Play interactive tour

Edit tour

Analysis Report http://208.95.112.1

Overview

General Information

Sample URL:	http://208.95.112.1
Analysis ID:	387890
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML title does not match URL

Classification

Startup

System is w10x64

iexplore.exe (PID: 5512 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 4712 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5512 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://members.ip-api.com/	HTTP Parser: Title: ip-api \| pro does not match URL
Source: https://members.ip-api.com/	HTTP Parser: Title: ip-api \| pro does not match URL

Source: https://members.ip-api.com/	HTTP Parser: No <meta name="author".. found
Source: https://members.ip-api.com/	HTTP Parser: No <meta name="author".. found

Source: https://members.ip-api.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://members.ip-api.com/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: unknown	HTTPS traffic detected: 51.68.181.23:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.68.181.23:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.165.195.106:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.165.195.106:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.68.181.23:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.68.181.23:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 37.59.52.143:443 -> 192.168.2.3:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 37.59.52.143:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.234.225.88:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.234.225.88:443 -> 192.168.2.3:49745 version: TLS 1.2

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: 208.95.112.1Connection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: ip-api.com

Source: dns[1].htm.2.dr	String found in binary or memory: http://edns.ip-api.com/json
Source: dns[1].htm.2.dr	String found in binary or memory: http://edns.ip-api.com/json/?callback=
Source: api_batch[1].htm.2.dr, ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: http://ip-api.com/batch
Source: api_batch[1].htm.2.dr	String found in binary or memory: http://ip-api.com/batch?fields=
Source: api_batch[1].htm.2.dr	String found in binary or memory: http://ip-api.com/batch?fields=61439
Source: api_batch[1].htm.2.dr	String found in binary or memory: http://ip-api.com/batch?fields=isp
Source: api_csv[1].htm.2.dr	String found in binary or memory: http://ip-api.com/csv/
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: http://ip-api.com/csv/24.48.0.1
Source: api_batch[1].htm.2.dr	String found in binary or memory: http://ip-api.com/docs/api:batch
Source: api_json[1].htm.2.dr	String found in binary or memory: http://ip-api.com/docs/api:json
Source: api_json[1].htm.2.dr	String found in binary or memory: http://ip-api.com/json/
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: http://ip-api.com/json/24.48.0.1
Source: api_json[1].htm.2.dr	String found in binary or memory: http://ip-api.com/json/?fields=status
Source: api_newline_separated[1].htm.2.dr	String found in binary or memory: http://ip-api.com/line/
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: http://ip-api.com/line/24.48.0.1
Source: api_serialized_php[1].htm.2.dr	String found in binary or memory: http://ip-api.com/php/
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: http://ip-api.com/php/24.48.0.1
Source: api_xml[1].htm.2.dr	String found in binary or memory: http://ip-api.com/xml/
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: http://ip-api.com/xml/24.48.0.1
Source: api_serialized_php[1].htm.2.dr	String found in binary or memory: http://phpjs.org/functions/unserialize:571#comment_95906
Source: 9FB58BD5.htm.2.dr	String found in binary or memory: https://anpc.ro/
Source: scripts[1].js.2.dr	String found in binary or memory: https://cache.ip-api.com/
Source: api_json[1].htm.2.dr	String found in binary or memory: https://demo.ip-api.com
Source: 9FB58BD5.htm.2.dr	String found in binary or memory: https://ec.europa.eu/consumers/odr
Source: api_json[1].htm.2.dr	String found in binary or memory: https://google.ca/
Source: api_json[1].htm.2.dr	String found in binary or memory: https://google.com/
Source: {BB89EE29-9E49-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://ip-.com/m/
Source: {BB89EE29-9E49-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://ip-api.cohttps://ip-api.com/docs/api:batch
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/8IP-API.com
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/H
Source: {BB89EE29-9E49-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://ip-api.com/Root
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/User
Source: {BB89EE29-9E49-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://ip-api.com/doc
Source: {BB89EE29-9E49-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://ip-api.com/docH
Source: {BB89EE29-9E49-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://ip-api.com/docRoot
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs
Source: 9FB58BD5.htm.2.dr	String found in binary or memory: https://ip-api.com/docs/
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/api:batch
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/api:batchized_phpd
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/api:batchized_phpdn.ico
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/api:batchrIP-API.com
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/api:csv
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/api:csvdIP-API.com
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/api:csvi.com/favicon.ico
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/api:json
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/api:jsonb
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/api:jsonfIP-API.com
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/api:newline_separated
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/api:newline_separatedlIP-API.com
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/api:serialized_php
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/api:serialized_phpdIP-API.com
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/api:serialized_phpdn.ico
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/api:serialized_phpdvicon.ico
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/api:xml
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/api:xmldIP-API.com
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/api:xmli.com/favicon.ico
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/correctionapi.com/favicon.ico
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/correctioned_phpdX
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/dns
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/dnsbatchized_phpdvicon.ico
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docs/dnsnIP-API.com
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://ip-api.com/docsXIP-API.com
Source: imagestore.dat.2.dr	String found in binary or memory: https://ip-api.com/favicon.ico~
Source: {BB89EE29-9E49-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://ip-si.com/
Source: {BB89EE29-9E49-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://members.ip-api
Source: docs[1].htm.2.dr	String found in binary or memory: https://members.ip-api.com/
Source: ~DFD2F59548B362194B.TMP.1.dr	String found in binary or memory: https://members.ip-api.com/P
Source: imagestore.dat.2.dr	String found in binary or memory: https://members.ip-api.com/favicon.ico~
Source: scripts[1].js.2.dr	String found in binary or memory: https://pro.ip-api.com/json/
Source: 9FB58BD5.htm.2.dr	String found in binary or memory: https://status.ip-api.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 51.68.181.23:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.68.181.23:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.165.195.106:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.165.195.106:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.68.181.23:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.68.181.23:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 37.59.52.143:443 -> 192.168.2.3:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 37.59.52.143:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.234.225.88:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.234.225.88:443 -> 192.168.2.3:49745 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@3/44@8/5

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFF99153EF57A14353.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5512 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5512 CREDAT:17410 /prefetch:2

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol2	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer1	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://208.95.112.1	1%	Virustotal		Browse
http://208.95.112.1	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://phpjs.org/functions/unserialize:571#comment_95906	0%	Virustotal		Browse
http://phpjs.org/functions/unserialize:571#comment_95906	0%	Avira URL Cloud	safe
https://ip-api.cohttps://ip-api.com/docs/api:batch	0%	Avira URL Cloud	safe
http://208.95.112.1/	1%	Virustotal		Browse
http://208.95.112.1/	0%	Avira URL Cloud	safe
https://members.ip-api	0%	Avira URL Cloud	safe
https://ip-.com/m/	0%	Avira URL Cloud	safe
https://ip-si.com/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
members.ip-api.com	37.59.52.143	true	false	high
pro.ip-api.com	193.234.225.88	true	false	high
ip-api.com	208.95.112.1	true	false	high
cache.ip-api.com	188.165.195.106	true	false	high
gn7997psot3a8g90m2csl5ncwzd252hb.edns.ip-api.com	51.68.181.23	true	false	high
demo.ip-api.com	208.95.112.1	true	false	high
a46xu02d91kq3rst33xdn3mctguqtk00.edns.ip-api.com	51.68.181.23	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ip-api.com/docs/correction	false		high
https://ip-api.com/docs/api:json	false		high
https://ip-api.com/docs/api:csv	false		high
http://208.95.112.1/	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://ip-api.com/docs/api:serialized_php	false		high
https://ip-api.com/docs/api:xml	false		high
https://ip-api.com/docs/api:batch	false		high
https://ip-api.com/docs/api:newline_separated	false		high
https://ip-api.com/docs	false		high
https://members.ip-api.com/	false		high
https://ip-api.com/	false		high
https://ip-api.com/docs/dns	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://ip-api.com/json/24.48.0.1	~DFD2F59548B362194B.TMP.1.dr	false		high
https://cache.ip-api.com/	scripts[1].js.2.dr	false		high
https://ip-api.com/docs/	9FB58BD5.htm.2.dr	false		high
http://ip-api.com/xml/24.48.0.1	~DFD2F59548B362194B.TMP.1.dr	false		high
https://ip-api.com/docs/api:json	~DFD2F59548B362194B.TMP.1.dr	false		high
https://ip-api.com/docs/api:batch	~DFD2F59548B362194B.TMP.1.dr	false		high
http://ip-api.com/batch?fields=	api_batch[1].htm.2.dr	false		high
https://ip-api.com/favicon.ico~	imagestore.dat.2.dr	false		high
https://ip-api.com/docsXIP-API.com	~DFD2F59548B362194B.TMP.1.dr	false		high
https://ip-api.com/docs/api:serialized_phpdvicon.ico	~DFD2F59548B362194B.TMP.1.dr	false		high
https://status.ip-api.com/	9FB58BD5.htm.2.dr	false		high
http://ip-api.com/csv/	api_csv[1].htm.2.dr	false		high
http://ip-api.com/docs/api:json	api_json[1].htm.2.dr	false		high
http://phpjs.org/functions/unserialize:571#comment_95906	api_serialized_php[1].htm.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://ip-api.cohttps://ip-api.com/docs/api:batch	{BB89EE29-9E49-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://ip-api.com/docH	{BB89EE29-9E49-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://ip-api.com/docs/dnsbatchized_phpdvicon.ico	~DFD2F59548B362194B.TMP.1.dr	false		high
http://ip-api.com/php/24.48.0.1	~DFD2F59548B362194B.TMP.1.dr	false		high
https://ip-api.com/docs/api:csv	~DFD2F59548B362194B.TMP.1.dr	false		high
http://ip-api.com/json/?fields=status	api_json[1].htm.2.dr	false		high
https://demo.ip-api.com	api_json[1].htm.2.dr	false		high
https://ip-api.com/	~DFD2F59548B362194B.TMP.1.dr	false		high
https://members.ip-api.com/	docs[1].htm.2.dr	false		high
https://ip-api.com/docs/api:jsonfIP-API.com	~DFD2F59548B362194B.TMP.1.dr	false		high
https://ip-api.com/docs/api:batchized_phpd	~DFD2F59548B362194B.TMP.1.dr	false		high
https://ip-api.com/docs/dns	~DFD2F59548B362194B.TMP.1.dr	false		high
http://ip-api.com/batch?fields=isp	api_batch[1].htm.2.dr	false		high
http://ip-api.com/json/	api_json[1].htm.2.dr	false		high
https://ip-api.com/User	~DFD2F59548B362194B.TMP.1.dr	false		high
https://members.ip-api.com/P	~DFD2F59548B362194B.TMP.1.dr	false		high
https://ip-api.com/Root	{BB89EE29-9E49-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://ip-api.com/H	~DFD2F59548B362194B.TMP.1.dr	false		high
https://members.ip-api	{BB89EE29-9E49-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://ip-api.com/docs/api:xml	~DFD2F59548B362194B.TMP.1.dr	false		high
http://ip-api.com/xml/	api_xml[1].htm.2.dr	false		high
https://ip-api.com/docs/api:serialized_php	~DFD2F59548B362194B.TMP.1.dr	false		high
https://anpc.ro/	9FB58BD5.htm.2.dr	false		high
http://edns.ip-api.com/json	dns[1].htm.2.dr	false		high
http://edns.ip-api.com/json/?callback=	dns[1].htm.2.dr	false		high
http://ip-api.com/batch	api_batch[1].htm.2.dr, ~DFD2F59548B362194B.TMP.1.dr	false		high
https://ip-api.com/docs/api:batchrIP-API.com	~DFD2F59548B362194B.TMP.1.dr	false		high
https://google.ca/	api_json[1].htm.2.dr	false		high
https://ip-.com/m/	{BB89EE29-9E49-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	low
https://ip-api.com/docs/correctionapi.com/favicon.ico	~DFD2F59548B362194B.TMP.1.dr	false		high
https://ip-api.com/doc	{BB89EE29-9E49-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://ip-api.com/docs/correctioned_phpdX	~DFD2F59548B362194B.TMP.1.dr	false		high
http://ip-api.com/docs/api:batch	api_batch[1].htm.2.dr	false		high
https://ip-api.com/docs/api:jsonb	~DFD2F59548B362194B.TMP.1.dr	false		high
https://ip-api.com/docs/api:xmldIP-API.com	~DFD2F59548B362194B.TMP.1.dr	false		high
https://ip-api.com/8IP-API.com	~DFD2F59548B362194B.TMP.1.dr	false		high
https://ip-api.com/docs/api:csvdIP-API.com	~DFD2F59548B362194B.TMP.1.dr	false		high
http://ip-api.com/line/	api_newline_separated[1].htm.2.dr	false		high
https://ip-api.com/docs/api:batchized_phpdn.ico	~DFD2F59548B362194B.TMP.1.dr	false		high
https://ip-api.com/docs/api:csvi.com/favicon.ico	~DFD2F59548B362194B.TMP.1.dr	false		high
https://ip-api.com/docs/api:newline_separated	~DFD2F59548B362194B.TMP.1.dr	false		high
https://ip-api.com/docs/api:newline_separatedlIP-API.com	~DFD2F59548B362194B.TMP.1.dr	false		high
https://ip-api.com/docRoot	{BB89EE29-9E49-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		high
https://ec.europa.eu/consumers/odr	9FB58BD5.htm.2.dr	false		high
https://ip-api.com/docs	~DFD2F59548B362194B.TMP.1.dr	false		high
https://members.ip-api.com/favicon.ico~	imagestore.dat.2.dr	false		high
http://ip-api.com/csv/24.48.0.1	~DFD2F59548B362194B.TMP.1.dr	false		high
http://ip-api.com/batch?fields=61439	api_batch[1].htm.2.dr	false		high
https://ip-api.com/docs/api:serialized_phpdIP-API.com	~DFD2F59548B362194B.TMP.1.dr	false		high
https://ip-api.com/docs/dnsnIP-API.com	~DFD2F59548B362194B.TMP.1.dr	false		high
http://ip-api.com/line/24.48.0.1	~DFD2F59548B362194B.TMP.1.dr	false		high
https://ip-api.com/docs/api:xmli.com/favicon.ico	~DFD2F59548B362194B.TMP.1.dr	false		high
https://ip-api.com/docs/api:serialized_phpdn.ico	~DFD2F59548B362194B.TMP.1.dr	false		high
https://pro.ip-api.com/json/	scripts[1].js.2.dr	false		high
https://ip-si.com/	{BB89EE29-9E49-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
http://ip-api.com/php/	api_serialized_php[1].htm.2.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
208.95.112.1	ip-api.com	United States	53334	TUT-ASUS	false
37.59.52.143	members.ip-api.com	France	16276	OVHFR	false
51.68.181.23	gn7997psot3a8g90m2csl5ncwzd252hb.edns.ip-api.com	France	16276	OVHFR	false
188.165.195.106	cache.ip-api.com	France	16276	OVHFR	false
193.234.225.88	pro.ip-api.com	Sweden	34971	PDDA-ASIT	false

