Create Interactive Tour

Analysis Report http://open-fast.com/wow/?n=Valentina-Salonna-&t=w

Overview

General Information

Sample URL:	http://open-fast.com/wow/?n=Valentina-Salonna-&t=w
Analysis ID:	334741
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Startup

System is w10x64

iexplore.exe (PID: 2844 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 5740 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2844 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic

HTTP traffic detected: GET /wow/?n=Valentina-Salonna-&t=w HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: open-fast.comConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: open-fast.com

Source: animate.min[1].css.2.dr	String found in binary or memory: http://daneden.me/animate
Source: wow[1].htm0.2.dr	String found in binary or memory: http://db.onlinewebfonts.com/t/1c0f6618f877568764787163e8f22a1c.svg#SF
Source: slide1[1].js.2.dr	String found in binary or memory: http://gsgd.co.uk/sandbox/jquery/easing/
Source: wow[1].htm0.2.dr	String found in binary or memory: http://open-fast.com/wow/
Source: wow[1].htm0.2.dr	String found in binary or memory: http://open-fast.com/wow/ogf.jpg
Source: animate.min[1].css.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT
Source: js[1].js.2.dr	String found in binary or memory: https://ade.googlesyndication.com/ddm/activity
Source: js[1].js.2.dr	String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: wow[1].htm0.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Source: analytics[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: wow[1].htm0.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/animate.min.css
Source: js[1].js.2.dr	String found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: {E94F4624-4A0E-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://open-fast.com/
Source: ~DF69481F7E8700AB13.TMP.1.dr	String found in binary or memory: https://open-fast.com/wow/=Valentina-Salonna-&t=w
Source: {E94F4624-4A0E-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://open-fast.com/wow/?n=ValRoot
Source: {E94F4624-4A0E-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://open-fast.com/wow/?n=Valentina-Salonna-&t=w
Source: {E94F4624-4A0E-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://open-fast.com/wow/?n=Valentina-Salonna-&t=wRoot
Source: {E94F4624-4A0E-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://open-fast.com/wow/?n=Valentina-Salonna-&t=wbValentina
Source: {E94F4624-4A0E-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://open-fast.com/wow/?n=Valentina-Salonna-&tRoot
Source: {E94F4624-4A0E-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://open-fast.com/wow/?n=Valentina-Salonna-&tentina-Salonna-&t=w
Source: {E94F4624-4A0E-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://open-fast.com/wow/?n=Valentina-Salonna-&twow/=Valentina-Salonna-&t=wRoot
Source: js[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: js[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/
Source: analytics[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: js[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: js[1].js.2.dr	String found in binary or memory: https://www.google.com
Source: js[1].js.2.dr	String found in binary or memory: https://www.google.com/travel/flights/click/conversion/
Source: js[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: wow[1].htm0.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-85162156-12
Source: js[1].js.2.dr	String found in binary or memory: https://www.googletraveladservices.com/travel/clk/pagead/conversion/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: classification engine

Classification label: clean0.win@3/32@4/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFC793ECA40C6C2C82.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2844 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2844 CREDAT:17410 /prefetch:2

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol2	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer1	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://open-fast.com/wow/?n=Valentina-Salonna-&t=w	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
open-fast.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://open-fast.com/wow/?n=ValRoot	0%	Avira URL Cloud	safe
http://daneden.me/animate	0%	URL Reputation	safe
http://daneden.me/animate	0%	URL Reputation	safe
http://daneden.me/animate	0%	URL Reputation	safe
http://daneden.me/animate	0%	URL Reputation	safe
https://open-fast.com/wow/?n=Valentina-Salonna-&tentina-Salonna-&t=w	0%	Avira URL Cloud	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://open-fast.com/	0%	Avira URL Cloud	safe
https://open-fast.com/wow/=Valentina-Salonna-&t=w	0%	Avira URL Cloud	safe
https://open-fast.com/wow/?n=Valentina-Salonna-&t=wbValentina	0%	Avira URL Cloud	safe
http://open-fast.com/wow/ogf.jpg	0%	Avira URL Cloud	safe
https://open-fast.com/wow/?n=Valentina-Salonna-&twow/=Valentina-Salonna-&t=wRoot	0%	Avira URL Cloud	safe
https://open-fast.com/wow/?n=Valentina-Salonna-&t=wRoot	0%	Avira URL Cloud	safe
https://open-fast.com/wow/?n=Valentina-Salonna-&tRoot	0%	Avira URL Cloud	safe
http://open-fast.com/wow/	0%	Avira URL Cloud	safe
http://gsgd.co.uk/sandbox/jquery/easing/	0%	URL Reputation	safe
http://gsgd.co.uk/sandbox/jquery/easing/	0%	URL Reputation	safe
http://gsgd.co.uk/sandbox/jquery/easing/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
open-fast.com	5.9.217.141	true	false	0%, Virustotal, Browse	unknown
stats.l.doubleclick.net	108.177.15.154	true	false		high
cdnjs.cloudflare.com	104.16.19.94	true	false		high
favicon.ico	unknown	unknown	false		unknown
stats.g.doubleclick.net	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Reputation
https://open-fast.com/wow/?n=Valentina-Salonna-&t=w	false	unknown
http://open-fast.com/wow/?n=Valentina-Salonna-&t=w	false	unknown
https://open-fast.com/wow/	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://open-fast.com/wow/?n=ValRoot	{E94F4624-4A0E-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
http://daneden.me/animate	animate.min[1].css.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://open-fast.com/wow/?n=Valentina-Salonna-&tentina-Salonna-&t=w	{E94F4624-4A0E-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://www.google.%/ads/ga-audiences	analytics[1].js.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	low
https://open-fast.com/	{E94F4624-4A0E-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://www.googletraveladservices.com/travel/clk/pagead/conversion/	js[1].js.2.dr	false		high
https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/animate.min.css	wow[1].htm0.2.dr	false		high
https://open-fast.com/wow/=Valentina-Salonna-&t=w	~DF69481F7E8700AB13.TMP.1.dr	false	Avira URL Cloud: safe	unknown
https://open-fast.com/wow/?n=Valentina-Salonna-&t=w	{E94F4624-4A0E-11EB-90E4-ECF4BB862DED}.dat.1.dr	false		unknown
https://github.com/krux/postscribe/blob/master/LICENSE.	js[1].js.2.dr	false		high
https://open-fast.com/wow/?n=Valentina-Salonna-&t=wbValentina	{E94F4624-4A0E-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://stats.g.doubleclick.net/j/collect	analytics[1].js.2.dr	false		high
http://opensource.org/licenses/MIT	animate.min[1].css.2.dr	false		high
http://open-fast.com/wow/ogf.jpg	wow[1].htm0.2.dr	false	Avira URL Cloud: safe	unknown
https://open-fast.com/wow/?n=Valentina-Salonna-&twow/=Valentina-Salonna-&t=wRoot	{E94F4624-4A0E-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://open-fast.com/wow/?n=Valentina-Salonna-&t=wRoot	{E94F4624-4A0E-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://open-fast.com/wow/?n=Valentina-Salonna-&tRoot	{E94F4624-4A0E-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
http://db.onlinewebfonts.com/t/1c0f6618f877568764787163e8f22a1c.svg#SF	wow[1].htm0.2.dr	false		high
http://open-fast.com/wow/	wow[1].htm0.2.dr	false	Avira URL Cloud: safe	unknown
http://gsgd.co.uk/sandbox/jquery/easing/	slide1[1].js.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
108.177.15.154	unknown	United States	15169	GOOGLEUS	false
5.9.217.141	unknown	Germany	24940	HETZNER-ASDE	false
104.16.19.94	unknown	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	334741
Start date:	29.12.2020
Start time:	11:48:20
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 2m 56s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	http://open-fast.com/wow/?n=Valentina-Salonna-&t=w
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@3/32@4/3
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://open-fast.com/wow/
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, ielowutil.exe, backgroundTaskHost.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 40.88.32.150, 52.147.198.201, 104.83.120.32, 216.58.206.10, 172.217.22.40, 172.217.22.78, 51.104.144.132, 23.210.248.85 Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, fs.microsoft.com, www-google-analytics.l.google.com, ajax.googleapis.com, www-googletagmanager.l.google.com, e1723.g.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, skypedataprdcoleus16.cloudapp.net, e11290.dspg.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, www.googletagmanager.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, www.google-analytics.com Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E94F4622-4A0E-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8583877538976707
Encrypted:	false
SSDEEP:	48:Iw1GcprAhGwpL2G/ap8trGIpcNyGvnZpvNZGoiqp9NZGo4NpmNIGWYY9NMGWuYvI:rrZA7Z02t9WN/tNRfN6NMN+N2NCfNIMX
MD5:	611DEE855D49CC80BC15C9346C036E7E
SHA1:	6E98081CB3D134CDEFCE808045FB3F0098A6360D
SHA-256:	EE3BBB3D84ABE4FF9EEA04780F30B86CE1248B387C2CC774983C02C66A40ACF0
SHA-512:	58950B5F1FE446558A22BD58E202B3AAA28071533AB7BB20E4EBCA05FB252B90FDA9F62B6EA0C71A12C39C952AEAAAF4075F191DA29639E3C9633D28DDBE1291
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E94F4624-4A0E-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	38072
Entropy (8bit):	2.0100652845160547
Encrypted:	false
SSDEEP:	384:rBBDTKhwYU6KPvP4vsPCg5VP4EXsPCC24A2EW44x4A14:mcH4vMCg5Z4EXMCB4Ao4s4AK
MD5:	CF63BF71405923BB23E7E567EA6EA92B
SHA1:	D799760B0831FC04FD67C69C2392B09873543AFA
SHA-256:	54FDC490398DC604860C1E097304C4FC3764599B9AE05881F552EF49FC70FAEB
SHA-512:	45CD52B444C018486665685C2B760B9347BCF735AC3B8638861962DD20218EE420F0ABC1BB6C9E97A2387D94D4312F587A988B332E9AAB678BA8FA3E84FAE6C0
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E94F4625-4A0E-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5647705303071153
Encrypted:	false
SSDEEP:	48:IwjGcpryGwpaAG4pQoGrapbSSrGQpKwG7HpR8sTGIpG:rZZ6Qg62BSSFALT84A
MD5:	29EBE234D8F9281CC1CFB56E3054C8AE
SHA1:	675BAE174C3253444F6909AAE6518D8B6AA74B22
SHA-256:	6850B3E75466E18B1B67CD6431D13BD276DBB2CAA2B7D6B39793F84B7A6EC8BD
SHA-512:	D557A948A5B71A5539C10BC4805625CC09C4A414BA454FE6D1633022D6875ECA27EB85DD5832F961BE92072B6BF876E7B5C8F705E4F4567E7ABA11F37E74A3F4
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\0number[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 80 x 100, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	3332
Entropy (8bit):	7.8491237263453115
Encrypted:	false
SSDEEP:	96:qSotxJpjrLT3n5fFWeM34sg825SAzcBgsvk9stux:qSQPp//3n/43Q4Ossqux
MD5:	A669E7861E3E9AB654DB7D07EE99DA72
SHA1:	26F1F3E51E8839F075489868E49941E054F835FD
SHA-256:	0438FA99C1EDA7E8D5DBB06329D993FCB951798CBC83807D869682CB79A1A4C5
SHA-512:	674454E7908D3DEBC1FF9AAAB714911FE4CC939A18AA854CE34BA2BE0E85F6D6FF0837F7B5AD666BB137314B8C037CBD09F90110D003F7DFAA43139F76C07DFC
Malicious:	false
Reputation:	low
IE Cache URL:	https://open-fast.com/wow/0number.png
Preview:	.PNG........IHDR...P...d.....&$G$....sRGB...,.....pHYs.................PLTE...........k..{.......q.%....}..1.[..a.C..v.I......z....e.N.5.>.V.R.v..#...........9.:.~....5..Q..".Q....o5..C..W.}.'........V..c..\....L.@...M.B.{9......r.^...h........C......6...hJ..._T'..\|.F=.WK..r.....R,).e2..1.g......I...q.~L..q).....Z...........H.<...............w.8+.....U..,hW#..L...I2.Q ..!..@[...6..V(..[.)...!..........\.9#..P.q..f...YC ./.z..y?.d.f....K....o........Q.}C.....L....u.=%...`.......:.T..q......>..Go...T.u.K..jW+..I7..L'.S7..f..c..>.)....L<.rI...yv9...F...K.mD..W.;'.4 .3 ...2..<..R$.._..f.d$..s+e...c..;..]._..=.t....P..W..Lo[%j>..7....h4._....1..N.\|5....Z......g....sj7..J.c...iB..s2..+...f.WR1k;.....c.x[!.k...LW>.F3..q...j.X..e......,.+..LG..wb-.&........tRNS..............................................................................+......k.....q\IP...`8.....B....sk...pl..N....p..........s..m..a..D/....-...&....,X

