version: 28.0.0 lapis lazuli - joe sandbox
TRANSCRIPT
2
333444556666
6777777778888899999999999
101030303131323233333333333536363737384343434343434444
44444444
44
Table of Contents
Table of ContentsAnalysis Report https://l.facebook.com/l.php?u=https%3A%2F%2Fpage.dagmaar.com%2Ftundra%2F%3Ffbclid%3DIwAR0ibFew8p_xPNe0PRhTlrDIVnOwzwLQrHRnimIhKKmR0VId6RXzV1BrzBg&h=AT3Z5D1122EKedyHgzhaptwcCVWeJbxG4qUO6AUjkcO0py0i04KmGRi0WyVA15reYwbTjwud0UkxJ2CWc_Qjy8focTcMyoKDNRkyIlIlhO3WzNYdk1kOBEDdCL-SFmvLd6-TG4PP1NEvZR-Z-hdPJSoVdr2Ua7tTxf8pJhsQSppD7KEyP18ORHGo0l9GGC6_nwGx0I4oZGhJn3LT1gN__z4lB1Qj3zd3LS0g-9sB9v5jK07zIQjwrNTfpy8_HrVMMwK9w5os1Eqtz0Gc6_cTl3lgX2HccPhOeG2AC-TDAMewir3l9SnAw5EwqHlqWxDRZpSZ__g_SvK-xrwFNncoSRpOAqeOMZAw0p2GOvgV_ZQlUh8tqxCyyV2IN6bW8V1eJYb-8iUC3B9_5Ii560g82q13nQJr6g8bsGP7LALH3FCYbSK20DXzuiq2zRv1tObbo3y5UPPrgGT0HEw7EUTABmBDPPPdTJiSK6kc_C-A2AcuZkIjEQ7X11mYBck7FccJIdRnf1XewJPiYYWca4g-KcroI6AZNVmC_-8iNAL9Ee0iMXn5-YTTQMLNdSq_USwLkwUvQrmfJp1bV0FXN4m0B6vEaKIIFoIUsBylb3u6VZCLhETTOrkigLnj9K_fVoDBrahiQn4qL_gABg
OverviewGeneral Information
DetectionConfidenceClassification SpiderchartAnalysis AdviceMitre Att&ck MatrixSignature Overview
Phishing:Networking:System Summary:
Malware ConfigurationBehavior GraphSimulations
Behavior and APIsAntivirus, Machine Learning and Genetic Malware Detection
Initial SampleDropped FilesUnpacked PE FilesDomainsURLs
Yara OverviewInitial SamplePCAP (Network Traffic)Dropped FilesMemory DumpsUnpacked PEs
Sigma OverviewJoe Sandbox View / Context
IPsDomainsASNJA3 FingerprintsDropped Files
ScreenshotsThumbnails
StartupCreated / dropped FilesDomains and IPs
Contacted DomainsContacted URLsURLs from Memory and BinariesContacted IPsPublic
Static File InfoNo static file info
Network BehaviorNetwork Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTP Request Dependency GraphHTTP PacketsHTTPS Packets
Code ManipulationsStatistics
BehaviorSystem Behavior
Analysis Process: iexplore.exe PID: 4380 Parent PID: 696GeneralFile ActivitiesRegistry Activities
Analysis Process: iexplore.exe PID: 4880 Parent PID: 4380GeneralFile ActivitiesRegistry Activities
Disassembly
Copyright Joe Security LLC 2020 Page 2 of 44
Analysis Report https://l.facebook.com/l.php?u=https%3A%2F%2Fpage.dagmaar.com%2Ftundra%2F%3Ffbclid%3DIwAR0ibFew8p_xPNe0PRhTlrDIVnOwzwLQrHRnimIhKKmR0VId6RXzV1BrzBg&h=AT3Z5D1122EKedyHgzhaptwcCVWeJbxG4qUO6AUjkcO0py0i04KmGRi0WyVA15reYwbTjwud0UkxJ2CWc_Qjy8focTcMyoKDNRkyIlIlhO3WzNYdk1kOBEDdCL-SFmvLd6-TG4PP1NEvZR-Z-hdPJSoVdr2Ua7tTxf8pJhsQSppD7KEyP18ORHGo0l9GGC6_nwGx0I4oZGhJn3LT1gN__z4lB1Qj3zd3LS0g-9sB9v5jK07zIQjwrNTfpy8_HrVMMwK9w5os1Eqtz0Gc6_cTl3lgX2HccPhOeG2AC-TDAMewir3l9SnAw5EwqHlqWxDRZpSZ__g_SvK-xrwFNncoSRpOAqeOMZAw0p2GOvgV_ZQlUh8tqxCyyV2IN6bW8V1eJYb-8iUC3B9_5Ii560g82q13nQJr6g8bsGP7LALH3FCYbSK20DXzuiq2zRv1tObbo3y5UPPrgGT0HEw7EUTABmBDPPPdTJiSK6kc_C-A2AcuZkIjEQ7X11mYBck7FccJIdRnf1XewJPiYYWca4g-KcroI6AZNVmC_-8iNAL9Ee0iMXn5-YTTQMLNdSq_USwLkwUvQrmfJp1bV0FXN4m0B6vEaKIIFoIUsBylb3u6VZCLhETTOrkigLnj9K_fVoDBrahiQn4qL_gABg…
Overview
General Information
Joe Sandbox Version: 28.0.0 Lapis Lazuli
Analysis ID: 231150
Start date: 18.05.2020
Start time: 18:59:38
Joe Sandbox Product: CloudBasic
Overall analysis duration: 0h 5m 11s
Hypervisor based Inspection enabled: false
Report type: light
Cookbook file name: browseurl.jbs
Sample URL: https://l.facebook.com/l.php?u=https://page.dagmaar.com/tundra/?fbclid=IwAR0ibFew8p_xPNe0PRhTlrDIVnOwzwLQrHRnimIhKKmR0VId6RXzV1BrzBg&h=AT3Z5D1122EKedyHgzhaptwcCVWeJbxG4qUO6AUjkcO0py0i04KmGRi0WyVA15reYwbTjwud0UkxJ2CWc_Qjy8focTcMyoKDNRkyIlIlhO3WzNYdk1kOBEDdCL-SFmvLd6-TG4PP1NEvZR-Z-hdPJSoVdr2Ua7tTxf8pJhsQSppD7KEyP18ORHGo0l9GGC6_nwGx0I4oZGhJn3LT1gN__z4lB1Qj3zd3LS0g-9sB9v5jK07zIQjwrNTfpy8_HrVMMwK9w5os1Eqtz0Gc6_cTl3lgX2HccPhOeG2AC-TDAMewir3l9SnAw5EwqHlqWxDRZpSZ__g_SvK-xrwFNncoSRpOAqeOMZAw0p2GOvgV_ZQlUh8tqxCyyV2IN6bW8V1eJYb-8iUC3B9_5Ii560g82q13nQJr6g8bsGP7LALH3FCYbSK20DXzuiq2zRv1tObbo3y5UPPrgGT0HEw7EUTABmBDPPPdTJiSK6kc_C-A2AcuZkIjEQ7X11mYBck7FccJIdRnf1XewJPiYYWca4g-KcroI6AZNVmC_-8iNAL9Ee0iMXn5-YTTQMLNdSq_USwLkwUvQrmfJp1bV0FXN4m0B6vEaKIIFoIUsBylb3u6VZCLhETTOrkigLnj9K_fVoDBrahiQn4qL_gABg
Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed: 5
Number of new started drivers analysed: 0
Number of existing processes analysed: 0
Number of existing drivers analysed: 0
Number of injected processes analysed: 0
Technologies: EGA enabled
Analysis Mode: default
Analysis stop reason: Timeout
Detection: MAL
Classification: mal56.phis.win@3/70@14/11
Cookbook Comments: Adjust boot timeEnable AMSIBrowsing link: https://page.dagmaar.com/tundra/wait.html
Copyright Joe Security LLC 2020 Page 3 of 44
Warnings:
Detection
Strategy Score Range Reporting Whitelisted Threat Detection
Threshold 56 0 - 100 falsePhisherPhisher
Confidence
Strategy Score Range Further Analysis Required? Confidence
Threshold 5 0 - 5 false
Exclude process from analysis (whitelisted): taskhostw.exe, ielowutil.exe, WMIADAP.exeTCP Packets have been reduced to 100Excluded IPs from analysis (whitelisted): 2.16.212.108, 104.103.81.66, 172.217.22.110, 152.199.19.161, 172.217.18.10, 209.197.3.24, 172.217.22.74, 209.197.3.15, 172.217.16.136, 172.217.16.131, 8.248.113.254, 67.26.137.254, 8.248.131.254, 67.27.159.126, 67.27.157.126Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, fonts.googleapis.com, cds.s5x3j6q5.hwcdn.net, fs.microsoft.com, www-google-analytics.l.google.com, ie9comview.vo.msecnd.net, ajax.googleapis.com, fonts.gstatic.com, www-googletagmanager.l.google.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, www.googletagmanager.com, go.microsoft.com.edgekey.net, audownload.windowsupdate.nsatc.net, cds.j3z9t3p6.hwcdn.net, auto.au.download.windowsupdate.com.c.footprint.net, prod.fs.microsoft.com.akadns.net, www.google-analytics.com, cs9.wpc.v0cdn.netReport size getting too big, too many NtDeviceIoControlFile calls found.
Show All
Classification Spiderchart
Copyright Joe Security LLC 2020 Page 4 of 44
Analysis Advice
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Mitre Att&ck Matrix
InitialAccess Execution Persistence
PrivilegeEscalation
DefenseEvasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
Commandand Control
NetworkEffects
RemoteServiceEffects
ValidAccounts
Graphical UserInterface 1
WinlogonHelper DLL
ProcessInjection 1
Masquerading 1 CredentialDumping
File andDirectoryDiscovery 1
Remote FileCopy 1
Data fromLocalSystem
DataCompressed
StandardCryptographicProtocol 2
Eavesdrop onInsecureNetworkCommunication
RemotelyTrack DeviceWithoutAuthorization
ReplicationThroughRemovableMedia
ServiceExecution
PortMonitors
AccessibilityFeatures
ProcessInjection 1
NetworkSniffing
ApplicationWindowDiscovery
RemoteServices
Data fromRemovableMedia
ExfiltrationOver OtherNetworkMedium
StandardNon-ApplicationLayerProtocol 2
Exploit SS7 toRedirect PhoneCalls/SMS
RemotelyWipe DataWithoutAuthorization
Ransomware
Spreading
Phishing
Banker
Trojan / Bot
Adware
Spyware
Exploiter
Evader
Miner
clean
clean
clean
clean
clean
clean
clean
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
malicious
malicious
malicious
malicious
malicious
malicious
malicious
Copyright Joe Security LLC 2020 Page 5 of 44
ExternalRemoteServices
WindowsManagementInstrumentation
AccessibilityFeatures
PathInterception
Rootkit InputCapture
QueryRegistry
WindowsRemoteManagement
Data fromNetworkSharedDrive
AutomatedExfiltration
StandardApplicationLayerProtocol 3
Exploit SS7 toTrack DeviceLocation
ObtainDeviceCloudBackups
Drive-byCompromise
ScheduledTask
SystemFirmware
DLL SearchOrderHijacking
Obfuscated Filesor Information
Credentialsin Files
SystemNetworkConfigurationDiscovery
LogonScripts
InputCapture
DataEncrypted
Remote FileCopy 1
SIM CardSwap
InitialAccess Execution Persistence
PrivilegeEscalation
DefenseEvasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
Commandand Control
NetworkEffects
RemoteServiceEffects
Signature Overview
• Phishing
• Networking
• System Summary
Click to jump to signature section
Phishing:
Yara detected HtmlPhish_9
Yara detected Phisher
Networking:
Downloads files from webservers via HTTP
Found strings which match to known social media urls
Performs DNS lookups
Urls found in memory or binary data
Uses HTTPS
System Summary:
Classification label
Creates files inside the user directory
Creates temporary files
Reads ini files
Spawns processes
Found graphical window changes (likely an installer)
Uses new MSVCR Dlls
Malware Configuration
No configs have been found
Copyright Joe Security LLC 2020 Page 6 of 44
Behavior GraphID: 231150
URL: https://l.facebook.com/l.ph...
