Create Interactive Tour

Analysis Report http://ipv4.icanhazip.com

Overview

General Information

Sample URL:http://ipv4.icanhazip.com
Analysis ID:367953
Infos:

Most interesting Screenshot:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • iexplore.exe (PID: 844 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 3100 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:844 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: ipv4.icanhazip.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: ipv4.icanhazip.comConnection: Keep-AliveCookie: __cfduid=d4d646f97c5a35c6535190cb3780105ec1615564270
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1User-Agent: AutoItHost: ipv4.icanhazip.comCookie: __cfduid=d4d646f97c5a35c6535190cb3780105ec1615564270
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x07a9a528,0x01d717a3</date><accdate>0x07a9a528,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x07a9a528,0x01d717a3</date><accdate>0x07a9a528,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x07ae69ba,0x01d717a3</date><accdate>0x07ae69ba,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x07ae69ba,0x01d717a3</date><accdate>0x07ae69ba,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x07b0cc36,0x01d717a3</date><accdate>0x07b0cc36,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x07b0cc36,0x01d717a3</date><accdate>0x07b0cc36,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: unknownDNS traffic detected: queries for: ipv4.icanhazip.com
Source: ~DFA12EB08063DFD88D.TMP.1.drString found in binary or memory: http://ipv4.icanhazip.com/
Source: {32292860-8396-11EB-90E5-ECF4BB570DC9}.dat.1.drString found in binary or memory: http://ipv4.icanhazip.com/Root
Source: msapplication.xml.1.drString found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.1.drString found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.drString found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.drString found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.drString found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.drString found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.drString found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.drString found in binary or memory: http://www.youtube.com/
Source: classification engineClassification label: clean0.win@3/17@2/1
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3229285E-8396-11EB-90E5-ECF4BB570DC9}.datJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF1926D1958D5DB194.TMPJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:844 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:844 CREDAT:17410 /prefetch:2Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Masquerading1OS Credential DumpingFile and Directory Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumNon-Application Layer Protocol2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothApplication Layer Protocol2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationIngress Tool Transfer1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 367953 URL: http://ipv4.icanhazip.com Startdate: 12/03/2021 Architecture: WINDOWS Score: 0 11 ipv4.icanhazip.com 2->11 6 iexplore.exe 1 73 2->6         started        process3 process4 8 iexplore.exe 2 32 6->8         started        dnsIp5 13 ipv4.icanhazip.com 172.67.71.9, 49718, 49719, 49721 CLOUDFLARENETUS United States 8->13

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand
SourceDetectionScannerLabelLink
http://ipv4.icanhazip.com0%VirustotalBrowse
http://ipv4.icanhazip.com0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://www.wikipedia.com/0%URL Reputationsafe
http://www.wikipedia.com/0%URL Reputationsafe
http://www.wikipedia.com/0%URL Reputationsafe
http://www.wikipedia.com/0%URL Reputationsafe

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
ipv4.icanhazip.com
172.67.71.9
truefalse
    high
    NameMaliciousAntivirus DetectionReputation
    http://ipv4.icanhazip.com/favicon.icofalse
      high
      http://ipv4.icanhazip.com/false
        high
        http://ipv4.icanhazip.com/false
          high
          NameSourceMaliciousAntivirus DetectionReputation
          http://www.wikipedia.com/msapplication.xml6.1.drfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          unknown
          http://www.amazon.com/msapplication.xml.1.drfalse
            high
            http://www.nytimes.com/msapplication.xml3.1.drfalse
              high
              http://www.live.com/msapplication.xml2.1.drfalse
                high
                http://www.reddit.com/msapplication.xml4.1.drfalse
                  high
                  http://www.twitter.com/msapplication.xml5.1.drfalse
                    high
                    http://ipv4.icanhazip.com/Root{32292860-8396-11EB-90E5-ECF4BB570DC9}.dat.1.drfalse
                      high
                      http://www.youtube.com/msapplication.xml7.1.drfalse
                        high
                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs
                        IPDomainCountryFlagASNASN NameMalicious
                        172.67.71.9
                        ipv4.icanhazip.comUnited States
                        13335CLOUDFLARENETUSfalse