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	387890
Start date:	15.04.2021
Start time:	17:20:58
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 46s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	http://208.95.112.1
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@3/44@8/5
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://ip-api.com/ Browsing link: https://ip-api.com/docs Browsing link: https://members.ip-api.com/ Browsing link: https://ip-api.com/docs/api:json Browsing link: https://ip-api.com/docs/api:xml Browsing link: https://ip-api.com/docs/api:csv Browsing link: https://ip-api.com/docs/api:newline_separated Browsing link: https://ip-api.com/docs/api:serialized_php Browsing link: https://ip-api.com/docs/api:batch Browsing link: https://ip-api.com/docs/dns Browsing link: https://ip-api.com/docs/correction
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 23.57.81.29, 92.122.145.220, 168.61.161.212, 88.221.62.148, 13.88.21.125, 23.57.80.111, 52.147.198.201, 152.199.19.161, 20.190.160.72, 20.190.160.130, 20.190.160.70, 20.190.160.5, 20.190.160.74, 20.190.160.9, 20.190.160.133, 20.190.160.1, 20.50.102.62, 23.32.238.234, 23.32.238.177, 205.185.216.42, 205.185.216.10 Excluded domains from analysis (whitelisted): storeedgefd.dsx.mp.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com.nsatc.net, www.tm.lg.prod.aadmsa.akadns.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, storeedgefd.xbetservices.akadns.net, arc.msn.com, www.tm.a.prd.aadg.trafficmanager.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, e12564.dspb.akamaiedge.net, go.microsoft.com, login.live.com, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, storeedgefd.dsx.mp.microsoft.com, fs.microsoft.com, ie9comview.vo.msecnd.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, storeedgefd.dsx.mp.microsoft.com.edgekey.net, login.msa.msidentity.com, skypedataprdcoleus16.cloudapp.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, e16646.dscg.akamaiedge.net, skypedataprdcolwus15.cloudapp.net, cs9.wpc.v0cdn.net Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BB89EE27-9E49-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.856994962137609
Encrypted:	false
SSDEEP:	96:rBZOZ724W/QVt/Quf/QuNM/xu/Xl/X0f/XicX:rBZOZ724WoVtoufouNM5uflf0fficX
MD5:	21C562AAE7A14F2D4ED5CDA4FB14BB68
SHA1:	2EC6EA5ADEB49AE63831065F2FC1C9470C4EB156
SHA-256:	84048A0C26DC5AF204126A7C7D4EB1D13E3560AC48091F20EC4CDA57B1656DBE
SHA-512:	A3716825F2218A5652EA8F17F98077575AA5B747852FD5F8EFD89F0D7C8881079D3DDECBEC92A646DFAB8A62AAAED82AC82452ED754812445CF28E6C2DA8CD7A
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BB89EE29-9E49-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	169802
Entropy (8bit):	2.5418900753095905
Encrypted:	false
SSDEEP:	384:rDriGHf4ITIojfcfjfPfyuwSBpmi+JvzHjW8ciZ0lxvT0JSkZZEMd0Y0tD5bS/DM:jyh5GmUXY
MD5:	F3769A024067374C2284230CCDBBDDD5
SHA1:	3855C45E62C01D492419C0FBD297AED728047969
SHA-256:	483807CA0C65A03260A767F8D1F504C06D75D0DD2A9B438235E627F93B798C46
SHA-512:	FAB72EF2E5B6BE996CA01BDA94EE964D2C6A0603B524FF92D9AC834ACA6422F4B5E2BA252AD0B0DEC28F32C8B83C2974F3EC1ED1A8F4523D172DFBAC1ECFAC1C
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BB89EE2A-9E49-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5664323412966281
Encrypted:	false
SSDEEP:	48:IwtGcprAGwpa/G4pQ7GrapbSnGQpK/G7HpRpTGIpG:rzZIQR6vBSRAOTPA
MD5:	549983E0293AAF1DAF0E0A1F2C3A9DFB
SHA1:	630FE4D31061E89655E0D981C012F68D7A56CFD7
SHA-256:	CF7037FF8568C0915596A22B9038E5C7C655A735CA02C6B8A0AEDDA157399CA7
SHA-512:	81FC15BE3C148CDCE03CC304220AAE73552122635026019C4710074B3594859B634B23B6BC06C7967B2FC8E4AA39BEB4C68DC332ED5FCBEEB17D02673769CF5A
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	3024
Entropy (8bit):	1.0838544097584808
Encrypted:	false
SSDEEP:	12:dUjApl4oreM///PCcUKApl4oreM///PCDg:dUja4k5nUKa4k5d
MD5:	DAA404C4B73D711A066CADE23305FEEA
SHA1:	92F8510776DFC90C00443B5E808A3B1267C9026C
SHA-256:	8110D4D1845F5648684FF679A36B934E7CC1C5B337BB678C3739C1F7F88A5922
SHA-512:	65C7DE777538ECEA07629596439CFDD08810183164206C28A9315083D571EA95C7CE508C5D433B49A087F5AB2FE8C27022B681EFBE6C6A63E10F1887FCBD801A
Malicious:	false
Reputation:	low
Preview:	..h.t.t.p.s.:././.i.p.-.a.p.i...c.o.m./.f.a.v.i.c.o.n...i.c.o.~.................h.......(....... ...........@...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\8.5718,47[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 540 x 578, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	90778
Entropy (8bit):	7.991395228897421
Encrypted:	true
SSDEEP:	1536:4PfRI7QoMj1vlm0zSvDIMXtMO9sB03VQZHWnoPskNHe97q6sSjvugvU8A08fJ08g:4f9RE0+LbXtPK0FGDskM97nDuWUF72JX
MD5:	162C6C74C12C3BD5E0F4C990BCB59E48
SHA1:	7E17702FA4B16A5CCBD401B0B2D1014EF0383A96
SHA-256:	D2DB131BA5BB9942A65DA957DC795048BA27326393ABA290F7CFA8B8DEDCA735
SHA-512:	63560216DF9BE9CD8145A2B1608A167D64546826672D2E412996879B5A235D3BCCDA95AD7FB47CFEBFE2560C5868BE45BD0DB4DCEC0D75A831416D642F7BDF6C
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......B.............PLTEmmmqqquuu\|\|\|....................................................................................................................................................................................................................................................................................................................................................................................y7.....IDATx...w.6v?._.'Y.m.Xz$.K:.S...N.].o.XvVY..6..6..!..4......?..o .rFn..{s".p....\.7.{%h!...DN\....p...G..t".$...mW.9.S.3F.=.[.I.S.?.?1&.o,.........,J..!...)(.."..;I...........{....dY....../.w..).^B.Oqj.f^..F.M.........\.V......e.W...}./....;...=^Y.....;.....kO.....w,.[.0.+....4..c/...9..(Q.a.....).`.BN..\_fww..#..........pP..Of.$.q:..y...1.L...".....7..].^...6R.G...-.... .o...a..........R5.....&ul@_PY.S.H.m...xK7.4......7.nN..h.....O.\|{W....~..]...<.....7....u_L.[.em!.oz.K..i.....?..m..X.p.Dx.Q.+4q......3..p[..2....).-..PLx.3

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\api_csv[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	19199
Entropy (8bit):	5.197356495898586
Encrypted:	false
SSDEEP:	384:TyBlZkgW9SQA2Ts0ucqyaYSlNT2zaWQj3YtaTu:ToZLSFucz0xj30aTu
MD5:	0A82C0A9C5203ADF3DB96050D93AEEE4
SHA1:	D9604F2D6A3EA31D26D4A841DA5EB8AEEB4F812E
SHA-256:	40C896CE4CD30D77741730BF200A55AA26F21C157935353C643BD929FF2BA160
SHA-512:	687E55BD9C3211A3DD2C0FBD48BADCD3A87AC92D3A96F78F331EEC5582075B68F842C6BCDB6EBBE9B9D7C1F6BC23EF096D284753A77833CC4954343B25F7AEC5
Malicious:	false
Reputation:	low
IE Cache URL:	https://ip-api.com/docs/api:csv
Preview:	<!DOCTYPE html><html lang="en"><head><style>html{visibility:hidden;opacity:0}</style><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name="description" content="Free IP Geolocation API - lookup any IP address"><meta name="keywords" content="ip api, ip geolocation, geoip, geolocation, ip to location, my ip address, reversedns, dns api, visitor localization, json ip, php ip, csv ip, xml ip"><title>IP-API.com - Geolocation API - Documentation - CSV</title><link rel="preload" href="/docs/static/dosis-v8-latin-200.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/dosis-v8-latin-500.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/dosis-v8-latin-regular.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/open-sans-v16-latin-300.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/open-sans-v

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\dns[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	6456
Entropy (8bit):	5.118370859649496
Encrypted:	false
SSDEEP:	192:+EHwgrNeBl6hJV7/arp+QmcTzVvbtl2tl/Dm7x82OaHzuv:T8BlMy9TVvIaTu
MD5:	898369F94FAF2C1AE63925B8A0AEBA39
SHA1:	E9D3E2D3713982EC952CF50E984EC0EA2AE8EB0A
SHA-256:	66305C660861EEDD3E71B9FDBCF968C45C36A5C65489F813A65B6E6A5A8EC936
SHA-512:	A50BF0ADEF4751E2A6013648D4953CBBBD75AAD1762BD30A08C052626E55D92C373161DD17487557E03861DA169EC03F30CFFFCDC632CA406EFC565A5F739C5F
Malicious:	false
Reputation:	low
IE Cache URL:	https://ip-api.com/docs/dns
Preview:	<!DOCTYPE html><html lang="en"><head><style>html{visibility:hidden;opacity:0}</style><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name="description" content="Free IP Geolocation API - lookup any IP address"><meta name="keywords" content="ip api, ip geolocation, geoip, geolocation, ip to location, my ip address, reversedns, dns api, visitor localization, json ip, php ip, csv ip, xml ip"><title>IP-API.com - Geolocation API - Documentation - DNS JSON</title><link rel="preload" href="/docs/static/dosis-v8-latin-200.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/dosis-v8-latin-500.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/dosis-v8-latin-regular.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/open-sans-v16-latin-300.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/open-s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\dosis-v8-latin-200[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 31924, version 1.1
Category:	downloaded
Size (bytes):	31924
Entropy (8bit):	7.9854626303242355
Encrypted:	false
SSDEEP:	768:K+Te0K5kQoZ0FZIbOlsl+J7JN/GslbW0aMRGWK5zFqx6P:K+a0+kQLZIKlsWzDaGK5o6P
MD5:	41E1EEEA5C027DB3BCCD023C2103511F
SHA1:	F25245F927DD9915F149003BC1BB323522EDE0B8
SHA-256:	D10E3DB846DEC70863B69BE68F185CE85ED19BE46CC91E398DF9647D7DCF7267
SHA-512:	F443BF5DE21B852D5C623BC60ADE448D18D5942EE7E869F215F02DF09CE879346022D58426D5B08F18E544B32FF34F9E998B12354E683E65F187511B6235E119
Malicious:	false
Reputation:	low
IE Cache URL:	https://ip-api.com/docs/static/dosis-v8-latin-200.woff
Preview:	wOFF......\|........,........................GDEF.......9...L.u.?GPOS.......W..%..g.GSUB...<........B.J.OS/2.......Y...`h.+.VDMX...<...A....t.{.cmap..............cvt .......$...$... fpgm...<...l.....r..gasp................glyf......P........hdmx..j`...n.....f.ohead..t....6...6....hhea..u........$.Y.ohmtx..u(...&....~n(Yloca..wP.........;:Jmaxp..y.... ... ...Hname..y<.......x7.R.post..zX.........$.dprep..\|.........N..x...1.D....y.Z.g&.....A.L5..P..'..N..e4..U........[=.%.....x.D...]A.@....m.m....8.....u..jw.9c..HF.J...;a.....E......m.WC!.I.H.Lc...(`G.=x.\|...B...%.....&..b..)N.."..e.YN6.}.n..y(...:WO.7......wl..>.S#.4.O.V/..%t:]D..K.o..u.=.({U....U........k...&.).r.z...e......iv...4...$...].8~.8.6&....mg......1'.c...q.H.<..a...................#"R$R.A...HFn.y.,...YiHc..T.5..I_.......0...e..i^.fy....:.....7.C.`>.8.B.s..\.6...C6....[o...L.t.5..f.....m..'M..9u.J..S..-333.cF...gl?.....n1.+..`-..C. .i$.d.....G.j.,..D..k._.....r......{A.b......!...".2....,.Q.5`_