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\1c0f6618f877568764787163e8f22a1c[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), SF Espresso Shack family
Category:	downloaded
Size (bytes):	44472
Entropy (8bit):	6.515033301797451
Encrypted:	false
SSDEEP:	768:B2MC6s4e6moo5BJhe6QtQe7SuaAiA4i8Dd5XHmCC:RmVBzq6S9iAw9C
MD5:	669AC60BC66F9A487E24296776237CFD
SHA1:	44FE8A744E207C5931B57028729EF6ACB3CB96E2
SHA-256:	9696756061CEF8D2ABB135517ABB59806317EBFEB85C4674DAF62E9687A0AD7B
SHA-512:	B036B3CB37DA43852BBB3F42442ADBE3C1142F10BE50AC876DDCDFA4EC07BEAC683E2BD289D3397F29C0DAC4681B368939A0B20D08BBF48E38386E6BBEDF0165
Malicious:	false
Reputation:	low
IE Cache URL:	https://open-fast.com/1c0f6618f877568764787163e8f22a1c.eot?
Preview:	............................D....LP........@.................U..................".S.F. .E.s.p.r.e.s.s.o. .S.h.a.c.k.....B.o.l.d. .I.t.a.l.i.c.....v.1...0. .-. .F.r.e.e.w.a.r.e...:.S.F. .E.s.p.r.e.s.s.o. .S.h.a.c.k. .B.o.l.d. .I.t.a.l.i.c............0....OS/2.v.........VPCLT...........6cmap...L...X....cvt f.i....T...$fpgm.3.O...@....glyf.$.........hdmx=..X...0....head..)....H...6hhea.f.........$hmtx.}Y.........loca.5..........maxp........... name...........Bpost'j'.........prep~.'a...x...R.....&.........6...........".b.....................:...........:.............b.........2...........6.........................Q...............................................S.................................6...........".b.....................:...........:.............b.........2...........6..1999 ShyFonts Type Foundry...1.9.9.9. .S.h.y.F.o.n.t.s. .T.y.p.e. .F.o.u.n.d.r.ySF Espresso Shack.S.F. .E.s.p.r.e.s.s.o. .S.h.a.c.kBold Italic.B.o.l.d. .I.t.a.l.i.cSF Espresso Shack Bold Italic.S.F. .E.s.p.r.e

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\2number[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 80 x 100, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	4138
Entropy (8bit):	7.906245658109428
Encrypted:	false
SSDEEP:	96:qSPx8R9xeQ00GFkgBYC90KhdMQPQp619ULvNB3yc:qS58R9GQCtzGckX3yc
MD5:	396F058A667504A9E331CFECA65B9A1E
SHA1:	715999B764D0E592B4FBF8845F2247EEC2C0D653
SHA-256:	D083DE0B8D4D2237FFD34DFBC9490F2221FA59FC5B2E2932EA9EC221E50C3C2A
SHA-512:	FF13047C1E4CD81B8317AD44C22824F51DBBB55659B7D86FB612B0625F34AAA33F9961AEAB4BF8BB38BD9CC93DB53EC76E4005796C070FDA63EDFFF0A8768B66
Malicious:	false
Reputation:	low
IE Cache URL:	https://open-fast.com/wow/2number.png
Preview:	.PNG........IHDR...P...d.....&$G$....sRGB...,.....pHYs.................PLTE....yc.{e.....h...k.....]..b..Y.....f...&.......w..n...t`.C7}............<1. ..SB.....l.D8..........M?.5+.......o[..~.bO.YI.u`.+#.....j.{eQ...hU.{f.0&.SD.ZJ..........;2.iV.o[..w.....s.aP.B7.K>.-$.ta.!.....K<.:/..../'.QC.......'!.jY.4-....E7..x.I?....bS...=...2,.VJ.YJW...aQ..............((.......=6...............TH.VP.}....mm.Z[.km.78....35....($.((.65....uu.:..GI.NFw...ba.##.qt.37.s.....sn.\^.B@..mj_..s#$.p.AA...tu.44.NN.um......bb.!!..xx.IM.AB......k24.BC.WU.DC.y{."..ZW.bc.qp.....( .#$.ST.dc...nk...\Z....\... ..pb.lj.CB.(+.DC.\|s.+&.TK.@@W....~.ji.y.....h]../*.LM.&(...[[..".33.{}......NO..SV.{.!#.JI.`a...PJsJL.....h......}~.ia.`\.SS.54.....nm.\|x....[Z..!.KB._bm33....WU.fuQ....)....}c #Y&%.::...kABgA......tRNS..............................................................................................................SD.....~.$....\|..-..(.ki,....x...V...h.$r.[z.+..7lP

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\analytics[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	47051
Entropy (8bit):	5.516264124030958
Encrypted:	false
SSDEEP:	768:ryOveCSBZfsnt5XqY/yPndFTkoWY3SoavqVy2rlebYUDTJC6g0stZm:ryJNDfs5hYdFTwY3SorSg0su
MD5:	53EE95B384D866E8692BB1AEF923B763
SHA1:	A82812B87B667D32A8E51514C578A5175EDD94B4
SHA-256:	E441C3E2771625BA05630AB464275136A82C99650EE2145CA5AA9853BEDEB01B
SHA-512:	C1F98A09A102BB1E87BFDF825A725B0E2CC1DBEDB613D1BD9E8FD9D8FD8B145104D5F4CACA44D96DB14AC20F2F51B4C653278BFC87556E7F00E48A5FA6231FAD
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google-analytics.com/analytics.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var l=this\|\|self,m=function(a,b){a=a.split(".");var c=l;a[0]in c\|\|"undefined"==typeof c.execScript\|\|c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var q=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},r=function(a){for(var b in a)if(a.hasOwnProperty(b))return!0;return!1};var t=/^(?:(?:https?\|mailto\|ftp):\|[^:/?#]*(?:[/?#]\|$))/i;var u=window,v=document,w=function(a,b){v.addEventListener?v.addEventListener(a,b,!1):v.attachEvent&&v.attachEvent("on"+a,b)};var x={},y=function(){x.TAGGING=x.TAGGING\|\|[];x.TAGGING[1]=!0};var z=/:[0-9]+$/,A=function(a,b,c){a=a.split("&");for(var d=0;d<a.length;d++){var e=a[d].split("=");if(decodeURIComponent(e[0]).replace(/\+/g," ")===b)return b=e.slice(1).join("="),c?b:decodeURIComponent(b).replace(/\+/g," ")}},D=function(a,b){b&&(b=String(b).toLowerCase());if("p