                        General Information

                        Joe Sandbox Version:31.0.0 Emerald
                        Analysis ID:367953
                        Start date:12.03.2021
                        Start time:16:50:19
                        Joe Sandbox Product:CloudBasic
                        Overall analysis duration:0h 3m 1s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:browseurl.jbs
                        Sample URL:http://ipv4.icanhazip.com
                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                        Number of analysed new started processes analysed:14
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Detection:CLEAN
                        Classification:clean0.win@3/17@2/1
                        Cookbook Comments:
                        • Adjust boot time
                        • Enable AMSI
                        Warnings:
                        • Exclude process from analysis (whitelisted): taskhostw.exe, ielowutil.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe
                        • Excluded IPs from analysis (whitelisted): 51.103.5.159, 52.147.198.201, 204.79.197.200, 13.107.21.200, 93.184.220.29, 13.88.21.125, 40.88.32.150, 88.221.62.148, 184.30.24.56, 51.104.139.180, 152.199.19.161, 104.42.151.234, 2.20.142.209, 2.20.142.210, 51.103.5.186
                        • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, cs9.wac.phicdn.net, arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, vip1-par02p.wns.notify.trafficmanager.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, wns.notify.trafficmanager.net, go.microsoft.com, ocsp.digicert.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, client.wns.windows.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ie9comview.vo.msecnd.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, skypedataprdcoleus16.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus15.cloudapp.net, skypedataprdcolwus16.cloudapp.net, vip2-par02p.wns.notify.trafficmanager.net, cs9.wpc.v0cdn.net
                        No simulations
                        No context
                        No context
                        No context
                        No context
                        No context
                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3229285E-8396-11EB-90E5-ECF4BB570DC9}.dat
                        Process:C:\Program Files\internet explorer\iexplore.exe
                        File Type:Microsoft Word Document
                        Category:dropped
                        Size (bytes):30296
                        Entropy (8bit):1.8553473180588764
                        Encrypted:false
                        SSDEEP:96:riZ1Z/2GjW3tkbfakDKMALqLxQixfCki6X:riZ1Z/2GjW3t0faxMbWcfCMX
                        MD5:6FEE92C9DF3946835A4723BE5DE9BF7E
                        SHA1:E14EF2CD9B324665358E5BB4C0CF9E8EC050E8FF
                        SHA-256:DE6516924B1CA1285F78586365F94DA0D41ACF96FB456A428640895FAC11A914
                        SHA-512:6A884E718D2024909326C0A3E180ACA8332DC24A2C4C488965DCE234DAD38CD6239DE46D4AD3B71698D7861C8AA29B2EC4E078DA3E6DADF15262B247251C1FC8
                        Malicious:false
                        Reputation:low
                        Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{32292860-8396-11EB-90E5-ECF4BB570DC9}.dat
                        Process:C:\Program Files\internet explorer\iexplore.exe
                        File Type:Microsoft Word Document
                        Category:dropped
                        Size (bytes):24164
                        Entropy (8bit):1.6297055954203157
                        Encrypted:false
                        SSDEEP:48:IwiGcprbGwparG4pQ/GrapbSyGQpBGGHHpc77TGUp8CGzYpms5GopSeDbxGmXpm:rWZ1Qt6DBSajF27VW+Mm4IBg
                        MD5:CF19BB1CBC03984CCE00072FD83EE250
                        SHA1:DA81C4632F68897DCC56A13CA2022AFA811A7592
                        SHA-256:ED1DB1F99CD93BCFD7710588F1732AD4D9E561E809DAB9517074A4FD2185AA56
                        SHA-512:4E3D6309555CC1BBB5325759719A2EEFEED12F848846A887A0DC32CB1E9B5C65330C3A2F95854FCB5776036036E2A56BB4928A1767EA5E2ECA7B439AF07F3305
                        Malicious:false
                        Reputation:low
                        Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{32292861-8396-11EB-90E5-ECF4BB570DC9}.dat
                        Process:C:\Program Files\internet explorer\iexplore.exe
                        File Type:Microsoft Word Document
                        Category:dropped
                        Size (bytes):16984
                        Entropy (8bit):1.5663313852941265
                        Encrypted:false
                        SSDEEP:48:Iw1GcprcGwpaN9G4pQ/vGrapbSQGQpK+G7HpRnTGIpG:rrZUQJ6LBSYA5TVA
                        MD5:A8AAB2D3CA2E176C26CBF40F2C19C6C4
                        SHA1:9AB5EC6300ECB8789EFC5D50344ECB4BC4FA1BB6
                        SHA-256:E391E704393D1D68E38441CEB86385C470465283AF473E74E29ED3C0F0D20D39
                        SHA-512:0A94206920F9447AADB6010B5C1F6DD9138147AB5E34591E41FF0E825A27A8A7AA2B552C16EE258F3DF65532BDBDE57B63C6C29CD9316B18AD382FA4D1A15321
                        Malicious:false