Startdate: 18/05/2020
Architecture: WINDOWS
Score: 56
page.dagmaar.com
Yara detected HtmlPhish_9 Yara detected Phisher
iexplore.exe
3 84
started
iexplore.exe
2 89
started
cdnjs.cloudflare.com
104.16.132.229, 443, 49777, 49778
unknown
United States
spotdiets.com
104.18.171.73, 443, 49769, 49770
unknown
United States
13 other IPs or domains
C:\Users\user\AppData\Local\...\show[1].htm, HTML
dropped
C:\Users\user\AppData\Local\...\wait1[1].htm, ASCII
dropped
Legend:
Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Hide Legend
No simulations
No Antivirus matches
No Antivirus matches
No Antivirus matches
Source Detection Scanner Label Link
unlocklink.com 0% Virustotal Browse
Behavior Graph
Simulations
Behavior and APIs
Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Dropped Files
Unpacked PE Files
Domains
Copyright Joe Security LLC 2020 Page 7 of 44
www.exclusiveyouroffers.com 0% Virustotal Browse
routeserve.info 0% Virustotal Browse
page.dagmaar.com 0% Virustotal Browse
spotdiets.com 0% Virustotal Browse
ipv4.imgur.map.fastly.net 0% Virustotal Browse
Source Detection Scanner Label Link
Source Detection Scanner Label Link
https://page.dagmaar.com/tundra/wait.htmlRhttps://page.dagmaar.com/tundra/wait.html 0% Avira URL Cloud safe
https://page.dagmaar.com/tundra/wait.html 0% Avira URL Cloud safe
https://page.dagmaRoot 0% Avira URL Cloud safe
https://page.dagmaar.com/tundra/wait1.htmlTht/redirect/action/1Ind2My0uJSRhZzar.com/tundra/wait1.htm
0% Avira URL Cloud safe
https://page.dagmaar.com/tundra/wait1.htmlThtRoot 0% Avira URL Cloud safe
https://unlocklink.com/redirect/action/1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi?uc=1016191004&tsid=7420
0% Avira URL Cloud safe
https://page.dagmaar.c 0% Avira URL Cloud safe
https://page.dagmaar.com/tundra/?fbclid=IwAR0ibFeRoot 0% Avira URL Cloud safe
https://page.dagmaar.com/tundra/?fbclid=IwAR0ibFettps://page.dagmaar.com/tundra/?fbclid=IwAR0ibFew8p
0% Avira URL Cloud safe
https://spotdiets.com/img/assets/favicon.ico~ 0% Avira URL Cloud safe
https://unlocklink.com 0% Virustotal Browse
https://unlocklink.com 0% Avira URL Cloud safe
https://www.exclusiveyouroffers.com/DFBHL/2CTPL/?uid=44&sub2=18051831_19_0_16dc_684671_af0_206_5ec2b
0% Avira URL Cloud safe
https://page.dagmaar.com/tundra/wait1.htmlThtregistration?theme=f-2-fitness&var.com/tundra/wait1.htm
0% Avira URL Cloud safe
routeserve.info/fit?affid=2162rtty146&page=f-2-fitness&clickid=6dc7a59fe2dd4a30b403ef5409309466&pubid=9-1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi%3A%3A7420-
0% Avira URL Cloud safe
https://page.dagmaar.com/tundra/wait1.htmlThtm/show.php?l=0&u=7420&id=7769Root 0% Avira URL Cloud safe
https://getbootstrap.com) 0% URL Reputation safe
https://page.dagmaar.com/tundra/wait1.htmlThttps://page.dagmaar.com/tundra/wait1.html 0% Avira URL Cloud safe
https://www.cpagrip.co 0% Avira URL Cloud safe
https://page.dagmaar.com/tundra/wait1.html 0% Avira URL Cloud safe
https://spotdiets.com/registration?theme=f-2-fitness&v_id=bd5da739-77ef-3160-f695-b0599716f68d&page=
0% Avira URL Cloud safe
www.wikipedia.com/ 0% Virustotal Browse
www.wikipedia.com/ 0% URL Reputation safe
https://page.dagmaar.com/tundra/wait1.htmlThtar.com/tundra/wait1.html 0% Avira URL Cloud safe
https://spotdiets.com/ 0% Virustotal Browse
https://spotdiets.com/ 0% Avira URL Cloud safe
https://page.dagmaar.com/tundra/?fbclid=IwAR0ibFem/tundra/wait.html 0% Avira URL Cloud safe
No yara matches
No yara matches
Source Rule Description Author Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\wait1[1].htm
JoeSecurity_Phisher_1 Yara detected Phisher
Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\show[1].htm
JoeSecurity_Phisher_1 Yara detected Phisher
Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\show[1].htm
JoeSecurity_HtmlPhish_9 Yara detected HtmlPhish_9
Joe Security
URLs
Yara Overview
Initial Sample
PCAP (Network Traffic)
Dropped Files
Copyright Joe Security LLC 2020 Page 8 of 44
Sigma Overview
No Sigma rule has matched
No yara matches
No yara matches
No context
No context
No context
No context
No context
ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
Memory Dumps
Unpacked PEs
Joe Sandbox View / Context
IPs
Domains
ASN
JA3 Fingerprints
Dropped Files
Screenshots
Copyright Joe Security LLC 2020 Page 9 of 44
System is w10x64
iexplore.exe (PID: 4380 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
iexplore.exe (PID: 4880 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4380 CREDAT:17410 /prefetch:2 MD5:
071277CC2E3DF41EEEA8013E2AB58D5A)cleanup
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{921968EC-9974-11EA-AADD-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 30296
Entropy (8bit): 1.8561992067081474
Encrypted: false
MD5: 75F304AABAF28F44AA41F38C9401B666
SHA1: A17EFC5A400C318C60F78C8586081275FC29658B
SHA-256: E8D523FFA7D8056B4BD0E98380040E77A1F76D3E00F6B03E2B19B4F3F91DD71A
SHA-512: A53814332A2926DD7501D72F4802336CD9CECE59A04517E750C544170399ECC272793BE1AA47FB7D624470E8A753BDC9C0E76A885EE0D2557714B00B0AE7C5A7
Malicious: false
Reputation: low
Startup
Created / dropped Files
Copyright Joe Security LLC 2020 Page 10 of 44
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{921968EC-9974-11EA-AADD-C25F135D3C65}.dat
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{921968EE-9974-11EA-AADD-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 87994
Entropy (8bit): 2.8492016657649497
Encrypted: false
MD5: 9C6A468AA7ACB43C013562F874F8919C
SHA1: 2EF66AA4BAE6651DEC15DF1C841857BFDB555CB0
SHA-256: 3518C7499AF070E94FF34A24A9C0E4D86BACA7554D73C6F472329F478032ABFF
SHA-512: 2F329CF33B52E8CE6C387466073B645E4789E335B5D02A5B57D448EA6C8FBCB3FE023FEC6CA58E51F3C0826F44E1423DD2A0D5F26FB3C54CC1FA74769703A70A
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9846A536-9974-11EA-AADD-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 16984
Entropy (8bit): 1.566497218435423
Encrypted: false
MD5: 3452AD58DCB708E5B9402AD91B6C8669
SHA1: 7526089F71D85EAFE9D2A3194BF8E58FC35AFAF3
SHA-256: D2880BBEC0C093F60F7497DB9B2F4C329E2DEE637B532F84DA65C74D326C750B
SHA-512: 2C245F241ED2B8A400A74B00126957A04B81D1CC4E7470DC1618DC4C24546527455CC93A8E581D5C26E74DD54E13BE2E318A86B9B8136B80F79E7D8429A0F1AB
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.085317890062384
Encrypted: false
MD5: D466B842474FBE197099F4FBF624EFCC
SHA1: 10A4CEDA516C0E3CA051E424810F63F21BE96805
SHA-256: 21F279F105D4BA3D8B088A756F9C4B1832E1AF2C501195016DD4FF83A42837C5
SHA-512: 3E092FA7BCF976F36004E0F4CA5A0077807D36A38FAE4815D86CA4B50F14A17AD281FCF8F6C5B429932875846A04F81A04E808259083C5E70DFCCABBC02949AA
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x69aeeaa4,0x01d62d81</date><accdate>0x69aeeaa4,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x69aeeaa4,0x01d62d81</date><accdate>0x69aeeaa4,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.138595317461507
Encrypted: false
MD5: DA33B0FCB7C5806E82C70E0C74E91B9D
SHA1: 2DFF38FA564DF985F784830FC13522A33911CB78
Copyright Joe Security LLC 2020 Page 11 of 44
SHA-256: CB9C908BC8386E7EE89876103CD10891A1FBF631D7FD0B47FF84EC1CF91D9048
SHA-512: 543503F4D8196C0E23F457E8479BDC2B294640FD0FAC31A2D1AB79C6C797C818D45CD20A04B7580591FD1B0B2C409A83247F907BDA2E5DCE3D4B0AE0226CF77A
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x696ef612,0x01d62d81</date><accdate>0x696ef612,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x696ef612,0x01d62d81</date><accdate>0x697be19c,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 662
Entropy (8bit): 5.144806708476002
Encrypted: false
MD5: B690AEA19FD1AE89B893A0DF8A476D54
SHA1: EFACE100F5F78957177F5C012426E8CBBABCE020
SHA-256: CFFD397D9B607E57427097E3BBE7D07706539F9D75869C0BCF174B5457CBBE38
SHA-512: CBD3A0BD93CC9A4795A9207B05D8DF5C332B897D8C89FA91383EF7A15CDA3ADEAB8690AC5D20E63F96BC401F98F82D7E68A342D17AB5D6E497DE95AF9F1CB1DF
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x69b5eb63,0x01d62d81</date><accdate>0x69b5eb63,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x69b5eb63,0x01d62d81</date><accdate>0x69b5eb63,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 647
Entropy (8bit): 5.111665494285493
Encrypted: false
MD5: 7956D1321F93F8CA860DB65A2C7EE0CD
SHA1: BDDE5DD0D8D0E0F2ABFF89790DD4D88E9D911535
SHA-256: 7FF4F4E507E808C10E15CAAFF0BA7D33937238DF2B5010E7C8733F005900F435
SHA-512: DABA7FA15AD92B063EA0D9E1868BF9D9201830BF027713AEA7BD4B9598E64A97C8B39E084255EEDD0CC51136A1A62B9A292318A2CFD2E36131967F8D20A41FB4
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x699ccfa2,0x01d62d81</date><accdate>0x699ccfa2,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x699ccfa2,0x01d62d81</date><accdate>0x69a1e0f1,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.149012333658265
Encrypted: false
MD5: 5FF96714667F4C7ED8BD5F4EDC4B302E
SHA1: 60E0DB2CCE3610FCBFF8EC3CD20835153155550A
SHA-256: F1E3D6BD0563D3A8C2F4E27F1452CA2240CCE723FF77E64B33377BD2228B782A
SHA-512: 11508D4D1A72E8EEF67920E631D29C22D7A781523184DAD3FB2C95959A43B20BC780E195690571AEF6E7E9C9056B85629011129881C17F55E2913B665589720D
