Version: 28.0.0 Lapis Lazuli

ID: 213282Cookbook: browseurl.jbsTime: 18:30:07Date: 05/03/2020Version: 28.0.0 Lapis Lazuli

2

33

4445566666

7777777888888888899999999

1010181819222323232323242526262728282930303030303030

31313131

313131

32

3

Table of Contents

Table of ContentsAnalysis Reporthttp://cardpayments.microransom.us/XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw

OverviewGeneral InformationDetectionConfidenceClassification SpiderchartAnalysis AdviceMitre Att&ck MatrixSignature Overview

Phishing:Networking:System Summary:Hooking and other Techniques for Hiding and Protection:

Malware ConfigurationBehavior Graph

SimulationsBehavior and APIs

Antivirus, Machine Learning and Genetic Malware DetectionInitial SampleDropped FilesUnpacked PE FilesDomainsURLs

Yara OverviewInitial SamplePCAP (Network Traffic)Dropped FilesMemory DumpsUnpacked PEs

Sigma OverviewJoe Sandbox View / Context

IPsDomainsASNJA3 FingerprintsDropped Files

ScreenshotsThumbnails

StartupCreated / dropped FilesDomains and IPs

Contacted DomainsURLs from Memory and BinariesContacted IPsPublic

Static File InfoNo static file info

Network BehaviorNetwork Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTP Request Dependency GraphHTTP PacketsHTTPS Packets

Code ManipulationsStatistics

BehaviorSystem Behavior

Analysis Process: iexplore.exe PID: 1352 Parent PID: 700GeneralFile ActivitiesRegistry Activities

Analysis Process: iexplore.exe PID: 3608 Parent PID: 1352GeneralFile ActivitiesRegistry Activities

Analysis Process: ssvagent.exe PID: 4576 Parent PID: 3608GeneralRegistry Activities

Disassembly

Copyright Joe Security LLC 2020 of 32

Analysis Report http://cardpayments.microransom.us/XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw

Overview

General Information

Joe Sandbox Version: 28.0.0 Lapis Lazuli

Analysis ID: 213282

Start date: 05.03.2020

Start time: 18:30:07

Joe Sandbox Product: CloudBasic

Overall analysis duration: 0h 6m 51s

Hypervisor based Inspection enabled: false

Report type: light

Cookbook file name: browseurl.jbs

Sample URL:cardpayments.microransom.us/XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw

Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113

Number of analysed new started processes analysed: 6

Number of new started drivers analysed: 0

Number of existing processes analysed: 0

Number of existing drivers analysed: 0

Number of injected processes analysed: 0

Technologies: EGA enabled

Analysis stop reason: Timeout

Detection: SUS

Classification: sus21.phis.win@5/28@6/3

Cookbook Comments: Adjust boot timeEnable AMSIBrowsing link: https://submit.protected-forms.com/pages/9ec91759e8a89/XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw#


Warnings:

Detection

Strategy Score Range Reporting Whitelisted Detection

Threshold 21 0 - 100 false

Confidence

Strategy Score Range Further Analysis Required? Confidence

Threshold 3 0 - 5 true

Exclude process from analysis (whitelisted): ielowutil.exe, conhost.exe, CompatTelRunner.exeTCP Packets have been reduced to 100Excluded IPs from analysis (whitelisted): 23.61.218.119, 172.217.23.234, 23.37.55.203, 23.62.132.180, 152.199.19.161, 93.184.221.240, 52.109.88.40, 52.109.124.21, 52.109.76.33Excluded domains from analysis (whitelisted): www.cdc.gov.edgekey.net, prod-w.nexus.live.com.akadns.net, ajax.googleapis.com, ie9comview.vo.msecnd.net, secure.aadcdn.microsoftonline-p.com.edgekey.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, wu.azureedge.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, e9313.dscb.akamaiedge.net, go.microsoft.com.edgekey.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, e13761.dscg.akamaiedge.net, hlb.apr-52dd2-0.edgecastdns.net, nexus.officeapps.live.com, wu.wpc.apr-52dd2.edgecastdns.net, cs9.wpc.v0cdn.netReport size getting too big, too many NtCreateKey calls found.Report size getting too big, too many NtDeviceIoControlFile calls found.Report size getting too big, too many NtSetValueKey calls found.

Show All

Classification Spiderchart


Analysis Advice

Initial sample is implementing a service and should be registered / started as service

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Mitre Att&ck Matrix

InitialAccess Execution Persistence

PrivilegeEscalation

DefenseEvasion

CredentialAccess Discovery

LateralMovement Collection Exfiltration

Commandand Control

NetworkEffects

RemoteServiceEffects

ValidAccounts

Graphical UserInterface 1

WinlogonHelper DLL

ProcessInjection 1

Masquerading 1 CredentialDumping

File andDirectoryDiscovery 1

Remote FileCopy 1

Data fromLocalSystem

DataCompressed

StandardCryptographicProtocol 2

Eavesdrop onInsecureNetworkCommunication

RemotelyTrack DeviceWithoutAuthorization

ReplicationThroughRemovableMedia

ServiceExecution

PortMonitors

AccessibilityFeatures

ProcessInjection 1

NetworkSniffing

ApplicationWindowDiscovery

RemoteServices

Data fromRemovableMedia

ExfiltrationOver OtherNetworkMedium

StandardNon-ApplicationLayerProtocol 2

Exploit SS7 toRedirect PhoneCalls/SMS

RemotelyWipe DataWithoutAuthorization

Ransomware

Spreading

Phishing

Banker

Trojan / Bot

Adware

Spyware

Exploiter

Evader

Miner

clean

clean

clean

clean

clean

clean

clean

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

malicious

malicious

malicious

malicious

malicious

malicious

malicious


ExternalRemoteServices

WindowsManagementInstrumentation

AccessibilityFeatures

PathInterception

Rootkit InputCapture

QueryRegistry

WindowsRemoteManagement

Data fromNetworkSharedDrive

AutomatedExfiltration

StandardApplicationLayerProtocol 3

Exploit SS7 toTrack DeviceLocation

ObtainDeviceCloudBackups

Drive-byCompromise

ScheduledTask

SystemFirmware

DLL SearchOrderHijacking

Obfuscated Filesor Information

Credentialsin Files

SystemNetworkConfigurationDiscovery

LogonScripts

InputCapture

DataEncrypted

Remote FileCopy 1

SIM CardSwap

InitialAccess Execution Persistence

PrivilegeEscalation

DefenseEvasion

CredentialAccess Discovery

LateralMovement Collection Exfiltration

Commandand Control

NetworkEffects

RemoteServiceEffects

Signature Overview

• Phishing

• Networking

• System Summary

• Hooking and other Techniques for Hiding and Protection

Click to jump to signature section

Phishing:

Phishing site detected (based on logo template match)

HTML body contains low number of good links

HTML title does not match URL

Invalid T&C link found

META author tag missing

META copyright tag missing

Networking:

Downloads files from webservers via HTTP

Found strings which match to known social media urls

Performs DNS lookups

Urls found in memory or binary data

Uses HTTPS

System Summary:

Classification label

Creates files inside the user directory

Creates temporary files

Reads ini files

Spawns processes

Found graphical window changes (likely an installer)

Uses new MSVCR Dlls

Hooking and other Techniques for Hiding and Protection:


Disables application error messsages (SetErrorMode)

Malware Configuration

No configs have been found

Behavior GraphID: 213282

URL: http://cardpayments.microra...

Startdate: 05/03/2020

Architecture: WINDOWS

Score: 21

submit.protected-forms.com landing.training.knowbe4.com

Phishing site detected(based on logo template

match)

iexplore.exe

10 74

started

iexplore.exe

4 46

started

ipv4.imgur.map.fastly.net

151.101.12.193, 443, 49874, 49875

unknown

United States

52.72.211.130, 443, 49870, 49871

unknown

United States

6 other IPs or domains

ssvagent.exe

501

started

Legend:

Process

Signature

Created File

DNS/IP Info

Is Dropped

Is Windows Process

Number of created Registry Values

Number of created Files

Visual Basic

Delphi

Java

.Net C# or VB.NET

C, C++ or other language

Is malicious

Internet

Hide Legend

No simulations

No Antivirus matches


Behavior Graph

Simulations

Behavior and APIs

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files


Sigma Overview

No Sigma rule has matched


Source Detection Scanner Label Link

ipv4.imgur.map.fastly.net 0% Virustotal Browse

secure.aadcdn.microsoftonline-p.com 0% Virustotal Browse

submit.protected-forms.com 0% Virustotal Browse

cardpayments.microransom.us 1% Virustotal Browse

Source Detection Scanner Label Link

https://submit.protect 0% Avira URL Cloud safe

https://w3c.github.io/IntersectionObserver/#intersection-observer-interface 0% URL Reputation safe

docs.closure-library.googlecode.com/git/closure_goog_date_date.js.source.html 0% Virustotal Browse

docs.closure-library.googlecode.com/git/closure_goog_date_date.js.source.html 0% Avira URL Cloud safe

https://www.nathanaeljones.com/blog/2013/reading-max-width-cross-browser 0% Avira URL Cloud safe

https://www.anujgakhar.com/2014/03/01/binary-search-in-javascript/ 0% Avira URL Cloud safe

https://https.protected-forms.com/pages/607e1759c7f3a 0% Avira URL Cloud safe

www.robertpenner.com/easing/ 0% Virustotal Browse

www.robertpenner.com/easing/ 0% URL Reputation safe

https://w3c.github.io/IntersectionObserver/#calculate-intersection-rect-algo 0% URL Reputation safe

flightschool.acylt.com/devnotes/caret-position-woes/ 0% URL Reputation safe

www.robertpenner.com/easing) 0% Virustotal Browse

www.robertpenner.com/easing) 0% URL Reputation safe

https://secure.aadcdn.microsoftonline-p.com/ests/2.1.4653.2/content/images/microsoft_logo.png 0% Virustotal Browse

https://secure.aadcdn.microsoftonline-p.com/ests/2.1.4653.2/content/images/microsoft_logo.png 0% Avira URL Cloud safe

https://w3c.github.io/IntersectionObserver/#intersection-observer-entry 0% URL Reputation safe

https://submit.protectcroransom.us/XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQt

0% Avira URL Cloud safe

No yara matches

No yara matches

No yara matches

No yara matches

No yara matches

Unpacked PE Files

Domains

URLs

Yara Overview

Initial Sample

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs


https://www.virustotal.com/url/79dab10c23399200facf3b1772cd231e39f4e6612b1cb43adb307f111797a7e8/analysis/1583326119/

https://www.virustotal.com/url/0bb7bbbad33bf87bf8ca6dd9b59baccb7fe7871feb0441c2bd4d286442af0b12/analysis/1583410290/

https://www.virustotal.com/url/10291272ef83a982a83cdef8a2b45a1958058958f209e5936aa73a77c7f58c9a/analysis/1562617999/

https://www.virustotal.com/url/e4afb21aaacaad9751299811ddd921ff3c59049cb25938a647e05c3b0af0aa5c/analysis/1583426643/

https://www.virustotal.com/url/009a98a50715d147e031c4aea2580b7f5713248f6e834cdc9fdce7e376280b88/analysis/1440666355/

https://www.virustotal.com/url/291c2b7ce63a84700e1d1875c30e4ae640051afaef8944768d5b001debf9fa72/analysis/1421826346/

https://www.virustotal.com/url/17e3233e91b6cc3c3e81e358d6e40899f02f66cd94f086b1b54f5486bff72af5/analysis/1419530393/

https://www.virustotal.com/url/3665e40604050c2b61e29bfaf08c70e4bfa7551dee7cfaa7e2fd69e4fe6a0055/analysis/1527264225/

No context

No context

No context

No context

No context

ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Screenshots


System is w10x64

iexplore.exe (PID: 1352 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 3608 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1352 CREDAT:17410 /prefetch:2 MD5:

071277CC2E3DF41EEEA8013E2AB58D5A)ssvagent.exe (PID: 4576 cmdline: 'C:\PROGRA~2\Java\JRE18~1.0_1\bin\ssvagent.exe' -new MD5: 64338C266AE1E640E4D8CCE50FA9DF9F)

cleanup

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\BHYH095B\submit.protected-forms[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with no line terminators

Size (bytes): 26

Entropy (8bit): 2.469670487371862

Encrypted: false

MD5: 132294CA22370B52822C17DCB5BE3AF6

SHA1: DD26B82638AD38AD471F7621A9EB79FED448A71C

SHA-256: 451ABBE0AEFC000F49967DABF8D42344D146429F03C8C8D4AE5E33FF9963CF77

SHA-512: 6D5808CAD199A785C82763C68F0AE1F4938C304B46B70529EA26B3D300EF9430AD496C688D95D01588576B3A577001D62245D98137FD5CD825AD62E17D36F15C

Malicious: false

Reputation: low

Startup

Created / dropped Files


Preview:<root></root><root></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\BHYH095B\submit.protected-forms[1].xml

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3DDC76F6-5F07-11EA-AAE3-9CC1A2A860C6}.datProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: Microsoft Word Document

Size (bytes): 30296

Entropy (8bit): 1.8517459636013631

Encrypted: false

MD5: 45F105741D1544F946FB45282DD812BE

SHA1: AF17BB7AA1DCEDB859BDF9A673B903495ADB4A09

SHA-256: E0558F73C61D8D8DEB324B950D9B8837E86F58242CDB063A489DAC6E1B3B70D1

SHA-512: DDEB0F2C245DB78CD7B000B7FD98ACFB7667F5595FECE90DDFD172E71B574175C57AF4E33592566B069DD0E3F636BCE8FAFA4235F8C4B584F253D73FA4F79CE2

Malicious: false

Reputation: low

Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3DDC76F8-5F07-11EA-AAE3-9CC1A2A860C6}.datProcess: C:\Program Files\internet explorer\iexplore.exe


Size (bytes): 46306

Entropy (8bit): 2.4557297751950493

Encrypted: false

MD5: C49863F6C1D7819BEFF9BB167411253E

SHA1: 9B8994809184D7FC9231E0DB03BEFC5897ADD870

SHA-256: A1195B521814449B10217B0C829A80854CABF8E7E816EB43908EE0059409F362

SHA-512: 204F4A61E78EDFD5EF41306C5A095AE031DCFC9C5A43CB2A00DBAB6DFA7AE0407C68149AFA2E14B51FD17DCEAA5B0DFE57B74981010271C69D375699ED47EE56

Malicious: false

Reputation: low


C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{47A539C1-5F07-11EA-AAE3-9CC1A2A860C6}.datProcess: C:\Program Files\internet explorer\iexplore.exe


Size (bytes): 16984

Entropy (8bit): 1.5656362173014988

Encrypted: false

MD5: F06242D33B961245F751A5A25F91ACED

SHA1: 6EA370D0FCC4CB55FBF9EC11B826E94D8B9DDFF3

SHA-256: 938513E7754D7AB61A0DDC8CE551760CB5AF2B655E9AB0194BB01BEBE156AFB7

SHA-512: 564A9F41E5F2AF89CA24F571CB3CB3E2938163283EF8C9AA50DCBA034531040402A05CFCBB371D4A296EBD637A819B940E2E73058122454CD4194391E558296F

Malicious: false

Reputation: low


C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

Size (bytes): 656

Entropy (8bit): 5.105953292373523

Encrypted: false

MD5: 662EC4B7816B94FF939EEAF00095D2B0

SHA1: 9902E16BD9CE7754F8D177D777ABCF6EE09C3DAF

SHA-256: 50E7F75F2C39720CCE2E93B83E0CB15307E214EB8E54CE7A6FC1E841A7709BEF

SHA-512: 874FA6AD3FB1DD5B4619E61E6B7E9651D3F0F8E4E93FBB7B4EF1E369650F3A7CB3062E0753344272553A39181C94F12E29E84A94FAF76D91D4EAFFFFA53DF076


Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x1822b4cd,0x01d5f314</date><accdate>0x1822b4cd,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x1822b4cd,0x01d5f314</date><accdate>0x1822b4cd,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml



Size (bytes): 653

Entropy (8bit): 5.150428275242517

Encrypted: false

MD5: 65D1F9DB3BF657CD59CD60145F09C5CB

SHA1: 7C984CD47C388C7BBE1A7459349AEC0EC618CABD

SHA-256: C6D401068949F5F0A212ECFFB8C90A1C6B926657784825F409A3FC272310712C

SHA-512: CD63FFC943E883B24974A49725281CF568AB1048F925E456D1D03D62D9B00D4781BC4A6950330CA33B3EB2798F27A5AB639486EDC78B7ED39428FEBA91BB8B4D

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x18040229,0x01d5f314</date><accdate>0x18040229,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x18040229,0x01d5f314</date><accdate>0x1806643d,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..



Size (bytes): 662

Entropy (8bit): 5.127150216711775

Encrypted: false

MD5: 424BA640DA1525985037E125D3D8A866

SHA1: CFF613442D7C37D301584F7E67C6F6924E938FE6

SHA-256: 9FAE11FBF87FC51D8624B142E16D2E99E963655949DC3078F28EE4806271C771

SHA-512: 99AFDF66DE156B716334D33EA369A6E46D81FF82D37670497E1AB1D495E072D283221882ADC00001BFE8A635E4954ACD90E333B65EBD6A10F99B90E405EE30C9

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x18253c91,0x01d5f314</date><accdate>0x18253c91,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x18253c91,0x01d5f314</date><accdate>0x1827feab,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..



Size (bytes): 410

Entropy (8bit): 5.1682731780856255

Encrypted: false

MD5: 72A13DED2C2EAF389D63694A0F674ACD

SHA1: 3827A07C2FAAFEF5AACB445C84FEB08931C2529B

SHA-256: A682DE67601C92B11CD00B11F1ED479ED205BC1311CF761A441A055898A42F16

SHA-512: C9283B08C24885AF5AB01C57A48FBECCDB81592370ED681A5825F80FAF0A0F6F3359A45C6D532B3BACED9FCC16636505F41E0E7EC04BDB660A34FB464077AC20

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://go.microsoft.com/fwlink/p/?LinkId=255142"/><date>0x42a19dc3,0x01d5d568</date><accdate>0x180938ce,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Bing.url"/><selection>\lowres.png</selection></tile></msapplication></browserconfig>..