                        Reputation:low
                        Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
                        Process:C:\Program Files\internet explorer\iexplore.exe
                        File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                        Category:dropped
                        Size (bytes):657
                        Entropy (8bit):5.045601742711359
                        Encrypted:false
                        SSDEEP:12:TMHdNMNxOE8mawmAnWimI002EtM3MHdNMNxOE8mawmAnWimI00ONVbkEtMb:2d6NxO/jwDSZHKd6NxO/jwDSZ7Qb
                        MD5:0BC9CA0B08525335DECC2285D22F53B2
                        SHA1:8D600C1B6F2094DF9315D2E2C84C798F27694A1B
                        SHA-256:CDFC667E4F977E1F1DE91954EA345F7BFE85B0539DD78BB4BEA7809C419037E6
                        SHA-512:DA2BF63A4C41D24781524225461E012C4231626A129715A9A97B423F513D605E0EC5413998D024332CE7B5DCB572560625226A4024F5B11247A59C21B4F8ADE9
                        Malicious:false
                        Reputation:low
                        Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x07ae69ba,0x01d717a3</date><accdate>0x07ae69ba,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x07ae69ba,0x01d717a3</date><accdate>0x07ae69ba,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
                        Process:C:\Program Files\internet explorer\iexplore.exe
                        File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                        Category:dropped
                        Size (bytes):654
                        Entropy (8bit):5.096805192786078
                        Encrypted:false
                        SSDEEP:12:TMHdNMNxe2kmuaCuAnWimI002EtM3MHdNMNxe2kmuaCuAnWimI00ONkak6EtMb:2d6NxrbMSZHKd6NxrbMSZ72a7b
                        MD5:91C69E2737976AB297D163AD80CA18D3
                        SHA1:57F892AD154B6AA164DBD599AE37F8A337A30FEF
                        SHA-256:D56B92CE2F66E636438EA965C6A8E143A48076AEFBAC6AEA921DBA1A4AB3E7EE
                        SHA-512:5731FB339BAE95C449A2BDED5437B005EA098E3EA836D2765FFC0C233FB75E4596B743663C94999010085FCEEFF59AD9378F015EF952577180029374F2D33327
                        Malicious:false
                        Reputation:low
                        Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x07a742f6,0x01d717a3</date><accdate>0x07a742f6,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x07a742f6,0x01d717a3</date><accdate>0x07a742f6,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
                        Process:C:\Program Files\internet explorer\iexplore.exe
                        File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                        Category:dropped
                        Size (bytes):663
                        Entropy (8bit):5.050182096003947
                        Encrypted:false
                        SSDEEP:12:TMHdNMNxvLKvYua+vYuAnWimI002EtM3MHdNMNxvLKvYua+vYuAnWimI00ONmZEs:2d6NxveE+2SZHKd6NxveE+2SZ7Ub
                        MD5:884C05D906498F5BC732D715DCCCED8A
                        SHA1:578128E79A16190ABBDAE95DC80BAD9443583E26
                        SHA-256:FCBFF03DE904649F72799D42FA11498ECE6841F9F974A1E19B8BA786CC71D39B
                        SHA-512:1CE1A1EA812F7B0F2CEA1B929078B67400E274E78387F6894ECBB8784BCAA45FBBA0F23AF796292257A0F0CA190A44714B0A1770EC32F7E0EDDF622F8D78EE1D
                        Malicious:false
                        Reputation:low
                        Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x07b0cc36,0x01d717a3</date><accdate>0x07b0cc36,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x07b0cc36,0x01d717a3</date><accdate>0x07b0cc36,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
                        Process:C:\Program Files\internet explorer\iexplore.exe
                        File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                        Category:dropped
                        Size (bytes):648
                        Entropy (8bit):5.002389011856365
                        Encrypted:false
                        SSDEEP:12:TMHdNMNxiguaMuAnWimI002EtM3MHdNMNxiguaMuAnWimI00ONd5EtMb:2d6Nxr7MLSZHKd6Nxr7MLSZ7njb
                        MD5:00E04BE34145C7BF43E95A4EBF72C16E
                        SHA1:7FE28B75E1B44E0AF58F6F17BEA801E144273050
                        SHA-256:4DD2353367549ACAD8E25279478D3C2644DB9D6C1B9A9FDCBD2A209B5E536B18
                        SHA-512:DEE2B9993D428D0EC9A20E0643637B3B701B5F1A98E54F9639CE9C3002035C628E0EF2BC98907031E85E4A093D23C3230E880F0EFA280767DDC3F1D578B5C4C3
                        Malicious:false
                        Reputation:low
                        Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x07ac07ad,0x01d717a3</date><accdate>0x07ac07ad,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x07ac07ad,0x01d717a3</date><accdate>0x07ac07ad,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
                        Process:C:\Program Files\internet explorer\iexplore.exe
                        File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                        Category:dropped
                        Size (bytes):657
                        Entropy (8bit):5.0609806620694675