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x69b5eb63,0x01d62d81</date><accdate>0x69b5eb63,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x69b5eb63,0x01d62d81</date><accdate>0x69ba63ea,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
Copyright Joe Security LLC 2020 Page 12 of 44
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.086490210298073
Encrypted: false
MD5: 0BBC1B678C847C85E58CDBC7AB83F66A
SHA1: 86727D78D3768BAF52360C1E5F5C13BF445765A0
SHA-256: A69C5A9B3573F894B5549E36ABEA01F7E1EAAA714F1D9830407592786F2F8E2E
SHA-512: D5F3155F16F335167F23D13231FC2FE13ADDA7AD8CDE6870666BA375CF0121FDA60DCC79A5F9DA89A9B8D383C2CA5B55672073CD02559AA48BC11D904EAEF593
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x69aeeaa4,0x01d62d81</date><accdate>0x69aeeaa4,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x69aeeaa4,0x01d62d81</date><accdate>0x69aeeaa4,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.185636129204842
Encrypted: false
MD5: B48E226B2FC0E0C485F05347B4EF3821
SHA1: A0AD2FCA77B93CDA7CF54A5557C210365998BB0B
SHA-256: 00FB55F3B7EEAEE88B13EE2D40704D014A103A7DCDC23B4350383737D9696480
SHA-512: EB2E0EBBBB19B7963E521B651578B968D77203B25752252D67D65D906D078968267FD8D1596F1DE35C1BD6D1D01D052B89D368DBE216634699EE35E71F72C8A0
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x69a4563b,0x01d62d81</date><accdate>0x69a4563b,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x69a4563b,0x01d62d81</date><accdate>0x69a4563b,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 659
Entropy (8bit): 5.153062586124581
Encrypted: false
MD5: 945520EEE13ECECFE3337D206D537B14
SHA1: CFAD4A5A87A12E376C4B28D486D0136A465E6C8C
SHA-256: 0BC30493F54E4144E6B530940159A79D007F7BECAF001900D66BFA71192D8AD0
SHA-512: 16407159C020FF31D707A33DF7F4D44D9991F5AB19DEADB6C4C26F758039F70CDA394507CCC353FDE0EFE00EC1D38C01EE1BF6B036C76FDF75D6CB953C96FDA1
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x6986af4f,0x01d62d81</date><accdate>0x6986af4f,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x6986af4f,0x01d62d81</date><accdate>0x6989375d,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.117905931040674
Encrypted: false
MD5: AC4B5810F028D478EA37269E3F4E73AB
SHA1: 6C601F8653DEFCBA1DD6A59B2E11B6BF539CB674
SHA-256: 1158E35067421D7958B183326EFAD908BB6844EB374A0A0E1E909CD77B75E66A
SHA-512: 61DBBD985242694563DD28C80FADDB555D06D3FF13D02B4973DEAC4D4EA85A523A2A35B39C30BE2197ED804A1237BC5A56662C15EC7BB1926185687922ACDE69
Copyright Joe Security LLC 2020 Page 13 of 44
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x698bc072,0x01d62d81</date><accdate>0x698bc072,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x698bc072,0x01d62d81</date><accdate>0x698bc072,0x01d62d81</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6aw4uvh\imagestore.datProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Size (bytes): 1276
Entropy (8bit): 5.836665332112721
Encrypted: false
MD5: B34CDF4818402AFA0032B4EA2EBA5D12
SHA1: 236EE52E6E7DD796351491EB9905D467B113AC3F
SHA-256: 987AA8FA6161876001551905F35766F2DAF612CEC649CA0EDEAD4B51DE008BCC
SHA-512: 511685868C73949D5F69280B276EFD474FAADB44A9F6CA5912F06E2D68A1EDDFDB10F2B3D19E8D9E552F4FB454468364D25D8C119FCF747FE38B9F81638710C0
Malicious: false
Reputation: low
Preview:,.h.t.t.p.s.:././.s.p.o.t.d.i.e.t.s...c.o.m./.i.m.g./.a.s.s.e.t.s./.f.a.v.i.c.o.n...i.c.o.~............... .h.......(....... ..... .........................................D.t.D.s,D.tLA.r\A.r\D.tHD.t&[email protected].'.a...X...U...U...Y.*[email protected].=.pZ&.b...P...J...L...O...O...L...J...T.*.d.<.oF............D.t>'.d...Q...N...U...Z...\...\...Y...T...N...R.'.d.D.s(....D.t /.j...T...U...`.!.s.K.....l...d...c...c...^...T...X.:.o.D.t.=.qZ..b...X...a...g.*.z........?.....k...g...g...`...X.".e.D.t>5.n...a...d...m...m...}................:.....q...l...b...c.9.p.7.q...f...m...r...r.2.......................d...!.x...l...g.9.r.;.x...o...v...x...x.7...................y...;.....y...t.".p.>.y.B...(.x. .{. .|. .|.:...............N...,...!.|. .|...z.-.x.F..~P..\<...(...'...'...<...y...R...1...'...'...'...'...)[email protected]..@P..$S...7..-..-..4...9.../..-..-..-..-..-..=..Q...Q.......Q..DX...G..6..3..3..3..3..3..3..7..K..[...Q..,........Q...T..`
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 1163
Entropy (8bit): 5.804609336749054
Encrypted: false
MD5: 53C9F0028769EDC7688179A9FE9D43AA
SHA1: CA07FAF82C6E5C15704AFF7B82283DB1806B3621
SHA-256: 00A4E79D122170910A0029ADB66785415AE893985F743911ED4FACB48B683082
SHA-512: 40AB3D8E0EE141596249F6E0949B7BB458910A767D68EA97F2B6044528D867D9FDFE11BC0D0FD9A788213020456DCE6E32FAFCD3080F50EA90085C3370ADAE8D
Malicious: false
Reputation: low
Preview:<!DOCTYPE html><html><head><meta http-equiv='refresh' content='0;URL=https://www.exclusiveyouroffers.com/DFBHL/2CTPL/?uid=44&sub2=18051831_19_0_16dc_684671_af0_206_5ec2bf63_54113416_0_0_0_64_64_0_2_2&sub1=1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi::7420'></head><body><script type='text/javascript'>function redirect() { window.location='https://www.exclusiveyouroffers.com/DFBHL/2CTPL/?uid=44&sub2=18051831_19_0_16dc_684671_af0_206_5ec2bf63_54113416_0_0_0_64_64_0_2_2&sub1=1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi::7420'; }.setTimeout('redirect()',10);.(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){.(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),.m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m).})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');.ga('create', 'UA-1672790-14', 'auto');.ga('send', 'pageview');</script>.<a href='https://www.exclusiveyouroffers.com/DFBHL/2CTPL/?uid=44&su
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\bootstrap.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 48944
Entropy (8bit): 5.272507874206726
Encrypted: false
MD5: 14D449EB8876FA55E1EF3C2CC52B0C17
SHA1: A9545831803B1359CFEED47E3B4D6BAE68E40E99
SHA-256: E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
SHA-512: 00D9069B9BD29AD0DAA0503F341D67549CCE28E888E1AFFD1A2A45B64A4C1BC460D81CFC4751857F991F2F4FB3D2572FD97FCA651BA0C2B0255530209B182F22
Malicious: false
Reputation: low
IE Cache URL: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Preview:/*!. * Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function r(){return(r=Object.assign||function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&e.hasOwnProperty("default")?e.default:e,n=n&&n.hasOwnProp
Copyright Joe Security LLC 2020 Page 14 of 44
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\classic[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 11843
Entropy (8bit): 6.0442567192817656
Encrypted: false
MD5: 18B2AEEB4C577CF60BCE75D935066566
SHA1: BEA7EFDA46157F10DA472956C19474CC170A29AA
SHA-256: 1AC9D30429F149441D207DE5B86E67F4101468D6C4981B1BDDF33DB4352AD0C5
SHA-512: AA6FB191E8125C541A8196F818D3E616E9006DD32989466AB73411753EA504261E7BE5936E95AD90F5E1096FC4708F82020919A630F624953DB4CB2A1FAB960A
Malicious: false
Reputation: low
IE Cache URL: https://widgets.amung.us/classic.js
Preview:(function(f,a){f=f||"docReady";a=a||window;var g=[];var b=false;var e=false;function d(){if(!b){b=true;for(var h=0;h<g.length;h++){g[h].fn.call(window,g[h].ctx)}g=[]}}function c(){if(document.readyState==="complete"){d()}}a[f]=function(i,h){if(typeof i!=="function"){throw new TypeError("callback for docReady(fn) must be a function")}if(b){setTimeout(function(){i(h)},1);return}else{g.push({fn:i,ctx:h})}if(document.readyState==="complete"||(!document.attachEvent&&document.readyState==="interactive")){setTimeout(d,1)}else{if(!e){if(document.addEventListener){document.addEventListener("DOMContentLoaded",d,false);window.addEventListener("load",d,false)}else{document.attachEvent("onreadystatechange",c);window.attachEvent("onload",d)}e=true}}}})("docReady",window);if(typeof _wau!=="undefined"){var WAU_ren=WAU_ren||[];docReady(function(){WAU_la()})}function WAU_classic(b,g){if(typeof g==="undefined"){g=-1;docReady(function(){WAU_classic(b,-1)})}else{if(typeof(performance)!=="undefined"&&typeof
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\fit[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with CRLF line terminators
Size (bytes): 5
Entropy (8bit): 1.5219280948873621
Encrypted: false
MD5: FDA44910DEB1A460BE4AC5D56D61D837
SHA1: F6D0C643351580307B2EAA6A7560E76965496BC7
SHA-256: 933B971C6388D594A23FA1559825DB5BEC8ADE2DB1240AA8FC9D0C684949E8C9
SHA-512: 57DDA9AA7C29F960CD7948A4E4567844D3289FA729E9E388E7F4EDCBDF16BF6A94536598B4F9FF8942849F1F96BD3C00BC24A75E748A36FBF2A145F63BF904C1
Malicious: false
Reputation: low
Preview:0....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\img6[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 36 x 17, 8-bit colormap, non-interlaced
Size (bytes): 331
Entropy (8bit): 6.665563375297106
Encrypted: false
MD5: 598A7EC128741EDD10210EC922851AF1
SHA1: 46C6A59B1E4EED83465BA17D23B9B821C06BDEC6
SHA-256: E146FDD078EA17C0DF392015D315D3282ECEB69AB48657A998F3245731C55690
SHA-512: 162154919A4C6E543E4D0EBC4C152C93FF622A5EB86A4A5123F72D175F1DAEEF7079F318A66D9533447F4DB62B39AC0A8875522A4818AA634761FADFE88CB045