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\json[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	426
Entropy (8bit):	4.816924614965451
Encrypted:	false
SSDEEP:	6:YWybuhPyQmJHJCSKaixIFIL4aWW5nqXUCpqg+jdSz9E0pPfH/9dqj1RAmLRa7:YWybuhP1m3kIyUaWWWX5+lcfnKY+Y
MD5:	2F39736C3D301F8E5E144E8DF2677310
SHA1:	6E3C5717B1889001DD9D6920D8ABAD9EED72F5D7
SHA-256:	5018C1A64769E877AF2C3E128B949D7CDE305F5F36AB2288CB66DA2A1887081F
SHA-512:	9244CFB8E25CD75A92E3B62F0BA789A96A1D228C858EB200AB8E7CE69EF02D3FA33BA8A7E64AB3A0DC3F21879EEB30445747004A2D0F81A2649CD52F21C2E08E
Malicious:	false
Reputation:	low
IE Cache URL:	https://demo.ip-api.com/json/?fields=66842623&lang=en
Preview:	{"status":"success","continent":"Europe","continentCode":"EU","country":"Switzerland","countryCode":"CH","region":"ZH","regionName":"Zurich","city":"Zurich","district":"","zip":"8152","lat":47.43,"lon":8.5718,"timezone":"Europe/Zurich","offset":7200,"currency":"CHF","isp":"Datacamp Limited","org":"Cdn77 ZUR ITX","as":"AS60068 Datacamp Limited","asname":"CDN77","mobile":true,"proxy":true,"hosting":true,"query":"84.17.52.3"}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\open-sans-v16-latin-300[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 18668, version 1.1
Category:	downloaded
Size (bytes):	18668
Entropy (8bit):	7.969106009002288
Encrypted:	false
SSDEEP:	384:Wv4QHZChiRh3lwLOf8cWN78NXpcr6gBUA9CD/q4cOPZmPO:WvwhNOkvvxC7qnc
MD5:	A7622F60C56DDD5301549A786B54E6E6
SHA1:	D55574524345932DB3968C675E1AEA08C68A456F
SHA-256:	6E8A28A0638C920E5B76177E5F03BA94FCDEDD3E3ECD347C333D82876B51C9C0
SHA-512:	1A842E5EDFFFFBAE353AD16545D9886E3E176755F22B86ECCC9B8B010FC79DB7194B7C5518CC190BF5B78B332C7D542B70A6A53B3BAF23366708DF348C2C2D49
Malicious:	false
Reputation:	low
IE Cache URL:	https://members.ip-api.com/static/open-sans-v16-latin-300.woff
Preview:	wOFF......H.......n0........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`}...cmap...`.........X..cvt .......]........fpgm...t........~a..gasp...............#glyf... ..8...WP..M.head..@....6...6..F.hhea..A........$...chmtx..A8.........._{loca..CL........K.4&maxp..E.... ... ....name..E0........"c?Jpost..F........x.U..prep..G........:..]........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`fig.a`e``..j...(.../2.1..`b.ffcfeabbi``Pg``..b.. 0t.vfp`P...M...C.G/S....\|...=.6 .....m/....x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f\|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$K..$..`.g.e........ .......R.g......?......x.)d...........$...."....0.#.A@X..0......x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.\|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\open-sans-v16-latin-600[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 18696, version 1.1
Category:	downloaded
Size (bytes):	18696
Entropy (8bit):	7.96597476007567
Encrypted:	false
SSDEEP:	384:yeQHZsdOZKOIVrf0uvAxZEw5w7Yc3XGi/L6:dBbVwuvAYYw7THc
MD5:	449D681CD6006390E1BEE3C3A660430B
SHA1:	2A9777AFC07BF0BB4BB48F233ED7C4BCBDB60760
SHA-256:	57C79375B1419EE1D984F443CDA77C04B9B38C0BE5330B2D41D65103115FFD72
SHA-512:	8B8436670BB4D742AFA60ABA29D7A78F3788CBEF9353C2896AA492618CF1B22E9A0679972AB930E2F2D4732F3B979C023D25AA0FA86C813AC674524FD4ECA2BE
Malicious:	false
Reputation:	low
IE Cache URL:	https://members.ip-api.com/static/open-sans-v16-latin-600.woff
Preview:	wOFF......I.......m.........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`.-..cmap...`.........X..cvt .......[.......4fpgm...p........~a..gasp................glyf......8...W.J.4.head..A....6...6...Mhhea..A<.......$...#hmtx..A\... .....lT.loca..C\|........6..umaxp..E@... ... .t..name..E`........#.@Ppost..FP.......x.U..prep..H.........x..n........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`fy.......:....Q.B3_dHc.........................@`........./..?....^...... 9. .m@J..........x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f\|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$KY...e@.,A.".m....x.......3......?.[.o...2...:...a..b.)@.Y.....v1.b4d...36 ..x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.\|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N.KG.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\open-sans-v16-latin-regular[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 18100, version 1.1
Category:	downloaded
Size (bytes):	18100
Entropy (8bit):	7.962027637722169
Encrypted:	false
SSDEEP:	384:aHQHZuiZQFFIimUy1oml4hN2Vmw1Qa57YC74ObDDj08X0UJQiXc:1ZQT0UySml4bEmAP5EC7PbDH4U1M
MD5:	DE0869E324680C99EFA1250515B4B41C
SHA1:	8033A128504F11145EA791E481E3CF79DCD290E2
SHA-256:	81F0EC27796225EA29F9F1C7B74F083EDCD7BC97A09D5FC4E8D03C0134E62445
SHA-512:	CD616DB99B91C6CBF427969F715197D54287BAFA60C3B58B93FF7837C21A6AAC1A984451AEEB9E07FD5B1B0EC465FE020ACBE1BFF8320E1628E970DDF37B0F0E
Malicious:	false
Reputation:	low
IE Cache URL:	https://members.ip-api.com/static/open-sans-v16-latin-regular.woff
Preview:	wOFF......F.......i.........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`~]..cmap...`.........X..cvt .......Y.....M..fpgm...p........~a..gasp...............#glyf......6...S...]head..>....6...6..cphhea..>........$....hmtx..?...........[$loca..A4.........f..maxp..B.... ... ....name..C.........&:A.post..D........x.U..prep..E.........C...........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`f..8.....u..1...<.f...................A......5....1...A.._6..".-..L.....Ar,......3..(....x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f\|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$KY...e@.,.."..........?....%.g....Z.....(".o..Y..Bu342.e......0..........M=.....x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.\|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N.KG.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\page[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	21105
Entropy (8bit):	5.193072150361261
Encrypted:	false
SSDEEP:	192:FI3IOGvop+Viu3UsgPn5WyjB7kZeT+vKraWcLmP54lHUXOSDbhOvhD9AQEu3UW7:C5sgPUpCr1cLQaoqWVW7
MD5:	951DC40A0089186092EFC515089F29D3
SHA1:	37E3A1F158CEB25983D830C04FFE8005DA89CCFA
SHA-256:	9307C88AE0698E65E70A85E7F24E30D737DB1F10D590260524180A8E99C755F8
SHA-512:	312597ECBCE74B88E64FCD90EC43520FED3F115CB6B92A3D1EDDFFAAB6237396D5F1BE1CE0D380E3554A08A6EB156E8DBD9CC75CECEA32F0FE6ABA95C9C4AE76
Malicious:	false
Reputation:	low
IE Cache URL:	https://ip-api.com/docs/static/page.css
Preview:	@charset "UTF-8";p,pre{margin-top:0}article,figcaption,figure,footer,header,main,nav,pre,section{display:block}button,hr,input{overflow:visible}.col,.col-6,.container{width:100%}.btn,.navbar-brand{white-space:nowrap}.btn:not(:disabled):not(.disabled),.close:not(:disabled):not(.disabled),.navbar-toggler:not(:disabled):not(.disabled),.page-link:not(:disabled):not(.disabled){cursor:pointer}.btn:focus,.btn:hover,.nav-link:focus,.nav-link:hover,.navbar-brand:focus,.navbar-brand:hover,a{text-decoration:none}#map,.header,.section{background-repeat:no-repeat}:root{--blue:#50a1ff;--indigo:#6610f2;--purple:#926dde;--pink:#e83e8c;--red:#ff4954;--orange:#ffbe00;--yellow:#ffba00;--green:#3cd458;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#868e96;--gray-dark:#343a40;--primary:#50a1ff;--secondary:#e9ecf0;--success:#3cd458;--info:#926dde;--warning:#ffba00;--danger:#ff4954;--light:#f8f9fa;--dark:#191919;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoi

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\HFZ2TU7M.htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	9843
Entropy (8bit):	5.264444100049364
Encrypted:	false
SSDEEP:	192:+EHXgrdCeBl6hJy+7jVEct2pYLDD1veCxoEoH7ixhRYk/yKjFOY6yx6da3JXtYef:TUBlhor8povmEhR1/y0CywBkaTu
MD5:	EFE8DE420991E6DD1A0D703DBB0F983D
SHA1:	A1C150369994F1C0B6B94CB624362870B93293E7
SHA-256:	D33D0CC690F10975F56097385A4C93BF2B3AD959A3040767D92AC4DDB16287B6
SHA-512:	82C1675AA53658BC4C81D61713EBD0078B03BF1CF6B499B92703663B1053BCCD879CB599012E954B746547B8B0DDDD1F2F44B1DA60489AE2B5B0E4F3A996DED2
Malicious:	false
Reputation:	low
IE Cache URL:	https://ip-api.com/
Preview:	<!DOCTYPE html><html lang="en"><head><style>html{visibility:hidden;opacity:0}</style><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name="description" content="Free IP Geolocation API - lookup any IP address"><meta name="keywords" content="ip api, ip geolocation, geoip, geolocation, ip to location, my ip address, reversedns, dns api, visitor localization, json ip, php ip, csv ip, xml ip"><title>IP-API.com - Geolocation API</title><link rel="preload" href="/docs/static/dosis-v8-latin-200.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/dosis-v8-latin-500.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/dosis-v8-latin-regular.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/open-sans-v16-latin-300.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/open-sans-v16-latin-600.woff2" as

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\api_batch[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	25124
Entropy (8bit):	5.298908392311802
Encrypted:	false
SSDEEP:	384:TcBlxiKW9RRTs0u1qygYSlNT2zaW3jjOlYGaTu:Tyxncu1zmojOl9aTu
MD5:	29DC41D04F32DD17759FB19636C39F65
SHA1:	B3812F64FD300A3A821541B648E4D46CB0C067FB
SHA-256:	2543F5DC5C8C4F4FDC8FFB3C6EF03A71CCDB91C28D45A45515945FD8CF265F80
SHA-512:	E21BA97AFA84E3FADF368669860C0EF83ED1C292763A54996C5F5A4186D9D3438824BAE7D259FC93B30CB7602FDB93FD84AEEC9715A075078760D3F6ED9D4E74
Malicious:	false
Reputation:	low
IE Cache URL:	https://ip-api.com/docs/api:batch
Preview:	<!DOCTYPE html><html lang="en"><head><style>html{visibility:hidden;opacity:0}</style><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name="description" content="Free IP Geolocation API - lookup any IP address"><meta name="keywords" content="ip api, ip geolocation, geoip, geolocation, ip to location, my ip address, reversedns, dns api, visitor localization, json ip, php ip, csv ip, xml ip"><title>IP-API.com - Geolocation API - Documentation - Batch JSON</title><link rel="preload" href="/docs/static/dosis-v8-latin-200.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/dosis-v8-latin-500.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/dosis-v8-latin-regular.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/open-sans-v16-latin-300.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/open