                        Encrypted:false
                        SSDEEP:12:TMHdNMNxhGwKvYua+vYuAnWimI002EtM3MHdNMNxhGwKvYua+vYuAnWimI00ON8V:2d6NxQZE+2SZHKd6NxQZE+2SZ7uKajb
                        MD5:B77FA6DA5FEF6C4EFDF476FD8D585698
                        SHA1:6877007AE8514E6D186E46A811A0417E465FC548
                        SHA-256:8275C62D63FE7F7A51862D3536ADD12FFE2A2B3326C550396630DECA767DA58D
                        SHA-512:6AFDF666BB75C4D9C3F56855A803A766CE27391ABF9528B68B3E8B487D078690C2ABC64BFD6B5FCC952CD4EAACAF4450E1F5A24E9CBB0E58C69D1ED0E7E5D62C
                        Malicious:false
                        Reputation:low
                        Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x07b0cc36,0x01d717a3</date><accdate>0x07b0cc36,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x07b0cc36,0x01d717a3</date><accdate>0x07b0cc36,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
                        Process:C:\Program Files\internet explorer\iexplore.exe
                        File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                        Category:dropped
                        Size (bytes):654
                        Entropy (8bit):5.049126427817431
                        Encrypted:false
                        SSDEEP:12:TMHdNMNx0n8mawmAnWimI002EtM3MHdNMNx0n8mawmAnWimI00ONxEtMb:2d6Nx08jwDSZHKd6Nx08jwDSZ7Vb
                        MD5:3BF2E0271F02E582F0605D31C3267826
                        SHA1:8F9464BC7F3279F7AD09E81FE09921F47EFB4101
                        SHA-256:4FAEABA71405EE42C1F470D623A078ADBEAB11A969F0600E5EC650C6D415F73A
                        SHA-512:1D64511A59C66EDF8C83BE4DF77DD434CF46ADE8C58BF7C950EE9622AD1DE1977AC42F03B922446571ABCC0D6983852074D3EB2329F56338F3A808984E8E01C5
                        Malicious:false
                        Reputation:low
                        Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x07ae69ba,0x01d717a3</date><accdate>0x07ae69ba,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x07ae69ba,0x01d717a3</date><accdate>0x07ae69ba,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
                        Process:C:\Program Files\internet explorer\iexplore.exe
                        File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                        Category:dropped
                        Size (bytes):657
                        Entropy (8bit):5.028259256492253
                        Encrypted:false
                        SSDEEP:12:TMHdNMNxxguaMuAnWimI002EtM3MHdNMNxxguaMuAnWimI00ON6Kq5EtMb:2d6Nx+7MLSZHKd6Nx+7MLSZ7ub
                        MD5:90CA115FEED1E7A272CAE5466A3FA4A6
                        SHA1:8A7E016876B0B2D7807168CB54C975E54183AC25
                        SHA-256:21D317B9862E1E6AEA5F542E4A6E29B340085DB4127B22395AF99F6604217E39
                        SHA-512:47C19D092295980E6C50BE41710E3232510EF4BA49EAF095698D65D64C1EDA8D825B15B6C20122FBE2DD7D230C515FB1AE7519D587128BF8914682218BA042CB
                        Malicious:false
                        Reputation:low
                        Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x07ac07ad,0x01d717a3</date><accdate>0x07ac07ad,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x07ac07ad,0x01d717a3</date><accdate>0x07ac07ad,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
                        Process:C:\Program Files\internet explorer\iexplore.exe
                        File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                        Category:dropped
                        Size (bytes):660
                        Entropy (8bit):5.087529602857279
                        Encrypted:false
                        SSDEEP:12:TMHdNMNxczzanzAnWimI002EtM3MHdNMNxczzanzAnWimI00ONVEtMb:2d6NxXcSZHKd6NxXcSZ71b
                        MD5:ACE7514BE22BF3947080D58A565B3629
                        SHA1:00C799C3BE227565C9DB96B9CE5F20EC7A0222A3
                        SHA-256:1C93F50092E5532CE12EC2ACEB2BC6F8BE5BC8B6699D8A292EC110726D7AED0B
                        SHA-512:FB6A2AA0F394FD47FFB99C65A6572F4BC056859F031BBE3F834383F0F13299EA709B368E38D18F26D29744D55DD5774852B5547B1E7A2BCFDC758FB31AB0BBFA
                        Malicious:false
                        Reputation:low
                        Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x07a9a528,0x01d717a3</date><accdate>0x07a9a528,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x07a9a528,0x01d717a3</date><accdate>0x07a9a528,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
                        Process:C:\Program Files\internet explorer\iexplore.exe
                        File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                        Category:dropped
                        Size (bytes):654
                        Entropy (8bit):4.9886463217607515
                        Encrypted:false
                        SSDEEP:12:TMHdNMNxfnguaMuAnWimI002EtM3MHdNMNxfnguaMuAnWimI00ONe5EtMb:2d6NxI7MLSZHKd6NxI7MLSZ7Ejb
                        MD5:EA7F63160559982BE50C5C001FBF6603
                        SHA1:0260F219E89C9B4D24FC1EEBF1D8093FAA2B020F
                        SHA-256:01F6B668E32568C41389E527883FF8086B97143E36BD4330F1C2B0ED03AEBF46