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\mword[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 100 x 100, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	4262
Entropy (8bit):	7.879425313313551
Encrypted:	false
SSDEEP:	96:jSvV5nNYBbDxjs7JStB9IzfFpw5h1nK2YzDjanBvTH:jSPnNYTA740bFpw1UDGnh7
MD5:	DDB9397F73FACA1040B6BC2D332C9152
SHA1:	705D03BE5DE2E76D98E9979E33726A2ECD317E5C
SHA-256:	2000CFB8E9B89DB8379BC1AB884BE2F02CCD5AAF913974B0AFD6D4DFEB186323
SHA-512:	68B2D76118E499220BD12C4B4D1B547B572C475751D9E7B5557256967557B6B0238D4EC1E1B98A679AC31B1E295899DF1B5E37AF39AB8A70D822519245078435
Malicious:	false
Reputation:	low
IE Cache URL:	https://open-fast.com/wow/mword.png
Preview:	.PNG........IHDR...d...d.....G<ef....sRGB...,.....pHYs.................PLTE...........{...y..s....-...J.._.'....d.w...}.A..k.O.2.T.!.Z.=..g..n...9.E....$.5..RD...X.P...N..............?..W$....a+......k0..Q.R.......g..?..C.2...G..7.^.v7...h.......e...w.3....\..q.R.9...&.I.......4 ..u..a.'..<)....y..n...`G2......T..K...t.n=.........H.uE.yP..f....g8..y;..0......Z...m.>.......y!H;..).a ..;....Q.>...S.A..._.\|...k..P..E~b$._...T....v$.s..x'GB%..:....u..".l.9...l.dT-yf7R ..,.T...?.....R$.\0..]..[..R.j.5..".....g..@..62...\.....d..f...IB..cI...eH0.~?....UW6....F..zj6.q9r=.:...X.K.. ......\|=.M.(..tX.5'..k.X#.j5...8SE%...;..)..X!...;..w..U.[cE...H.F.....E..Az[.....?70.9......E...9..........b..d....GE3.{E...p9......E....bq8...o+.a...K~S...)b*..&...p.=6 .....7I.8N....tRNS...........................................f..................................uu..uu....u0............'...n.......w..^.........^....V...u.G...\........V.>0..U^..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\slide1[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text
Category:	downloaded
Size (bytes):	8133
Entropy (8bit):	5.422755615173838
Encrypted:	false
SSDEEP:	192:pP+Or8ur83V33R3hqRAsfAy46Or8ur83V33R3hqo:lZr8ur83VHBhmUr8ur83VHBhL
MD5:	FB7DA187B8C54B504BA2E7C7E64C1D58
SHA1:	6068AD1FBD54500E276A74557975F6203A680B6B
SHA-256:	BA8D0224CD8E138B22DDD147B65CBC4AB7D5383785FC0C00CA6E53AD5C71255E
SHA-512:	C816502FF6743021E36C3940869B956212F1C8FD7C29CFA7997AB40E53F5EC96D87BAB34F40EEA468373254224D8A3FC5C77F099E51A63ABD1ED96A2E0DB6D0C
Malicious:	false
Reputation:	low
IE Cache URL:	https://open-fast.com/slide1.js
Preview:	/. jQuery Easing v1.3 - http://gsgd.co.uk/sandbox/jquery/easing/. . Uses the built in easing capabilities added In jQuery 1.1. * to offer multiple easing options. . TERMS OF USE - jQuery Easing. * . * Open source under the BSD License. . * . * Copyright ......... 2008 George McGinley Smith. * All rights reserved.. * . * Redistribution and use in source and binary forms, with or without modification, . * are permitted provided that the following conditions are met:. * . * Redistributions of source code must retain the above copyright notice, this list of . * conditions and the following disclaimer.. * Redistributions in binary form must reproduce the above copyright notice, this list . * of conditions and the following disclaimer in the documentation and/or other materials . * provided with the distribution.. * . * Neither the name of the author nor the names of contributors may be used to endorse . * or promote products derived from this software without specific pr

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\animate.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	52789
Entropy (8bit):	5.115740062849333
Encrypted:	false
SSDEEP:	768:KkZcIOIVjl2eIWInPywe1aAvkqDX3oyq5BrieD0OTbsysV:KkZ8Pywe1aAvkqDX3oyq5BrieD0OTq
MD5:	178B651958CEFF556CBC5F355E08BBF1
SHA1:	97AFA151569F046B2E01F27C1871646E9CD87CAF
SHA-256:	8FE3FA119255ADB5E0C12479331F9E092E85BCFF56AB6ECC0510BFA2056B898D
SHA-512:	4F251A31B62B28565F41FA7EF67406384B7EBC6BB89CACCB93429A5779C589F2F72BC9FB9736FC0DAC93CCB38AD29372CF1189CC6452C3BF1EF31A89854449DD
Malicious:	false
Reputation:	low
IE Cache URL:	https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/animate.min.css
Preview:	@charset "UTF-8";../!. animate.css -http://daneden.me/animate. * Version - 3.5.1. * Licensed under the MIT license - http://opensource.org/licenses/MIT. . Copyright (c) 2016 Daniel Eden. */...animated{-webkit-animation-duration:1s;animation-duration:1s;-webkit-animation-fill-mode:both;animation-fill-mode:both}.animated.infinite{-webkit-animation-iteration-count:infinite;animation-iteration-count:infinite}.animated.hinge{-webkit-animation-duration:2s;animation-duration:2s}.animated.bounceIn,.animated.bounceOut,.animated.flipOutX,.animated.flipOutY{-webkit-animation-duration:.75s;animation-duration:.75s}@-webkit-keyframes bounce{0%,20%,53%,80%,to{-webkit-animation-timing-function:cubic-bezier(.215,.61,.355,1);animation-timing-function:cubic-bezier(.215,.61,.355,1);-webkit-transform:translateZ(0);transform:translateZ(0)}40%,43%{-webkit-transform:translate3d(0,-30px,0);transform:translate3d(0,-30px,0)}40%,43%,70%{-webkit-animation-timing-function:cubic-bezier(.755,.05,.855,.06);anima

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\beating-heart[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 219 x 196
Category:	downloaded
Size (bytes):	18789
Entropy (8bit):	7.847774484675277
Encrypted:	false
SSDEEP:	384:fODskVcmsznu6beacvp5iBdZtfDaWVgHzd0PY0OfGux8qD:fuskVKdeacGBLt3gReY3ffxr
MD5:	07BD12A660850F883355D1FA1183E842
SHA1:	3E0BEF0DB4E6898D6D59C9D57981EC382DA299D1
SHA-256:	B1CECD43F5E63AFDFFE5AA8587E6C50A0DE345E84A81DF1009D0D3471D2B3DBD
SHA-512:	7C08C4CEF4A11A4E949157C3153E5E88D6C884812F583C94772FD48C98E30400ED86451D6BF901C16F210D6F336FB1C6B855D14D9040E5D51A05358407888CE7
Malicious:	false
Reputation:	low
IE Cache URL:	https://open-fast.com/wow/beating-heart.gif
Preview:	GIF89a..................................................S..........N.... ..._....tA..............g.......}H....Y....@$..x..........-..b<....jB....&.....V1.X0.N-.= .tF.O)....l<.......b6.4..&..'..L,...9!.F&....p.W1.........7.....g8....B$.n?.8%.CF.\|K.km.`7.......6..}N.1..!.............-$.D&.K-....F.V.]7.......j>._.$.........)4..........R0..~..sK....\_.Z.76."..{..,!.#..2).....{T......Z4.nC.rz.xs.. ..d;......nv...hm.B8. ..........RS.N.....'".$..]^.xM.)).c...RV....ZQ.P:....aZ.RR.ja.......j.8.......s...W;....hd...D6.}p.lY.IU...........8:..}.ck.CD.k.`M.73.?H.JM.IB...]f...t.NE.aB.vN................................................................................................................................................................!..NETSCAPE2.0.....!.......,...............H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.]...P.J.J...X..z....2..({.O.E..d];..[...*E.Q]Jd.)#....<...T..._f...b4...W.$.b.q....J.1....X