Size (bytes): 647

Entropy (8bit): 5.125408565696732


Encrypted: false

MD5: 8CDA4C37332289E719A4A73D1066C28B

SHA1: 7F211453DE644F860F1F343AC33AC7345057039C

SHA-256: DC36BCD3F8557F09DA579758450A70F3D339E3B210B7057EC420CAF3F510B34E

SHA-512: 1D345053ECB977CF2A74EA9B4B6B83DD6C993975F23ADF3900AA9514616D4BF36228650D44C17DACEA1E71ADCF5C2C66D05E45A2E60EB44CE096079FA03CC75D

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x181642c3,0x01d5f314</date><accdate>0x181642c3,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x181642c3,0x01d5f314</date><accdate>0x181642c3,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml



Size (bytes): 656

Entropy (8bit): 5.131598546801389

Encrypted: false

MD5: 8047C43781A2C0306E2288960436C10D

SHA1: F5E8428044F2DE5C561242F65EE15C55921B5906

SHA-256: 71926AF0855FD329FCC9995927ECC16D5F127F9B227F2218A71115F7D7B3F85C

SHA-512: CAA09310D1C670750786171E665CF0F92CF388DC3A37C15CEAD20E8E8265FA3A674BB34C1091659E00BED125B19BAC1C7F5F04723A61D42CBA16F8CE4DDDA0A5

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x182ae615,0x01d5f314</date><accdate>0x182ae615,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x182ae615,0x01d5f314</date><accdate>0x182ae615,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..



Size (bytes): 653

Entropy (8bit): 5.093248801389679

Encrypted: false

MD5: D0DF72337CB9A609AB6721A0709F0FF1

SHA1: 8A181994852A73ED5188B4245918643D49924867

SHA-256: 68AAE9620203FB25CAC793E30BAB8CDCD0FD21B76A0B8C3D59CAE60761BDA235

SHA-512: AD652FFE0CC9D620E414E6CD8A930858249E998314B762371C2E52EB32A8DE52AAF7111E18AB0A454F9CEAFCED57B2C4DC4A63DBF43F66E9160D6DAF785CEC82

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x18203f38,0x01d5f314</date><accdate>0x18203f38,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x18203f38,0x01d5f314</date><accdate>0x18203f38,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe


Size (bytes): 656

Entropy (8bit): 5.152443139017706

Encrypted: false

MD5: C071EBE06BB2B7CE76E485E88B591E6A

SHA1: 07C796FB2045660D294896BDA1C7504F8B587C3D

SHA-256: F8ED50AE9268C02AEA2B39EA66A2867370027AB62F1B26DE1218FBB77A58DB2F

SHA-512: DB40DFEE44D34D24B9ACFD6BAD4CED2A9BCFE20C41D946FF9F861647DFDC3088AFD7620668F5AB4433DFF704920D518F10ACBAF8430BCE320CD59551E3457880

Malicious: false

Reputation: low


Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x181b0827,0x01d5f314</date><accdate>0x181b0827,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x181b0827,0x01d5f314</date><accdate>0x181d69d3,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml



Size (bytes): 659

Entropy (8bit): 5.109907478132504

Encrypted: false

MD5: B28A9C0E37EF2534CF6AB4E74C1B3907

SHA1: 68694A45F3B376D86D179B6C2F21410D8BB1D318

SHA-256: 8BC0A0F71AE77D1BB71702C7F516CEF36EB50B45595E7763D937BD0B08B05AEF

SHA-512: 5E12AB0CFF5BF38232267C2E098BB2AEA6225E19B73EBD5F070B843E18B537B026797CE172132D29E0F52D86592BFB5FCD4CFDFD474D8DC135A46F30AF13218C

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x180938ce,0x01d5f314</date><accdate>0x180938ce,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x180938ce,0x01d5f314</date><accdate>0x1810d22b,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..



Size (bytes): 653

Entropy (8bit): 5.081885907607568

Encrypted: false

MD5: D0774A20B2D9125A7A28886ED5F88725

SHA1: E73191D03596B579BC499C52D518A56DE425E0DE

SHA-256: 42D8948BB5235AE336577C287100E7A8787584D48EAF5E97C54349452790C7BF

SHA-512: C81DF34CE879B465DE9A8D369196B1A83905F70ABD493928A2837245639ADACE098189C5157B5697E26897C70E308B6C488758196F38F93C68446FE3F253AD22

Malicious: false

Reputation: low

Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x1813812a,0x01d5f314</date><accdate>0x1813812a,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x1813812a,0x01d5f314</date><accdate>0x1813812a,0x01d5f314</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text

Size (bytes): 326

Entropy (8bit): 5.6676872252913

Encrypted: false

MD5: 680686D0AEBAF4E4918001B20AFE3694

SHA1: B6F277E9C602D81AFFDF37FD2F734FBFF924247F

SHA-256: F436C63EBF2B0F17E700BC091B92D26E02799184D0892C56327898D297CAC40D

SHA-512: FEEB3146DCA87B27EED5AD95DE3553F84AD71FB745A51E024D2295439E3BD0BEB60A424FB34A2F78DF88BAB8355A840601DBC111E4EC3EF43A18D42F05F0AD44

Malicious: false

Reputation: low

Preview:<html>. <head>. <script>window.location.href = 'https://submit.protected-forms.com/pages/9ec91759e8a89/XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw';</script>. </head>. <body>. </body>.</html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: UTF-8 Unicode text, with very long lines

Size (bytes): 4174659


Entropy (8bit): 5.094369244435523

Encrypted: false

MD5: F68A91E86DE0F8068AF3DE6DB4AAC6B5

SHA1: FBDB87094AD4A96735C5E1AD5E4FF6A00B20947A

SHA-256: FDE3C8B694424902E64C29A427A46B6EF3C593F1FFEFBDD989847B4F1B8B2310

SHA-512: 0FE53E53837DCC30B9BC1B763B15262B115818A63FB689E710EA618BA057D5CF1562FBEAEFD5D413A9FF2704081AD74FB9F30D69FE2C43E6ADB1FFAB9100375F

Malicious: false

Reputation: low

Preview:// Array.fill.if (!Array.prototype.fill) {. Object.defineProperty(Array.prototype, 'fill', {. value: function(value) {.. // Steps 1-2.. if (this == null) {. throw new TypeError('this is null or not defined');. }.. var O = Object(this);.. // Steps 3-5.. var len = O.length >>> 0;.. // Steps 6-7.. var start = arguments[1];. var relativeStart = start >> 0;.. // Step 8.. var k = relativeStart < 0 ?. Math.max(len + relativeStart, 0) :. Math.min(relativeStart, len);.. // Steps 9-10.. var end = arguments[2];. var relativeEnd = end === undefined ?. len : end >> 0;.. // Step 11.. var final = relativeEnd < 0 ?. Math.max(len + relativeEnd, 0) :. Math.min(relativeEnd, len);.. // Step 12.. while (k < final) {. O[k] = value;. k++;. }.. // Step 13.. return O;. }. });.}..// Object.values.Object.values = Object.values ? Object.values : f

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5N37O3UG\jquery.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines

Size (bytes): 95786

Entropy (8bit): 5.393689635062045

Encrypted: false

MD5: 8101D596B2B8FA35FE3A634EA342D7C3

SHA1: D6C1F41972DE07B09BFA63D2E50F9AB41EC372BD

SHA-256: 540BC6DEC1DD4B92EA4D3FB903F69EABF6D919AFD48F4E312B163C28CFF0F441

SHA-512: 9E1634EB02AB6ACDFD95BF6544EEFA278DFDEC21F55E94522DF2C949FB537A8DFEAB6BCFECF69E6C82C7F53A87F864699CE85F0068EE60C56655339927EEBCDB

Malicious: false

Reputation: low

Preview:/*! jQuery v1.11.1 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l="1.11.1",m=function(a,b){return new m.fn.init(a,b)},n=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,o=/^-ms-/,p=/-([\da-z])/gi,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,constructor:m,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map(this,function(b,c){ret

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\O0N4T4W6\XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text, with CRLF, LF line terminators

Size (bytes): 4386

Entropy (8bit): 5.5961788600873055

Encrypted: false

MD5: 5CC8E2C9F77C111612B9E1C0C4392536

SHA1: 62701D660ECC4EC1BB40781AA2D7767C1CB35658

SHA-256: 9E5E0835848F6ED9BCAECC378E732AC5EE370BB6F6981BAB9D55A7D90BA81F37

SHA-512: 29BC9AC184510FC7CDCEE813D5B7F5F142A97EF36A3FD2DBFFCB7DA07649983BEECD260D39C16230E8A685F96170EF73B095F7EA33F967A8EEAAB4BAE1E0C358