                        SHA-512:37C0E0F926FA62CB2D51C3E48F1A2CCA37AC1DE289C1FFE6A3766B130DFBD3D31BAA606EE93B6D66A40CA2D5BA16DACDF415A18CD00F790F9F3C7C1C6E26FE24
                        Malicious:false
                        Reputation:low
                        Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x07ac07ad,0x01d717a3</date><accdate>0x07ac07ad,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x07ac07ad,0x01d717a3</date><accdate>0x07ac07ad,0x01d717a3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\1UBHYVRE.txt
                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                        File Type:ASCII text
                        Category:downloaded
                        Size (bytes):12
                        Entropy (8bit):2.855388542207534
                        Encrypted:false
                        SSDEEP:3:HLLVn:fVn
                        MD5:FC96F339DF308FEDB14A4DC6932E5EB4
                        SHA1:0F02D70B4E8FC479A4FAEFF1201F6DEFDB40C5A1
                        SHA-256:8313FBE13840F492FB297AAE15577A3721524FDB0C98EE3F35F9EF7C427F105F
                        SHA-512:36248865DB6AE11B63EEC12D19C26BAA09A0109F5222BDB1601FD2E12596AFEACBCB767CB2AB0B3D9081B3A1BA70D3E5B5D999A709E403EC832A26AD4932A365
                        Malicious:false
                        Reputation:low
                        IE Cache URL:http://ipv4.icanhazip.com/
                        Preview: 84.17.52.78.
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\favicon[1].ico
                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                        File Type:ASCII text
                        Category:downloaded
                        Size (bytes):12
                        Entropy (8bit):2.855388542207534
                        Encrypted:false
                        SSDEEP:3:HLLVn:fVn
                        MD5:FC96F339DF308FEDB14A4DC6932E5EB4
                        SHA1:0F02D70B4E8FC479A4FAEFF1201F6DEFDB40C5A1
                        SHA-256:8313FBE13840F492FB297AAE15577A3721524FDB0C98EE3F35F9EF7C427F105F
                        SHA-512:36248865DB6AE11B63EEC12D19C26BAA09A0109F5222BDB1601FD2E12596AFEACBCB767CB2AB0B3D9081B3A1BA70D3E5B5D999A709E403EC832A26AD4932A365
                        Malicious:false
                        Reputation:low
                        IE Cache URL:http://ipv4.icanhazip.com/favicon.ico
                        Preview: 84.17.52.78.
                        C:\Users\user\AppData\Local\Temp\~DF1926D1958D5DB194.TMP
                        Process:C:\Program Files\internet explorer\iexplore.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):13029
                        Entropy (8bit):0.47930874029847625
                        Encrypted:false
                        SSDEEP:24:c9lLh9lLh9lIn9lIn9loW9loG9lWtUagdj:kBqoIRXVEj
                        MD5:B5A3DAF5C1B7F6DB52A96C053D0447FC
                        SHA1:91DFF4BE0F33E2F0CE03AC522643344911F4352B
                        SHA-256:5994EF4AB1017B329814F6C9FC3190FDF44B8D14091FB01711015C7E09D00D06
                        SHA-512:C4F147C8EA4BB693C46508BAA107EB8EE84DFE20ED2DBA185F73675F7F37FB4E0F6E9B403586C2D1FA5D1A5B74630CC1C2BA8D9F9AC7A15CFD0B90CBA9D7D23A
                        Malicious:false
                        Reputation:low
                        Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\Users\user\AppData\Local\Temp\~DF54C803140920038B.TMP
                        Process:C:\Program Files\internet explorer\iexplore.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):25441
                        Entropy (8bit):0.3016025495338294
                        Encrypted:false
                        SSDEEP:24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
                        MD5:BF8FB2E7F651545A0DD4F12D4042C515
                        SHA1:76BDD22AC8585C130C2D98471A8949E03B14EA37
                        SHA-256:9DC17AC3D8C857C51B93742F390936DA10880F7AD3956E3FAD80625C4365C1C2
                        SHA-512:B7E51E4F8F43A133BBB1288ED315960DD15D9743DAC6F65F875CF61CBAA667D6B9A4937C1AE5D44F64C56AFAB9301EC427BA1BABE4AA62A1DEBD84B362C23A00
                        Malicious:false
                        Reputation:low
                        Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\Users\user\AppData\Local\Temp\~DFA12EB08063DFD88D.TMP
                        Process:C:\Program Files\internet explorer\iexplore.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):34357
                        Entropy (8bit):0.3483741353113905
                        Encrypted:false
                        SSDEEP:24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwDqF9lwfi9l2M9l2s9o:kBqoxKAuvScS+djBgsIsseDt
                        MD5:1E81407B7131F4F5F7255A844AA30D6C
                        SHA1:72568DF84FB742BD6086E819501F5B93C49D5F04
                        SHA-256:97ED7B366FC26C58E7F217DD4629D7638FA64984279AC74266B81BC12FA641AE
                        SHA-512:C4BE26EFEE99B7F51D441D42314238EFC809E518B0DEE88297A9F3E2504FD66512C6873C6797A8A6AC6609C7913986F2778EEEC8C8A68C542D34A1E6A406CDBC
                        Malicious:false
                        Reputation:low
                        Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        Static File Info