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/theme/Health/FitnessReg/img/img6.png
Preview:.PNG........IHDR...$..........i......gAMA......a.....sRGB.........tEXtSoftware.Adobe ImageReadyq.e<...<PLTELiqL&%s2/e.+.62K&%?#".GB.XQ.63.B>.KEY*(.KE.SM.TM.?;.XQL&%[email protected]..:,F..z.Fn. ...`......kIDAT([email protected].?...U...qi.. ..".\W......RZ...H.H..._.q ./....\L"..M.F..UdwD......N.'..$j....K......cMS.."G.".....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\img7[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 28 x 32, 8-bit colormap, non-interlaced
Size (bytes): 509
Entropy (8bit): 7.235649883907381
Encrypted: false
MD5: 9BC872B8A6B2CB58E9751905726AA5E7
SHA1: 4CA4F93EFC76014A90B2D5C5D32731A84A67195C
SHA-256: EA0F0597FA207A26EA0CD36336DA67E8D58EF56E5459712CB096C0C1B33993EA
SHA-512: EF5DBBF0D16E1BBD1BBF3527964580237C106A10C40F8000C2586A33DAD28896DBFB7DD07A1562D3C51977E0530FCEAD743FA213269E096018031C0B8B1D0557
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/theme/Health/FitnessReg/img/img7.png
Copyright Joe Security LLC 2020 Page 15 of 44
Preview:.PNG........IHDR....... .....6k.p....gAMA......a.....sRGB.........tEXtSoftware.Adobe ImageReadyq.e<...?PLTELiqVm8EU.q.F..P3<%..U..d_y=<H*..`z.Kh.BN`3..Z.._..Z..Pp.F..U..d...B....tRNS.6.Zr...B..fN(...rZ~..o.....IDAT(.e.... .EIGE....?.."X..b...( ..............._.75.X.."...<.....W..`x....`.qg..a.H...4A>7.....+.DY.SMD......m....YE..b@3...+Y.+...S:...a3..VX>..t...,........R...|.}...)......e.=.F....j.P.^:......D.\..c.|.f.<....... .2x....>|U...S(.<....1.!>^Y."...vw.z.6.."n..7..).?f..R.;.F....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\img7[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\img[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 778 x 820, 8-bit colormap, non-interlaced
Size (bytes): 125872
Entropy (8bit): 7.95891257952214
Encrypted: false
MD5: 62E9D685479665F71F3B007FCF5A9E2F
SHA1: 671644B0752FCF1214FA7F94647E6B171D0B1942
SHA-256: 78363F9C61A936890E9739EE49E747CA6F8EF237E14C714B5DFECEC504990654
SHA-512: BE559623B22528BB2C1D65EB1DCFDC2E636F5CFAC4AD55CF931720A97D9FADC331D423F659F9D1864C8E0A92D785B8F94C724645D73543F785ABB87E2C178E4B
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/theme/Health/FitnessReg/img/img.png
Preview:.PNG........IHDR.......4.....,.%.....gAMA......a.....sRGB.........tEXtSoftware.Adobe ImageReadyq.e<....PLTELiq.....................................................................................................................................................LKLqoohgh......YVWFFG...888......................................&&&...A.."""G5+**+:' @.&=+#E1(I..K7,:..XD82..nSF^H<6#.R..T?3fNBQ:.L;20..{cW^@3//0gI;t[NZ;.*..>@B...[.#.j_ ..L1%pL=...DFI.eUdD6...k[...rf456e.):;<.rbwRC...}YJ..E,"T5).yk.....& .....wg.^Np.-.........xy}.~n@3*..@&.z.4..qqt..z.........(....:hil.'L4...%G."@^`c0'!......LNP..u.......d.".....v.*Q.................TVZ...X+ .0]...........o=/.....}J&.....-V......gXN...6/)?...3d.......q..}ND=u-%....X..a..:n.Q..^HA:4.G.ZOG...;5...iZ...|r.IA.@{.z..P;.........Q.$k$3....?....j...`...z.VN..yU.d].nJ.ti...j.e..z.r........].....-......?tRNS.................."(.%..,*..2<!$'/58IAc{...]..R.{............O^T.. .IDATx...k.G...u...&..B.....:.Y.^r.....F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\jquery-3.2.1.min.ca7563da[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Size (bytes): 86858
Entropy (8bit): 5.269241262418202
Encrypted: false
MD5: 59F28F7727EB059695920E6A63BD4F8E
SHA1: CA7563DA7419FB45A6FD44E115B50E4BECA24683
SHA-256: 2508FF028CF7ADF88EE8747221E0370328CBFC31B3596385819FF4C6B27D4BC4
SHA-512: 62A149C8A4F36349E80084442D052D5925DBA4A9FAA034576B01DAFA6CF55B48FE8D893DA818608F3494AF33160E1390F3AE7BEB67615653EE164B710176D651
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/theme/Health/FitnessReg/js/subscriptions/min-rev/jquery-3.2.1.min.ca7563da.js
Preview:!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";function n(e,t){var n=(t=t||te).createElement("script");n.text=e,t.head.appendChild(n).parentNode.removeChild(n)}function r(e){var t=!!e&&"length"in e&&e.length,n=he.type(e);return"function"!==n&&!he.isWindow(e)&&("array"===n||0===t||"number"==typeof t&&t>0&&t-1 in e)}function i(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()}function o(e,t,n){return he.isFunction(t)?he.grep(e,function(e,r){return!!t.call(e,r,e)!==n}):t.nodeType?he.grep(e,function(e){return e===t!==n}):"string"!=typeof t?he.grep(e,function(e){return ae.call(t,e)>-1!==n}):Ee.test(t)?he.filter(t,e,n):(t=he.filter(t,e),he.grep(e,function(e){return ae.call(t,e)>-1!==n&&1===e.nodeType}))}function a(e,t){for(;(e=e[t])&&1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\l[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with no line terminators
Size (bytes): 238
Entropy (8bit): 5.379145665819873
Encrypted: false
MD5: E0291F3517D048AAE418CC2CD7B30F47
SHA1: 1363A835686DFC99C38FBEA932F6E4F916633004
SHA-256: 6365D789BFA1D4669C14A35F3A705BCBECA255F357F8469B91CB94FFF1EB2B0C
SHA-512: D96A299AF72553E0821D44304AB6F6630F2611987FAD86617D449ACBB03CE9C45E64484CE1E9651C29E847C4F0C35C11F26170AFD9E86C0ED08B2FDDEF2E7535
Malicious: false
Reputation: low
Preview:<html><head><meta charset="utf-8" /></head><body><script type="text/javascript">document.location.replace("https:\/\/page.dagmaar.com\/tundra\/?fbclid=IwAR0ibFew8p_xPNe0PRhTlrDIVnOwzwLQrHRnimIhKKmR0VId6RXzV1BrzBg");</script></body></html>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\popper.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 19188
Entropy (8bit): 5.212814407014048
Encrypted: false
Copyright Joe Security LLC 2020 Page 16 of 44
MD5: 70D3FDA195602FE8B75E0097EED74DDE
SHA1: C3B977AA4B8DFB69D651E07015031D385DED964B
SHA-256: A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
SHA-512: 51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14
Malicious: false
Reputation: low
IE Cache URL: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Preview:/*. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode||e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\popper.min[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\regValidation.min.1a957052[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 1528
Entropy (8bit): 5.4337599138426
Encrypted: false
MD5: 6D01B54EE41A018CB33B238E784B0F96
SHA1: 1A9570520363595E1F27A6D5F5B6FAA331D42842
SHA-256: 9599A29CC6368DE0438FDF528F1BB69599B0BD1FB871FC80F2A768FCF880701F
SHA-512: 661BF4BF3F95EACFD4750A4DEA203EFF1AA5413228C06D4800657F4E28F9CAD3B0FEFCF8E1AF6B3F79958A90145F80A8E6CDF705EC6ABA24ECCB81BEAB450B41
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/theme/Health/FitnessReg/js/subscriptions/validation/min-rev/regValidation.min.1a957052.js
Preview:function checkPassword(){var s=$("#password"),r=$("#error-message-password");return s.val().length>=6?(s.removeClass("input-error").addClass("input-success"),r.text(""),!0):(s.removeClass("input-success").addClass("input-error"),0===s.val().length?r.text(errorMsg.ERROR_PASSWORD_ENTER):r.text(errorMsg.ERROR_PASSWORD_LENGHT),!1)}function checkEmail(){var s=$("#username"),r=$("#error-message-username"),e=s.val();return e=jQuery.trim(e),s.val(e),isValidEmailAddress(s.val())?(s.removeClass("input-error").addClass("input-success"),r.text(""),!0):(s.addClass("input-error"),0===s.val().length?r.text(errorMsg.ERROR_EMAIL_ENTER):r.text(errorMsg.ERROR_EMAIL_INVALID),!1)}function checkEmailonkeydown(){var s=$("#username"),r=$("#error-message-username");isValidEmailAddress(s.val())&&(s.removeClass("input-error").addClass("input-success"),r.text("")),isValidEmailAddress(s.val())||s.hasClass("input-error")||s.addClass("input-error")}function submitForm(){var s=checkEmail();return $("#password2").val(
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\tundra[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with CRLF line terminators
Size (bytes): 2007
Entropy (8bit): 4.896963370587045
Encrypted: false
MD5: 7B3F2EBB03B9FCB180FA6CE3FB25DA60
SHA1: 94A4C81895C432ECA10E3CC16DF75C47AC0681E7
SHA-256: CDE5FBE1EAEB726FD36447B4CB043C93B42B2DA30C90CC17FD094932F0A90E4F
SHA-512: 2F3B3C52BE867AAEFA351D66C02DEE758DF3F49D593E9333100B528FB8B35F23F272BD9F39BB15858E16BEAAD96D7F260091AF87FC9C4E4A25294F03441F4992
Malicious: false
Reputation: low
IE Cache URL: https://page.dagmaar.com/tundra/?fbclid=IwAR0ibFew8p_xPNe0PRhTlrDIVnOwzwLQrHRnimIhKKmR0VId6RXzV1BrzBg
Preview:....<!DOCTYPE html>..<html lang="en">.... <head>.... <meta charset="utf-8">.. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.. <meta name="description" content="">.. <meta name="author" content="">.... <title>Win a Brand New 2020 Toyota Tundra 4WD</title>.... Bootstrap core CSS -->.. <link href="css/bootstrap.min.css" rel="stylesheet">.... Custom styles for this template -->.. <link href="css/heroic-features.css" rel="stylesheet">.... </head>.... <body>.... .... Page Content -->.. .. <div class="container">.... Jumbotron Header -->...... Page Features -->.. <div align="center">.. ..<div class="col-lg-6 col-md-8 mb-4">.. .. <div class="card">.. <img class="card-img-top" src="https://i.imgur.com/d17hczI.jpg" alt="">.. <div class="card-body">.. <h4 class="card-title">Win a Brand New 2020 Toyota Tundra 4WD</h4>..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\wait[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with CRLF line terminators