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\cword[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 100 x 100, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	2677
Entropy (8bit):	7.7646102500770855
Encrypted:	false
SSDEEP:	48:j/6kI/JykCo8k10uUBn18FzaHZc243wtEu5zYjoYCoJ76R6N/QF9T5246:jSdSoSngzYgKYjhaKQTc5
MD5:	CA1FEE2A004D90208F1A9A0D098B30EB
SHA1:	92A2B5FB1E8897F7196DBC3F493FC2452711A2E0
SHA-256:	454E233533F5128D1CE93B2016FF9F0E62B0412040D136AA403F3F0FE287292C
SHA-512:	E0FF9622014E3FF30203753EC0E821D51BCD1C897879092FED23579CD650BE1D144E11E0181986D2B8853BC40973FFFE04443D8E760D4162E9BC380D9D205B7A
Malicious:	false
Reputation:	low
IE Cache URL:	https://open-fast.com/wow/cword.png
Preview:	.PNG........IHDR...d...d.....G<ef....sRGB...,.....pHYs................hPLTE..../B3.../73......->2.../B>..9..6.../A..?3..3....@3..A..2..Q..3...,=.;3..L..2..z."_..3..3..3..3..3..3..3..2....k....%e.../8F..3..3..X....$3..3..3....+3......%4.+<.#2.2E3...(0.(93......!/.,53..3.../<.9K3....'q. 3..3..3...%-./:u.!3..3..3..3..3..3..3...bp3.../93..3..3....(3..."1.(8.'63..3...'2.p}.@R...&..#+..........Yh.GX.+3...............1.........K\........EM...xtRNS................................4U]f#......N:..........................r}...l...x.....@.......G.........................Z2..."IDATx..Z.W.I.....S@D..}..bDQQdE.5...1..n..........i........U....../........Bu.ZX)7.c...F....^.V^]..S/.0.9[&j....~>..z....=.t..xyy.XIN.=.....gB...d..KFF$.t.k.W'..m...v.V...nb....'..B.&.........6-..8........X....;-.....Y...ca\|h..f..^.}...(.M..1......A.[.d<....6.d.;9{..u`X...?...?...b.W.."......fo.....!..-..1n...h;4......,..Q....S......?...... .K..\|..;.4bs......>..u.....G=..?.X.....e...c....).~V..dlLj.f.p

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\eword[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 100 x 100, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1369
Entropy (8bit):	7.423235321798916
Encrypted:	false
SSDEEP:	24:ss/6W9ujqskLnYH8eX7Z9ZeRwO8bvRh/8mlY7GFnmDy4Vwv5h4:j/60uk16TeRLovRh/mCFmDyfv5K
MD5:	8A42BEAF4C6EFDABD97C69145BD9F617
SHA1:	51F4823315A8AFC303C930FB728ACA417DBBA7A1
SHA-256:	E97E730CD9ADBABF46500FCF8203A292466486AF29D86FB07933C11FB2E31295
SHA-512:	1989A98FB6098A90BE2D00B2062A177655FD8CBD269095C3ED9526CC2200BC24C5A02C4E983830A610DA5B7899402E05C5F5EA351680B811DEB6A95C3966065C
Malicious:	false
Reputation:	low
IE Cache URL:	https://open-fast.com/wow/eword.png
Preview:	.PNG........IHDR...d...d.....G<ef....sRGB...,.....pHYs................hPLTE.../...)30...Zs.)3.3?.)3/..)..#...)3.]x....7E.)3.)3,...5C,..+...)3.)3.Zt.)3.)3.)3...R..@...+6.)3/...(2.(3....)3.(3.(2.(3.)3.)3.)3,...`{.)3..:.)3=...Mb.=M....;J.)3/...J].)3.)3.f..)3%...)3.)3.)3.)3.0=.)37...)3.)3/.....)3.)3.)3(..!..H..0../...DW.Wo ..(...)3/...)3.)3.k.)...)3"..'...x.....?O.)3.)3-...(2....)3.p.)......)3.Uj.\|.#...Qe...... p."...)3..#z.%~.._v...`..~...xtRNS.....U.........)0.....u...........&.......@....Q........{...........Jj....7............o...........^......................ER....IDATx...S.A..... .o#7...J@.D.....31....3..9.w..Cj...b.......].....2...f../.._H.L....$42..d).]>.... G.u.[.M'+..........q!.............i...0.'....h.$n...bykW..{K%...Xq.i.$.@..4.w_.yE..W..'..(..$.@.,.Kq$..F..D......-VV.<j.f.....JF.:.# @H<@,T...M`....{uI..,!....=.e......4.q\G.m.z...IG(......"9..q...Wz@.dH]~.4S.j..".w.....^p2}U...'N>.:..^,.)..)..)...I.oh..3.......q...jI.T.*.4.R).9l.F.b0im.6.(Q}d..O"....n.D...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\oword[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 100 x 100, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	3643
Entropy (8bit):	7.83924832439853
Encrypted:	false
SSDEEP:	96:jS7m7Re5jw468KJjWdAKx3Gz7X9tT1futpZczNcXp7BjRe9Cst7vGv:jSUeZlKJSHOx+HcG7BjRCCeTw
MD5:	379D0FBC70AA4890C2FC4F650432779E
SHA1:	12D965EDC4A29FDA6B416A03A4E8420FFEA8BE23
SHA-256:	32002C49772DEC767AC4DC0A0F625CA1DD860ED1E96837B70B8AEB85ADA38240
SHA-512:	805E04484033E8D5A2CA92E4C762231441519CB88ADBD94C90111AC85490D4F9F96D0C8D54F4248483619F3812C0F982295890A643FE121144A2DC38EB961A88
Malicious:	false
Reputation:	low
IE Cache URL:	https://open-fast.com/wow/oword.png
Preview:	.PNG........IHDR...d...d.....G<ef....sRGB...,.....pHYs.................PLTE...............................................+&.............ZP.A:....;5....TJ.%!....... ..............OF.60....eZ..................`U.0......j^......................qd..........$!......IA.....}.IA.~p....xk.F>............KD.)$.!...w..........D<................nb....tg.{n..z..s....$ ..........;4.:5.OG....$ ....XO.50.HA.......WP.82. ..&"....C;.^V.,'.`Y.".....<5.F?....62.TJ.+&.ZP.5/.............SL.ma.A<.=8.2..aV.GA.;5.KD.WN....1,.(&.......0+.60.uj.PJ....NG....2-.LE.)&.QI.3-.[X.RJ..........g\.B;.=6.TN.&....lf.@:./).)%.....)..}.JD.LF.ia....1,.%!.HA.aY.ZQ.,'.;4.D=.)%.QO.2,....3-.A9.da.D<.`Y.@:.\T....da.94.-(....&"._U....71....D=..v....71.2,.g].0,.......+&....RL.zn.SM.......[V.vn...!.}.kf.VL........../*.~p.&$....QH.\U.d_...3-..~.%!.73.B;.........tRNS.............................................................................\|....%.................x..x..s..k...Z...R1r..4.^...3...1.hDY..1&..z..{.8.M.G.N>k..O&

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\wow[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	20179
Entropy (8bit):	5.295993922465443
Encrypted:	false
SSDEEP:	384:W+m2Fw2F7oFWFSF8qF0rF6ACGJMaQykCQFpEKeC2yOKL/02FxtiEtisMB8THHEk/:W+m2Fw2F7oFWFSFBF0rF69GMaQykCQFb
MD5:	7A58D0D1EEDDD16DB8C843E9974FBC84
SHA1:	37300BD0AF58C815325B5E50D9722BE4438F2EBE
SHA-256:	478A87AF86E8A058BCF82D901F65B558FDF257A465A6D83F87E4AC5DA825F5F4
SHA-512:	53614CA0464FD58700DA0D74501C1EF06E1095E26F47B5234DBBA8E237419724B2C7085CFDBF5FC62A42A99F659573ADAC951DCFD902FC1BCEFA9F1CEDCD5D9B
Malicious:	false
Reputation:	low
IE Cache URL:	https://open-fast.com/wow/?n=Valentina-Salonna-&t=w
Preview:	<html>.<head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252">.<meta name="robots" content="noindex" />.<meta name="google" content="notranslate"/> . <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" name="viewport" />. <meta property="og:type" content="Secret Message" />. <meta property="og:title" content="I am send you a surprise message. Open this Now" />. <meta property="og:url" content="http://open-fast.com/wow/" />. <meta property="og:description" content="........" />. <meta property="og:site_name" content="........" />. <meta property="og:image" content="http://open-fast.com/wow/ogf.jpg" /> .<title>Valentina Salonna wishing you Happy New Year 2021</title>. <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/animate.min.css">. <script src="https://ajax.googleapis.com/ajax/libs/jqu

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\wword[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 100 x 100, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	5979
Entropy (8bit):	7.8923245239070585
Encrypted:	false
SSDEEP:	96:jSPQTAzI6xg6bWzS+PVYrDXMd+eCVF9vfK4qeB0aiyTHin4BwYN6WYe34/A6y1:jSC2I6xaNkXrFVCT0dkngkK
MD5:	C3121D44A005247C5F947867935F39DE
SHA1:	5E7A59B2D297CCBB14CA5AF46DA6A6DD813C42E1
SHA-256:	D3D10CCE6DCF6373727A134242EFC04BC213F1FF850833C1742CBC8A7F3B2667
SHA-512:	292EACE3926BA71BC2F2AFBAC88712C1A228BBE7711C93DDCA5EEEB8D798DDA5300377074CEFE4FDB49B9B1ACAF474A0D34A0343B59BB39921A854E5E0D0E3DD
Malicious:	false
Reputation:	low
IE Cache URL:	https://open-fast.com/wow/wword.png
Preview:	.PNG........IHDR...d...d.....G<ef....sRGB...,.....pHYs.................PLTE.........................................v....................y.....o....................,../.h.nX..n.pZ.....g....dU......4........u^............j........\|.w`...8...s\...)......q............l.\|d..........~f.....l..s.......yb......hT...$..... .}........................bQ.fS..n....eU.......~wW.........cR.......s..............~..........w.........>......bT.......o^...Rr\.........h\q]............q..`.....r...re-..E.\|`....o..p....dW.la2.zH.q2.z[..}.z..p..m.....i.....dwnG.q)qf9.....t.u:..kyrRv_..\|(..y....S.r......g.o#rjC..X....C..b.y3.~....~OcS...oj\%.\|......n..H...zqL...rh@.z...FXH.q^....\Q'..Z....zB.\|2..s..Y..P\|k.}e.m[..z;.._..SiX.ym@.{.i[...#.v$......ti8..w{o>sd'....q.....m.}....y..s.~wT..dYL......~h...n_.ngG......D.ai....tRNS..................................................................................................3....9$..>...E.'b\.B..P. Z..O...S......n..n...._.......b....wK\|