Malicious: false

Reputation: low

Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN". "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">. <meta name="IMPORTANT" content="This page is part of a simulated phishing attack initiated by KnowBe4 on behalf of its customers." />. <meta name="IMPORTANT" content="If you have any questions please contact [email protected]." />. <meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible"/>.. <head>. <script src="/assets/application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310.js"></script>. <script src="/packs/js/vendor-a6da5c38e4a40255d339.js"></script>. <script src="/assets/modernizr-654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97.js"></script>. <link rel="stylesheet" media="all" href="/assets/landing-watermark-16f13e16a7ef02fb6f94250aa1931ded83dbee5d9fad278e33dd5792d085194f.css" />.. </head>. .<script class="jsbin" src="http://ajax.googleapis.com/ajax/libs

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\P24S97MI\5M7BhDX[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: PNG image data, 159 x 35, 8-bit/color RGBA, non-interlaced

Size (bytes): 4564

Entropy (8bit): 7.923695684546112

Encrypted: false

MD5: 8562D0594B9B1A0D99C18D9FEBF54322

SHA1: 5DD751FB397A3CD010FA2DE9B9C56AF52DB73215


SHA-256: F34EB312B5B5B4819C3DC3F737821E0F265F87B9E66A96C1587EC0DA07063B42

SHA-512: DCACB7AECAC91F6C47F8CE67B6D6E271C8C5EA97D5F2625C6EDFBD2B971E3845213742957B7F09F5D8D9E5996F74D6604304541EEA1D39078C165435F6498309

Malicious: false

Reputation: low

Preview:.PNG........IHDR.......#............OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\[email protected]..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..([email protected]..._-..."[email protected]~..,/...;..m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/[email protected]..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., +.....3...!.[..b@q

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\P24S97MI\5M7BhDX[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\G45IjEI[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: JPEG image data, baseline, precision 8, 1420x1080, frames 3


Entropy (8bit): 7.969189272688472

Encrypted: false

MD5: E6015E372A2DCCA952341F198D34F8E1

SHA1: 21E3B80BC60024D827557BFE2D30DEEE61E89BFB

SHA-256: 456631379D447C7C74D94DB93EFADEDC91F24A22C61ED3BD7B48EAC8A1A3EA9F

SHA-512: EC08FE574B5C6EF55D6D3EA65E21BBC5787B80718079F0F9AD8FA7673CF435506C61C163615537897E38EDF9C53A99D2EAED71BB771B2A429827151D26326598

Malicious: false

Reputation: low

Preview:......Adobe.d...............................................#$&$#.//22//@@@@@@@@@@@@@@@......................%.....%/"...."/*-&&&-*44//44@@>@@@@@@@@@@@@......8...."..................................................................................!1..AQ.aq"2...B....Rr#..b.3...S4...Cc$5...s..TD%..d...t6.....................!1..AQaq.."....2R.r3....Bb..#.S...4.C.c$.............?....N..lTQE.R.E....tc@*([email protected]........(..(..T|..P.}..j(.E:\h....J.(.....f.(.(...}(.D.5@R.,9..xS.h..L.3...H......F4cT.{.eO.e...@(4E8......`..T...t..T.)[email protected]........(..b..U(...)T.1@..(..h.H.@*QR..P.............qT....u ....R.....&[email protected]@:[email protected].([email protected]....*...(..([email protected].(..qDP.Q. *@....EL.F..QN....t...P.....E...".P..x...P........D[~QQ.P....j......6.m......;..X4Ua.....edm...a..h..dv+.\..kx...K.fm./.......ur....Y...NB...{[email protected]....]...?5wF.+..46....s....m.##.}t3)......\/;2..'...Z.U.H7....|.J..qsL..:guv...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\cdc_badge[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 15618

Entropy (8bit): 7.959546057755388

Encrypted: false

MD5: 3601AFF883A98B61E4C7099AAF2C9662

SHA1: AFB81744E50DA4609ACA55AE4D6A58DB1478BF58

SHA-256: 59ADEFE016E0F04C11750233CEFF574B744B96F45A4CD54637EB6A1AF6C5AB66

SHA-512: C6BB5EA5355462CFCD52ED47CF40E3A4100C110064658D1675200043E5EFBD8E1F6B45F0CFA68BBFDDF21FF346A58AAEAA0CC0F8596946D822617429E2422FB1

Malicious: false

Reputation: low

Preview:.PNG........IHDR.............1:V.....gAMA....|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0.R.....{.^Ea..`(..34.!...ED."HP..P$VD...T..$.(1.ET,oF.........o......Z..../...K......<....Qt.....`.).LVF._.{......!r._...zX..p..3.N....Y.|......9.,...8%K.......,f.%f.(A..9a..>.,....<...9..S.b...L!G....3..,....F.0.+.7..T.3...Il.pX."6.1...."....H._q.W,.d..rIK..s...t......A..d.p....&+..g.].R.......Y2...EE.4...4432..P.u.oJ..Ez...g.........`.j..-....-....b.8....o....M</..A...qVV....2.....O.....g$>...]9.La.....+-%M.g.3Y.......u..A.x....E.....K.......i<:...............Pc...u*@~..(.. ...]..o..0 ~y.*..s..7.g...%...9.%(....3........H.*[email protected]`[email protected]'8..K....n..`.L.g`......a!2D..!.H... .d..A.P....B....By.f..*...z....:....@..]h...~....L.............C.Up.......p%....;...5.6<.?.........."....G..x...G.....iE..>.&2.. oQ...EG..lQ..P......U..F.Fu.zQ7Qc.Y.G4....G......t...].nB../.o.'.1.......xb"1I.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\landing-watermark-16f13e16a7ef02fb6f94250aa1931ded83dbee5d9fad278e33dd5792d085194f[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text

Size (bytes): 1471

Entropy (8bit): 4.754611179426391

Encrypted: false

MD5: 15E89F9684B18EC43EE51F8D62A787C3

SHA1: 9CBAAACEAE96845ECD3497F41EE3B02588ABEC11

SHA-256: 16F13E16A7EF02FB6F94250AA1931DED83DBEE5D9FAD278E33DD5792D085194F

SHA-512: 79E0110A045F28437D192290AC9789270CB0D4E676A985564746DB439992D867BA89639D7738E2A7F7D83BBF37D9A02CAA2AE1DC4E0EE2519797E5840A47FABE

Malicious: false

Reputation: low


Preview:/* line 1, app/assets/stylesheets/landing-watermark.scss */..watermark {. -webkit-writing-mode: vertical-rl;. -ms-writing-mode: tb-rl;. writing-mode: vertical-rl;. text-orientation: sideways;.}../* line 4, app/assets/stylesheets/landing-watermark.scss */..watermark.left {. left: 0;.}../* line 7, app/assets/stylesheets/landing-watermark.scss */..watermark.right {. right: 0;.}../* line 10, app/assets/stylesheets/landing-watermark.scss */..watermark.top {. text-align: center;. -webkit-writing-mode: horizontal-tb;. -ms-writing-mode: lr-tb;. writing-mode: horizontal-tb;. top: -38px;.}../* line 15, app/assets/stylesheets/landing-watermark.scss */..watermark h1 {. -webkit-user-select: none;. -moz-user-select: none;. -ms-user-select: none;. user-select: none;. font-size: 15px;. color: #fdfdfa;. font-weight: bold;.}../* line 24, app/assets/stylesheets/landing-watermark.scss */.#template_sei .watermark.left {. margin-left: -10px;.}../* li

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\landing-watermark-16f13e16a7ef02fb6f94250aa1931ded83dbee5d9fad278e33dd5792d085194f[1].css

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\microsoft_logo[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe


Size (bytes): 1040

Entropy (8bit): 7.741613352296269

Encrypted: false

MD5: E4B675007DC6492EE590131D1F7DFBB3

SHA1: 9397E98E13074C09072F6A50E7267C612738C455

SHA-256: 988E349F2BF4E87154738C7B2C1FA86618713A8CFA0CEF60A046F5ADD89BD9DE

SHA-512: B880DB21F612F257FA94656D632D11FE63841493E7B0443EF8AB5CB753CAB717625D1873866C7DC00EC4596C1E148690B4C4231B0DD8636F4A86EEC33F6A0CF4

Malicious: false

Reputation: low

Preview:.PNG........IHDR...d.........6.9.....pHYs.................tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Y;n.@....\.....n.*..*.n.H.z..('...7}.Sm........s.yGx.<OHi..... ..]........,.?.}[email protected]./G..8t..5.._]].7...([email protected]...\.,..;.|..`d....CD...<B....d.ZTWx...R.......`...W..t...1^d....K`.E..N.).ob.o..%.9..O@:.%+.B./,.....+.\(....-...f.....<.....i~i]...I.&...v..'&.t...x.....|34..tJ......-a..c.g4..U..&........\....If.....M..S\O.h..).m].L.....3.4.....a.....g....i.;..0..F5....<.=.<[email protected]..}..o..8..q....[..x......L...<.'._lr..$........d....XO..z.....h.8..M."1.)4.c(@.(em...&..5.W$..r.[. .'...V..l.k:.NA^....YX...U..."}Z...a.......I!...?+.\.I......Z:F.....>'.j..i.9..>.....^uDa.]"_.?.eMi..\`K...U..PX.-.)ocJ..n@]..s*.#2.'...g.../.Am.YV.P.z...*.3...b.J..3S..R.....T].......;...!W|5|!.y..+..Kd*6.!....Zcl..?PU3.M.S.9.c0d....yh.........q.JSr..=$)I.....G(&..#.u`..Y.*.W.:0.D..)'[email protected]=..i..<..Y.h........b/.............}..pW.zC