Size (bytes): 67
Entropy (8bit): 4.774367736069945
Encrypted: false
MD5: 85DEF80DF147A088DDEFA4B45D234FCB
SHA1: F7C1E79F75C592C71A84C36A7EB42CDFF8950D6D
SHA-256: CA3FFDF7B25EAB7573B7FACA9CB20B98EC39A6629F63BFEF7ED7BBF1BA8736D0
SHA-512: F62621B7FC564C32591A080F549C5F1D75A8494BB7EB5F8FFDCC5C7800A5DD7E4D85CAA81562758E065CCF94A456A7678BE9088C960CAA964790588444DC8C34
Copyright Joe Security LLC 2020 Page 17 of 44
Malicious: false
Reputation: low
IE Cache URL: https://page.dagmaar.com/tundra/wait.html
Preview:..Loading....<meta http-equiv="refresh" content="3;url=wait1.html">
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\wait[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\bootstrap.min[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 140936
Entropy (8bit): 5.059129831292051
Encrypted: false
MD5: E59AA29AC4A3D18D092F6BA813AE1997
SHA1: C4141255658403C38E1306D2FE196575522D6CC3
SHA-256: 9EF4FBE459177AF5F4E9647CBE584514FD36C7386AF6A1712D03AE4B42E45B24
SHA-512: F8F8D2D7951FD526B7C3684D6A7AC7CF7EC988597ACEF817ADE85B31092BBAD544D9D59A41E79D7A2D9024F9A717205818BE1A024C028BE04E251D68059C8137
Malicious: false
Reputation: low
IE Cache URL: https://page.dagmaar.com/tundra/css/bootstrap.min.css
Preview:/*!.. * Bootstrap v4.1.1 (https://getbootstrap.com/).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,::after,::before{box-sizing:border-box}html{font-famil
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\css[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Size (bytes): 1207
Entropy (8bit): 5.205387394855335
Encrypted: false
MD5: 9EC97FBA7E28F0046AD0F829EB5ED66B
SHA1: 6AC81F6B6AD8DCD02E6A0C11E8C82A3DE531552F
SHA-256: 0F85A4E5F380E84C2354ABF83F25947E488BF1BF75396BFC3D831C673BEC440F
SHA-512: 0F1433A678B3623372374852443FC543E7E837AB453CA0520A096B934BEE19123A5FF61881F06EA9ECFAD3F41A61181D557FBA15B143B0F61FF3B2C2DBFEA946
Malicious: false
Reputation: low
Preview:@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 300;. src: local('Open Sans Light'), local('OpenSans-Light'), url(https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN_r8OUuhv.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. src: local('Open Sans Regular'), local('OpenSans-Regular'), url(https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0d.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 600;. src: local('Open Sans SemiBold'), local('OpenSans-SemiBold'), url(https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOUuhv.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 700;. src: local('Open Sans Bold'), local('OpenSans-Bold'), url(https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOUuhv.woff) format('woff');.}.@font-face {. font-family: 'Open Sans';
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\d17hczI[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, progressive, precision 8, 1024x768, frames 3
Size (bytes): 131760
Entropy (8bit): 7.979799960205383
Encrypted: false
MD5: EFDD9CCE4ABECE74929E793663C8A50E
SHA1: 489482A3768D335BDB93E8062DAACDD2FAF611F1
SHA-256: 405B5E6656380F774E78191E80E967663D897167184A9032B5AB19637C66CF26
SHA-512: 34F282BFCB992A8C74300B0343D61C8F341FB9357C44A806089F4037A12E932C853276C5FD7C2D3AB8703014C2C8067BAF9603825C06E122BED276B02A5C92C5
Malicious: false
Reputation: low
IE Cache URL: https://i.imgur.com/d17hczI.jpg
Preview:......ICC_PROFILE...............mntrRGB XYZ .........$..acsp.......................................-....).=..U.xB...9.................................desc...D...ybXYZ........bTRC........dmdd........gXYZ...h....gTRC........lumi...|....meas.......$bkpt........rXYZ........rTRC........tech........vued........wtpt...p....cprt.......7chad.......,desc........sRGB IEC61966-2-1 black scaled..................................................................................XYZ ......$.........curv.......................#.(.-.2.7.;[email protected].^.c.h.m.r.w.|...............................................................%.+.2.8.>.E.L.R.Y.`.g.n.u.|.........................................&./.8.A.K.T.].g.q.z...............................!.-.8.C.O.Z.f.r.~......................... .-.;.H.U.c.q.~.......................+.:.I.X.g.w.....................'.7.H.Y.j.{...................+.=.O.a.t...................2.F.Z.n.................%.:.O.d.y...............'.=.T.j...............".9.Q.i...............*.C.\
Copyright Joe Security LLC 2020 Page 18 of 44
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\da[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced
Size (bytes): 352
Entropy (8bit): 7.115328530626043
Encrypted: false
MD5: AC122DCF0C9D72093852A94DF3F69001
SHA1: C808192D8F1BEFD3CCC20B4063D903E6B9F62062
SHA-256: 95253486AE74B2987697E95E810FB4E2C5866E7290D3E8C3BFA64B33ED7FB76B
SHA-512: F6EF0D1360A4D35D9BE07216DF5B0787BFD800337E629E56FD79D5C2343134E38368D9DB20F1EEDF2ED1BA9AA475F8066B175CF3F3BA324E16F31732349FC1D7
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/img/flags/min/da.png
Preview:.PNG........IHDR................n...'IDAT(.mR;N.Q...v...D..b.n.A. ...V)s.\!.AA.R...xl..[.@.\X.{.2.....G.v.....#....8Y,. ....:.......E.]..|Y.{...........<.a/RF.d.d..l....I....-.&c..,.M..r.;.T..{[email protected].$I..2..(...].......?.)3.m..noc....NW+....&..m..............rjfG....LNx bbI.:.....t].......^#.....3..t......_..~....+....Y..#......IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\gtm[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 90208
Entropy (8bit): 5.440426033733675
Encrypted: false
MD5: 783598E9822E66A83ACDA112931D995A
SHA1: D91FE25056343889D044F9D40DC4F1AE4CFEDEE8
SHA-256: 431CFCFCBAC9838558AE3EF9282BABB8F52699282B48BDFAFB0D9C18F94ADC70
SHA-512: 374AA86CDB098175E28577BE1BFFAFF2B63D7E33C6C1F803EED3963095D0D15B408D826A38B28320E47BBBDC178B5DE8FE66C2C827F5C5AC77ACB7F6A088BF26
Malicious: false
Reputation: low
IE Cache URL: https://www.googletagmanager.com/gtm.js?id=GTM-MMPL24Z
Preview:.// Copyright 2012 Google Inc. All rights reserved..(function(w,g){w[g]=w[g]||{};w[g].e=function(s){return eval(s);};})(window,'google_tag_manager');(function(){..var data = {."resource": {. "version":"19",. . "macros":[{. "function":"__jsm",. "vtp_javascript":["template","(function(){var a=new Date;return a.getTime()})();"]. },{. "function":"__u",. "vtp_component":"HOST",. "vtp_enableMultiQueryKeys":false,. "vtp_enableIgnoreEmptyQueryParam":false. },{. "function":"__e". },{. "function":"__u",. "vtp_component":"PATH",. "vtp_enableMultiQueryKeys":false,. "vtp_enableIgnoreEmptyQueryParam":false. },{. "function":"__u",. "vtp_component":"URL",. "vtp_enableMultiQueryKeys":false,. "vtp_enableIgnoreEmptyQueryParam":false. },{. "function":"__f",. "vtp_component":"URL". },{. "function":"__e". }],. "tags":[{. "function":"__hjtc",. "metadata":["map"],. "once_per_event"
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\img1[1].png
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 349 x 232, 8-bit colormap, non-interlaced
Size (bytes): 53424
Entropy (8bit): 7.992114772293269
Encrypted: true
MD5: 127E8D260A9F917823E14489E93EA754
SHA1: 5B77CC2903E7880E89B6CC01C8B7AEFF4DC0F07E
SHA-256: 1CC18B8FBE39D616675BECF16CCE519107E0BEB309F3B2DE1A956C4FD3CF3B99
SHA-512: 2029DAE8ABE67AEA55620A42FC008114219768480C027B9019B90D8D13EEBF4876387C25D08FAE107B9984770B19F95D2B1F2A4658998B5376CD24130FC12156
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/theme/Health/FitnessReg/img/img1.png
Preview:.PNG........IHDR...].........{&......gAMA......a.....sRGB.........tEXtSoftware.Adobe ImageReadyq.e<....PLTE...0&.?3&P=-......"...........8-!...%...iOq]C.....Liq.v\VG4..pdL6......{Y?.lW|pb..q..........mUv`H% .....pXt^F.w_0'..oX...TG5..................!..............$...........(.....*"....&.........../'.).....5,"2).-%./".=0'...8*">4)9/!5) F7-I:03%.C6,;,$!..UE6...P?490&=3%M?..v[%...|bjX?J<+.sWfT=L=3SC4..PB0WH9......wbHG9)^M7..szeJ..m..h...A3*..p....|....pVB5&..d...3".....jPI=2...E:.p[A...B8)..xZJ4~hLbP9...../....xN6#p^F..k=*.)...nR.y]u_D...ya8&.".._C-_P=l[E....mU[>'.kOH2 YL>WD/..{gOS<)...a?}Y<fVC.l..NC7B/!..f.\:`RCU9$tcPC,.q_LqL/..[.....uS8.r....sLgF+..hG......jDgJ3.{R.x....u.pNziW.P7EgXI.b~T3.u_.......p_.......~i........zX.aD.......klP8..j.{W....a....y...p...whk^PB.9.......s..4#-|Yo...sg[...*.$....n.cEU.......~..}uvo/..<..W..i.....[c.....+tRNS.............................q..LMPT.L....pE.... .IDATx..}L.i..p..23.....dw..?y).U..`+.]..".T.*".B.....R.\...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\img3[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 349 x 232, 8-bit colormap, non-interlaced
Size (bytes): 81762
Entropy (8bit): 7.372679650939617
Encrypted: false
MD5: 61A7DCBBE99FAD70B660D57957EFF72A
SHA1: 1AFF8033734DD37E6387BFA7C5079F3495856CF8
SHA-256: 36FD356C5C49C219199BE035ABED52E32294D529F34D8B01DE227871A47447A5
Copyright Joe Security LLC 2020 Page 19 of 44