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\1number[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 80 x 100, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	5119
Entropy (8bit):	7.910544614497804
Encrypted:	false
SSDEEP:	96:qS/NDcuLhy1nKXudt00XCq4Z9bTMoEwi9PzxHtDlHO848cTpIeGxqG:qShO1nrdW0IZthi9Pzx48+Iec
MD5:	333FEFA2CE07F98AFB1154600809BBD6
SHA1:	E0FC2D737D30FE275F03353C8C5A872FB8AC994B
SHA-256:	45D6EC5960F0C8B24876B315C723A5F87F82C94006541E501A724E29A770A09D
SHA-512:	04239F0DB49FAEB88ED86F1586ADD809B9CAD7C107EAFBFEA3DDB498DC9A3FF945DA0D0197C3D1E8410005C8403F81F63D7D05F71F5200EC274AD31AB382BD92
Malicious:	false
Reputation:	low
IE Cache URL:	https://open-fast.com/wow/1number.png
Preview:	.PNG........IHDR...P...d.....&$G$....sRGB...,.....pHYs.................PLTE....[........a....._..N..X..d.....I...&.f..a..Z...#.m........B..K..D....;..e.../.E..D.....U..>..F..x..7..N..l.....>..K..C..;..;....5..0....8..T..K......L..S..v... .F..U.....0..O..........L..Q............1.E........X...$..........S.....+.A.....+........5...............1.9....=............9....<......d...C....L......... .............w....D..:...........1.........$....s...3.3.e......U..........m...!......{.q....x.z.......F....A.o....rU.h....d..U.............^...g..:.`y....H..M.....B.r..8..v.p.................c.m....=...b........5..x..o...Q.b.....O.........H.O..-.!.E....n......}@......N..R.......<...1t....y...L......Zl.D~...N..W....[I.......y.`..}.....A.....tRNS.................................................................................................#........d...... ........................^........U.s...g..9.....f