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\modernizr-654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: HTML document, ASCII text

Size (bytes): 51365

Entropy (8bit): 4.63063774466206

Encrypted: false

MD5: 4FAE2A90728C528AA148C31466B7ED39

SHA1: 6BFC3FF0B0C367EA21003E42175486AE0B2B2BFC

SHA-256: 654222DEBE8018B12F1993CEDDFF30DC163A7D5008D79869C399D6D167321F97

SHA-512: 1B385498219AD468A9EDDB3D4D0747A91CA9F867C75F10715BFAA4BE369781B6788489A71350D9509AF7132AAC92A2B411E817E7928C782FA41E77DEBC0EE277

Malicious: false

Reputation: low

Preview:/*!. * Modernizr v2.7.1. * www.modernizr.com. *. * Copyright (c) Faruk Ates, Paul Irish, Alex Sexton. * Available under the BSD and MIT licenses: www.modernizr.com/license/. */../*. * Modernizr tests which native CSS3 and HTML5 features are available in. * the current UA and makes the results available to you in two ways:. * as properties on a global Modernizr object, and as classes on the. * <html> element. This information allows you to progressively enhance. * your pages with a granular level of control over the experience.. *. * Modernizr has an optional (not included) conditional resource loader. * called Modernizr.load(), based on Yepnope.js (yepnopejs.com).. * To get a build that includes Modernizr.load(), as well as choosing. * which tests to include, go to www.modernizr.com/download/. *. * Authors Faruk Ates, Paul Irish, Alex Sexton. * Contributors Ryan Seddon, Ben Alman. */...window.Modernizr = (function( window, document, undefined ) {.. var version = '2.7.1',..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PKAQFTEH\vendor-a6da5c38e4a40255d339[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File Type: ASCII text, with very long lines, with no line terminators


Entropy (8bit): 5.3004291652441475

Encrypted: false

MD5: E6B59B3D7B6A4FEC88A8DF37A3E369B6

SHA1: 5EE1B9542969661BD10348E2AD78D0E4202FBD37

SHA-256: 645B5E8FC5F6FDDDB0777D2680C3188725335F5476621C628DB1C49B8887BC02

SHA-512: F255E90E0C8EC9B9F188C8C9DDE3849C132745E5FCC7C89B4EF4EC7E339A058B73D293C4503E85A028CCB5C258791D257991E5EF65B104CEAA3BED20080ADB64

Malicious: false

Reputation: low

Preview:!function(t){var e={};function i(n){if(e[n])return e[n].exports;var r=e[n]={i:n,l:!1,exports:{}};return t[n].call(r.exports,r,r.exports,i),r.l=!0,r.exports}i.m=t,i.c=e,i.d=function(t,e,n){i.o(t,e)||Object.defineProperty(t,e,{enumerable:!0,get:n})},i.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},i.t=function(t,e){if(1&e&&(t=i(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var n=Object.create(null);if(i.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var r in t)i.d(n,r,function(e){return t[e]}.bind(null,r));return n},i.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return i.d(e,"a",e),e},i.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},i.p="/packs/",i(i.s=1216)}([,,,,,,,,,function(t,e,i){function n(t,e,i){var c,u,p,d,f=t&n.F,g=t&n.G,m=t&n.P

C:\Users\user\AppData\Local\Temp\~DF357EF3C3770B6933.TMPProcess: C:\Program Files\internet explorer\iexplore.exe


File Type: data

Size (bytes): 25441

Entropy (8bit): 0.2885044112543459

Encrypted: false

MD5: 5EA2BC490F0118B429DD1C54863559A5

SHA1: E1C6CBC12FD8D32E132CE32EEEB70309298BACDF

SHA-256: EB55C7C32E588D6EB2701BDEE46022DF92D10BB3B1EB549865A464422A450B95

SHA-512: 6D2645925221DF4056734D16DFABA7394523DD5CC9DC9A962C33DD0419323A8B8F85548472F31415A218D72CB542EE9FE43762DDF737C4C2A4ADFDF910F802C5

Malicious: false

Reputation: low

Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF357EF3C3770B6933.TMP

C:\Users\user\AppData\Local\Temp\~DF5D503E65E2666DEB.TMPProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: data

Size (bytes): 53901

Entropy (8bit): 1.082387278326424

Encrypted: false

MD5: 4F6044985E6833810DBBE267D83FB49E

SHA1: B7AED75A98BD766D188E330019CD047EB8E626CD

SHA-256: 69AB5859C306CDFEEAE90EA0E0D2D015A8A0CA7A3EB6FEFB53353DE719AC6370

SHA-512: A921D650AF074CB66315CB6B73668E88A91BF3A5A2A9CE2792F6605A8D23A77824885DC0D33157291B9C42FB77A5D269A0FED7C1EE77B4B1CF8D4861628C01F1

Malicious: false

Reputation: low

Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFFC67F01ACB13F7F4.TMPProcess: C:\Program Files\internet explorer\iexplore.exe

File Type: data

Size (bytes): 13029

Entropy (8bit): 0.480975985298636

Encrypted: false

MD5: 1507E8CE45A22ED0C142FEACBFE50A42

SHA1: 8C9CE422B1BA160C26F276635D33D3696253BC74

SHA-256: 54AC4A82D39A0F884E8FDA8931BEDAA492180D4BD678398105FAE226F0174AED

SHA-512: 768EEFD7CF0451B4A86C33AE456D516DEC5AC46106065E7CA55DD18652F04E8E898B0E1E0EE5614F7A105578299B4C3BAF737CF5B226C9BD8ADEA14DBBD87C07

Malicious: false

Reputation: low

Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Name IP Active Malicious Antivirus Detection Reputation

landing.training.knowbe4.com 54.175.123.26 true false high

ipv4.imgur.map.fastly.net 151.101.12.193 true false 0%, Virustotal, Browse low

secure.aadcdn.microsoftonline-p.com unknown unknown false 0%, Virustotal, Browse unknown

www.cdc.gov unknown unknown false high

submit.protected-forms.com unknown unknown false 0%, Virustotal, Browse unknown

i.imgur.com unknown unknown false high

cardpayments.microransom.us unknown unknown false 1%, Virustotal, Browse unknown

Domains and IPs

Contacted Domains


https://www.virustotal.com/url/79dab10c23399200facf3b1772cd231e39f4e6612b1cb43adb307f111797a7e8/analysis/1583326119/

https://www.virustotal.com/url/0bb7bbbad33bf87bf8ca6dd9b59baccb7fe7871feb0441c2bd4d286442af0b12/analysis/1583410290/

https://www.virustotal.com/url/10291272ef83a982a83cdef8a2b45a1958058958f209e5936aa73a77c7f58c9a/analysis/1562617999/

https://www.virustotal.com/url/e4afb21aaacaad9751299811ddd921ff3c59049cb25938a647e05c3b0af0aa5c/analysis/1583426643/

Name Source Malicious Antivirus Detection Reputation

api.jqueryui.com/slide-effect/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://github.com/moment/moment/issues/1423 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://github.com/chartjs/Chart.js/pull/4507 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

stackoverflow.com/a/32954565/96342 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://github.com/madrobby/zepto/blob/master/src/zepto.jsapplication-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://stackoverflow.com/questions/30464750/chartjs-line-chart-set-background-color

application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://github.com/chartjs/Chart.js/issues/5597 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

stackoverflow.com/a/26707753 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://github.com/jquery/jquery-color application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://github.com/select2/select2/blob/master/LICENSE.mdapplication-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

api.jqueryui.com/jQuery.widget/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

blog.jquery.com/2012/08/09/jquery-1-8-released/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

codereview.stackexchange.com/q/13338 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://bugzilla.mozilla.org/show_bug.cgi?id=561664 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

dev.w3.org/csswg/cssom/#resolved-values application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://submit.protect {3DDC76F8-5F07-11EA-AAE3-9CC1A2A860C6}.dat.1.dr

false Avira URL Cloud: safe unknown

https://caniuse.com/download application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high


false high

dev.w3.org/csswg/css-color/#hwb-to-rgb application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon


false high

www.apache.org/licenses/LICENSE-2.0) application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://github.com/kriskowal/es5-shim/blob/master/es5-shim.js

modernizr-654222debe8018b12f1993ceddff30dc163a7d5008d79869c399d6d167321f97[1].js.2.dr

false high

api.jqueryui.com/button/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high


false high

https://blog.alexmaccaw.com/css-transitions application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