SHA-512: 2CD96CD3B2A221E86386C8C078B459B658898FC495B17E50EBB70D28FB8849D02D9F07A29C207A6F1AA68846E6EE270DBDB0D5B51D20938F48F57787E122F052
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/theme/Health/FitnessReg/img/img3.png
Preview:.PNG........IHDR...].........{&......gAMA......a.....sRGB.......8.iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2018-02-09T12:45:33+05:00</xmp:CreateDate>. <xmp:ModifyDate>2018-02-09T15:09:08+05:00</xmp:ModifyDate>. <xm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\img3[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\jquery.main.min.b9656064[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 31494
Entropy (8bit): 5.07180639127144
Encrypted: false
MD5: A6540656C9887F0A4D0D50EEC13D3381
SHA1: B9656064B23623DCBE5097CBDFE1E20C08E6D475
SHA-256: BC23A5C3092D03D96E2148D1CC7233BA669E64DE941FAE3D7551A16BB01A63A7
SHA-512: B6F42F4F29CAC4E760D984DCB93B864DC670BB13EC228666B83421BCAEC5D62203EF6A20D22EB4F179F3C64C176183D207F87C0D72C2C236F03E3872C0722FC2
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/theme/Health/FitnessReg/js/subscriptions/min-rev/jquery.main.min.b9656064.js
Preview:function initCustomForms(){jcf.setOptions("Select",{wrapNative:!1,wrapNativeOnMobile:!1}),jcf.replaceAll()}function initFormValidation(){jQuery(".form-validation").formValidation({errorClass:"input-error"})}function initRetinaCover(){jQuery(".bg-stretch").retinaCover()}jQuery(function(){initCustomForms(),initFormValidation(),initRetinaCover()}),window.addEventListener("load",function(){var e=document.querySelector("html.loader");e&&e.classList.add("loaded")}),function(e){"use strict";var t=function(){var t=function(e,t){this.$field=e,this.$fields=t};t.prototype={reg:{email:"^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+.[a-zA-Z]{2,6}$",number:"^[0-9]+$"},checkField:function(){return{state:this.run(),$fields:this.$field.add(this.additionalFields)}},run:function(){var t;switch(this.$field.get(0).tagName.toUpperCase()){case"SELECT":t="select";break;case"TEXTAREA":t="text";break;default:t=this.$field.data("type")||this.$field.attr("type")}var s="check_"+t,i=!0;return e.isFunction(this[s])&&(i=this[s]())&
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\mem5YaGs126MiZpBA-UN7rgOUuhv[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 18900, version 1.1
Size (bytes): 18900
Entropy (8bit): 7.96514104643824
Encrypted: false
MD5: 1F85E92D8FF443980BC0F83AD7B23B60
SHA1: EE8642C4FAE325BB460EC29C0C2C9AD8A4C7817D
SHA-256: EA20E5DB3BA915C503173FAE268445FC2745FC9A5DCE2F58D47F5A355E1CDB18
SHA-512: F34099C30F35F782C8BB2B92D7F44549013D90E9EEDE13816D4C7380147D5B2C8373CC4D858CDF3248AAA8A73948350340EE57DAE9734038FC80615848C7133E
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOUuhv.woff
Preview:wOFF......I.......p.........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`....cmap...`.........X..cvt .......].....-..fpgm...t........s.ugasp................glyf...$..9...Y..(.head..A....6...6.%I.hhea..B,.......$.)..hmtx..BL..........O,loca..D`........9yfmaxp..F$... ... .q..name..FD........#.>.post..G4.......x.U..prep..H............k........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`f.g......:....Q.B3_dHc.........................@`......../..?....^...... [email protected]..!..x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g``..$KY...e@.,[email protected]@<..O.H.t.................c [email protected].}.M...!...!....x.TGw.F........)..)7.W..`*.j.-...=*'_..sI...2...O>....[tt....TK]..|...G..............^.m..=..x.q...+./].p...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\mem5YaGs126MiZpBA-UN8rsOUuhv[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 19072, version 1.1
Size (bytes): 19072
Entropy (8bit): 7.966673384993769
Encrypted: false
MD5: 05EBDBE10796850F045FCD484F35788D
SHA1: 07744CFE76B8C37096443A6BCC3FBD04F93AD05B
SHA-256: 35EB714D45479FE35586513C7D372CED0AE3E26EB05883950BEA2669C6E802AA
SHA-512: D4F293115640C05E3134D635AA077BC91BF35E80463C93C14646D97784CD9FC8D4CD4E10EEAA7BE621DBD9FA0DE5BE943328014ED505C217E61769F76BFA7F40
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN8rsOUuhv.woff
Copyright Joe Security LLC 2020 Page 20 of 44
Preview:wOFF......J.......p.........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`...vcmap...`.........X..cvt .......g.....o.[fpgm...|........s.ugasp... ...........#glyf...0..:"..Yr....head..BT...6...6....hhea..B........$....hmtx..B....*....#.C.loca..D.........n..maxp..F.... ... ....name..F.........%.@cpost..G........x.U..prep..Ip.......1..S........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`f.cV``e``..j...(.../2.11s01qs.1s.01.400.300x......:.;380(...&.O.....)B..q>H.%.u..R``........x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g``..$K..(..`.e.a.a`[email protected]..&..............1\gta.e....320.0...2.g.j...=...x.TGw.F........)..)7.W..`*.j.-...=*'_..sI...2...O>....[tt....TK]..|...G..............^.m..=..x.q...+.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\mem5YaGs126MiZpBA-UN8rsOUuhv[1].woff
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\mem5YaGs126MiZpBA-UN_r8OUuhv[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 18668, version 1.1
Size (bytes): 18668
Entropy (8bit): 7.969106009002288
Encrypted: false
MD5: A7622F60C56DDD5301549A786B54E6E6
SHA1: D55574524345932DB3968C675E1AEA08C68A456F
SHA-256: 6E8A28A0638C920E5B76177E5F03BA94FCDEDD3E3ECD347C333D82876B51C9C0
SHA-512: 1A842E5EDFFFFBAE353AD16545D9886E3E176755F22B86ECCC9B8B010FC79DB7194B7C5518CC190BF5B78B332C7D542B70A6A53B3BAF23366708DF348C2C2D49
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN_r8OUuhv.woff
Preview:wOFF......H.......n0........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`}...cmap...`.........X..cvt .......]........fpgm...t........~a..gasp...............#glyf... [email protected]........$...chmtx..A8.........._{loca..CL........K.4&maxp..E.... ... ....name..E0........"c?Jpost..F........x.U..prep..G........:..]........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`fig.a`e``..j...(.../2.1..`b.ffcfeabbi``Pg``..b.. 0t.vfp`P...M...C.G/S....|...=.6 .....m/....x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$K..$..`.g.e........ .......R.g......?......x.)d...........$...."....0.#[email protected]........)..)7.W.$`*.....G.Kz.)e....t.|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\mem5YaGs126MiZpBA-UNirkOUuhv[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 18696, version 1.1
Size (bytes): 18696
Entropy (8bit): 7.96597476007567
Encrypted: false
MD5: 449D681CD6006390E1BEE3C3A660430B
SHA1: 2A9777AFC07BF0BB4BB48F233ED7C4BCBDB60760
SHA-256: 57C79375B1419EE1D984F443CDA77C04B9B38C0BE5330B2D41D65103115FFD72
SHA-512: 8B8436670BB4D742AFA60ABA29D7A78F3788CBEF9353C2896AA492618CF1B22E9A0679972AB930E2F2D4732F3B979C023D25AA0FA86C813AC674524FD4ECA2BE
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOUuhv.woff
Preview:wOFF......I.......m.........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`.-..cmap...`.........X..cvt .......[.......4fpgm...p........~a..gasp................glyf......8...W.J.4.head..A....6...6...Mhhea..A<.......$...#hmtx..A\... .....lT.loca..C|........6..umaxp..E@... ... .t..name..E`........#.@Ppost..FP.......x.U..prep..H.........x..n........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`fy.......:....Q.B3_dHc.........................@`........./..?....^...... 9. [email protected].\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$KY...e@.,A.".m....x.......3......?.[.o...2...:...a..b.)@.Y.....v1.b4d...36 ..x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N.KG.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\mem8YaGs126MiZpBA-UFVZ0d[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 18100, version 1.1
Size (bytes): 18100
Entropy (8bit): 7.962027637722169
Encrypted: false
MD5: DE0869E324680C99EFA1250515B4B41C
SHA1: 8033A128504F11145EA791E481E3CF79DCD290E2
SHA-256: 81F0EC27796225EA29F9F1C7B74F083EDCD7BC97A09D5FC4E8D03C0134E62445
SHA-512: CD616DB99B91C6CBF427969F715197D54287BAFA60C3B58B93FF7837C21A6AAC1A984451AEEB9E07FD5B1B0EC465FE020ACBE1BFF8320E1628E970DDF37B0F0E
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0d.woff
Preview:wOFF......F.......i.........................GDEF................GPOS................GSUB.......X...t...OS/2.......^...`~]..cmap...`.........X..cvt .......Y.....M..fpgm...p........~a..gasp...............#glyf......6...S...]head..>....6...6..cphhea..>........$....hmtx..?...........[$loca..A4.........f..maxp..B.... ... ....name..C.........&:A.post..D........x.U..prep..E.........C...........................................x...5.A......m."gW..`.L..&N".?.......IF....a.^...b1..................Uh."4...>..=x.c`f..8.....u..1...<.f...................A......5....1...A.._6..".-..L.....Ar,......3..(....x.\.!..q......#aff...#1Q@.'U..@5.".llt.Aa#.f|c.W.....'..X..!..C...ITPE.;..V.j......0. .L0E...Yd.mN....:.....F....GG.g.s,x.>0....v..I;o..<.$G9.\f2...e(}.IS2..uc]p.........M.x.c.a.g.c..$KY...e@.,.."..........?....%.g....Z.....(".o..Y..Bu342.e......0..........M=.....x.uTGw.F........)..)7.W.$`*.....G.Kz.)e....t.|.1.7...s.g...3.7mgf..~{1...s.3.S...co..o.~.Zy.u...kW.\.t...N.KG.