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\2021wishing1[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 589 x 117
Category:	downloaded
Size (bytes):	39852
Entropy (8bit):	7.8795986991370395
Encrypted:	false
SSDEEP:	768:BzFpI2GUMrDwYQrvqxqoISZQEsxqUFH3TsMo6+Uzwwa9ph/Z9Fj+k3:BzHGFuvqISZcxZvPwwSHx9Fak3
MD5:	2DCDE33D6A6997C3694851BED2E74EFE
SHA1:	74148081CD99AF9229D664331DB5A6331E74DA79
SHA-256:	9AF5D029A2B21E965AE26231F9F27578C6173D521E3E261023E33E87E3C98A30
SHA-512:	4735263B91643D7243596811729DD987AC7A33D41B258F9F32FAE742794CCA55248B635F8958D67D00E7E2F6FC02EA17C6B7C9E9E9BB6A6833CE61CD0705948E
Malicious:	false
Reputation:	low
IE Cache URL:	https://open-fast.com/wow/2021wishing1.gif
Preview:	GIF89aM.u...................................................................................".."..#..".....&..)..,..&.......2..:..3..1..=..<.. .."..+..$..+..'.......'..,..0..:..7..1..2..;..4..?..!!." .)).$.)(.I..R..@..E..D..K..B..F..L..M..A..L..N..D..E..O..Q..Z..Q..]..S..\..e..a..c..j..j..n..{..t..s.....\|..F!.J&.N.T$.S..T2.Y3.\<.f!.p".bB.kE.iK.nQ.rU.v[.y].~d............$.. ..!..#.&..%..'.(..,..k..n..t..y..\|..~.................................................................................................................................................................................................................................................................................................................................................................!.......!..NETSCAPE2.0.....,....M.u.....M..H......\....#J.H..E.&j.... C..I...(S.\.R...0-..I...8s.......i.....E+>.]...P.j\|."..=.F. B..`....BW.d..0.v..."..@A...Z#.=.4..i...........$..-...>....q......X.E.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\color[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 50 x 50
Category:	downloaded
Size (bytes):	20528
Entropy (8bit):	7.9026486255886095
Encrypted:	false
SSDEEP:	384:IHtMv5fhn7Lc/Mx4BXAtLC22bPYl3QttIyK+/UE+iBjU:lB5XcUiSLC7ztqyFUE+T
MD5:	8BB3836F18779A6A3458941E0A33B8DA
SHA1:	40A514CCAEE949D42368B813FE5428AEDE203ADD
SHA-256:	0021CC31EF85472442FAEA06BF18B65FFA357924A49287F15A124D7883D0B8F9
SHA-512:	859EDF30C8AF5AE7CDBCBF7D9EFDF23A792B9E0A5836FE77BB1F27F18AEE3F9FF996FE435FD8E17675B0F14F47CF5506D54E727C7C8EF50AC745456B77CF0DCD
Malicious:	false
Reputation:	low
IE Cache URL:	https://open-fast.com/wow/color.gif
Preview:	GIF89a2.2......{......!..R......2ZwT>m.....9-]x........~..FMCo.$2....'.....B.y..L'........v..R.Y..J...q)d...E).\|.....m.EIq......E`x..........;..q..uE.^.".y.%.m..9.....M.e!.U%..5.u...N".o.a".%..2..>.(15.f.Q&.u~..-..K..U}"a.q.5Wv..].^#..I.\.=+.5-a.R=.b.8,..Z..6..6...%dz}.Fu.I..^..1..=..\|!h{.q}../j.N.i M.[JFpAMr...m.M..=..@r.JY.V.m\|........B).kA.`......j.fa5iu'c..4..H.......2...(........}.A..i... 4..;..>:Rt..WQ@n..Z:k.....VV.W...e2hx%bl-f....H(..Oe.P..@..x....._....X$..X.~.^6j.....r2.gz.G..P.o\|..S..7..+..D....s}.~.8.d....,0..<.....8?Os..X j{../..#fz:.c\8j..7..y..G..A..\\.T..s8Tu..,f1g.v~^.S<Qt.....P..[..Y.Z#0.h=Pso+e..C{#a.}...?x.HX;l..[..wc3h..T. _'cyCKr..Th0g..<. `...0/,.j........:..K.....7..........{.g.O..C..<(.l.....C..3..t..].k{p.L.$.\#...GHp.;,....0!..NETSCAPE2.0.....!.......!. Resized with ezgif.com GIF maker.,....2.2......Y. B..}......9P....3...d..y..IC.P<f...J..'d8.1fI..5.F.""..A......qb..7bzQ...x....#%.`Q...j.....T.S.D.?1j.p.E0.3.4.b..#.R.h.9O..5...."P.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	86927
Entropy (8bit):	5.289226719276158
Encrypted:	false
SSDEEP:	1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69
MD5:	A09E13EE94D51C524B7E2A728C7D4039
SHA1:	0DC32DB4AA9C5F03F3B38C47D883DBD4FED13AAE
SHA-256:	160A426FF2894252CD7CEBBDD6D6B7DA8FCD319C65B70468F10B6690C45D02EF
SHA-512:	F8DA8F95B6ED33542A88AF19028E18AE3D9CE25350A06BFC3FBF433ED2B38FEFA5E639CDDFDAC703FC6CAA7F3313D974B92A3168276B3A016CEB28F27DB0714A
Malicious:	false
Reputation:	low
IE Cache URL:	https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Preview:	/! jQuery v3.3.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t\|\|r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?l[c.call(e)]\|\|"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\stageleft[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 275x700, frames 3
Category:	downloaded
Size (bytes):	11856
Entropy (8bit):	7.898800535163166
Encrypted:	false
SSDEEP:	192:Umb+EvsYfqxG+HCqQcnY+npNX02gkPI5LyM2qYQk+YIDOZO1JyHw5eMxDqiXe:RtfSniqQcY+np1ciIByM2qrFfDOgJPNs
MD5:	5D84FD7E43D5C89733E429628ECCAE68
SHA1:	F74A8E3D9884DFB180251A5177AE2F8A32B0959B
SHA-256:	AE4D0DB1AEDD3835AA56D1CAF1AA5B40F77DC91F4C4142EB7761A4C5704D2252
SHA-512:	6F871925EBFDB41B99CEE5D22A9C64772BE7FBD4CEEA769749F9C3EB5C14CE90B39434142D6A7E30DE80C1BB07C13984FEABF77AED5397019C29ABA30F58E338
Malicious:	false
Reputation:	low
IE Cache URL:	https://open-fast.com/wow/stageleft.jpg
Preview:	......JFIF.....H.H.....C....................................................................C............................................................................"..........................................V.............................1."2a.!#3BQR.ACSbr.....$4cs.....q......%7Tu......DEVd...................................:............................!2AQ.."1BRaq.#3....5br...S..............?..\)...?I.G2d...0i4.&.$.d..S....1.T.d..r1..Le9..Na..0....$..aT&......d.....O1..0........cJ.......L.<.h..O...0.1....9.I.s&.d.t.@.9..L....&4P.&..Nb.S..TI...2....a0.... L..@.. ..4P.R...Lcb.`...&....6.'@.H.D.hL.....\.4...)..a0m..m.U..0..T.sNc....!2d..... L.h.60...(h.....1......4P..L9&@...4.l..&....@..y8.CI....s.4j.M....Sm.............R.k.>..C\|g.....v....ssoZ?4.5...O...K...t.^~..._29...{...\3.ml......].r7u.Y.a...M.Y...g...r.l.t.w..R..dj....2+.Bj.:.O...t\|.\|..]?.t.?6..2#.8....-HZ..!I.B.....z&4P.*a.c).:s0l.L..Pm).&.aV.....1....0h......cg ..0......4.<.h....Lh...5L/.l...$>T>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\wow[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	19829
Entropy (8bit):	5.29706767084117
Encrypted:	false
SSDEEP:	384:++m2Fw2F7oFWFSF8qF0rF6ACGJMaQykCQFpEKeC2yOKL/02FxtiEtisPOtHHEk8O:++m2Fw2F7oFWFSFBF0rF69GMaQykCQFG
MD5:	0DB2E044F2EECE0376FDBA6977DF4A2B
SHA1:	66D5C81ED97FD5F92EE549AF428EAE18E7D17767
SHA-256:	DFE4E803C8A41D3496C68BC998BF21029FB2586960C961BDE3BF3E097C0CF7B9
SHA-512:	EA8FB2ECF888E37ECAE23C34AB86AE5813D9B34B1F396AF17CF3B95E740655605C940797EFB7E43467004E63DC766F7A2B637523B7E906D7775E6693D2D02100
Malicious:	false
Reputation:	low
IE Cache URL:	https://open-fast.com/wow/
Preview:	<html>.<head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252">.<meta name="robots" content="noindex" />.<meta name="google" content="notranslate"/> . <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" name="viewport" />. <meta property="og:type" content="Secret Message" />. <meta property="og:title" content="I am send you a surprise message. Open this Now" />. <meta property="og:url" content="http://open-fast.com/wow/" />. <meta property="og:description" content="........" />. <meta property="og:site_name" content="........" />. <meta property="og:image" content="http://open-fast.com/wow/ogf.jpg" /> .<title>[Your Name] wishing you Happy New Year 2021</title>. <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/animate.min.css">. <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\2021mainphoto1[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 382 x 243
Category:	downloaded
Size (bytes):	39764
Entropy (8bit):	7.923077495550975
Encrypted:	false
SSDEEP:	768:cKHvTX96W+ZG9wCPfBIGkq0htrb6L0x4o63q8A83x8x9:ZKL6SZquaQxh/8tB8P
MD5:	34A1F6417DC3CDE9C95F3F7316219F1F
SHA1:	56A68C8A334B03FB5BBFB1380F80CCD2DD8437E4
SHA-256:	6AB6970FCD5FF97F134818AB9924BBE9E6A30B786B79A9A38DAB4A267F8F159A
SHA-512:	07E1C07441C0C510327469EB4320BF365AEDB90D6940F8B9605E044C6887E95F58E790582A23FE2291A82FADA281B78226CFC4A13869A8A213A54853EF6AD07B
Malicious:	false
Reputation:	low
IE Cache URL:	https://open-fast.com/wow/2021mainphoto1.gif
Preview:	GIF89a~....F.....VW...............-.......5...lll..........QRQ@@@....}.....2...........p..L......f32.......`..........................$#.............{.x\......R..........J....t....g...\|\|\|.&..n...................Dz..V.S..k..............A..8PD....0..k...c...cR.~.g...V..r......&XL.......nV.(a..x.........T..2...0Gj.t..O..bF.bO.f..v5.Y'.^\|..,tU=vU{c1d....=.[0]L?....9&v..#...Tb3..vF. .....J.N.5K.....QQ.d..o.ua..6^`R.u.w ..0.e..Z%h....f........B..W....U..p..@e.!L..s.Av.kzU..6..A..@...Xf@\..(...jQ"....................J........2...... ..!...i~ .C...H....?...b....?.V......7.")..Y.9m.W..1vs.."...v..}.t.....Z...v_.....%.qn....jP,...........L..D......rU..."......F..`.4e-.L..z..o....3(..P[....T.S. ..P.U.,..N....x"..M...f..v..P...A........!.......!..NETSCAPE2.0.....,....~..........H......\....#J.H....3j.... C..I...(S.\...0c.I...8s......@.B.. ..H.})`...F.J.J.*E...h.j...R...J6j..h...@.S.Z.$X.`..xC6......d#H...........`.`...#.Ly...2....p..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\2021number3[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 267 x 133
Category:	downloaded
Size (bytes):	205310
Entropy (8bit):	7.969252024862849
Encrypted:	false
SSDEEP:	6144:ncCAew5v8SRn51D4vadNNKBeiE2xE5Ow0p9eGZ2C:np9CvEadYREX0zFZ2C
MD5:	D63426119BF9FD8A06FCC08B3A653CB3
SHA1:	3FB388BA953494E27DD504A4A6FE036A44615910
SHA-256:	AFE0171523F1B6E9DD99C91A57BC6C585285BA1D0F56149017F5CEFBEE9A36F0
SHA-512:	FB07A9C4F73A8873F2696290E49EE141C680BD59C80118E10DEB27934AABE9609EF38CAEFE08E43571815D4A2672CB0577D5ACBA8098825C5569720BFBA7CDA5
Malicious:	false
Reputation:	low
IE Cache URL:	https://open-fast.com/wow/2021number3.gif
Preview:	GIF89a............p...................J...................l......z.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,...............H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...4.@.....O#@ ....J.j.....`!B.J...h..$.....^...;...s.bT...S.SK.K.............e. ..P1.RCV..U2..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\arrowdown[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 150 x 300
Category:	downloaded
Size (bytes):	48176
Entropy (8bit):	7.928510274829032
Encrypted:	false
SSDEEP:	768:3QlX52K+dt4Pc11U4SkxNsacEINQbIWgR3kBHtnmUf+aBNLiIHV/GBiBHwMB:y1RPc11U4t2hWbIWMUBHBmUfzbeic8FB
MD5:	DE501B552DFE5593FA0D364090067B4F
SHA1:	13A025C474F4AA8F7FB671DAD817254E6D776124
SHA-256:	76A371EC204A5ED18E457B6F5B58B7253006C36DC248ED1252E3FA72C004F0C1
SHA-512:	4FB204F311C7B2B6D3DA79039A73F551B3DC59116184D3EB170151616944FF2F9D3D2EDA77FC7D45ADC7041693325E0F1D764C28EE03F3D2DAFC9326BAA23FA4
Malicious:	false
Reputation:	low
IE Cache URL:	https://open-fast.com/wow/arrowdown.gif
Preview:	GIF89a..,..9..{;..;..F.4..=..6..a&.i,.8..\|3.^.q5.`-.s+.n+.L..m3.]$.B..I..k.=..q<.Z%.U..k4.tB.f).c%.[).j5.B..H..1..I..V#.T(.k:.d1.e5.e&.R..A..X..f;.P...R.Y-.c3..Z.rD.N..kE.U..r5.S(.Z".i3.\..lB..h.\|4.Z".zF.y5.s-.u9.~9..Z.r5.pL.zD.Z..T..x,.c.d.b6.u:.N..xH.}4.V.;..8...:.{<.F..k,.c.L..N.s4.s:..n..>..Q.u:.d).n2.X0.l:.r,.}4.F..Z+.rH..5.`.}B.k+.\|H.]$.L..c%.nA.S..b%.T..K..F...6..K.d).lJ.V..e.^2.k.s:.vL.a...b.r2.`4..t..E.E..k2.I..V .}D.n$..M.x@.:..vN.~R..J..D..Q.m3.{<.r..k3.n;.j+.j,.:...6.Q..^0.m2.~P..M..C..5.h.r:.\|B.I..[".vA.F..>...j.`<.Q..J".e..I..R.X&.}C.P..T.H..}H.m2.j4.N .d..I..s5.q@.d>..Q.v@.s;.n3.[5..J.s5.v@.B..N$.qP.yB.~H.x>..:.\..F..F.s4.t<.@.J..d@.T..J...;.J...6..A.v9.R...6.R,.v9..K.~H..^..V.D...<..L.yB.N..J..f.R2..S.x<.~H..;.~H..L.M,.C..F".>..X6.B..6....!..NETSCAPE2.0.....!.7Copyright 2014 www.PresenterMedia.com ::JD:5-19-2014.!.....9.,......,.....s..H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`..K..Y..`.X

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\js[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	98731
Entropy (8bit):	5.514534974076063
Encrypted:	false
SSDEEP:	3072:JB4bXR7peBY0M2JqUgumBlTjw/UTYBpN+:PmixQGBj+
MD5:	56CD0E45AE98E6F83EE3202972362790
SHA1:	28BFBA92A2F3AF7F93C33E0DE4A6C1C8C9FF481C
SHA-256:	305CC48B9AB21D1F5EBBB6F963A89E7CCE4AFD6C2518630880509B580E1D6519
SHA-512:	42E9CDDCA69714FC6F1F605AAEA9A80072434BBA1B2B96760B2BD2FABA6563E694888E28B424A0289B68525762E3373C722183E3F71660C9EAE503B0263D3662
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.googletagmanager.com/gtag/js?id=UA-85162156-12
Preview:	.// Copyright 2012 Google Inc. All rights reserved..(function(){..var data = {."resource": {. "version":"1",. . "macros":[{. "function":"__e". },{. "function":"__cid". }],. "tags":[{. "function":"__rep",. "once_per_event":true,. "vtp_containerId":["macro",1],. "tag_id":1. }],. "predicates":[{. "function":"_eq",. "arg0":["macro",0],. "arg1":"gtm.js". }],. "rules":[. [["if",0],["add",0]]].},."runtime":[].....};./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var ba,ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},da=function(a){var b="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return b?b.call(a):{next:ca(a)}},ea="function"==typeof Object.create?Object.create:function(a){var b=function(){};b.prototype=a;return new b},ha;.if("function"==typeof Object.setPrototypeOf)ha=Object.setPrototypeOf;else{var ia;a:{var ja={wg:!0},la={};

