.us, O=whos.amung.us Inc, L=Calgary, ST=Alberta, C=CA, SERIALNUMBER=2014337048, OID.1.3.6.1.4.1.311.60.2.1.2=Alberta, OID.1.3.6.1.4.1.311.60.2.1.3=CA, OID.2.5.4.15=Private Organization CN=GeoTrust EV RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US

CN=GeoTrust EV RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Fri Mar 09 01:00:00 CET 2018 Mon Nov 06 13:22:46 CET 2017

Mon May 25 14:00:00 CEST 2020 Sat Nov 06 13:22:46 CET 2027

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=GeoTrust EV RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US


Mon Nov 06 13:22:46 CET 2017

Sat Nov 06 13:22:46 CET 2027



NotBefore

NotAfter



May 18, 2020 19:00:59.332870007 CEST





771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Mon Nov 06 13:22:46 CET 2017

Sat Nov 06 13:22:46 CET 2027

May 18, 2020 19:01:00.066315889 CEST





771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Mon Nov 06 13:22:46 CET 2017

Sat Nov 06 13:22:46 CET 2027

May 18, 2020 19:01:00.068881035 CEST





771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Mon Nov 06 13:22:46 CET 2017

Sat Nov 06 13:22:46 CET 2027

May 18, 2020 19:01:15.149008036 CEST





771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0

37f463bf4616ecd445d4a1937da06e19



Fri Nov 02 01:00:00 CET 2018

Wed Jan 01 00:59:59 CET 2031



Tue May 30 12:48:38 CEST 2000

Sat May 30 12:48:38 CEST 2020



NotBefore

NotAfter



May 18, 2020 19:01:23.099189997 CEST

104.26.3.51 443 192.168.2.5 49758 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US

CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Thu Mar 19 01:00:00 CET 2020 Wed Oct 14 14:00:00 CEST 2015

Fri Oct 09 14:00:00 CEST 2020 Fri Oct 09 14:00:00 CEST 2020

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US

CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

Wed Oct 14 14:00:00 CEST 2015

Fri Oct 09 14:00:00 CEST 2020

May 18, 2020 19:01:23.110989094 CEST



Thu Mar 19 01:00:00 CET 2020 Wed Oct 14 14:00:00 CEST 2015


771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Wed Oct 14 14:00:00 CEST 2015

Fri Oct 09 14:00:00 CEST 2020

May 18, 2020 19:01:23.724201918 CEST



Sat Feb 22 01:00:00 CET 2020 Wed Oct 14 14:00:00 CEST 2015


771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Wed Oct 14 14:00:00 CEST 2015

Fri Oct 09 14:00:00 CEST 2020

May 18, 2020 19:01:23.724431038 CEST



Sat Feb 22 01:00:00 CET 2020 Wed Oct 14 14:00:00 CEST 2015


771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Wed Oct 14 14:00:00 CEST 2015

Fri Oct 09 14:00:00 CEST 2020

May 18, 2020 19:01:24.159926891 CEST



Mon Oct 07 02:00:00 CEST 2019 Wed Oct 14 14:00:00 CEST 2015

Tue Oct 06 14:00:00 CEST 2020 Fri Oct 09 14:00:00 CEST 2020

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Wed Oct 14 14:00:00 CEST 2015

Fri Oct 09 14:00:00 CEST 2020



NotBefore

NotAfter



May 18, 2020 19:01:24.166491985 CEST



Mon Oct 07 02:00:00 CEST 2019 Wed Oct 14 14:00:00 CEST 2015

Tue Oct 06 14:00:00 CEST 2020 Fri Oct 09 14:00:00 CEST 2020

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Wed Oct 14 14:00:00 CEST 2015

Fri Oct 09 14:00:00 CEST 2020

May 18, 2020 19:01:24.907212973 CEST



Tue Apr 07 02:00:00 CEST 2020 Wed Oct 14 14:00:00 CEST 2015


771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Wed Oct 14 14:00:00 CEST 2015

Fri Oct 09 14:00:00 CEST 2020

May 18, 2020 19:01:25.092432022 CEST





771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Wed Oct 14 14:00:00 CEST 2015

Fri Oct 09 14:00:00 CEST 2020

May 18, 2020 19:01:25.093637943 CEST





771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Wed Oct 14 14:00:00 CEST 2015

Fri Oct 09 14:00:00 CEST 2020

May 18, 2020 19:01:25.489948034 CEST

104.16.132.229 443 192.168.2.5 49778 CN=cloudflare.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US


Tue Jan 07 01:00:00 CET 2020 Wed Oct 14 14:00:00 CEST 2015


771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Wed Oct 14 14:00:00 CEST 2015

Fri Oct 09 14:00:00 CEST 2020



NotBefore

NotAfter



Code Manipulations

Statistics

Behavior

• iexplore.exe

• iexplore.exe

Click to jump to process

System Behavior

May 18, 2020 19:01:25.498224974 CEST

104.16.132.229 443 192.168.2.5 49777 CN=cloudflare.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US


Tue Jan 07 01:00:00 CET 2020 Wed Oct 14 14:00:00 CEST 2015


771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c



Wed Oct 14 14:00:00 CEST 2015

Fri Oct 09 14:00:00 CEST 2020



NotBefore

NotAfter



Start date: 18/05/2020

Path: C:\Program Files\internet explorer\iexplore.exe

Wow64 process (32bit): false

Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Imagebase: 0x7ff6c50a0000

File size: 823560 bytes

MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: low

Analysis Process: iexplore.exe PID: 4380 Parent PID: 696Analysis Process: iexplore.exe PID: 4380 Parent PID: 696

General


Disassembly

File ActivitiesFile Activities

Registry ActivitiesRegistry Activities

File Path Access Attributes Options Completion CountSourceAddress Symbol

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

File Path Offset Length Completion CountSourceAddress Symbol

Key Path Completion CountSourceAddress Symbol

Key Path Name Type Data Completion CountSourceAddress Symbol

Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol

File ActivitiesFile Activities

Registry ActivitiesRegistry Activities


Start date: 18/05/2020

Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Wow64 process (32bit): true

Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4380 CREDAT:17410 /prefetch:2

Imagebase: 0x1060000

File size: 822536 bytes

MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: low

File Path Access Attributes Options Completion CountSourceAddress Symbol

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

File Path Offset Length Completion CountSourceAddress Symbol

Key Path Name Type Data Completion CountSourceAddress Symbol

Analysis Process: iexplore.exe PID: 4880 Parent PID: 4380Analysis Process: iexplore.exe PID: 4880 Parent PID: 4380

General


Version: 28.0.0 Lapis Lazuli - Joe Sandbox

Documents

Transcript of Version: 28.0.0 Lapis Lazuli - Joe Sandbox