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\api_xml[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	19772
Entropy (8bit):	5.235557354330607
Encrypted:	false
SSDEEP:	384:TRBlKkZW9J6Ts0ucqyaYSlNT2zaW5jTY8OaTu:TVKKtucz0gjTpOaTu
MD5:	5E973D9DDB45A797F09451F0F78CFA4D
SHA1:	2F223F5EB6A61787CECFEB76A1207F71D9AA3D4D
SHA-256:	C844FEC7832C409E1B829C80477F6283ABC927DCF59EC95A705802C836D4CA64
SHA-512:	9F56AFBCC2127107D59F2FD75F26EB24BD74933B11D3EC803C0E759D2AD56B97551F917923F07E7DE797F9E7BFC4B47FCC0D001E3CB07D04D56C7087D4563B58
Malicious:	false
Reputation:	low
IE Cache URL:	https://ip-api.com/docs/api:xml
Preview:	<!DOCTYPE html><html lang="en"><head><style>html{visibility:hidden;opacity:0}</style><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name="description" content="Free IP Geolocation API - lookup any IP address"><meta name="keywords" content="ip api, ip geolocation, geoip, geolocation, ip to location, my ip address, reversedns, dns api, visitor localization, json ip, php ip, csv ip, xml ip"><title>IP-API.com - Geolocation API - Documentation - XML</title><link rel="preload" href="/docs/static/dosis-v8-latin-200.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/dosis-v8-latin-500.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/dosis-v8-latin-regular.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/open-sans-v16-latin-300.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/open-sans-v

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\dosis-v8-latin-regular[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 33256, version 1.1
Category:	downloaded
Size (bytes):	33256
Entropy (8bit):	7.983971291164109
Encrypted:	false
SSDEEP:	768:pK7R+o10vHMv9FuZV4GILJnQAt3g11RNrCOSMU68Uwt6l:pd+lFFGcnQAtMWON8P6l
MD5:	E8182A465184C873CAE61A5A4F8358BA
SHA1:	1EB804981115FA3C215B911C8DAD0370A47AAB03
SHA-256:	ACF6B9CC439BB0FC83AB0BA5CC79CE26E7E6236BD08F7FCF0C572B621EB07C54
SHA-512:	C2957154B1BF571F69B199338B82E5FF063A8151A890E40F67D9B84D29D1DDF878CA8510E9236A1DFB88FC694D42907A51D52B9848AE08447FA5E66D5E8F7454
Malicious:	false
Reputation:	low
IE Cache URL:	https://members.ip-api.com/static/dosis-v8-latin-regular.woff
Preview:	wOFF........................................GDEF.......9...L.u.?GPOS..........#..'`.GSUB............B.J.OS/2.......Z...`iu..VDMX.......A....t.{.cmap...4..........cvt .......8...8....fpgm.......l.....r..gasp...p............glyf...\|..V....<....hdmx..ox...[....n.Q.head..y....6...6....hhea..z........$....hmtx..z,...-.....`$8loca..\|\...........maxp..~(... ... ...Hname..~H.......`5nP.post...`.........$.dprep...$.......V....x...1.D....y.Z.g&.....A.L5..P..'..N..e4..U........[=.%.....x.D..GDA........%.T...@%..R.^.J.Ut.:...(..@.....}....$...!..p......a.@.h@;...6.3`X.......%../.i..............V?.[O.e..o..N.k.......UcM..2SfC...eMH.T.2..%.`~.[.vJ.v.nQ...W[.l............\|...../.cw..]..].......Vi.K...].%..u..wN...X!..J...>....$1..9..1f_d.t.b.C..5?.Y.2W.=.^h.....(t.V. %.1.c.....f...l...E......1.#1....S..s.b.w.b./...r..l.....6.m.c3.....c}.m.c.m.._3...7F..vU.S..M.....zF..Y.h.j............4...3...3.....S.S.v]e.XFu......=...x.Y...~.yB..nb0^.....*c]aB......V.d.fp.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 1 icon, 16x16
Category:	downloaded
Size (bytes):	1406
Entropy (8bit):	0.7921302486136951
Encrypted:	false
SSDEEP:	3:X2LFllvlNl/McBiuH/nltlnVltdnX/ldnXFlnnXfnnXnlSSvnC/3nP/nVn//vlvV:GJfSy23M///Ptkn
MD5:	0A1A5548D6A51947B36E91C847F67F6E
SHA1:	43606AE6ABAAF891C4DEDB1E119B8531F847B6E7
SHA-256:	A1076C39DB3C083EF2E72164546601A85C66E3E187E0C5A9AAEF8A27D144ECBE
SHA-512:	7748145A4E079F79607E106FBC9E4C6F72B40A79B9DFD15D5B05FC2E9B9AFFD452A025C6230CD31014C28A1AEF1CAEC9B34747720E7098AF58EC80FECDA4D6A4
Malicious:	false
Reputation:	low
IE Cache URL:	https://members.ip-api.com/favicon.ico
Preview:	..............h.......(....... ...........@.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\map[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	251352
Entropy (8bit):	5.410307881309561
Encrypted:	false
SSDEEP:	3072:ygZm0H5HO5+gCKWZyPmHQ47GKYNg5qRFPtMxGdytVLbCSv6217lW:yim0Zu5+LBy+HQ47GKibdyKm6
MD5:	094C52879827C70DCE16179EEA32568D
SHA1:	9F3D253B53FCC62A50B0FE613AEECC36A85739A0
SHA-256:	32EEE0499D8CA17A2A7FA08C9ACD5CA3BDD774E0E25EC0C3B839BE211DEF3271
SHA-512:	7334A73864B976CAB389FCE2428A7EFE9615126AC6A2E75917D9F5292004AEA6E98D03E42DBC903357CBAACF1853A1F6D8E505B43527D13844F88284AA67450C
Malicious:	false
Reputation:	low
IE Cache URL:	https://members.ip-api.com/static/map.js?4
Preview:	/! jQuery v3.4.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],E=C.document,r=Object.getPrototypeOf,s=t.slice,g=t.concat,u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?n[o.call(e)]\|\|"object":typeof e}var

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\open-sans-v16-latin-300[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 18668, version 1.1
Category:	downloaded
Size (bytes):	18668
Entropy (8bit):	7.969106009002288
Encrypted:	false
SSDEEP:	384:Wv4QHZChiRh3lwLOf8cWN78NXpcr6gBUA9CD/q4cOPZmPO:WvwhNOkvvxC7qnc
MD5:	A7622F60C56DDD5301549A786B54E6E6
SHA1:	D55574524345932DB3968C675E1AEA08C68A456F
SHA-256:	6E8A28A0638C920E5B76177E5F03BA94FCDEDD3E3ECD347C333D82876B51C9C0
SHA-512:	1A842E5EDFFFFBAE353AD16545D9886E3E176755F22B86ECCC9B8B010FC79DB7194B7C5518CC190BF5B78B332C7D542B70A6A53B3BAF23366708DF348C2C2D49
Malicious:	false
Reputation:	low
IE Cache URL:	https://ip-api.com/docs/static/open-sans-v16-latin-300.woff
Preview:	wOFF......H.......n0........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`}...cmap...`.........X..cvt .......]........fpgm...t........~a..gasp...............#glyf... ..8...WP..M.head..@....6...6..F.hhea..A........$...chmtx..A8.........._{loca..CL........K.4&maxp..E.... ... ....name..E0........"c?Jpost..F........x.U..prep..G........:..]........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`fig.a`e``..j...(.../2.1..`b.ffcfeabbi``Pg``..b.. 0t.vfp`P...M...C.G/S....\|...=.6 .....m/....x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f\|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$K..$..`.g.e........ .......R.g......?......x.)d...........$...."....0.#.A@X..0......x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.\|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\open-sans-v16-latin-600[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 18696, version 1.1
Category:	downloaded
Size (bytes):	18696
Entropy (8bit):	7.96597476007567
Encrypted:	false
SSDEEP:	384:yeQHZsdOZKOIVrf0uvAxZEw5w7Yc3XGi/L6:dBbVwuvAYYw7THc
MD5:	449D681CD6006390E1BEE3C3A660430B
SHA1:	2A9777AFC07BF0BB4BB48F233ED7C4BCBDB60760
SHA-256:	57C79375B1419EE1D984F443CDA77C04B9B38C0BE5330B2D41D65103115FFD72
SHA-512:	8B8436670BB4D742AFA60ABA29D7A78F3788CBEF9353C2896AA492618CF1B22E9A0679972AB930E2F2D4732F3B979C023D25AA0FA86C813AC674524FD4ECA2BE
Malicious:	false
Reputation:	low
IE Cache URL:	https://ip-api.com/docs/static/open-sans-v16-latin-600.woff
Preview:	wOFF......I.......m.........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`.-..cmap...`.........X..cvt .......[.......4fpgm...p........~a..gasp................glyf......8...W.J.4.head..A....6...6...Mhhea..A<.......$...#hmtx..A\... .....lT.loca..C\|........6..umaxp..E@... ... .t..name..E`........#.@Ppost..FP.......x.U..prep..H.........x..n........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`fy.......:....Q.B3_dHc.........................@`........./..?....^...... 9. .m@J..........x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f\|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$KY...e@.,A.".m....x.......3......?.[.o...2...:...a..b.)@.Y.....v1.b4d...36 ..x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.\|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N.KG.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\open-sans-v16-latin-regular[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 18100, version 1.1
Category:	downloaded
Size (bytes):	18100
Entropy (8bit):	7.962027637722169
Encrypted:	false
SSDEEP:	384:aHQHZuiZQFFIimUy1oml4hN2Vmw1Qa57YC74ObDDj08X0UJQiXc:1ZQT0UySml4bEmAP5EC7PbDH4U1M
MD5:	DE0869E324680C99EFA1250515B4B41C
SHA1:	8033A128504F11145EA791E481E3CF79DCD290E2
SHA-256:	81F0EC27796225EA29F9F1C7B74F083EDCD7BC97A09D5FC4E8D03C0134E62445
SHA-512:	CD616DB99B91C6CBF427969F715197D54287BAFA60C3B58B93FF7837C21A6AAC1A984451AEEB9E07FD5B1B0EC465FE020ACBE1BFF8320E1628E970DDF37B0F0E
Malicious:	false
Reputation:	low
IE Cache URL:	https://ip-api.com/docs/static/open-sans-v16-latin-regular.woff
Preview:	wOFF......F.......i.........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`~]..cmap...`.........X..cvt .......Y.....M..fpgm...p........~a..gasp...............#glyf......6...S...]head..>....6...6..cphhea..>........$....hmtx..?...........[$loca..A4.........f..maxp..B.... ... ....name..C.........&:A.post..D........x.U..prep..E.........C...........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`f..8.....u..1...<.f...................A......5....1...A.._6..".-..L.....Ar,......3..(....x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f\|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$KY...e@.,.."..........?....%.g....Z.....(".o..Y..Bu342.e......0..........M=.....x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.\|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N.KG.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\api_json[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	28891
Entropy (8bit):	5.317268272095369
Encrypted:	false
SSDEEP:	384:TsBllkWG9WjTs0ucqygYSlNT2zaW5Lm4dr+IRjBYraTu:TilXLuczmum4drnjBgaTu
MD5:	C15578C3F736BA6FD1586F18A6D50597
SHA1:	90FF9EE2E8EEC0FC43A7E1BEF18D82A46EE80953
SHA-256:	B7A302DE965F7D05A44AE92E6B78ABB791020D042FC39865D69D9E4DCE0D6C62
SHA-512:	B6819D1527FED9650FB9E203381356213069875F6EA14644DB9BB4C5DBB7F01BBCB8671A3F7229C794A341F62F2B7D99B87A9A203A750C15D795AA777E0072BE
Malicious:	false
Reputation:	low
IE Cache URL:	https://ip-api.com/docs/api:json
Preview:	<!DOCTYPE html><html lang="en"><head><style>html{visibility:hidden;opacity:0}</style><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name="description" content="Free IP Geolocation API - lookup any IP address"><meta name="keywords" content="ip api, ip geolocation, geoip, geolocation, ip to location, my ip address, reversedns, dns api, visitor localization, json ip, php ip, csv ip, xml ip"><title>IP-API.com - Geolocation API - Documentation - JSON</title><link rel="preload" href="/docs/static/dosis-v8-latin-200.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/dosis-v8-latin-500.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/dosis-v8-latin-regular.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/open-sans-v16-latin-300.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/open-sans-

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\api_newline_separated[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	19053
Entropy (8bit):	5.200918646740287
Encrypted:	false
SSDEEP:	384:TeBlZkiW9SvTs0ucqyaYSlNT2zaWQj5YPaTu:TEZfDucz0xj5UaTu
MD5:	C6A57259D696CF48ED1734D95EDE1EEC
SHA1:	84FED0F835EF6A59E5834471C3A2F13B348533E4
SHA-256:	7600F873944FA4A690B049A70D22AA964CF45B22A64072F8A6796CDA48CE6ED8
SHA-512:	F14C354357C01C647314804C6F147FA1BF494B198AE9752C8A70E0C030F101BE2A1D550B67F419E5A09A2224A55A00866710B0A884213DEDE08ACBFC0BA996F1
Malicious:	false
Reputation:	low
IE Cache URL:	https://ip-api.com/docs/api:newline_separated
Preview:	<!DOCTYPE html><html lang="en"><head><style>html{visibility:hidden;opacity:0}</style><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name="description" content="Free IP Geolocation API - lookup any IP address"><meta name="keywords" content="ip api, ip geolocation, geoip, geolocation, ip to location, my ip address, reversedns, dns api, visitor localization, json ip, php ip, csv ip, xml ip"><title>IP-API.com - Geolocation API - Documentation - Newline</title><link rel="preload" href="/docs/static/dosis-v8-latin-200.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/dosis-v8-latin-500.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/dosis-v8-latin-regular.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/open-sans-v16-latin-300.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/open-sa