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\lword[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 100 x 100, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1353
Entropy (8bit):	7.607119140572503
Encrypted:	false
SSDEEP:	24:ss/6WEzZhKr+GKglNYPELjTsfg+2X5CYDNA5rQrK5lk1RTb6SIVpE:j/65ZhnaYysIaYDNA5+iq1RT5
MD5:	C9A048EF000A1DD935208F23C7707946
SHA1:	3BCD666E9F3A962DE6DC76DC0BC6C59E5E613105
SHA-256:	60B7F1E87A9E841FDB41FFE7E52610988C33F41284899EF82B5CD634178E559B
SHA-512:	F9FC957E444267F79EB19AE22BB27938E42F4B0DBE70FDEE81ACFD2B70507D8127BBB6DCBF319A2F2DC7FBDF9543AF9B50F722CA94ED273233E78CE2BC22A2E1
Malicious:	false
Reputation:	low
IE Cache URL:	https://open-fast.com/wow/lword.png
Preview:	.PNG........IHDR...d...d.....G<ef....sRGB...,.....pHYs................hPLTE.......}........(..x..p..e.#.......A.z..,...8.x..2.I.P..]....W............}F....T$..u.N...X...S..M..A.....T..O./..H...}..a..P...A...d0..{..._..3s9.f)..W... .A.k!.u..:...).i.._.zf$.n$..I...l..]..S...;t5...I....V.s..6.m.{xMF...a.\$..o..g..r..G..V..:.....I......$.W......K.<...........& ...s..lX ....=..a.JU...~D.H...G.!>..r_!.a...W....xtRNS...............................................................................................<...............%..&`j...^9.....IDATx...kS.@..a....E..MI0.....r)..(.@`,.U..../...F.s..u.Y...~Y`3...I...[........&i.....w..bh.................u....#..1.@k.H.a.}..>R...R..=. \|D......bz.@.. ....#...d...BC.3. \|$[......I......%H6..<..$i...G.,..b..6d.."..1.>"..u...3r.q.>........RQ......6.Q.D..\ G=cC .wRN..NAd..9M.z.\ .H.;...st$.=....9..........9."F?...]9.]...v.]..g.Hn....:.t.X ..@.:.D..%R.!.'ct..w.Fr.q...k...=..._....z..c..&.U/.V9......V..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\stageright[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 275x700, frames 3
Category:	downloaded
Size (bytes):	15673
Entropy (8bit):	7.936027841445363
Encrypted:	false
SSDEEP:	384:7GoiTiib6iKSZ4Z2xAtXVm7KmIDeccNQPEGn4K:7iTFKSZ1qhDV0pK
MD5:	A7BFB594B073BE2392DF6C3D0DBA7AA9
SHA1:	DA3D459A788492D915226825481256434B3E74E6
SHA-256:	29D8BB6EF07751F6EF467FF1B00B1FA716BAA65599D199C03A5576D4E0119632
SHA-512:	F947DE9A12C7E0373FBE0DC6A24D5FD4A1C37666CBDF25940694910E070F23DBFA148CC16E64241BD2185728CBFA94E0634AF925C10B937D0CC098FA51E64FE3
Malicious:	false
Reputation:	low
IE Cache URL:	https://open-fast.com/wow/stageright.jpg
Preview:	......JFIF.....H.H.....C....................................................................C............................................................................"..........................................M.......................1..!...2Aa.."Qq.B...3R..#br....ST.....$Cs..&46ctu....................................6.......................1.!..A."Q.2a.#BRq.......3...............?....;..S../..d2....4....[..N...Q......~.X.`.`7`.y....JG`5..\.........-.n.!;..d./..`c.-...B.n..`R..qL......3<.......e._.n...[.,. ..N..`J........~...=.$..+.(...fYl.!......$6.... N.%E.O1N.._.!.v.....=..d...~%2.1.....LC.........&..&...1N.!.v..-.~.....n...-..<.~.O2.@....n...>.d........C.B.n...[.,. ..c..`f.....1....4......~.z1K`...T......L;..a....!.;.).~....Jd.=.a..........H..0...-..7...-.v.v.v.v.@....3.....v.~%....P3.dv.v..R;.{.z...~.;..2....!5...X........J..U..8c.......f9l[.-\|..;.=....`...@~.....@.z..~.5..B..C.`.y.v..L[.`7..a..cr...z.....~../B.....O.........k.]....0..0.."[........yl...n....[.`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\wow[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	178
Entropy (8bit):	4.560890767001816
Encrypted:	false
SSDEEP:	3:qVoB3tUROGclXqyvXboAc9FKEIHiHby4AqWSZUXqXlIVLLP61IwcWWGu:q43tISl6kXiWHiHuwWSU6XlI5LP8IpfB
MD5:	CD2E0E43980A00FB6A2742D3AFD803B8
SHA1:	81FFBD1712AFE8CDF138B570C0FC9934742C33C1
SHA-256:	BD9DF047D51943ACC4BC6CF55D88EDB5B6785A53337EE2A0F74DD521AEDDE87D
SHA-512:	0344C6B2757D4D787ED4A31EC7043C9DC9BF57017E451F60CECB9AD8F5FEBF64ACF2A6C996346AE4B23297623EBF747954410AEE27EE3C2F3C6CCD15A15D0F2D
Malicious:	false
Reputation:	low
Preview:	<html>..<head><title>301 Moved Permanently</title></head>..<body bgcolor="white">..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..

C:\Users\user\AppData\Local\Temp\~DF56B7970576A5B52C.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.27918767598683664
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
MD5:	AB889A32AB9ACD33E816C2422337C69A
SHA1:	1190C6B34DED2D295827C2A88310D10A8B90B59B
SHA-256:	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
SHA-512:	BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF69481F7E8700AB13.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	44741
Entropy (8bit):	0.9247861432374943
Encrypted:	false
SSDEEP:	384:kBqoxKAuqR+xvdc/MPovsPCg51vsPCg52B5Cg5PG:TovMCg51vMCg5q5Cg5O
MD5:	EF7BD2817D7CFE44BA2D6D8875953BCD
SHA1:	4CDB8237342F5DF67DD83449F6168F40790789DC
SHA-256:	957F84A309C95FF32BECBF291E7381B8B5D2D245221839AF3977A5E2305F3BCB
SHA-512:	C1F16351008230505D80DB32538ECB7D1A7C413B5B48FDFA752C523D2BCE164482BA9F78E3B60DC272E54872FB833B24D70239FE7CE25E4F720BECA9B1BD4B9D
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFC793ECA40C6C2C82.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.481116162625727
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9locF9loc9lWtgBVLnG:kBqoI3Rt6zG
MD5:	F8F405D8B94C744EEF3863C5A9228C7F
SHA1:	27089251E86751E7AD3643D8931FD8270DA292B5
SHA-256:	02CBE6D5868EC0B0631CD7D078133ADC2DC118060D5076EE0F7D4826AFB5CE85
SHA-512:	7F38FF0B3CB3FABDDDDB2DBE5AD20EFCC7B214E5449AE4D344EDB6490B095EB67A9F75707A2162E750D236DE26E4FDBAE142CD957BC7FB6CAD3E68B61A2FCF30
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

Total Packets: 79
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 29, 2020 11:49:08.945786953 CET	49718	80	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:08.946023941 CET	49719	80	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.016088009 CET	80	49718	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.016130924 CET	80	49719	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.016237974 CET	49719	80	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.016256094 CET	49718	80	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.017257929 CET	49719	80	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.087516069 CET	80	49719	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.087567091 CET	80	49719	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.087718010 CET	49719	80	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.102539062 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.170078993 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.170306921 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.181837082 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.249404907 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.251418114 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.251482010 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.251514912 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.251533031 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.251585960 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.284182072 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.289375067 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.289515972 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.352015018 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.352063894 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.352114916 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.352149963 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.352977991 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.356719971 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.356904030 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.356972933 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.357897043 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.357942104 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.357979059 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.357979059 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.358000994 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.358017921 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.358043909 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.358081102 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.413414001 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.413882971 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.414333105 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.424803019 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.426727057 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.427405119 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.428488970 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.429142952 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.429600000 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.430109024 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.430556059 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.431430101 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.431881905 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.432387114 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.433490992 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.433824062 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.434225082 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.457485914 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.465487957 CET	49722	443	192.168.2.3	104.16.19.94
Dec 29, 2020 11:49:09.465601921 CET	49723	443	192.168.2.3	104.16.19.94
Dec 29, 2020 11:49:09.480777979 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.481080055 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.481137991 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.481187105 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.481209993 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.481241941 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.481525898 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.481583118 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.481627941 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.481643915 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.481662035 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.481694937 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.481703043 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.481745005 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.481760025 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.481796026 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.481806993 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.481853962 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.481857061 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.481906891 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.481916904 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.481957912 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.481987000 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.481996059 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.482022047 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.482059956 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.482081890 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.482131958 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.482177019 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.482194901 CET	49721	443	192.168.2.3	5.9.217.141
Dec 29, 2020 11:49:09.494018078 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.495879889 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.496826887 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.497726917 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.498999119 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.500648022 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.502037048 CET	443	49721	5.9.217.141	192.168.2.3
Dec 29, 2020 11:49:09.505470991 CET	443	49722	104.16.19.94	192.168.2.3
Dec 29, 2020 11:49:09.505537987 CET	443	49723	104.16.19.94	192.168.2.3
Dec 29, 2020 11:49:09.505650043 CET	49722	443	192.168.2.3	104.16.19.94
Dec 29, 2020 11:49:09.505651951 CET	49723	443	192.168.2.3	104.16.19.94