                        No static file info

                        Network Behavior

                        Download Network PCAP: filteredfull

                        Network Port Distribution

                        • Total Packets: 45
                        • 80 (HTTP)
                        • 53 (DNS)
                        TimestampSource PortDest PortSource IPDest IP
                        Mar 12, 2021 16:51:09.981350899 CET4971880192.168.2.5172.67.71.9
                        Mar 12, 2021 16:51:09.981554985 CET4971980192.168.2.5172.67.71.9
                        Mar 12, 2021 16:51:10.023454905 CET8049718172.67.71.9192.168.2.5
                        Mar 12, 2021 16:51:10.023588896 CET4971880192.168.2.5172.67.71.9
                        Mar 12, 2021 16:51:10.023731947 CET8049719172.67.71.9192.168.2.5
                        Mar 12, 2021 16:51:10.024122953 CET4971880192.168.2.5172.67.71.9
                        Mar 12, 2021 16:51:10.024257898 CET4971980192.168.2.5172.67.71.9
                        Mar 12, 2021 16:51:10.066267967 CET8049718172.67.71.9192.168.2.5
                        Mar 12, 2021 16:51:10.073417902 CET8049718172.67.71.9192.168.2.5
                        Mar 12, 2021 16:51:10.073555946 CET4971880192.168.2.5172.67.71.9
                        Mar 12, 2021 16:51:10.337838888 CET4971880192.168.2.5172.67.71.9
                        Mar 12, 2021 16:51:10.380335093 CET8049718172.67.71.9192.168.2.5
                        Mar 12, 2021 16:51:10.384949923 CET8049718172.67.71.9192.168.2.5
                        Mar 12, 2021 16:51:10.385067940 CET4971880192.168.2.5172.67.71.9
                        Mar 12, 2021 16:51:25.069351912 CET8049719172.67.71.9192.168.2.5
                        Mar 12, 2021 16:51:25.069541931 CET4971980192.168.2.5172.67.71.9
                        Mar 12, 2021 16:51:26.772542953 CET4972180192.168.2.5172.67.71.9
                        Mar 12, 2021 16:51:26.813396931 CET8049721172.67.71.9192.168.2.5
                        Mar 12, 2021 16:51:26.813498974 CET4972180192.168.2.5172.67.71.9
                        Mar 12, 2021 16:51:26.813637972 CET4972180192.168.2.5172.67.71.9
                        Mar 12, 2021 16:51:26.854275942 CET8049721172.67.71.9192.168.2.5
                        Mar 12, 2021 16:51:26.860012054 CET8049721172.67.71.9192.168.2.5
                        Mar 12, 2021 16:51:26.860096931 CET4972180192.168.2.5172.67.71.9
                        TimestampSource PortDest PortSource IPDest IP
                        Mar 12, 2021 16:51:01.067811012 CET5378453192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:01.119606018 CET53537848.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:01.246773958 CET6530753192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:01.295993090 CET53653078.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:01.503623009 CET6434453192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:01.555286884 CET53643448.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:01.686949015 CET6206053192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:01.702244043 CET6180553192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:01.740183115 CET53620608.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:01.761904001 CET53618058.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:02.143227100 CET5479553192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:02.196130037 CET53547958.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:02.964092970 CET4955753192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:03.015671968 CET53495578.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:04.144978046 CET6173353192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:04.193869114 CET53617338.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:05.421128035 CET6544753192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:05.470411062 CET53654478.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:06.249793053 CET5244153192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:06.298629999 CET53524418.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:07.221616030 CET6217653192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:07.278606892 CET53621768.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:08.064259052 CET5959653192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:08.116206884 CET53595968.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:08.683094978 CET6529653192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:08.747661114 CET53652968.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:08.918798923 CET6318353192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:08.971889973 CET53631838.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:09.919946909 CET6015153192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:09.969944000 CET53601518.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:26.717281103 CET5696953192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:26.767903090 CET53569698.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:29.617755890 CET5516153192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:29.685508013 CET53551618.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:32.294934034 CET5475753192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:32.345942974 CET53547578.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:38.675745010 CET4999253192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:38.726711988 CET53499928.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:39.360367060 CET6007553192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:39.419212103 CET53600758.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:39.711124897 CET4999253192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:39.759890079 CET53499928.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:40.237248898 CET5501653192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:40.285937071 CET53550168.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:40.366391897 CET6007553192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:40.423923016 CET53600758.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:40.725403070 CET4999253192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:40.783809900 CET53499928.