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\correction[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	103395
Entropy (8bit):	5.514000490676954
Encrypted:	false
SSDEEP:	1536:TMe3wIWKAN/i5ggFz2c9Eqqs2mt3XaTdxJubSm5f6lDnEn+INTu:TMeAIWraHFzKqqs33XYdjHm5eEn+I4
MD5:	E107D840B772675DCE190A257C514940
SHA1:	B51777F78A6B3AC8A807A4677DB7B443386116ED
SHA-256:	6DD7CB6FBF872A41F5B82127C549DB52EE0AB73F99C8F10BC8AD3D5BEB52EC27
SHA-512:	A4E058E5E42094ADA29E6B344E2CD17FDA874475C5500E16E7ADE74D338F9DB99073D38C1F81C35E4A1760F2559270FD780398F2D71D6271D71DE9C793D96F4E
Malicious:	false
Reputation:	low
IE Cache URL:	https://ip-api.com/docs/correction
Preview:	<!DOCTYPE html><html lang="en"><head><style>html{visibility:hidden;opacity:0}</style><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name="description" content="Free IP Geolocation API - lookup any IP address"><meta name="keywords" content="ip api, ip geolocation, geoip, geolocation, ip to location, my ip address, reversedns, dns api, visitor localization, json ip, php ip, csv ip, xml ip"><title>IP-API.com - Geolocation API - Data correction</title><link rel="preload" href="/docs/static/dosis-v8-latin-200.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/dosis-v8-latin-500.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/dosis-v8-latin-regular.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/open-sans-v16-latin-300.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/open-sans-v16-l

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\docs[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	4569
Entropy (8bit):	5.032936082973637
Encrypted:	false
SSDEEP:	96:TqEJWVOvKnbgrNDeBggv6hJQ38JctXBFmejG2OaHLvHvuv:+EHIgrNeBl6hJ28Jc5BFmejG2OaHzuv
MD5:	FD145DD7256C8E32F28470FBC58F4098
SHA1:	06EC132F00FFA34554E6A6312D511CFB46573295
SHA-256:	2141FD929D567484DD4DDDAFFC905EF1E7941F39C7566FFF84B2C1E7E02632CE
SHA-512:	20F9EE965C01F95BF9B1551B3A7ADF749E45BB18BB87C72D1D0F005C3590DC041884A6A6AAD60646A20560D2D6E1374B10E388BC413854BC24ECD8D8BE25BF11
Malicious:	false
Reputation:	low
IE Cache URL:	https://ip-api.com/docs
Preview:	<!DOCTYPE html><html lang="en"><head><style>html{visibility:hidden;opacity:0}</style><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name="description" content="Free IP Geolocation API - lookup any IP address"><meta name="keywords" content="ip api, ip geolocation, geoip, geolocation, ip to location, my ip address, reversedns, dns api, visitor localization, json ip, php ip, csv ip, xml ip"><title>IP-API.com - Geolocation API - Documentation</title><link rel="preload" href="/docs/static/dosis-v8-latin-200.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/dosis-v8-latin-500.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/dosis-v8-latin-regular.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/open-sans-v16-latin-300.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/open-sans-v16-lat

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\dosis-v8-latin-200[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 31924, version 1.1
Category:	downloaded
Size (bytes):	31924
Entropy (8bit):	7.9854626303242355
Encrypted:	false
SSDEEP:	768:K+Te0K5kQoZ0FZIbOlsl+J7JN/GslbW0aMRGWK5zFqx6P:K+a0+kQLZIKlsWzDaGK5o6P
MD5:	41E1EEEA5C027DB3BCCD023C2103511F
SHA1:	F25245F927DD9915F149003BC1BB323522EDE0B8
SHA-256:	D10E3DB846DEC70863B69BE68F185CE85ED19BE46CC91E398DF9647D7DCF7267
SHA-512:	F443BF5DE21B852D5C623BC60ADE448D18D5942EE7E869F215F02DF09CE879346022D58426D5B08F18E544B32FF34F9E998B12354E683E65F187511B6235E119
Malicious:	false
Reputation:	low
IE Cache URL:	https://members.ip-api.com/static/dosis-v8-latin-200.woff
Preview:	wOFF......\|........,........................GDEF.......9...L.u.?GPOS.......W..%..g.GSUB...<........B.J.OS/2.......Y...`h.+.VDMX...<...A....t.{.cmap..............cvt .......$...$... fpgm...<...l.....r..gasp................glyf......P........hdmx..j`...n.....f.ohead..t....6...6....hhea..u........$.Y.ohmtx..u(...&....~n(Yloca..wP.........;:Jmaxp..y.... ... ...Hname..y<.......x7.R.post..zX.........$.dprep..\|.........N..x...1.D....y.Z.g&.....A.L5..P..'..N..e4..U........[=.%.....x.D...]A.@....m.m....8.....u..jw.9c..HF.J...;a.....E......m.WC!.I.H.Lc...(`G.=x.\|...B...%.....&..b..)N.."..e.YN6.}.n..y(...:WO.7......wl..>.S#.4.O.V/..%t:]D..K.o..u.=.({U....U........k...&.).r.z...e......iv...4...$...].8~.8.6&....mg......1'.c...q.H.<..a...................#"R$R.A...HFn.y.,...YiHc..T.5..I_.......0...e..i^.fy....:.....7.C.`>.8.B.s..\.6...C6....[o...L.t.5..f.....m..'M..9u.J..S..-333.cF...gl?.....n1.+..`-..C. .i$.d.....G.j.,..D..k._.....r......{A.b......!...".2....,.Q.5`_

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\dosis-v8-latin-500[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 32948, version 1.1
Category:	downloaded
Size (bytes):	32948
Entropy (8bit):	7.9857875044436275
Encrypted:	false
SSDEEP:	768:9EEgQgQoP04kSlcqbmq6k3WvC4hQMmO47zm4dndQ1Y6ZC:aELgQYki6aWK4qMmOifdwY6ZC
MD5:	9B866E03D17AC7A7DCF6880AEEB268F9
SHA1:	89B45A49C00C4A036097326FBDBF80046784EEE4
SHA-256:	F922D1F6D8DB0C70C212DB650918A958FA27F212088684C2FD03267C14BFF9B1
SHA-512:	6483A22A36058B4FB6755C9FFCBCD7AA37FA0F093F8EF623A1F905ED68BE806878AC40D5EB40E509916FF6BDCC1F448753719CD85FEABF8FDC65C4970ECE3913
Malicious:	false
Reputation:	low
IE Cache URL:	https://ip-api.com/docs/static/dosis-v8-latin-500.woff
Preview:	wOFF........................................GDEF.......9...L.u.?GPOS.........."&.S.GSUB............B.J.OS/2...X...Z...`i./.VDMX.......A....t.{.cmap..............cvt .......2...2....fpgm.......l.....r..gasp...0............glyf...<..U......:..hdmx..n(...z........head..x....6...6....hhea..x........$....hmtx..x....)......!qloca..{(..........vmaxp..\|.... ... ...Hname..}........X4#Ospost..~,.........$.dprep...........B...rx...1.D....y.Z.g&.....A.L5..P..'..N..e4..U........[=.%.....x.D...XA.@...m.m.6....m.E...n..... ..d.(bh....h.(B.bH....bvh$.H...-..M..6.^...efYS6.m}g..w...\.^n...].E~S.UQU]..:..v..l........yuQ....>.:...K..^.O...~.....k...oR..&.)..G.QS..7C.d..,4..K..\|0.ln[....mu..6...P;>..f..o1B..;....c.?\VW9.O..........T.oy...h....Aa_.w.....~....".. 19...2...d...(G#.R......f...3<h.HF.1Ak&.m...e6.h...3.c.b.g..\|.r....!+y.s6....`+...+:G.IF.h/i..d..../of..W.....L6.e.5.......[.wwE....qAV.(....LpY......V.?..2K....3.......{.D..j..]6+..F.cu..1.C......!.M.V.r....D...a.).(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\dosis-v8-latin-500[2].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 32948, version 1.1
Category:	downloaded
Size (bytes):	32948
Entropy (8bit):	7.9857875044436275
Encrypted:	false
SSDEEP:	768:9EEgQgQoP04kSlcqbmq6k3WvC4hQMmO47zm4dndQ1Y6ZC:aELgQYki6aWK4qMmOifdwY6ZC
MD5:	9B866E03D17AC7A7DCF6880AEEB268F9
SHA1:	89B45A49C00C4A036097326FBDBF80046784EEE4
SHA-256:	F922D1F6D8DB0C70C212DB650918A958FA27F212088684C2FD03267C14BFF9B1
SHA-512:	6483A22A36058B4FB6755C9FFCBCD7AA37FA0F093F8EF623A1F905ED68BE806878AC40D5EB40E509916FF6BDCC1F448753719CD85FEABF8FDC65C4970ECE3913
Malicious:	false
Reputation:	low
IE Cache URL:	https://members.ip-api.com/static/dosis-v8-latin-500.woff
Preview:	wOFF........................................GDEF.......9...L.u.?GPOS.........."&.S.GSUB............B.J.OS/2...X...Z...`i./.VDMX.......A....t.{.cmap..............cvt .......2...2....fpgm.......l.....r..gasp...0............glyf...<..U......:..hdmx..n(...z........head..x....6...6....hhea..x........$....hmtx..x....)......!qloca..{(..........vmaxp..\|.... ... ...Hname..}........X4#Ospost..~,.........$.dprep...........B...rx...1.D....y.Z.g&.....A.L5..P..'..N..e4..U........[=.%.....x.D...XA.@...m.m.6....m.E...n..... ..d.(bh....h.(B.bH....bvh$.H...-..M..6.^...efYS6.m}g..w...\.^n...].E~S.UQU]..:..v..l........yuQ....>.:...K..^.O...~.....k...oR..&.)..G.QS..7C.d..,4..K..\|0.ln[....mu..6...P;>..f..o1B..;....c.?\VW9.O..........T.oy...h....Aa_.w.....~....".. 19...2...d...(G#.R......f...3<h.HF.1Ak&.m...e6.h...3.c.b.g..\|.r....!+y.s6....`+...+:G.IF.h/i..d..../of..W.....L6.e.5.......[.wwE....qAV.(....LpY......V.?..2K....3.......{.D..j..]6+..F.cu..1.C......!.M.V.r....D...a.).(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\dosis-v8-latin-regular[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 33256, version 1.1
Category:	downloaded
Size (bytes):	33256
Entropy (8bit):	7.983971291164109
Encrypted:	false
SSDEEP:	768:pK7R+o10vHMv9FuZV4GILJnQAt3g11RNrCOSMU68Uwt6l:pd+lFFGcnQAtMWON8P6l
MD5:	E8182A465184C873CAE61A5A4F8358BA
SHA1:	1EB804981115FA3C215B911C8DAD0370A47AAB03
SHA-256:	ACF6B9CC439BB0FC83AB0BA5CC79CE26E7E6236BD08F7FCF0C572B621EB07C54
SHA-512:	C2957154B1BF571F69B199338B82E5FF063A8151A890E40F67D9B84D29D1DDF878CA8510E9236A1DFB88FC694D42907A51D52B9848AE08447FA5E66D5E8F7454
Malicious:	false
Reputation:	low
IE Cache URL:	https://ip-api.com/docs/static/dosis-v8-latin-regular.woff
Preview:	wOFF........................................GDEF.......9...L.u.?GPOS..........#..'`.GSUB............B.J.OS/2.......Z...`iu..VDMX.......A....t.{.cmap...4..........cvt .......8...8....fpgm.......l.....r..gasp...p............glyf...\|..V....<....hdmx..ox...[....n.Q.head..y....6...6....hhea..z........$....hmtx..z,...-.....`$8loca..\|\...........maxp..~(... ... ...Hname..~H.......`5nP.post...`.........$.dprep...$.......V....x...1.D....y.Z.g&.....A.L5..P..'..N..e4..U........[=.%.....x.D..GDA........%.T...@%..R.^.J.Ut.:...(..@.....}....$...!..p......a.@.h@;...6.3`X.......%../.i..............V?.[O.e..o..N.k.......UcM..2SfC...eMH.T.2..%.`~.[.vJ.v.nQ...W[.l............\|...../.cw..]..].......Vi.K...].%..u..wN...X!..J...>....$1..9..1f_d.t.b.C..5?.Y.2W.=.^h.....(t.V. %.1.c.....f...l...E......1.#1....S..s.b.w.b./...r..l.....6.m.c3.....c}.m.c.m.._3...7F..vU.S..M.....zF..Y.h.j............4...3...3.....S.S.v]e.XFu......=...x.Y...~.yB..nb0^.....*c]aB......V.d.fp.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\logo[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 135 x 35, 8-bit gray+alpha, non-interlaced
Category:	downloaded
Size (bytes):	2548
Entropy (8bit):	7.785058834468214
Encrypted:	false
SSDEEP:	48:TgQ0fKGvnNekNoggr5seI1AIRTMk3onr9kF7hYq1OALo1wEKVhnRF/BEKjH:GBfNeUotr5EJOkYnrEeEOfAnfH
MD5:	450E1E9BFE21F65EB7BEF916427FA949
SHA1:	E2F0802708BBC2220B0944BA6FBA29F91F67BB79
SHA-256:	AC4EFAA93356CFD0C0DE1B22CDEF6E8408FFFF99D1E65F0E64972EDAEA2B5540
SHA-512:	3D492F57FCC415E146BF31E5AA0BD1FB63F603404CFD0870515673987636F7727135ABCAE5688A4FB7FDFD1C6667CAFB1DF6756953993EC5BDF2B5F780F47D08
Malicious:	false
Reputation:	low
IE Cache URL:	https://ip-api.com/docs/static/logo.png
Preview:	.PNG........IHDR.......#......c.y....gAMA......a.....sRGB........ cHRM..z&..............u0...`..:....p..Q<....bKGD.........pHYs...........~....5IDATh..{pT.............A.K..L..\F...."...R.a@nC)...T.#.tZ..2.......VJA..l-.J.Tt...,.(..K.m.9.c.n...l6.&.}.?.{..{..{..]........:p.w.....B...r.2S...<6...............(....n.....j$..^. .(....Hf.[..\c...F_v..w...q.......e.....9%\|.\|.\|=\|..N.>.%K.......d.rT..Z.]...;I..Y.d..-..F"..t\H..tc.p..L.L..0.....RK...Gu.4.J.K.....p#.N.....y..x.=&....{..=..Sn.......mK..V..T...!..@.]..n.. .LH..eN.`q..;...c........%....s.@..&.?..R...y..d1.c.6% ..t2.......P.%...n.J..p..W..%K..]...(K......7.ZY:......R..i.....Zk.=.:..QzY:#K.el...t.7....,..tu..5.Q.t.=..}f...N....:..7U..VL..7L..x.^@9..R.V...^....8.Lx..->c.A>..v...M..=.g....r.]..wA.z^S\.Q.11.......U......".?%K...m.sX.T...cZ......T.. Ku.S/....k..}...#....x.K....o9.....2."'y....c..(yqo.r.6...d>.>.Z.f.7.......Z!...R@.pm&.zI...T.\.{.^...........I......A.b..l.B.S..L....=..Caxl:..x.+<J.`.y..\...R.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\9FB58BD5.htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	18348
Entropy (8bit):	5.029335932098504
Encrypted:	false
SSDEEP:	384:8BollRH2tOWqtOMu8mtOz7rMw0E0u7pb3tvhFtgtuYtO3s/bCUt/PLl5y72Jjvi2:rZj/lGdR84vl
MD5:	9F195C801EC6D60E59F63334EAAF934C
SHA1:	C331B6D64471B13D1B48A25A13D9EEBD3D6512A8
SHA-256:	2FC74F92C70A5B438879B9D62F745D07A58A9632D95F6ED7626CB34A5AB1AA3B
SHA-512:	980C47BE6350449C58FD94D6C62765962EB8E7895F3F561D83D904EE66F974DEA4B63299D245AC68373BECBD0697ED977483816BB14747F434C2902FCA58F279
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>.<html lang="en">..<head>..<meta charset="utf-8">..<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">..<meta name="description" content="IP Geolocation API">..<title>ip-api \| pro</title>..<link rel="preload" href="/static/dosis-v8-latin-500.woff2" as="font" type="font/woff2" crossorigin>..<link rel="preload" href="/static/dosis-v8-latin-600.woff2" as="font" type="font/woff2" crossorigin>..<link rel="preload" href="/static/dosis-v8-latin-regular.woff2" as="font" type="font/woff2" crossorigin>..<link rel="preload" href="/static/open-sans-v16-latin-300.woff2" as="font" type="font/woff2" crossorigin>..<link rel="preload" href="/static/open-sans-v16-latin-600.woff2" as="font" type="font/woff2" crossorigin>..<link rel="preload" href="/static/open-sans-v16-latin-regular.woff2" as="font" type="font/woff2" crossorigin>..<link rel="stylesheet" href="/static/page.css?18">..<link rel="icon" href="/favicon.ico">..<script src="/static/scripts.js?17"