Copyright Joe Security LLC 2020 Page 21 of 44
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\pk1EcBw[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 350 x 350
Size (bytes): 127714
Entropy (8bit): 7.869826759603402
Encrypted: false
MD5: D74916815C4653AC304A834F56A8FC4E
SHA1: CE3605916EFC416F660CC5056302A2AF5651FF2B
SHA-256: 767FA8FF358C39C0356795F6DB19ADEE99CC5FE1C751C1718618C23F3519B6E2
SHA-512: 32545A6F69534C9EAA3046D9EDB8CE4C8C130F89C57E852FBF162A569ABA720922D3DD60EC5D371798FFDCE915A87B34A22DE695BB1E805A54552B78320D0C0D
Malicious: false
Reputation: low
IE Cache URL: https://i.imgur.com/pk1EcBw.gif
Preview:GIF89a^.^.......FFF777......UUU&&&.....................ZZZ......{{{.........rrrccc...kkk.....................!..NETSCAPE2.0.....!.......,....^.^.....'.di.h..l.p,.MU.N.hr....pH,..H"...8.7.."!<..v..z..A$J.....z.n.....j..,..~......tvfO.......s.........D...v.<......c.......|.........Y6........0...u.........e.i...=.........k....k.........n.........y`...7..`.0.Po......[.....=...e_.:..$...`.r.C..P.cD....X.X&#...LF4&.f...eF..._?.Z.....7.H_l.I.".-+YF...A..-$...*...D......_#>.........3.U$..B...m..L..;p....F.8.\.._.o....0.X.... (...[[email protected](...5....=r.bj!.....t@pz<-.&v....!Tf...s....).......o....w.E..?.A......}^...C............n.AP.j..R......m....U.E`Z..L..G...a;[email protected] `!....N....Z|.n.....W.z6Js.w...`YFp.#k......>..|.....*.)e2.`.\o...c..0.Yt_...s.|6...i.C.3z.&5..)..W....1\g..^[email protected].@.)!.0T`ax........i..P....*......i......s.:..$~.f....kW.>..T....p.. c...2....J.e.fV........X`a..B*...Z.-...]...k.&8........0PC.......a.......v.D6.0.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\ar[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced
Size (bytes): 428
Entropy (8bit): 7.390936046390801
Encrypted: false
MD5: 4E110E39A343E4D63FE179EE1878A808
SHA1: A09C49969D0FB253614F3E7BB2206151177B40C6
SHA-256: D42BE6E56327FEF927ABFCDBED9A90FF588ED85EB7DC6D4FD977F23484B53776
SHA-512: BCFA7798E30054BF97DD4E15BF818F40F7A7253AE2ECBCB228025A536D44D47080385D4B81E89595444D170DEEC494B571F672DE6899DA38FCF64B545183300E
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/img/flags/min/ar.png
Preview:.PNG........IHDR................n...sIDAT(.}..jTq...~d..."q..1FBj.U.l}.T~4y.}....@*..,T..[...U....&{.93.oa..q.a...3.... @....BhP.x..i....B.. [email protected]?G..#..i{j....5....xe.*....R....;.7...w_..\...;E.....n..<....s....Rr..l..\..+z....t6.QO..&[email protected]=....W..|.......p..H.A.....U.2.Mfn$..y.ON&..H.........bJ..V.....<n.2..t...l3...9.d[.........J4..r...NR.r..Nq..KQ.K........9.-.._0z7.........IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\bootstrap.14d4753b[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Size (bytes): 118459
Entropy (8bit): 5.129520310559513
Encrypted: false
MD5: 6108B440AFE51859EE0889FAE9265E81
SHA1: 14D4753B803D46F3441639723FA19A937C4DF310
SHA-256: E6BF0F8BD2A16E31A7FC2A869BA8607B371EF2E44304BA48BFC25486BC40743D
SHA-512: 430AAE75DA96F04C02E7D619F8C474A244A0076977DA2C321A3D8E1C97D183BEE58EF2DAAA974BC7EB4D1300480708F74B2AC783B3F553185B562F8BC5D797DC
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/theme/Health/FitnessReg/css/subscriptions/theme-rev/bootstrap.14d4753b.css
Preview:/*!. * Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors. * Copyright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.:root {..--blue: #007bff;..--indigo: #6610f2;..--purple: #6f42c1;..--pink: #e83e8c;..--red: #dc3545;..--orange: #fd7e14;..--yellow: #ffc107;..--green: #28a745;..--teal: #20c997;..--cyan: #17a2b8;..--white: #fff;..--gray: #6c757d;..--gray-dark: #343a40;..--primary: #6573ba;..--secondary: #6c757d;..--success: #28a745;..--info: #17a2b8;..--warning: #ffc107;..--danger: #dc3545;..--light: #f8f9fa;..--dark: #343a40;..--breakpoint-xs: 0;..--breakpoint-sm: 576px;..--breakpoint-md: 768px;..--breakpoint-lg: 992px;..--breakpoint-xl: 1200px;..--font-family-sans-serif: "Open Sans", Arial, Helvetica, sans-serif;..--font-family-monospace: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace;.}..*,.*::before,.*::after {..box-sizing: border-box;.}..html {..fon
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\favicon[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size (bytes): 1150
Entropy (8bit): 5.9407331384504385
Encrypted: false
MD5: 2BEEED1F0640E3095B73F9570D754E99
SHA1: A6523FFB83F4E9DCB40849547AF1F4B5E872068D
SHA-256: 3A4289C96DA14DFD7D158A3F353808A8688AD5DFDB7D3499257188130336221A
Copyright Joe Security LLC 2020 Page 22 of 44
SHA-512: C5EA319B5A957E27807448CC722EA24366AD583E6615A5D8ED33D4DA617947F24C4DC5ACD092343EE4637D71CF8FF268655F99DA618CCE9A949279FEA1EEC324
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/img/assets/favicon.ico
Preview:............ .h.......(....... ..... .........................................D.t.D.s,D.tLA.r\A.r\D.tHD.t&[email protected].'.a...X...U...U...Y.*[email protected].=.pZ&.b...P...J...L...O...O...L...J...T.*.d.<.oF............D.t>'.d...Q...N...U...Z...\...\...Y...T...N...R.'.d.D.s(....D.t /.j...T...U...`.!.s.K.....l...d...c...c...^...T...X.:.o.D.t.=.qZ..b...X...a...g.*.z........?.....k...g...g...`...X.".e.D.t>5.n...a...d...m...m...}................:.....q...l...b...c.9.p.7.q...f...m...r...r.2.......................d...!.x...l...g.9.r.;.x...o...v...x...x.7...................y...;.....y...t.".p.>.y.B...(.x. .{. .|. .|.:...............N...,...!.|. .|...z.-.x.F..~P..\<...(...'...'...<...y...R...1...'...'...'...'...)[email protected]..@P..$S...7..-..-..4...9.../..-..-..-..-..-..=..Q...Q.......Q..DX...G..6..3..3..3..3..3..3..7..K..[...Q..,........Q...T..`\...]..J..:..7..7..;..L..]..]...U..N................Q...Q..(S...d..l..k..k..l..c.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\favicon[1].ico
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\heroic-features[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with CRLF line terminators
Size (bytes): 401
Entropy (8bit): 5.1421536940795685
Encrypted: false
MD5: 69520D0DCBD09B66A98CF84CFE925B00
SHA1: FA6D3DF70D12B790FEBF9D88AFB2AF93D2BDD2BD
SHA-256: 120E8C72EA40892C6142086F5F926531E011E7AAB9778FD5D1C2A3CEDC3DD16E
SHA-512: 1F414EA98E539BFE34DD601AE349A2C5857BC7B8A8FE9BB24B0C8CB956FDF8AD3C40A8070032F9F8EE8E013EBD24A81A84A9EA38655DE484C1DDB8D1E5C7E7B3
Malicious: false
Reputation: low
IE Cache URL: https://page.dagmaar.com/tundra/css/heroic-features.css
Preview:/*!.. * Start Bootstrap - Heroic Features (https://startbootstrap.com/template-overviews/heroic-features).. * Copyright 2013-2017 Start Bootstrap.. * Licensed under MIT (https://github.com/BlackrockDigital/startbootstrap-heroic-features/blob/master/LICENSE).. */....body {.. padding-top: 54px;..}....@media (min-width: 992px) {.. body {.. padding-top: 56px;.. }..}.....card {.. height: 100%;..}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\jquery.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 86659
Entropy (8bit): 5.36781915816204
Encrypted: false
MD5: C9F5AEECA3AD37BF2AA006139B935F0A
SHA1: 1055018C28AB41087EF9CCEFE411606893DABEA2
SHA-256: 87083882CC6015984EB0411A99D3981817F5DC5C90BA24F0940420C5548D82DE
SHA-512: DCFF2B5C2B8625D3593A7531FF4DDCD633939CC9F7ACFEB79C18A9E6038FDAA99487960075502F159D44F902D965B0B5AED32B41BFA66A1DC07D85B5D5152B58
Malicious: false
Reputation: low
IE Cache URL: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Preview:/*! jQuery v3.2.1 | (c) JS Foundation and other contributors | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\main.d9eaf96a[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Size (bytes): 12147
Entropy (8bit): 5.05656275283049
Encrypted: false
MD5: F42A3D0DEB8E28B27C4F10412DFEAE34
SHA1: D9EAF96A49A78EA342E108B05DB33B957EF15DEC
SHA-256: 5C684B6BBBE8A097B93EFF169290E6ACB7B22B62368A9D9EFD519F88E21ABD3A
SHA-512: F5C66B6D7F87BB84156755FAB04D6FEA68B06B37F5591D07FFB32370AEEF5CDFCF1BC0106D4F628C9256AFBD44AF0F28F0B1110C6607B2CCA5BAE8B7EE5BE44F
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/theme/Health/FitnessReg/css/subscriptions/theme-rev/main.d9eaf96a.css
Copyright Joe Security LLC 2020 Page 23 of 44
Preview:.clearfix:after {..content: "";..display: block;..clear: both;.}...ellipsis {..white-space: nowrap; /* 1 */..text-overflow: ellipsis; /* 2 */..overflow: hidden;.}..body {..min-width: 320px;.}..a {..-webkit-transition: all .4s ease;..transition: all .4s ease;.}..#wrapper {..padding: 57px 0;..position: relative;..overflow: hidden;..width: 100%;..min-height: 100vh;.}..#main {..position: relative;.}...bg-stretch {..position: absolute;..top: 0;..right: 0;..bottom: 0;..left: 0;..background-size: cover;.}...btn {..min-width: 220px;..height: 60px;..position: relative;..display: block;..border-radius: 6px;..font-size: 19px;.}...btn .free {..font-weight: 600;.}...btn-green {..background-color: #a5da64;.}...fitness-images-wrap {..-webkit-transition: all 1s ease;..transition: all 1s ease;..position: absolute;..top: 0;..bottom: 0;..right: 84px;..width: 50%;..opacity: 0;..visibility: hidden;.}...loaded .fitness-images-wrap {..opacity: 1;..visibility: visible;.}...fitness-images-wrap img {..display:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\main.d9eaf96a[1].css
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\pingjs[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Size (bytes): 30
Entropy (8bit): 4.240223928941852
Encrypted: false
MD5: 212B45290EB3B781AE57D221510C9454
SHA1: 8946A3B83F116FE4A35AA2D7FCA13790460A0676
SHA-256: EDEBB1254A2DE280DBB795B3C16A42F108051A32B94B421EC8B14B6937C68E88
SHA-512: F7054E9771141AE0B819194692AE5CD4831AC5D606D05B85AA16CB1F1DCBF0D4181C029071239397281462C30114C420FD70AD52E6C6782D24F9504E9F83384D
Malicious: false
Reputation: low