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:41.469686985 CET6007553192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:41.518722057 CET53600758.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:41.577528000 CET6434553192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:41.629446030 CET53643458.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:42.805063963 CET4999253192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:42.864029884 CET53499928.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:43.490082026 CET6007553192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:43.553606987 CET53600758.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:46.827338934 CET4999253192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:46.876033068 CET53499928.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:47.491436958 CET6007553192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:47.548516035 CET53600758.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:55.921880960 CET5712853192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:55.983628035 CET53571288.8.8.8192.168.2.5
                        Mar 12, 2021 16:51:56.821487904 CET5479153192.168.2.58.8.8.8
                        Mar 12, 2021 16:51:56.881496906 CET53547918.8.8.8192.168.2.5
                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                        Mar 12, 2021 16:51:09.919946909 CET192.168.2.58.8.8.80xc9a5Standard query (0)ipv4.icanhazip.comA (IP address)IN (0x0001)
                        Mar 12, 2021 16:51:26.717281103 CET192.168.2.58.8.8.80x8677Standard query (0)ipv4.icanhazip.comA (IP address)IN (0x0001)
                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                        Mar 12, 2021 16:51:09.969944000 CET8.8.8.8192.168.2.50xc9a5No error (0)ipv4.icanhazip.com172.67.71.9A (IP address)IN (0x0001)
                        Mar 12, 2021 16:51:09.969944000 CET8.8.8.8192.168.2.50xc9a5No error (0)ipv4.icanhazip.com104.26.11.175A (IP address)IN (0x0001)
                        Mar 12, 2021 16:51:09.969944000 CET8.8.8.8192.168.2.50xc9a5No error (0)ipv4.icanhazip.com104.26.10.175A (IP address)IN (0x0001)
                        Mar 12, 2021 16:51:26.767903090 CET8.8.8.8192.168.2.50x8677No error (0)ipv4.icanhazip.com172.67.71.9A (IP address)IN (0x0001)
                        Mar 12, 2021 16:51:26.767903090 CET8.8.8.8192.168.2.50x8677No error (0)ipv4.icanhazip.com104.26.11.175A (IP address)IN (0x0001)
                        Mar 12, 2021 16:51:26.767903090 CET8.8.8.8192.168.2.50x8677No error (0)ipv4.icanhazip.com104.26.10.175A (IP address)IN (0x0001)
                        • ipv4.icanhazip.com
                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        0192.168.2.549718172.67.71.980C:\Program Files (x86)\Internet Explorer\iexplore.exe
                        TimestampkBytes transferredDirectionData
                        Mar 12, 2021 16:51:10.024122953 CET1382OUTGET / HTTP/1.1
                        Accept: text/html, application/xhtml+xml, image/jxr, */*
                        Accept-Language: en-US
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                        Accept-Encoding: gzip, deflate
                        Host: ipv4.icanhazip.com
                        Connection: Keep-Alive
                        Mar 12, 2021 16:51:10.073417902 CET1383INHTTP/1.1 200 OK
                        Date: Fri, 12 Mar 2021 15:51:10 GMT
                        Content-Type: text/plain
                        Content-Length: 12
                        Connection: keep-alive
                        Set-Cookie: __cfduid=d4d646f97c5a35c6535190cb3780105ec1615564270; expires=Sun, 11-Apr-21 15:51:10 GMT; path=/; domain=.ipv4.icanhazip.com; HttpOnly; SameSite=Lax
                        Access-Control-Allow-Origin: *
                        Access-Control-Allow-Methods: GET
                        X-RTFM: Learn about this site at http://bit.ly/icanhazip-faq
                        X-THANK-YOU: Many thanks to the fine people at Cloudflare for keeping this site afloat!
                        cf-request-id: 08c8bb81e90000c2d10cac4000000001
                        Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gHehg5g0vk857rDUF%2FZRuoDIukjQaeuN1Tnige8A6vR3Nf1IDM1q%2FN9NIR1Tl8775c4PSqqjPVY%2F9ryAdW713Kofw9TPCSKmSqJNmX4AzawS8Uk%3D"}]}
                        NEL: {"report_to":"cf-nel","max_age":604800}
                        Vary: Accept-Encoding
                        Server: cloudflare
                        CF-RAY: 62ee2eafdcd0c2d1-FRA
                        Data Raw: 38 34 2e 31 37 2e 35 32 2e 37 38 0a
                        Data Ascii: 84.17.52.78
                        Mar 12, 2021 16:51:10.337838888 CET1387OUTGET /favicon.ico HTTP/1.1
                        Accept: */*
                        Accept-Encoding: gzip, deflate
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                        Host: ipv4.icanhazip.com
                        Connection: Keep-Alive
                        Cookie: __cfduid=d4d646f97c5a35c6535190cb3780105ec1615564270
                        Mar 12, 2021 16:51:10.384949923 CET1387INHTTP/1.1 200 OK
                        Date: Fri, 12 Mar 2021 15:51:10 GMT
                        Content-Type: text/plain
                        Content-Length: 12
                        Connection: keep-alive
                        Access-Control-Allow-Origin: *
                        Access-Control-Allow-Methods: GET
                        X-RTFM: Learn about this site at http://bit.ly/icanhazip-faq
                        X-THANK-YOU: Many thanks to the fine people at Cloudflare for keeping this site afloat!
                        cf-request-id: 08c8bb83210000c2d11682c000000001
                        Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6NDTWpnosTPalJ27%2Fju8BSohBZznsgDHWGQNnhbo4dE7j3PxMPg6GboXJQ9TG4uKueZIJ6x4rjynIN0kMFF1chFMclOFdeK8xR6Kt2p4D%2FaubLE%3D"}]}
                        NEL: {"report_to":"cf-nel","max_age":604800}
                        Vary: Accept-Encoding
                        Server: cloudflare
                        CF-RAY: 62ee2eb1ceffc2d1-FRA
                        Data Raw: 38 34 2e 31 37 2e 35 32 2e 37 38 0a
                        Data Ascii: 84.17.52.78