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\api_serialized_php[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	24643
Entropy (8bit):	5.259046490301884
Encrypted:	false
SSDEEP:	384:T+Bltty0W96jTs0ucqyaYSlNT2zaWRAdjexcn7QCjpYVaTu:TkttBFucz0EA+CjpsaTu
MD5:	8E453F15463AF4BB85EBD9839F5165AA
SHA1:	7BED4E0B719EF9A274B589C7F52E6FD0DDF626D3
SHA-256:	820441235C61DDC2ADE612EA2B7250B7A54B0001D4D7F37CF0F8C95DBC0460E6
SHA-512:	46218D1C954D356008CA239ECECEBCF1C991F1450ACCCEDD697E142203F39E2693A4E0DB3DBF034ADD08F38EC88D19C6F9ADA036BFCA8A5A2330AF8E7E09028A
Malicious:	false
Reputation:	low
IE Cache URL:	https://ip-api.com/docs/api:serialized_php
Preview:	<!DOCTYPE html><html lang="en"><head><style>html{visibility:hidden;opacity:0}</style><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name="description" content="Free IP Geolocation API - lookup any IP address"><meta name="keywords" content="ip api, ip geolocation, geoip, geolocation, ip to location, my ip address, reversedns, dns api, visitor localization, json ip, php ip, csv ip, xml ip"><title>IP-API.com - Geolocation API - Documentation - PHP</title><link rel="preload" href="/docs/static/dosis-v8-latin-200.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/dosis-v8-latin-500.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/dosis-v8-latin-regular.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/open-sans-v16-latin-300.woff2" as="font" type="font/woff2" crossorigin><link rel="preload" href="/docs/static/open-sans-v

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\bg[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 540x303, frames 3
Category:	downloaded
Size (bytes):	33821
Entropy (8bit):	7.974855749700058
Encrypted:	false
SSDEEP:	768:AcksVzh0BnQWSybX3maDMzmZJvTTrO7M+++IA1U57xGrhTxb:AuzKPjWmZRvwB1U57x4
MD5:	C00F4299B0D29389CB3A448C5D9661BD
SHA1:	D2523FC91F8BFE26816330BA019D7E2436FAF573
SHA-256:	57A7654BE2B6672BF6B780A65B642231A74CBD15556825E4C1E77FFA1D861DC1
SHA-512:	AB3AB35881D769EB2EEBA57E8A27B8D57C63AE9E8CBFD12B8F269BE48C8EA92AF423254F9906C7D25FE455D2EAE4A5B8F85E8D2C03E64AB50C3B9B0085A4EDD6
Malicious:	false
Reputation:	low
IE Cache URL:	https://ip-api.com/docs/static/bg.jpg
Preview:	......JFIF....................................................................................................................................................../...."......................................................................L..N.K........f.,....e.............(...)@.d......N.......E.....8...VL....M.uP........Q.......#.Z.....).B..D.`....}........!........T....=L..cMi.....!..k/....A.t......X@.(a.d.@.A....Z.Ca;.u....3.&)..<u.O.=i.[.....$M..g....p....L..q........{O...?.^..!.......\|...`..2X..E...W..J.....c..p.........q\..~ .H.G!...}............ ..e\|C.......... 5.;.^P.N...z..........$}..X....?;3{...!.\|t..."..=.{...%.%\|......w!\|......r{7m...~n.N......c./jk...>._...u.z...TH.p.<u...i>u..A...!\|...............\|..^d>E.{...).......{K\|...l..).....?;.....z....c...+..]2*:^y.U}.....K..;FsT..mu5...:.X.e.\|N..][:.....5.....)..q...9.b..\|.....~Yu.^Z...]p.s.^Y.....8........+...%...\..].Z.....`...;..i....{.y.w.o......E..e.W.&..^.......]mYU...!.....t.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\dosis-v8-latin-600[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 33112, version 1.1
Category:	downloaded
Size (bytes):	33112
Entropy (8bit):	7.985231276888421
Encrypted:	false
SSDEEP:	768:MPUBScoR0gImxoNIVLFzG0E2jYamA7c1kGuOO0Wol6jO:MMbj6G0ES7KknPK6y
MD5:	D510EC9740B3FFF5722FCAECCBCD6FC3
SHA1:	EC6B57542491F5EEC988DD567FAEFAFB400CCE1F
SHA-256:	9D662B571EDFCF8893A1284C41CC9B40A22A1B31998F4DA9430CDA3390D9822D
SHA-512:	EDCCB3CEB7A118A8822F01780E32CEAFF66A65E11AA39D9BCBF231E037885A2BC7ED36F25A07D444B72C1267053337EEE3F54DDEA356858FCDFCD122C6F12409
Malicious:	false
Reputation:	low
IE Cache URL:	https://ip-api.com/docs/static/dosis-v8-latin-600.woff
Preview:	wOFF.......X.......`........................GDEF.......9...L.u.?GPOS..........!\....GSUB............B.J.OS/2.......W...`j=0)VDMX.......A....t.{.cmap...8..........cvt .......6...6.v..fpgm.......l.....r..gasp...t............glyf......WA........hdmx..n....u......head..y<...6...6....hhea..yt.......$....hmtx..y....1.....0..loca..{.........~..Hmaxp..}.... ... ...Ename..}........h5.P.post..~..........$.dprep...........R.\|..x...1.D....y.Z.g&.....A.L5..P..'..N..e4..U........[=.%.....x.T....0.@.[w.m.m.m..g..lF.g...}..... !Y)...c.P<..._. ..... .F...~u...Q......3.A.Ue}..}..eK9^....nyV......\eU..........v.....j.:.n.............J.]....n.K...G..k.....a0.M5.MNS.u.M....u;.e.....t.lB..f..mi[5..m....xfGYi/.'.8....%...jG..=.N75..!.....}..../....~$.......AR.....%7.HGQ...RT''u..n.h....F9z....4`h.....&L..25h.L..UA....lb?.8.).q..L."...5..T...$i.._..v..m....6.g3..m....9.~.oEDoL..\|.......^1....gj..b.j.k..l..m.J...z..@...y.&h..l.};g..{.e.,...Z.V.N..P..(.O........:.6)..l.(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\dosis-v8-latin-600[2].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 33112, version 1.1
Category:	downloaded
Size (bytes):	33112
Entropy (8bit):	7.985231276888421
Encrypted:	false
SSDEEP:	768:MPUBScoR0gImxoNIVLFzG0E2jYamA7c1kGuOO0Wol6jO:MMbj6G0ES7KknPK6y
MD5:	D510EC9740B3FFF5722FCAECCBCD6FC3
SHA1:	EC6B57542491F5EEC988DD567FAEFAFB400CCE1F
SHA-256:	9D662B571EDFCF8893A1284C41CC9B40A22A1B31998F4DA9430CDA3390D9822D
SHA-512:	EDCCB3CEB7A118A8822F01780E32CEAFF66A65E11AA39D9BCBF231E037885A2BC7ED36F25A07D444B72C1267053337EEE3F54DDEA356858FCDFCD122C6F12409
Malicious:	false
Reputation:	low
IE Cache URL:	https://members.ip-api.com/static/dosis-v8-latin-600.woff
Preview:	wOFF.......X.......`........................GDEF.......9...L.u.?GPOS..........!\....GSUB............B.J.OS/2.......W...`j=0)VDMX.......A....t.{.cmap...8..........cvt .......6...6.v..fpgm.......l.....r..gasp...t............glyf......WA........hdmx..n....u......head..y<...6...6....hhea..yt.......$....hmtx..y....1.....0..loca..{.........~..Hmaxp..}.... ... ...Ename..}........h5.P.post..~..........$.dprep...........R.\|..x...1.D....y.Z.g&.....A.L5..P..'..N..e4..U........[=.%.....x.T....0.@.[w.m.m.m..g..lF.g...}..... !Y)...c.P<..._. ..... .F...~u...Q......3.A.Ue}..}..eK9^....nyV......\eU..........v.....j.:.n.............J.]....n.K...G..k.....a0.M5.MNS.u.M....u;.e.....t.lB..f..mi[5..m....xfGYi/.'.8....%...jG..=.N75..!.....}..../....~$.......AR.....%7.HGQ...RT''u..n.h....F9z....4`h.....&L..25h.L..UA....lb?.8.).q..L."...5..T...$i.._..v..m....6.g3..m....9.~.oEDoL..\|.......^1....gj..b.j.k..l..m.J...z..@...y.&h..l.};g..{.e.,...Z.V.N..P..(.O........:.6)..l.(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 1 icon, 16x16
Category:	downloaded
Size (bytes):	1406
Entropy (8bit):	0.7921302486136951
Encrypted:	false
SSDEEP:	3:X2LFllvlNl/McBiuH/nltlnVltdnX/ldnXFlnnXfnnXnlSSvnC/3nP/nVn//vlvV:GJfSy23M///Ptkn
MD5:	0A1A5548D6A51947B36E91C847F67F6E
SHA1:	43606AE6ABAAF891C4DEDB1E119B8531F847B6E7
SHA-256:	A1076C39DB3C083EF2E72164546601A85C66E3E187E0C5A9AAEF8A27D144ECBE
SHA-512:	7748145A4E079F79607E106FBC9E4C6F72B40A79B9DFD15D5B05FC2E9B9AFFD452A025C6230CD31014C28A1AEF1CAEC9B34747720E7098AF58EC80FECDA4D6A4
Malicious:	false
Reputation:	low
IE Cache URL:	https://ip-api.com/favicon.ico
Preview:	..............h.......(....... ...........@.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\json[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	426
Entropy (8bit):	4.816924614965451
Encrypted:	false
SSDEEP:	6:YEs/9dqjb+aVyQmJHJCSKaixIGjz5n35R9Pw6Rc1praLIIeupjlUC4:YH/nK6aV1m3kIEF5HY9tIeuppG
MD5:	FD7623C4BA8CCDC4D42B0E0CDB9E6CE5
SHA1:	AF666B5B653FF32DEB77FD16BB89348AE731B0FD
SHA-256:	025E2EAB74B94FA6A53527041EB044544FDD224158B4FD80F5D79AA8F32ADF68
SHA-512:	563DB9EAF62677F9C90FD09EC49CAC47A7F3D556C6D05747F8A8790E32B3C744309D47819347482C8367BA49C0B50E7DF0373BBF14A3D2FEB77F5E32B7B96591
Malicious:	false
Reputation:	low
IE Cache URL:	https://pro.ip-api.com/json/?fields=66842623&key=test-demo-pro
Preview:	{"as":"AS60068 Datacamp Limited","asname":"CDN77","city":"Zurich","continent":"Europe","continentCode":"EU","country":"Switzerland","countryCode":"CH","currency":"CHF","district":"","hosting":true,"isp":"Datacamp Limited","lat":47.43,"lon":8.5718,"mobile":true,"offset":7200,"org":"Cdn77 ZUR ITX","proxy":true,"query":"84.17.52.3","region":"ZH","regionName":"Zurich","status":"success","timezone":"Europe/Zurich","zip":"8152"}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\page[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	112799
Entropy (8bit):	5.928537964939661
Encrypted:	false
SSDEEP:	1536:mzGNg1O7PffXZ5+0JfVzynUzVvE4sa7DazS5wz+SP6DrjEm+bczT6ndR0s9sSOY4:mzP1O7/Z5+0JfVzynEZW6+SSd9Od9
MD5:	DDB24EC2585A52C1F219FD9DB5533514
SHA1:	57256903E38B19DF1B8910503F6337BE2B5FC9F4
SHA-256:	AB0E362B13D034E245B70DF7C2A127781F00405A1BD15F46A293E571D733EA1D
SHA-512:	5A49735A04D389A6280B1F0D2B40D09B5D1901CC5FB2331AA1321CB4F4FD8EC8FAA09056433A89B212B9E3E85154FEC47B5B7ED7CBC3B802EFC3E75C9638461D
Malicious:	false
Reputation:	low
IE Cache URL:	https://members.ip-api.com/static/page.css?18
Preview:	@charset "UTF-8";..:root {..--blue: #50a1ff;..--indigo: #6610f2;..--purple: #926dde;..--pink: #e83e8c;..--red: #ff4954;..--orange: #ffbe00;..--yellow: #ffba00;..--green: #3cd458;..--teal: #20c997;..--cyan: #17a2b8;..--white: #fff;..--gray: #868e96;..--gray-dark: #343a40;..--primary: #50a1ff;..--secondary: #e9ecf0;..--success: #3cd458;..--info: #926dde;..--warning: #ffba00;..--danger: #ff4954;..--light: #f8f9fa;..--dark: #191919;..--breakpoint-xs: 0;..--breakpoint-sm: 576px;..--breakpoint-md: 768px;..--breakpoint-lg: 992px;..--breakpoint-xl: 1200px;..--font-family-sans-serif: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";..--font-family-monospace: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace.}..,.::after,.::before {..-webkit-box-sizing: border-box;..box-sizing: border-box.}../ open-sans-300 - latin */.@font-face {. font-fam