URLs from Memory and Binaries


https://github.com/bassjobsen/Bootstrap-3-Typeahead application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://getbootstrap.com/docs/3.4/javascript/#transitions application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high


false high

bugs.jquery.com/ticket/9917 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

www.reddit.com/ msapplication.xml5.1.dr false high

api.jqueryui.com/size-effect/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://github.com/Do/iso8601.js application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/addEventListener#Safely_detecting_optio


false high

momentjs.com/guides/#/warnings/zone/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high


false high

https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/removeEventListener


false high

https://w3c.github.io/IntersectionObserver/#intersection-observer-interface


false URL Reputation: safe low

creativecommons.org/licenses/by/3.0/) application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

docs.closure-library.googlecode.com/git/closure_goog_date_date.js.source.html


false 0%, Virustotal, BrowseAvira URL Cloud: safe

low

https://www.nathanaeljones.com/blog/2013/reading-max-width-cross-browser



https://github.com/truckingsim/Ajax-Bootstrap-Select application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high


false high

https://getbootstrap.com/docs/3.4/javascript/#tooltip application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high


false high

jsperf.com/diacritics/18 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

api.jqueryui.com/category/ui-core/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://github.com/twbs/bootstrap/issues/20280 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high


false high

https://getbootstrap.com/docs/3.4/javascript/#modals application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://github.com/chartjs/Chart.js/issues/2435#issuecomment-216718158


false high

https://stackoverflow.com/q/181348 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://getbootstrap.com/docs/3.4/javascript/#collapse application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high



https://www.virustotal.com/url/009a98a50715d147e031c4aea2580b7f5713248f6e834cdc9fdce7e376280b88/analysis/1440666355/

https://www.anujgakhar.com/2014/03/01/binary-search-in-javascript/


false Avira URL Cloud: safe low


false high

https://github.com/kkapsner/CanvasBlocker application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://https.protected-forms.com/pages/607e1759c7f3a XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw[1].htm0.2.dr, {3DDC76F8-5F07-11EA-AAE3-9CC1A2A860C6}.dat.1.dr


https://www.cdc.gov/TemplatePackage/contrib/widgets/images/cdc_badge.png

XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw[1].htm0.2.dr

false high

www.robertpenner.com/easing/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false 0%, Virustotal, BrowseURL Reputation: safe

low

https://w3c.github.io/IntersectionObserver/#calculate-intersection-rect-algo




false high

https://getbootstrap.com/docs/3.4/javascript/#scrollspy application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://github.com/w3c/IntersectionObserver/issues/211 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://github.com/twbs/bootstrap/blob/master/LICENSE) application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

flightschool.acylt.com/devnotes/caret-position-woes/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false URL Reputation: safe unknown

api.jqueryui.com/transfer-effect/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://github.com/rails/jquery-ujs application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://stackoverflow.com/questions/8506881/nice-label-algorithm-for-charts-with-minimum-ticks


false high


false high

https://github.com/marcj/css-element-queries application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

www.robertpenner.com/easing) application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false 0%, Virustotal, BrowseURL Reputation: safe

low

momentjs.com/guides/#/warnings/min-max/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://github.com/truckingsim/Ajax-Bootstrap-Select/issues/155


false high

https://github.com/truckingsim/Ajax-Bootstrap-Select/issues/156


false high

https://github.com/truckingsim application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high


false high



https://www.virustotal.com/url/291c2b7ce63a84700e1d1875c30e4ae640051afaef8944768d5b001debf9fa72/analysis/1421826346/

https://www.virustotal.com/url/17e3233e91b6cc3c3e81e358d6e40899f02f66cd94f086b1b54f5486bff72af5/analysis/1419530393/

https://stackoverflow.com/q/3922139 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

api.jqueryui.com/drop-effect/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

www.amazon.com/ msapplication.xml.1.dr false high

stackoverflow.com/questions/846221/logarithmic-slider application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

www.twitter.com/ msapplication.xml6.1.dr false high

jsperf.com/getall-vs-sizzle/2 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://getbootstrap.com/docs/3.4/javascript/#buttons application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://secure.aadcdn.microsoftonline-p.com/ests/2.1.4653.2/content/images/microsoft_logo.png

XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw[1].htm0.2.dr

false 0%, Virustotal, BrowseAvira URL Cloud: safe

unknown

https://github.com/jquery/jquery/pull/557) application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://www.html5canvastutorials.com/advanced/html5-canvas-mouse-coordinates/


false high

api.jqueryui.com/menu/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://getbootstrap.com/docs/3.4/javascript/#alerts application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high


false high

api.jqueryui.com/category/effects-core/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high


false high

https://chartjs.gitbooks.io/proposals/content/Platform.htmlapplication-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

api.jqueryui.com/dialog/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://w3c.github.io/IntersectionObserver/#intersection-observer-entry



api.jqueryui.com/shake-effect/ application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

www.nytimes.com/ msapplication.xml4.1.dr false high

https://github.com/Microsoft/tslib/blob/v1.6.0/tslib.js application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://stackoverflow.com/questions/10149963/adding-event-listener-cross-browser


false high

https://github.com/markcarver application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high

https://submit.protectcroransom.us/XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQt

{3DDC76F8-5F07-11EA-AAE3-9CC1A2A860C6}.dat.1.dr


https://github.com/imulus/retinajs/issues/8 application-fde3c8b694424902e64c29a427a46b6ef3c593f1ffefbdd989847b4f1b8b2310[1].js.2.dr

false high


Contacted IPs


https://www.virustotal.com/url/3665e40604050c2b61e29bfaf08c70e4bfa7551dee7cfaa7e2fd69e4fe6a0055/analysis/1527264225/

Static File Info

No static file info

Network Port Distribution

Total Packets: 72

• 53 (DNS)

• 443 (HTTPS)

• 80 (HTTP)

No. of IPs < 25%

25% < No. of IPs < 50%

50% < No. of IPs < 75%

75% < No. of IPs

IP Country Flag ASN ASN Name Malicious

52.72.211.130 United States 14618 unknown false



Network Behavior

Public


Timestamp Source Port Dest Port Source IP Dest IP

Mar 5, 2020 18:32:17.798790932 CET 49868 80 192.168.2.6 54.175.123.26

Mar 5, 2020 18:32:17.800245047 CET 49869 80 192.168.2.6 54.175.123.26

Mar 5, 2020 18:32:17.896975994 CET 80 49868 54.175.123.26 192.168.2.6

Mar 5, 2020 18:32:17.897263050 CET 49868 80 192.168.2.6 54.175.123.26

Mar 5, 2020 18:32:17.898238897 CET 49868 80 192.168.2.6 54.175.123.26

Mar 5, 2020 18:32:17.900656939 CET 80 49869 54.175.123.26 192.168.2.6

Mar 5, 2020 18:32:17.901170969 CET 49869 80 192.168.2.6 54.175.123.26

Mar 5, 2020 18:32:17.996350050 CET 80 49868 54.175.123.26 192.168.2.6

Mar 5, 2020 18:32:18.245170116 CET 80 49868 54.175.123.26 192.168.2.6

Mar 5, 2020 18:32:18.245193005 CET 80 49868 54.175.123.26 192.168.2.6

Mar 5, 2020 18:32:18.249054909 CET 49868 80 192.168.2.6 54.175.123.26

Mar 5, 2020 18:32:18.858881950 CET 49871 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:18.873951912 CET 49870 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:18.957015038 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:18.963874102 CET 49871 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:18.971785069 CET 443 49870 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:18.980437994 CET 49870 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:18.990631104 CET 49871 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:18.991415024 CET 49870 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.088773012 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.089198112 CET 443 49870 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.089966059 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.090145111 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.090154886 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.090162039 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.090171099 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.090385914 CET 443 49870 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.090396881 CET 443 49870 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.090404034 CET 443 49870 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.090411901 CET 443 49870 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.090419054 CET 443 49870 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.090939045 CET 49871 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.091039896 CET 49870 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.139651060 CET 49871 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.140045881 CET 49870 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.151316881 CET 49871 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.152050972 CET 49871 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.152219057 CET 49870 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.237958908 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.238106966 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.238127947 CET 443 49870 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.238290071 CET 443 49870 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.244887114 CET 49871 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.244972944 CET 49870 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.246470928 CET 49871 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.248181105 CET 49870 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.249403954 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.250006914 CET 443 49870 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.261004925 CET 49871 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.261060953 CET 49870 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.288105011 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.288129091 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.288149118 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.288166046 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.288178921 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.296346903 CET 49871 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.313908100 CET 49871 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.316286087 CET 49871 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.316728115 CET 49871 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.317161083 CET 49871 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.385253906 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.388989925 CET 443 49870 52.72.211.130 192.168.2.6

TCP Packets


Mar 5, 2020 18:32:19.390655994 CET 49874 443 192.168.2.6 151.101.12.193

Mar 5, 2020 18:32:19.391753912 CET 49875 443 192.168.2.6 151.101.12.193

Mar 5, 2020 18:32:19.411109924 CET 443 49874 151.101.12.193 192.168.2.6

Mar 5, 2020 18:32:19.412008047 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.412327051 CET 443 49875 151.101.12.193 192.168.2.6

Mar 5, 2020 18:32:19.414304018 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.414688110 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.414712906 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.414727926 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.414738894 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.414772034 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.414793015 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.414808989 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.414828062 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.414844036 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.414958000 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.414973974 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.415333033 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.415824890 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.415848970 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.415966034 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.415987015 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.416003942 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.416023016 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.416033030 CET 443 49871 52.72.211.130 192.168.2.6

Mar 5, 2020 18:32:19.420058012 CET 49874 443 192.168.2.6 151.101.12.193

Mar 5, 2020 18:32:19.420105934 CET 49871 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.420183897 CET 49875 443 192.168.2.6 151.101.12.193