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        1192.168.2.549721172.67.71.980C:\Program Files (x86)\Internet Explorer\iexplore.exe
                        TimestampkBytes transferredDirectionData
                        Mar 12, 2021 16:51:26.813637972 CET1388OUTGET /favicon.ico HTTP/1.1
                        User-Agent: AutoIt
                        Host: ipv4.icanhazip.com
                        Cookie: __cfduid=d4d646f97c5a35c6535190cb3780105ec1615564270
                        Mar 12, 2021 16:51:26.860012054 CET1389INHTTP/1.1 200 OK
                        Date: Fri, 12 Mar 2021 15:51:26 GMT
                        Content-Type: text/plain
                        Content-Length: 12
                        Connection: keep-alive
                        Access-Control-Allow-Origin: *
                        Access-Control-Allow-Methods: GET
                        X-RTFM: Learn about this site at http://bit.ly/icanhazip-faq
                        X-THANK-YOU: Many thanks to the fine people at Cloudflare for keeping this site afloat!
                        cf-request-id: 08c8bbc37c000005b7fdb1a000000001
                        Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fnhi%2FtdY%2B8NRSv5FZMZz698b%2BgIEBeRK6f5emxZDtcXE1Ac27X7ltO92u49smw3sQNZikOTpUJzHD1Kaf3UHV5csfQbAg4WllwFY3Z5x2CBax2I%3D"}],"group":"cf-nel"}
                        NEL: {"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 62ee2f18cc0b05b7-FRA
                        Data Raw: 38 34 2e 31 37 2e 35 32 2e 37 38 0a
                        Data Ascii: 84.17.52.78


                        Code Manipulations

                        Statistics

                        CPU Usage

                        02040s020406080100

                        Click to jump to process

                        Memory Usage

                        02040s0.002040MB

                        Click to jump to process

                        Behavior

                        Click to jump to process

                        System Behavior

                        Start time:16:51:08
                        Start date:12/03/2021
                        Path:C:\Program Files\internet explorer\iexplore.exe
                        Wow64 process (32bit):false
                        Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                        Imagebase:0x7ff6e70b0000
                        File size:823560 bytes
                        MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Start time:16:51:08
                        Start date:12/03/2021
                        Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                        Wow64 process (32bit):true
                        Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:844 CREDAT:17410 /prefetch:2
                        Imagebase:0x210000
                        File size:822536 bytes
                        MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low

                        Disassembly