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 29, 2020 11:49:03.191752911 CET	63492	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:03.242780924 CET	53	63492	8.8.8.8	192.168.2.3
Dec 29, 2020 11:49:04.117614985 CET	60831	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:04.177011013 CET	53	60831	8.8.8.8	192.168.2.3
Dec 29, 2020 11:49:05.108865976 CET	60100	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:05.159862995 CET	53	60100	8.8.8.8	192.168.2.3
Dec 29, 2020 11:49:05.985006094 CET	53195	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:06.033278942 CET	53	53195	8.8.8.8	192.168.2.3
Dec 29, 2020 11:49:07.028381109 CET	50141	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:07.079428911 CET	53	50141	8.8.8.8	192.168.2.3
Dec 29, 2020 11:49:07.785116911 CET	53023	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:07.849256039 CET	53	53023	8.8.8.8	192.168.2.3
Dec 29, 2020 11:49:08.083712101 CET	49563	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:08.131834030 CET	53	49563	8.8.8.8	192.168.2.3
Dec 29, 2020 11:49:08.859630108 CET	51352	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:08.931596041 CET	53	51352	8.8.8.8	192.168.2.3
Dec 29, 2020 11:49:08.955490112 CET	59349	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:09.003603935 CET	53	59349	8.8.8.8	192.168.2.3
Dec 29, 2020 11:49:09.412611961 CET	57084	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:09.417743921 CET	58823	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:09.445790052 CET	57568	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:09.460577965 CET	53	57084	8.8.8.8	192.168.2.3
Dec 29, 2020 11:49:09.482033014 CET	53	58823	8.8.8.8	192.168.2.3
Dec 29, 2020 11:49:09.509854078 CET	53	57568	8.8.8.8	192.168.2.3
Dec 29, 2020 11:49:10.122399092 CET	50540	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:10.181922913 CET	53	50540	8.8.8.8	192.168.2.3
Dec 29, 2020 11:49:10.921809912 CET	54366	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:10.978174925 CET	53	54366	8.8.8.8	192.168.2.3
Dec 29, 2020 11:49:11.956151009 CET	53034	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:12.004270077 CET	53	53034	8.8.8.8	192.168.2.3
Dec 29, 2020 11:49:13.216778994 CET	57762	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:13.273098946 CET	53	57762	8.8.8.8	192.168.2.3
Dec 29, 2020 11:49:14.057017088 CET	55435	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:14.113106966 CET	53	55435	8.8.8.8	192.168.2.3
Dec 29, 2020 11:49:14.984954119 CET	50713	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:15.035820007 CET	53	50713	8.8.8.8	192.168.2.3
Dec 29, 2020 11:49:16.278969049 CET	56132	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:16.329966068 CET	53	56132	8.8.8.8	192.168.2.3
Dec 29, 2020 11:49:28.298413038 CET	58987	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:28.354794025 CET	53	58987	8.8.8.8	192.168.2.3
Dec 29, 2020 11:49:35.536015034 CET	56579	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:35.584446907 CET	53	56579	8.8.8.8	192.168.2.3
Dec 29, 2020 11:49:36.869781971 CET	60633	53	192.168.2.3	8.8.8.8
Dec 29, 2020 11:49:36.928200960 CET	53	60633	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Dec 29, 2020 11:49:08.859630108 CET	192.168.2.3	8.8.8.8	0xaea7	Standard query (0)	open-fast.com	A (IP address)	IN (0x0001)
Dec 29, 2020 11:49:09.412611961 CET	192.168.2.3	8.8.8.8	0xd4d9	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)
Dec 29, 2020 11:49:10.921809912 CET	192.168.2.3	8.8.8.8	0x2d12	Standard query (0)	stats.g.doubleclick.net	A (IP address)	IN (0x0001)
Dec 29, 2020 11:49:28.298413038 CET	192.168.2.3	8.8.8.8	0x61ea	Standard query (0)	favicon.ico	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Dec 29, 2020 11:49:08.931596041 CET	8.8.8.8	192.168.2.3	0xaea7	No error (0)	open-fast.com		5.9.217.141	A (IP address)	IN (0x0001)
Dec 29, 2020 11:49:09.460577965 CET	8.8.8.8	192.168.2.3	0xd4d9	No error (0)	cdnjs.cloudflare.com		104.16.19.94	A (IP address)	IN (0x0001)
Dec 29, 2020 11:49:09.460577965 CET	8.8.8.8	192.168.2.3	0xd4d9	No error (0)	cdnjs.cloudflare.com		104.16.18.94	A (IP address)	IN (0x0001)
Dec 29, 2020 11:49:10.978174925 CET	8.8.8.8	192.168.2.3	0x2d12	No error (0)	stats.g.doubleclick.net	stats.l.doubleclick.net		CNAME (Canonical name)	IN (0x0001)
Dec 29, 2020 11:49:10.978174925 CET	8.8.8.8	192.168.2.3	0x2d12	No error (0)	stats.l.doubleclick.net		108.177.15.154	A (IP address)	IN (0x0001)
Dec 29, 2020 11:49:10.978174925 CET	8.8.8.8	192.168.2.3	0x2d12	No error (0)	stats.l.doubleclick.net		108.177.15.155	A (IP address)	IN (0x0001)
Dec 29, 2020 11:49:10.978174925 CET	8.8.8.8	192.168.2.3	0x2d12	No error (0)	stats.l.doubleclick.net		108.177.15.156	A (IP address)	IN (0x0001)
Dec 29, 2020 11:49:10.978174925 CET	8.8.8.8	192.168.2.3	0x2d12	No error (0)	stats.l.doubleclick.net		108.177.15.157	A (IP address)	IN (0x0001)
Dec 29, 2020 11:49:28.354794025 CET	8.8.8.8	192.168.2.3	0x61ea	Name error (3)	favicon.ico	none	none	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

open-fast.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49719	5.9.217.141	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Dec 29, 2020 11:49:09.017257929 CET	91	OUT	GET /wow/?n=Valentina-Salonna-&t=w HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: open-fast.com Connection: Keep-Alive
Dec 29, 2020 11:49:09.087567091 CET	92	IN	HTTP/1.1 301 Moved Permanently Server: nginx Date: Tue, 29 Dec 2020 10:49:09 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://open-fast.com/wow/?n=Valentina-Salonna-&t=w X-Powered-By: CrazyTechIndia X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Dec 29, 2020 11:49:09.251482010 CET	5.9.217.141	443	192.168.2.3	49721	CN=www.open-fast.com CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Tue Dec 08 18:58:54 CET 2020 Wed Oct 07 21:21:40 CEST 2020	Mon Mar 08 18:58:54 CET 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Dec 29, 2020 11:49:09.251482010 CET	5.9.217.141	443	192.168.2.3	49721	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
Dec 29, 2020 11:49:09.547719002 CET	104.16.19.94	443	192.168.2.3	49722	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Dec 29, 2020 11:49:09.547719002 CET	104.16.19.94	443	192.168.2.3	49722	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Dec 29, 2020 11:49:09.550720930 CET	104.16.19.94	443	192.168.2.3	49723	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Oct 21 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Thu Oct 21 01:59:59 CEST 2021 Wed Jan 01 00:59:59 CET 2025	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Dec 29, 2020 11:49:09.550720930 CET	104.16.19.94	443	192.168.2.3	49723	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		9e10692f1b7f78228b2d4e424db3a98c
Dec 29, 2020 11:49:11.170424938 CET	108.177.15.154	443	192.168.2.3	49730	CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Nov 10 15:34:37 CET 2020 Thu Jun 15 02:00:42 CEST 2017	Tue Feb 02 15:34:36 CET 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Dec 29, 2020 11:49:11.170424938 CET	108.177.15.154	443	192.168.2.3	49730	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Dec 29, 2020 11:49:11.170643091 CET	108.177.15.154	443	192.168.2.3	49731	CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Nov 10 15:34:37 CET 2020 Thu Jun 15 02:00:42 CEST 2017	Tue Feb 02 15:34:36 CET 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Dec 29, 2020 11:49:11.170643091 CET	108.177.15.154	443	192.168.2.3	49731	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

Behavior

• iexplore.exe
• iexplore.exe

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 2844 Parent PID: 792

General

Start time:	11:49:07
Start date:	29/12/2020
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff72dc60000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

Show Windows behavior

Registry Activities

Analysis Process: iexplore.exe PID: 5740 Parent PID: 2844

General

Start time:	11:49:08
Start date:	29/12/2020
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2844 CREDAT:17410 /prefetch:2
Imagebase:	0x3d0000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

Show Windows behavior

Registry Activities

Disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report http://open-fast.com/wow/?n=Valentina-Salonna-&t=w

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 2844 Parent PID: 792

General

File Activities

File Created

File Written

File Read

Registry Activities

Key Created

Key Value Created

Key Value Modified

Analysis Process: iexplore.exe PID: 5740 Parent PID: 2844

General

File Activities

File Created

File Written

File Read

Registry Activities

Key Value Created

Disassembly