Mar 5, 2020 18:32:19.433974981 CET 49871 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.446726084 CET 49875 443 192.168.2.6 151.101.12.193

Mar 5, 2020 18:32:19.447251081 CET 49874 443 192.168.2.6 151.101.12.193

Mar 5, 2020 18:32:19.449129105 CET 49871 443 192.168.2.6 52.72.211.130

Mar 5, 2020 18:32:19.467281103 CET 443 49875 151.101.12.193 192.168.2.6

Mar 5, 2020 18:32:19.467749119 CET 443 49874 151.101.12.193 192.168.2.6

Mar 5, 2020 18:32:19.470125914 CET 443 49874 151.101.12.193 192.168.2.6

Mar 5, 2020 18:32:19.470148087 CET 443 49874 151.101.12.193 192.168.2.6

Mar 5, 2020 18:32:19.470504045 CET 443 49874 151.101.12.193 192.168.2.6

Mar 5, 2020 18:32:19.470685005 CET 443 49875 151.101.12.193 192.168.2.6



Mar 5, 2020 18:32:11.665510893 CET 56164 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:11.700239897 CET 53 56164 8.8.8.8 192.168.2.6

Mar 5, 2020 18:32:17.746396065 CET 52639 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:17.784657955 CET 53 52639 8.8.8.8 192.168.2.6

Mar 5, 2020 18:32:18.797174931 CET 49253 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:18.837444067 CET 53 49253 8.8.8.8 192.168.2.6

Mar 5, 2020 18:32:19.326378107 CET 62981 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:19.343367100 CET 57632 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:19.359961987 CET 53 62981 8.8.8.8 192.168.2.6

Mar 5, 2020 18:32:19.380549908 CET 53 57632 8.8.8.8 192.168.2.6

Mar 5, 2020 18:32:19.382976055 CET 56595 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:19.414227962 CET 52626 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:19.417556047 CET 53 56595 8.8.8.8 192.168.2.6

Mar 5, 2020 18:32:19.448956013 CET 53 52626 8.8.8.8 192.168.2.6

Mar 5, 2020 18:32:34.723143101 CET 60828 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:34.771647930 CET 53 60828 8.8.8.8 192.168.2.6

Mar 5, 2020 18:32:41.646348953 CET 58528 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:41.680030107 CET 53 58528 8.8.8.8 192.168.2.6

Mar 5, 2020 18:32:42.202629089 CET 56442 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:42.236156940 CET 53 56442 8.8.8.8 192.168.2.6

Mar 5, 2020 18:32:42.864155054 CET 58528 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:42.897784948 CET 53 58528 8.8.8.8 192.168.2.6

UDP Packets


Mar 5, 2020 18:32:43.194410086 CET 56442 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:43.228064060 CET 53 56442 8.8.8.8 192.168.2.6

Mar 5, 2020 18:32:44.532155991 CET 56442 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:44.536592960 CET 58528 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:44.561945915 CET 53 58528 8.8.8.8 192.168.2.6

Mar 5, 2020 18:32:44.565819979 CET 53 56442 8.8.8.8 192.168.2.6

Mar 5, 2020 18:32:46.887409925 CET 56442 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:46.913017988 CET 53 56442 8.8.8.8 192.168.2.6

Mar 5, 2020 18:32:47.035861015 CET 58528 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:47.069421053 CET 53 58528 8.8.8.8 192.168.2.6

Mar 5, 2020 18:32:50.887967110 CET 56442 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:50.923654079 CET 53 56442 8.8.8.8 192.168.2.6

Mar 5, 2020 18:32:51.042659998 CET 58528 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:51.076320887 CET 53 58528 8.8.8.8 192.168.2.6

Mar 5, 2020 18:32:51.741703987 CET 50566 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:51.767047882 CET 53 50566 8.8.8.8 192.168.2.6

Mar 5, 2020 18:32:52.748507023 CET 50566 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:52.773802996 CET 53 50566 8.8.8.8 192.168.2.6

Mar 5, 2020 18:32:53.753449917 CET 50566 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:53.778856993 CET 53 50566 8.8.8.8 192.168.2.6

Mar 5, 2020 18:32:55.830307007 CET 50566 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:55.855667114 CET 53 50566 8.8.8.8 192.168.2.6

Mar 5, 2020 18:32:59.827959061 CET 50566 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:32:59.853387117 CET 53 50566 8.8.8.8 192.168.2.6

Mar 5, 2020 18:34:03.905637026 CET 63642 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:34:03.931004047 CET 53 63642 8.8.8.8 192.168.2.6

Mar 5, 2020 18:34:04.917284012 CET 63642 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:34:04.942586899 CET 53 63642 8.8.8.8 192.168.2.6

Mar 5, 2020 18:34:05.941621065 CET 63642 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:34:05.966892004 CET 53 63642 8.8.8.8 192.168.2.6

Mar 5, 2020 18:34:06.895236969 CET 55500 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:34:06.936671972 CET 53 55500 8.8.8.8 192.168.2.6

Mar 5, 2020 18:34:07.911479950 CET 55500 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:34:07.943634987 CET 63642 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:34:07.960453033 CET 53 55500 8.8.8.8 192.168.2.6

Mar 5, 2020 18:34:07.969115019 CET 53 63642 8.8.8.8 192.168.2.6

Mar 5, 2020 18:34:08.921179056 CET 55500 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:34:08.954937935 CET 53 55500 8.8.8.8 192.168.2.6

Mar 5, 2020 18:34:11.149825096 CET 55500 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:34:11.185880899 CET 53 55500 8.8.8.8 192.168.2.6

Mar 5, 2020 18:34:11.943869114 CET 63642 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:34:11.969229937 CET 53 63642 8.8.8.8 192.168.2.6

Mar 5, 2020 18:34:15.166383028 CET 55500 53 192.168.2.6 8.8.8.8

Mar 5, 2020 18:34:15.199979067 CET 53 55500 8.8.8.8 192.168.2.6


Timestamp Source IP Dest IP Trans ID OP Code Name Type Class

Mar 5, 2020 18:32:17.746396065 CET 192.168.2.6 8.8.8.8 0x8feb Standard query (0)

cardpayments.microransom.us

A (IP address) IN (0x0001)

Mar 5, 2020 18:32:18.797174931 CET 192.168.2.6 8.8.8.8 0x6c0a Standard query (0)

submit.protected-forms.com


Mar 5, 2020 18:32:19.343367100 CET 192.168.2.6 8.8.8.8 0xc374 Standard query (0)

i.imgur.com A (IP address) IN (0x0001)

Mar 5, 2020 18:32:19.382976055 CET 192.168.2.6 8.8.8.8 0x42f8 Standard query (0)

www.cdc.gov A (IP address) IN (0x0001)

Mar 5, 2020 18:32:19.414227962 CET 192.168.2.6 8.8.8.8 0xd11b Standard query (0)

secure.aadcdn.microsoftonline-p.com


Mar 5, 2020 18:32:34.723143101 CET 192.168.2.6 8.8.8.8 0x274a Standard query (0)

submit.protected-forms.com


DNS Queries

DNS Answers


Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

Mar 5, 2020 18:32:17.784657955 CET

8.8.8.8 192.168.2.6 0x8feb No error (0) cardpayments.microransom.us

landing.training.knowbe4.com

CNAME (Canonical name)

IN (0x0001)

Mar 5, 2020 18:32:17.784657955 CET

8.8.8.8 192.168.2.6 0x8feb No error (0) landing.training.knowbe4.com

54.175.123.26 A (IP address) IN (0x0001)

Mar 5, 2020 18:32:17.784657955 CET


35.174.160.131 A (IP address) IN (0x0001)

Mar 5, 2020 18:32:17.784657955 CET


54.86.187.243 A (IP address) IN (0x0001)

Mar 5, 2020 18:32:17.784657955 CET


52.0.116.226 A (IP address) IN (0x0001)

Mar 5, 2020 18:32:17.784657955 CET


54.172.155.14 A (IP address) IN (0x0001)

Mar 5, 2020 18:32:17.784657955 CET


52.72.211.130 A (IP address) IN (0x0001)

Mar 5, 2020 18:32:18.837444067 CET

8.8.8.8 192.168.2.6 0x6c0a No error (0) submit.protected-forms.com



IN (0x0001)

Mar 5, 2020 18:32:18.837444067 CET

8.8.8.8 192.168.2.6 0x6c0a No error (0) landing.training.knowbe4.com

52.72.211.130 A (IP address) IN (0x0001)

Mar 5, 2020 18:32:18.837444067 CET


52.0.116.226 A (IP address) IN (0x0001)

Mar 5, 2020 18:32:18.837444067 CET


54.172.155.14 A (IP address) IN (0x0001)

Mar 5, 2020 18:32:18.837444067 CET


54.175.123.26 A (IP address) IN (0x0001)

Mar 5, 2020 18:32:18.837444067 CET


54.86.187.243 A (IP address) IN (0x0001)

Mar 5, 2020 18:32:18.837444067 CET


35.174.160.131 A (IP address) IN (0x0001)

Mar 5, 2020 18:32:19.380549908 CET

8.8.8.8 192.168.2.6 0xc374 No error (0) i.imgur.com ipv4.imgur.map.fastly.net CNAME (Canonical name)