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\scripts[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	137704
Entropy (8bit):	5.194295424252092
Encrypted:	false
SSDEEP:	3072:iz6Uups2s8wAckilABXxqL//iXaM0MOOv/P:iz6UQwAckiQqLyr0MOO/
MD5:	A73E38A50101CD4C9F3216675FB48753
SHA1:	B6AAC46B69026124D5132C2C9B04CFFD404C2002
SHA-256:	6C847E55FBEFF72E97CA78073ED7F8C850B74C240C987FA6D6B56CEAA0D1E332
SHA-512:	A8382662623BC0F663262FE93CB38833D877189106397929048967108C6A2AB9F0EB6EEB5C815369C413D02C671BC4787B52D55AC0B0757F9340E169F970B7E5
Malicious:	false
Reputation:	low
IE Cache URL:	https://members.ip-api.com/static/scripts.js?17
Preview:	function ajax(url, callback, data) {..this.getRequest = function() {...return window.ActiveXObject ? new ActiveXObject("Microsoft.XMLHTTP") : window.XMLHttpRequest ? new XMLHttpRequest : false..}...var req = getRequest();...req.onreadystatechange = function() {...if (req.readyState == 4 && req.status == 200) {....callback(req.responseText);...}..}..if (typeof data == "undefined") {...req.open('GET', url, true);...req.send();..} else {...req.open('POST', url, true);...req.setRequestHeader("Content-type", "application/x-www-form-urlencoded");...req.send(data);..}.}..function ajaxdocs(url, callback, data) {..this.getRequest = function() {...return window.ActiveXObject ? new ActiveXObject("Microsoft.XMLHTTP") : window.XMLHttpRequest ? new XMLHttpRequest : false..}...var req = getRequest();...req.onreadystatechange = function() {...if (req.readyState == 4) {....if(req.status == 200) {.....callback(req.responseText);....} else {.....updateElement("codeOutput", "error, HTTP code " + req.statu

C:\Users\user\AppData\Local\Temp\~DFD2F59548B362194B.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	146403
Entropy (8bit):	0.9788758202037123
Encrypted:	false
SSDEEP:	384:kBqoxKAuqR+FfDJ4b/bfL1Oo+budzNKFJz2loBS0XHJ1NDDaFGdNslNSJtRLVDK+:Jqj
MD5:	3E90DD6314E77E0A48E961121E9CC41E
SHA1:	907A3F38ECF438CB7635A4A6DCDA401C48A720C8
SHA-256:	2E2610181C2635C7DBF78498D3EEBDE3AD5E696E255E7E1597A23100A627A599
SHA-512:	A5C5F1E9AA90A0C80FE4880F869C346C06FBF0CE2F50E4D86A8D5BDFEFBDE4122957EA2A7147A44D11D85F1DF9C474571180DFC435A39F87528400E3D305BB80
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFF99153EF57A14353.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.47854742274487716
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loTmF9loTK9lWTDCHJbb:kBqoIRXfCHJbb
MD5:	9BC884D3523A8257EA28D18670FF3D0E
SHA1:	DA1FC0B400EEA1316E72BAA7B34767E56EDA4BBD
SHA-256:	CD39A51E133B0DFAC3F0AD7C41797EA3533DF515C9E9FDB022A13C98C7AF5E5D
SHA-512:	580A764596CAF38C0E876F61C8B89DED9355471C2572EDDC932C37CAB8673DA6C0F944B286159CAD69EE53D960B1122D755A5C8A7FB887F2133E0714437ADE3E
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFFF534C93AB77B5D6.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.2878801583607114
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAocV:kBqoxxJhHWSVSEabj
MD5:	1F87677A26F47FE797609C98A5B2132E
SHA1:	DB42483334066EB2608C950D08AC4B54AFC0D24B
SHA-256:	5988ECB35D668B4141BEACCACA50ACCF7BE94692BD81D42A0DB5501ABC99B934
SHA-512:	1AEDB74ACE2F53816B327404D2F2A42AEFDA832B85F2B10B45AD9EBC145DD73289B51ED83FDE915C32A5B5F37D941F63EF43454CF0AFAFF6AF0EA221077C9078
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XA7PA90ORX4M8Y09N0IL.temp Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	3440
Entropy (8bit):	3.185144128579739
Encrypted:	false
SSDEEP:	48:uydi7PWIWC9GrIogAsASFSdi7PWIWh683GrIogAczH:+PWY9SAAJKPWh3SAAG
MD5:	2A1C8511E5A089B855F3AF6481398A98
SHA1:	840CF607B0C34ADE515F86BE818AC18A4AE4F9B1
SHA-256:	7E974F3DE3481910B626ADDD09585A2C7C0E1BC41152D26CBC50B2311DECB82A
SHA-512:	E5B64096F1CA61AA7DA70813027EC3ED97A3918C41C43D26BB934C5F9C4A46294F712097EC4F7D0304E62A313F11D23D1EC68D93D6A0E063FB3888ABBB0F574A
Malicious:	false
Reputation:	low
Preview:	...................................FL..................F.@.. .....@.>...7..}V2....?.c................................P.O. .:i.....+00.../C:\.....................1.....>Q=w..PROGRA~1..t......L.>Qmx....E...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1......L.J..INTERN~1..T......L..R................................i.n.t.e.r.n.e.t. .e.x.p.l.o.r.e.r.....f.2......L.9 .iexplore.exe..J......L.J.R.......R..........x.............i.e.x.p.l.o.r.e...e.x.e.......^...............-.......]...........)........C:\Program Files\internet explorer\iexplore.exe....-.p.r.i.v.a.t.e...C.:.\.W.i.n.d.o.w.s.\.S.Y.S.T.E.M.3.2.\.I.E.F.R.A.M.E...d.l.l.........%SystemRoot%\SYSTEM32\IEFRAME.dll...................................................................................................................................................................................................................................%.S.y.s.t.e.m.R.o.o.t.%.\.S.Y.S.T.E.M.3.2.\.I

Static File Info

No static file info

Network Behavior

Network Port Distribution

Total Packets: 95
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 15, 2021 17:21:51.869745970 CEST	49714	80	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:51.870886087 CEST	49715	80	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:51.924280882 CEST	80	49714	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:51.924477100 CEST	49714	80	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:51.925102949 CEST	80	49715	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:51.925206900 CEST	49715	80	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:51.929579973 CEST	49714	80	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:51.984507084 CEST	80	49714	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:51.984687090 CEST	49714	80	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.084556103 CEST	49717	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.084594965 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.138890982 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.139096975 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.139313936 CEST	443	49717	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.139405966 CEST	49717	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.145911932 CEST	49717	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.145910025 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.200283051 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.200316906 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.200337887 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.200356960 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.200401068 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.200447083 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.200583935 CEST	443	49717	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.200649977 CEST	49717	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.200659990 CEST	443	49717	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.200684071 CEST	443	49717	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.200706005 CEST	49717	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.200706959 CEST	443	49717	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.200733900 CEST	49717	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.200757980 CEST	49717	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.280973911 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.281151056 CEST	49717	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.289550066 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.335308075 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.336060047 CEST	443	49717	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.338223934 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.338340998 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.341432095 CEST	443	49717	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.341497898 CEST	49717	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.343657017 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.344192028 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.344263077 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.344300032 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.344305992 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.344316959 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.344336033 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.344347954 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.344378948 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.421802044 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.446577072 CEST	49717	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.458642960 CEST	49718	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.476092100 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.476676941 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.476708889 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.476733923 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.476751089 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.476766109 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.476803064 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.476826906 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.476830959 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.476872921 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.476903915 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.476953983 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.501372099 CEST	443	49717	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.501919031 CEST	443	49717	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.501954079 CEST	443	49717	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.501972914 CEST	443	49717	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.502017975 CEST	49717	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.502043962 CEST	49717	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.511061907 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.512958050 CEST	443	49718	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.513097048 CEST	49718	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.517719030 CEST	49718	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.565315008 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.565634966 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.565758944 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.565952063 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.565980911 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.566021919 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.566056013 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.566096067 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.566119909 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.566148043 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.566169977 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.566174030 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.566195011 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.566216946 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.566222906 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.566240072 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.566248894 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.566262007 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.566274881 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.566299915 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.566315889 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.566324949 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.566339970 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.566361904 CEST	443	49716	208.95.112.1	192.168.2.3
Apr 15, 2021 17:21:52.566364050 CEST	49716	443	192.168.2.3	208.95.112.1
Apr 15, 2021 17:21:52.566385984 CEST	49716	443	192.168.2.3	208.95.112.1