IN (0x0001)

Mar 5, 2020 18:32:19.380549908 CET

8.8.8.8 192.168.2.6 0xc374 No error (0) ipv4.imgur.map.fastly.net

151.101.12.193 A (IP address) IN (0x0001)

Mar 5, 2020 18:32:19.417556047 CET

8.8.8.8 192.168.2.6 0x42f8 No error (0) www.cdc.gov www.cdc.gov.edgekey.net


IN (0x0001)

Mar 5, 2020 18:32:19.448956013 CET

8.8.8.8 192.168.2.6 0xd11b No error (0) secure.aadcdn.microsoftonline-p.com

secure.aadcdn.microsoftonline-p.com.edgekey.net


IN (0x0001)

Mar 5, 2020 18:32:34.771647930 CET

8.8.8.8 192.168.2.6 0x274a No error (0) submit.protected-forms.com



IN (0x0001)

Mar 5, 2020 18:32:34.771647930 CET

8.8.8.8 192.168.2.6 0x274a No error (0) landing.training.knowbe4.com

35.174.160.131 A (IP address) IN (0x0001)

Mar 5, 2020 18:32:34.771647930 CET


52.0.116.226 A (IP address) IN (0x0001)

Mar 5, 2020 18:32:34.771647930 CET


54.175.123.26 A (IP address) IN (0x0001)

Mar 5, 2020 18:32:34.771647930 CET


54.172.155.14 A (IP address) IN (0x0001)

Mar 5, 2020 18:32:34.771647930 CET


52.72.211.130 A (IP address) IN (0x0001)

Mar 5, 2020 18:32:34.771647930 CET


54.86.187.243 A (IP address) IN (0x0001)

HTTP Request Dependency Graph


cardpayments.microransom.us

Session ID Source IP Source Port Destination IP Destination Port Process

0 192.168.2.6 49868 54.175.123.26 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe

TimestampkBytestransferred Direction Data

Mar 5, 2020 18:32:17.898238897 CET

1 OUT GET /XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: cardpayments.microransom.usConnection: Keep-Alive

Mar 5, 2020 18:32:18.245170116 CET

2 IN HTTP/1.1 200 OKDate: Thu, 05 Mar 2020 17:32:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveReferrer-Policy: no-referrer-when-downgradeX-Frame-Options: SAMEORIGINETag: W/"f436c63ebf2b0f17e700bc091b92d26e"Cache-Control: max-age=0, private, must-revalidateContent-Security-Policy: X-Request-Id: b3619323-96df-479a-a877-22c49a13c67aX-Runtime: 0.247000Data Raw: 31 34 36 0d 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 68 74 74 70 73 3a 2f 2f 73 75 62 6d 69 74 2e 70 72 6f 74 65 63 74 65 64 2d 66 6f 72 6d 73 2e 63 6f 6d 2f 70 61 67 65 73 2f 39 65 63 39 31 37 35 39 65 38 61 38 39 2f 58 59 57 4e 66 30 61 57 39 75 50 57 77 4e 73 61 57 4e 72 4a 6e 65 56 79 62 44 31 6f 6e 64 64 48 52 77 6f 63 7a 6f 76 4c 33 4e 31 6f 59 6d 77 31 70 64 43 35 77 63 6d 39 30 5a 57 4e 30 5a 57 51 74 68 5a 6d 39 79 62 58 4d 75 59 32 39 74 4c 33 42 68 5a 32 56 7a 4c 7a 6c 6c 59 7a 6b 78 4e 7a 55 35 5a 54 68 68 4f 44 6b 6d 63 6d 56 6a 61 58 42 70 5a 57 35 30 58 32 6c 6b 50 54 55 34 4d 6a 51 35 4f 44 6b 35 4f 53 5a 6a 59 57 31 77 59 57 6c 6e 62 6c 39 79 64 57 35 66 61 57 51 39 4d 6a 67 35 4d 54 63 31 4d 77 27 3b 3c 2f 73 63 72 69 70 74 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: 146<html> <head> <script>window.location.href = 'https://submit.protected-forms.com/pages/9ec91759e8a89/XYWNf0aW9uPWwNsaWNrJneVybD1onddHRwoczovL3N1oYmw1pdC5wcm90ZWN0ZWQthZm9ybXMuY29tL3BhZ2VzLzllYzkxNzU5ZThhODkmcmVjaXBpZW50X2lkPTU4MjQ5ODk5OSZjYW1wYWlnbl9ydW5faWQ9Mjg5MTc1Mw';</script> </head> <body> </body></html>

Timestamp Source IPSourcePort Dest IP

DestPort Subject Issuer

NotBefore

NotAfter

JA3 SSL ClientFingerprint JA3 SSL Client Digest

Mar 5, 2020 18:32:19.090162039 CET

52.72.211.130 443 192.168.2.6 49871 CN=authentlcation.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Fri Nov 22 01:00:00 CET 2019 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009

Tue Dec 22 13:00:00 CET 2020 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US

CN=Amazon Root CA 1, O=Amazon, C=US

Thu Oct 22 02:00:00 CEST 2015

Sun Oct 19 02:00:00 CEST 2025


CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

Mon May 25 14:00:00 CEST 2015

Thu Dec 31 02:00:00 CET 2037

HTTP Packets

HTTPS Packets


Code Manipulations


OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Wed Sep 02 02:00:00 CEST 2009

Wed Jun 28 19:39:16 CEST 2034

Mar 5, 2020 18:32:19.090411901 CET

52.72.211.130 443 192.168.2.6 49870 CN=authentlcation.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Fri Nov 22 01:00:00 CET 2019 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009

Tue Dec 22 13:00:00 CET 2020 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=Amazon, OU=Server CA 1B, O=Amazon, C=US


Thu Oct 22 02:00:00 CEST 2015

Sun Oct 19 02:00:00 CEST 2025



Mon May 25 14:00:00 CEST 2015

Thu Dec 31 02:00:00 CET 2037


OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

Wed Sep 02 02:00:00 CEST 2009

Wed Jun 28 19:39:16 CEST 2034

Mar 5, 2020 18:32:19.470504045 CET

151.101.12.193 443 192.168.2.6 49874 CN=*.imgur.com, O="Imgur, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US

CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Wed Jan 15 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013

Wed Mar 16 13:00:00 CET 2022 Wed Mar 08 13:00:00 CET 2023

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US

CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Fri Mar 08 13:00:00 CET 2013

Wed Mar 08 13:00:00 CET 2023

Mar 5, 2020 18:32:19.470865965 CET

151.101.12.193 443 192.168.2.6 49875 CN=*.imgur.com, O="Imgur, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US

CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Wed Jan 15 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013

Wed Mar 16 13:00:00 CET 2022 Wed Mar 08 13:00:00 CET 2023

771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0

9e10692f1b7f78228b2d4e424db3a98c

CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US

CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Fri Mar 08 13:00:00 CET 2013

Wed Mar 08 13:00:00 CET 2023

Timestamp Source IPSourcePort Dest IP

DestPort Subject Issuer

NotBefore

NotAfter

JA3 SSL ClientFingerprint JA3 SSL Client Digest


Statistics

StatisticsBehavior

• iexplore.exe

• iexplore.exe

• ssvagent.exe

Click to jump to process

System Behavior

File ActivitiesFile Activities

Registry ActivitiesRegistry Activities


Start date: 05/03/2020

Path: C:\Program Files\internet explorer\iexplore.exe

Wow64 process (32bit): false

Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Imagebase: 0x7ff7b8120000

File size: 823560 bytes

MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596

Has administrator privileges: false

Programmed in: C, C++ or other language

Reputation: low

File Path Access Attributes Options Completion CountSourceAddress Symbol

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

File Path Offset Length Completion CountSourceAddress Symbol

Key Path Completion CountSourceAddress Symbol

Key Path Name Type Data Completion CountSourceAddress Symbol

Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol

Analysis Process: iexplore.exe PID: 1352 Parent PID: 700Analysis Process: iexplore.exe PID: 1352 Parent PID: 700

General


File ActivitiesFile Activities




Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Wow64 process (32bit): true

Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1352 CREDAT:17410 /prefetch:2

Imagebase: 0xd00000


MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A



Reputation: low

File Path Access Attributes Options Completion CountSourceAddress Symbol

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

File Path Offset Length Completion CountSourceAddress Symbol







Path: C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssvagent.exe

Wow64 process (32bit): true

Commandline: 'C:\PROGRA~2\Java\JRE18~1.0_1\bin\ssvagent.exe' -new

Imagebase: 0x1310000


MD5 hash: 64338C266AE1E640E4D8CCE50FA9DF9F



Reputation: low




Analysis Process: iexplore.exe PID: 3608 Parent PID: 1352Analysis Process: iexplore.exe PID: 3608 Parent PID: 1352

General

Analysis Process: ssvagent.exe PID: 4576 Parent PID: 3608Analysis Process: ssvagent.exe PID: 4576 Parent PID: 3608

General


Disassembly


Version: 28.0.0 Lapis Lazuli

Documents

Transcript of Version: 28.0.0 Lapis Lazuli