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 15, 2021 17:21:42.627804995 CEST	64938	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:21:42.688201904 CEST	53	64938	8.8.8.8	192.168.2.3
Apr 15, 2021 17:21:43.526191950 CEST	60152	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:21:43.585153103 CEST	53	60152	8.8.8.8	192.168.2.3
Apr 15, 2021 17:21:46.729604006 CEST	57544	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:21:46.786966085 CEST	53	57544	8.8.8.8	192.168.2.3
Apr 15, 2021 17:21:47.995918036 CEST	55984	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:21:48.044676065 CEST	53	55984	8.8.8.8	192.168.2.3
Apr 15, 2021 17:21:49.050507069 CEST	64185	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:21:49.115513086 CEST	53	64185	8.8.8.8	192.168.2.3
Apr 15, 2021 17:21:50.138056040 CEST	65110	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:21:50.195588112 CEST	53	65110	8.8.8.8	192.168.2.3
Apr 15, 2021 17:21:50.554266930 CEST	58361	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:21:50.612937927 CEST	53	58361	8.8.8.8	192.168.2.3
Apr 15, 2021 17:21:51.788499117 CEST	63492	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:21:51.837044954 CEST	53	63492	8.8.8.8	192.168.2.3
Apr 15, 2021 17:21:52.029740095 CEST	60831	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:21:52.078427076 CEST	53	60831	8.8.8.8	192.168.2.3
Apr 15, 2021 17:21:54.036551952 CEST	60100	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:21:54.066462040 CEST	53195	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:21:54.099782944 CEST	53	60100	8.8.8.8	192.168.2.3
Apr 15, 2021 17:21:54.127049923 CEST	53	53195	8.8.8.8	192.168.2.3
Apr 15, 2021 17:21:54.602368116 CEST	50141	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:21:54.664824009 CEST	53	50141	8.8.8.8	192.168.2.3
Apr 15, 2021 17:21:54.929732084 CEST	53023	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:21:54.987081051 CEST	53	53023	8.8.8.8	192.168.2.3
Apr 15, 2021 17:21:59.306277037 CEST	49563	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:21:59.357866049 CEST	53	49563	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:00.539940119 CEST	51352	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:00.591509104 CEST	53	51352	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:01.463912010 CEST	59349	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:01.512497902 CEST	53	59349	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:02.382091045 CEST	57084	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:02.430768967 CEST	53	57084	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:03.292648077 CEST	58823	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:03.341747999 CEST	53	58823	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:09.342811108 CEST	57568	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:09.391331911 CEST	53	57568	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:11.433398962 CEST	50540	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:11.482016087 CEST	53	50540	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:12.330224991 CEST	54366	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:12.379430056 CEST	53	54366	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:13.641926050 CEST	53034	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:13.704721928 CEST	53	53034	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:15.713062048 CEST	57762	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:15.773638010 CEST	53	57762	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:16.410887003 CEST	55435	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:16.470267057 CEST	53	55435	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:18.143883944 CEST	50713	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:18.222682953 CEST	53	50713	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:18.257473946 CEST	56132	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:18.309626102 CEST	53	56132	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:19.642930984 CEST	58987	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:19.691601038 CEST	53	58987	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:20.552736998 CEST	56579	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:20.601511955 CEST	53	56579	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:20.662228107 CEST	60633	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:20.719563961 CEST	53	60633	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:21.352917910 CEST	61292	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:21.404422998 CEST	53	61292	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:21.560869932 CEST	56579	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:21.609750986 CEST	53	56579	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:22.342998981 CEST	61292	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:22.394725084 CEST	53	61292	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:22.578015089 CEST	56579	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:22.626976013 CEST	53	56579	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:23.369864941 CEST	61292	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:23.421358109 CEST	53	61292	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:25.326668978 CEST	56579	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:25.375243902 CEST	53	56579	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:25.434066057 CEST	61292	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:25.485666990 CEST	53	61292	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:29.342803955 CEST	56579	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:29.391737938 CEST	53	56579	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:29.436487913 CEST	61292	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:29.488512993 CEST	53	61292	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:29.590068102 CEST	63619	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:29.649720907 CEST	53	63619	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:30.000974894 CEST	64938	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:30.063141108 CEST	53	64938	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:31.400379896 CEST	61946	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:31.449240923 CEST	53	61946	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:33.367738008 CEST	64910	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:33.426611900 CEST	53	64910	8.8.8.8	192.168.2.3
Apr 15, 2021 17:22:38.023900032 CEST	52123	53	192.168.2.3	8.8.8.8
Apr 15, 2021 17:22:38.072607040 CEST	53	52123	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Apr 15, 2021 17:21:52.029740095 CEST	192.168.2.3	8.8.8.8	0x1640	Standard query (0)	ip-api.com	A (IP address)	IN (0x0001)
Apr 15, 2021 17:21:54.036551952 CEST	192.168.2.3	8.8.8.8	0xb79e	Standard query (0)	gn7997psot3a8g90m2csl5ncwzd252hb.edns.ip-api.com	A (IP address)	IN (0x0001)
Apr 15, 2021 17:21:54.066462040 CEST	192.168.2.3	8.8.8.8	0x2110	Standard query (0)	demo.ip-api.com	A (IP address)	IN (0x0001)
Apr 15, 2021 17:21:54.602368116 CEST	192.168.2.3	8.8.8.8	0x1466	Standard query (0)	cache.ip-api.com	A (IP address)	IN (0x0001)
Apr 15, 2021 17:22:09.342811108 CEST	192.168.2.3	8.8.8.8	0xb0e3	Standard query (0)	ip-api.com	A (IP address)	IN (0x0001)
Apr 15, 2021 17:22:13.641926050 CEST	192.168.2.3	8.8.8.8	0xc90e	Standard query (0)	a46xu02d91kq3rst33xdn3mctguqtk00.edns.ip-api.com	A (IP address)	IN (0x0001)
Apr 15, 2021 17:22:15.713062048 CEST	192.168.2.3	8.8.8.8	0x418d	Standard query (0)	members.ip-api.com	A (IP address)	IN (0x0001)
Apr 15, 2021 17:22:16.410887003 CEST	192.168.2.3	8.8.8.8	0x2b96	Standard query (0)	pro.ip-api.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Apr 15, 2021 17:21:52.078427076 CEST	8.8.8.8	192.168.2.3	0x1640	No error (0)	ip-api.com		208.95.112.1	A (IP address)	IN (0x0001)
Apr 15, 2021 17:21:54.099782944 CEST	8.8.8.8	192.168.2.3	0xb79e	No error (0)	gn7997psot3a8g90m2csl5ncwzd252hb.edns.ip-api.com		51.68.181.23	A (IP address)	IN (0x0001)
Apr 15, 2021 17:21:54.127049923 CEST	8.8.8.8	192.168.2.3	0x2110	No error (0)	demo.ip-api.com		208.95.112.1	A (IP address)	IN (0x0001)
Apr 15, 2021 17:21:54.664824009 CEST	8.8.8.8	192.168.2.3	0x1466	No error (0)	cache.ip-api.com		188.165.195.106	A (IP address)	IN (0x0001)
Apr 15, 2021 17:22:09.391331911 CEST	8.8.8.8	192.168.2.3	0xb0e3	No error (0)	ip-api.com		208.95.112.1	A (IP address)	IN (0x0001)
Apr 15, 2021 17:22:13.704721928 CEST	8.8.8.8	192.168.2.3	0xc90e	No error (0)	a46xu02d91kq3rst33xdn3mctguqtk00.edns.ip-api.com		51.68.181.23	A (IP address)	IN (0x0001)
Apr 15, 2021 17:22:15.773638010 CEST	8.8.8.8	192.168.2.3	0x418d	No error (0)	members.ip-api.com		37.59.52.143	A (IP address)	IN (0x0001)
Apr 15, 2021 17:22:16.470267057 CEST	8.8.8.8	192.168.2.3	0x2b96	No error (0)	pro.ip-api.com		193.234.225.88	A (IP address)	IN (0x0001)
Apr 15, 2021 17:22:29.649720907 CEST	8.8.8.8	192.168.2.3	0x2f19	No error (0)	prda.aadg.msidentity.com	www.tm.a.prd.aadg.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)

HTTP Request Dependency Graph

208.95.112.1

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49714	208.95.112.1	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Apr 15, 2021 17:21:51.929579973 CEST	1062	OUT	GET / HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: 208.95.112.1 Connection: Keep-Alive
Apr 15, 2021 17:21:51.984507084 CEST	1062	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 15 Apr 2021 15:21:51 GMT Content-Length: 0 Location: https://ip-api.com/

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Apr 15, 2021 17:21:54.273367882 CEST	51.68.181.23	443	192.168.2.3	49720	CN=*.edns.ip-api.com CN=Thawte RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Thawte RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Jun 08 02:00:00 CEST 2020 Mon Nov 06 13:23:52 CET 2017	Wed Jun 08 14:00:00 CEST 2022 Sat Nov 06 13:23:52 CET 2027	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 15, 2021 17:21:54.273367882 CEST	51.68.181.23	443	192.168.2.3	49720	CN=Thawte RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 06 13:23:52 CET 2017	Sat Nov 06 13:23:52 CET 2027		9e10692f1b7f78228b2d4e424db3a98c
Apr 15, 2021 17:21:54.276287079 CEST	51.68.181.23	443	192.168.2.3	49722	CN=*.edns.ip-api.com CN=Thawte RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Thawte RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Jun 08 02:00:00 CEST 2020 Mon Nov 06 13:23:52 CET 2017	Wed Jun 08 14:00:00 CEST 2022 Sat Nov 06 13:23:52 CET 2027	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 15, 2021 17:21:54.276287079 CEST	51.68.181.23	443	192.168.2.3	49722	CN=Thawte RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 06 13:23:52 CET 2017	Sat Nov 06 13:23:52 CET 2027		9e10692f1b7f78228b2d4e424db3a98c
Apr 15, 2021 17:21:54.784842014 CEST	188.165.195.106	443	192.168.2.3	49725	CN=*.ip-api.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Nov 05 01:00:00 CET 2019 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019	Fri Nov 05 00:59:59 CET 2021 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Mar 12 01:00:00 CET 2019	Mon Jan 01 00:59:59 CET 2029
Apr 15, 2021 17:21:54.790129900 CEST	188.165.195.106	443	192.168.2.3	49724	CN=*.ip-api.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Nov 05 01:00:00 CET 2019 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019	Fri Nov 05 00:59:59 CET 2021 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Mar 12 01:00:00 CET 2019	Mon Jan 01 00:59:59 CET 2029
Apr 15, 2021 17:22:13.802917957 CEST	51.68.181.23	443	192.168.2.3	49736	CN=*.edns.ip-api.com CN=Thawte RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Thawte RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Jun 08 02:00:00 CEST 2020 Mon Nov 06 13:23:52 CET 2017	Wed Jun 08 14:00:00 CEST 2022 Sat Nov 06 13:23:52 CET 2027	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 15, 2021 17:22:13.802917957 CEST	51.68.181.23	443	192.168.2.3	49736	CN=Thawte RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 06 13:23:52 CET 2017	Sat Nov 06 13:23:52 CET 2027		9e10692f1b7f78228b2d4e424db3a98c
Apr 15, 2021 17:22:13.806293011 CEST	51.68.181.23	443	192.168.2.3	49737	CN=*.edns.ip-api.com CN=Thawte RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Thawte RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Jun 08 02:00:00 CEST 2020 Mon Nov 06 13:23:52 CET 2017	Wed Jun 08 14:00:00 CEST 2022 Sat Nov 06 13:23:52 CET 2027	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 15, 2021 17:22:13.806293011 CEST	51.68.181.23	443	192.168.2.3	49737	CN=Thawte RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 06 13:23:52 CET 2017	Sat Nov 06 13:23:52 CET 2027		9e10692f1b7f78228b2d4e424db3a98c
Apr 15, 2021 17:22:15.887985945 CEST	37.59.52.143	443	192.168.2.3	49739	CN=*.ip-api.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Nov 05 01:00:00 CET 2019 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019	Fri Nov 05 00:59:59 CET 2021 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Mar 12 01:00:00 CET 2019	Mon Jan 01 00:59:59 CET 2029
Apr 15, 2021 17:22:15.892771006 CEST	37.59.52.143	443	192.168.2.3	49740	CN=*.ip-api.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Nov 05 01:00:00 CET 2019 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019	Fri Nov 05 00:59:59 CET 2021 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Mar 12 01:00:00 CET 2019	Mon Jan 01 00:59:59 CET 2029
Apr 15, 2021 17:22:16.684082031 CEST	193.234.225.88	443	192.168.2.3	49746	CN=*.ip-api.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Nov 05 01:00:00 CET 2019 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019	Fri Nov 05 00:59:59 CET 2021 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Mar 12 01:00:00 CET 2019	Mon Jan 01 00:59:59 CET 2029
Apr 15, 2021 17:22:16.688807964 CEST	193.234.225.88	443	192.168.2.3	49745	CN=*.ip-api.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Nov 05 01:00:00 CET 2019 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019	Fri Nov 05 00:59:59 CET 2021 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Mar 12 01:00:00 CET 2019	Mon Jan 01 00:59:59 CET 2029

Code Manipulations

Statistics

Behavior

• iexplore.exe
• iexplore.exe

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 5512 Parent PID: 792

General

Start time:	17:21:48
Start date:	15/04/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff7e89b0000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

Show Windows behavior

Registry Activities

Analysis Process: iexplore.exe PID: 4712 Parent PID: 5512

General

Start time:	17:21:49
Start date:	15/04/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5512 CREDAT:17410 /prefetch:2
Imagebase:	0x1a0000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

Show Windows behavior

Registry Activities

Disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report http://208.95.112.1

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 5512 Parent PID: 792

General

File Activities

File Created

File Written

File Read

Registry Activities

Key Created

Key Value Created

Key Value Modified

Analysis Process: iexplore.exe PID: 4712 Parent PID: 5512

General

File Activities

File Created

File Written

File Read

Registry Activities