IE Cache URL: https://whos.amung.us/pingjs/?k=tftfgaler1&t=Win%20a%20Brand%20New%202020%20Toyota%20Tundra%204WD&c=c&y=https%3A%2F%2Fl.facebook.com%2Fl.php%3Fu%3Dhttps%253A%252F%252Fpage.dagmaar.com%252Ftundra%252F%253Ffbclid%253DIwAR0ibFew8p_xPNe0PRhTlrDIVnOwzwLQrHRnimIhKKmR0VId6RXzV1BrzBg%26h%3DAT3Z5D1122EKedyHgzhaptwcCVWeJbxG4qUO6AUjkcO0py0i04KmGRi0WyVA15reYwbTjwud0UkxJ2CWc_Qjy8focTcMyoKDNRkyIlIlhO3WzNYdk1kOBEDdCL-SFmvLd6-TG4PP1NEvZR-Z-hdPJSoVdr2Ua7tTxf8pJhsQSppD7KEyP18ORHGo0l9GGC6_nwGx0I4oZGhJn3LT1gN__z4lB1Qj3zd3LS0g-9sB9v5jK07zIQjwrNTfpy8_HrVMMwK9w5os1Eqtz0Gc6_cTl3lgX2HccPhOeG2AC-TDAMewir3l9SnAw5EwqHlqWxDRZpSZ__g_SvK-xrwFNncoSRpOAqeOMZAw0p2GOvgV_ZQlUh8tqxCyyV2IN6bW8V1eJYb-8iUC3B9_5Ii560g82q13nQJr6g8bsGP7LALH3FCYbSK20DXzuiq2zRv1tObbo3y5UPPrgGT0HEw7EUTABmBDPPPdTJiSK6kc_C-A2AcuZkIjEQ7X11mYBck7FccJIdRnf1XewJPiYYWca4g-KcroI6AZNVmC_-8iNAL9Ee0iMXn5-YTTQMLNdSq_USwLkwUvQrmfJp1bV0FXN4m0B6vEaKIIFoIUsBylb3u6VZCLhETTOrkigLnj9K_fVoDBrahiQn4qL_gABg&a=0&d=1.841&v=22&r=6418
Preview:WAU_r_c('233','tftfgaler1',0);
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\pl[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced
Size (bytes): 374
Entropy (8bit): 6.604390146102738
Encrypted: false
MD5: FAD0E96C20F20BE196499D26A6C74CD1
SHA1: E383EBA9AF578ACED6F5E9B896B7FBB4D7EF120C
SHA-256: 34F6A1822D880608E7124D2EA0E3DA4CD9B3A3B3B7D18171B61031CEDBE6E72F
SHA-512: E6F25C2C165341AB56241518B5CF574623370CA68A1865DEFBD681210C8ED02DC080C3F998018E8278399F4D9A711051BA66F06BC345C32CFD6272188DB30B83
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/img/flags/min/pl.png
Preview:.PNG........IHDR................n....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...#.........?l. [email protected]._.=.. .........##.?.....H..).......VF.j0.... .X.......?{.....?.............. Yi........I........_..!.~......_ 6......9...v.X.d<."T....00...H.3...pE....5.e........i`...AR.l._.? ..`#. [email protected].........\..].....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\registration[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
Size (bytes): 28521
Entropy (8bit): 5.4391377982316635
Encrypted: false
MD5: 10B521884EAE2B927AA9495D932EFFA6
SHA1: DCD3657BBDB1D092E55AF9EF97FCC81F09613664
SHA-256: 1A85DCD4A074F00DA414F0597E39F7E4314AC97557521B34826D9D917038E5E1
SHA-512: E44A31B1351B03D1DEC8F6348589C2AEA647A5310EA38C7B4E7009CF8F168DCEAADB253D3E45B9582260C8B9086AD0598E0659BB4A134BC1794573377BE73C22
Malicious: false
Reputation: low
Preview:<!DOCTYPE html>.<html class="loader">.<head>.. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">. <title>spotdiets - Get Instant Access To The Best Workout Tools</title>. <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800" rel="stylesheet">. <link rel="stylesheet" type="text/css" href="/theme/Health/FitnessReg/css/subscriptions/theme-rev/bootstrap.14d4753b.css"/> <link rel="stylesheet" type="text/css" href="/theme/Health/FitnessReg/css/subscriptions/theme-rev/main.d9eaf96a.css"/> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js" defer></script>. <script src="https://code.jquery.com/jquery-3.2.1.min.js" crossorigin="anonymous" defer></script>. <script>window.jQuery || document.write('<script type="text/javascript" src="/theme/Health/FitnessReg/js/subscriptions/min-rev/jquery-3.2.1.min.ca7563da.js" defer="defer"><\/script>')</script>. <scr
Copyright Joe Security LLC 2020 Page 24 of 44
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\sv[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced
Size (bytes): 389
Entropy (8bit): 7.252491369668283
Encrypted: false
MD5: FEB548AEAC88795159E9ED7EC2690710
SHA1: CB3EF0069BF1D1E35F2BF65D385E3B8AD1F389EF
SHA-256: 6F96FC8F9F474E8B8A6A82ED9BB5E22E19C6C5921FD363BB903FA693DFB9447A
SHA-512: 650308B78B845F5FE531C91926F76BBB4A46D60B9E03C83C43CF716AEE6B9106AE7CCCD95E7D40BC3D1DB037FFD6A18A0ADE569CCED0B64BF6206A01A546DB34
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/img/flags/min/sv.png
Preview:.PNG........IHDR................n...LIDAT(.M.?j.q....4EDAQ...s.K++....`...2n#(..6.z.4..E....!....l.?.fM..0.|^3...`-.z......Q."Vu..&./....;KX..{..P....[.4.0..r.s).'GI#:....Z*..nm_..j.mC.O..k.5.....*...Z.j.....u..a.q'.w\q..........Q...H.bg.....F.I..s..{.M..}.l..../...K:.{.{M..Y.-..y.....V..R..gUdQ-..!.sf.6...UMo].l..n!.......EG.d.........}.&n........0...y.F.Q.....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\wait1[1].htm
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with CRLF line terminators
Size (bytes): 168
Entropy (8bit): 5.1783030022820125
Encrypted: false
MD5: 3F4076858B01AD0F415C0A92CC0839C7
SHA1: 3D506D86438317FD9859EC343287195FCA5B16E9
SHA-256: 9D94D417902C885B49EC296D0E93649E3B0C2E9345F27275C13DEFD468CB3D21
SHA-512: ADDB91010EEBC0A7C03E3148D42F39E47A458A50DB86BB998121A89488F0A14EEA0B9732A51EA9191ABFBB06E2EBAED301AB15625100024364BD24576675ACC0
Malicious: true
Yara Hits: Rule: JoeSecurity_Phisher_1, Description: Yara detected Phisher, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\wait1[1].htm, Author: Joe Security
Reputation: low
IE Cache URL: https://page.dagmaar.com/tundra/wait1.html
Preview:<meta http-equiv="refresh" content="2;URL='https://www.cpagrip.com/show.php?l=0&u=7420&id=7769'" /> ..<center>..<img src="https://i.imgur.com/pk1EcBw.gif"/>.. </center>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\zh[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced
Size (bytes): 349
Entropy (8bit): 7.137947750580898
Encrypted: false
MD5: 0C6D1AD678DE1C3807A7C832A014466E
SHA1: 9D8239ECC96B38F374FA066EE45091ED14ADF200
SHA-256: 0242F535F7EE0CC26BD88CC9F807ECE4A6D70129303B902A232B38C58E66EF51
SHA-512: 20FC7A78CACED6826E8B1823DD3B3BBB12C8BD0D1044FB5CDB8991C2FFBCC44E927651C4F6E7727EA3B37C4E90896C6319B99673C49A24CDD866DC939A22353A
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/img/flags/min/zh.png
Preview:.PNG........IHDR................n...$IDAT(.].1JCa..'.b...S.../.G.....Zx......RA....BE....3.k......3...y.......>....4..PKW..^..N0...^l.....&.).$CJ.....`0....`.g..n.z....&...Y..h..2...../;.O..1.a.\.Y]...@|....:[email protected].&.d.%.M|H.!])...}_3i.'...@Fm(-)[...%.7@*.A.Y=.p.Y.)Ow....z.a.]y.u|s..........zd[...h....:.s0i.......IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\bootstrap.bundle.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 70688
Entropy (8bit): 5.2891603354712045
Encrypted: false
MD5: CE2D7DF84B9758B467F225E1F6EFBC4F
SHA1: 7DFC4DEBE685E651A8025CFA4851A3EFB9285A3C
SHA-256: 06147E458CD63785F841D0C92047BAEBEDAF5CB50654F6E92E6BB9B34112A356
SHA-512: 7C8B36D0CAE4982FC2D58B4EC568C4BAF03A4CC037F77447CE3083E8804BB013273F82C2F2FBCCCBCD427DDAEB200852575896B7E7FC876257F272D3D365B6DD
Malicious: false
Copyright Joe Security LLC 2020 Page 25 of 44
Reputation: low
IE Cache URL: https://page.dagmaar.com/tundra/css/bootstrap.bundle.min.js
Preview:/*!.. * Bootstrap v4.1.1 (https://getbootstrap.com/).. * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors).. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */..!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery")):"function"==typeof define&&define.amd?define(["exports","jquery"],e):e(t.bootstrap={},t.jQuery)}(this,function(t,e){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function c(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enumerable}))),e.forEach(function(t){var e,
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\bootstrap.bundle.min[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\de[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced
Size (bytes): 364
Entropy (8bit): 7.262009674895804
Encrypted: false
MD5: DD6833F4D45B73BB67785C3235C9EA5C
SHA1: 1A1147EA7A1D9767F9B2BDB3640152A9014C660A
SHA-256: 21F38AE028ADB9455C66A185775D4EA208ADD60AAE4E4F2376F57227A48756A7
SHA-512: E1EF5033F68A786DBD4E27031D0F7112222273476EFCFCCB92788091154708DE858193DDABC80128562F18B5E288DC304EDEFB56A4D78439145EE41DF3F349B2
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/img/flags/min/de.png
Preview:.PNG........IHDR................n...3IDAT([email protected])Ab.(At+A.=...\.)..... ...c..d.....8....n.....0Js...DN..Zv.gT>.Y3[..C..|Q....{..?>....D..7.....mNX....gw.I.V$(e....0...<i.mTC$....\..\p...+m#.P.3.O4...=0...,|:...k./F.....[......n..#..sW.-E.z.d.P.^w.....g..pe...s.mY3z.-.I..4.P..WW=I...Qhd.m. ZN...S7.\..9..j.?...39.1.I..........8 .a........IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\en[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced
Size (bytes): 545
Entropy (8bit): 7.404877085819139
Encrypted: false
MD5: 83E5633F13D8EED97AAAD89C42BDA148
SHA1: F98EBC926C3BDBDCB58AD2854AAA533226FABAAE
SHA-256: E6CF87F6B6F6C3CD542A6156D69257C1DBA10B58FA034D291BCF83B1713938E9
SHA-512: 4AB98F1786623E49D4E7950848780F10FB38539181A16B26AF8C0B0970E0EA0B059A2290D651783645C9CC469F643C40FDAB55CD7805E533A24C2AF301DF2B81
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/img/flags/min/en.png
Preview:.PNG........IHDR................n....IDAT(.c.4s..o...Ki.....n.}.6.qMB....#m.m...s....eX............E.n._....?..._+.1i....N.x.......6]`Hj9....K..?.....m..........tI./..|.....$i2..a.u..>.w.OS.........b.f.............Nd.:...4......M......k.k.O.....?>..d.....R.........ZZ~71....U[.g.[.....lm..Y@...........?'..`....3.|T.+W.....gr<H...o}C...O.....*!=+$a=.p6.y...A!..CWWL.1 ..../Mm........../.b...c.Lg........W.=p...`^.a....x..r...ox..............%.U..LqIv.\$.3.Gc2....^.J[......A..A..A8W..w.uW.<.<Lh.........IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\es[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced
Size (bytes): 344
Entropy (8bit): 7.196382345881687
Encrypted: false
MD5: 029B93B89BB93E4DEC432ACB2AA95499
SHA1: 53822CA2AA8828B3DCE57D9FBE8C025CDCE3F1AC
SHA-256: D0326C79A8E173153873AA2B31581B54AEBC0BCBF4AB2D55807F5D84098D523B
SHA-512: 0AE76D13635D74BE74587A3585B4DE88E15D3D35326149B7BB70E34A9273A14CCA091C3A2EBBF45CE8867A6B8A65FA5521568AFC97962180778FE7974D70AA27
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/img/flags/min/es.png
Preview:.PNG........IHDR................n....IDAT(.}..N\Q...s..B%...H.....Y..+L&.cx.lUU-.gT+.0...g.,..:....%.^b.".&...*[email protected].!.......ww-..._D.!.....j.Y9<Lh.T...w./.....K&U..&.b.L....\y..M.z.Xwu...U........o/_'....y..n<...\.....Ir=..~n.Q.a.*.L.L.......u}.}.~[.Zm...K.N.`tu...C-C'.{.G9>.O.mBc........b.;=...H(..G......v.J.8.......IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\fr[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced
Size (bytes): 369
Entropy (8bit): 7.2730701627554035
Encrypted: false
Copyright Joe Security LLC 2020 Page 26 of 44
MD5: 77723DB0C670FE456D47C49B1EDDA010
SHA1: B958D026F0D196C538600E85A2D05CE1FB9F5CD8
SHA-256: 3F414502D6C48E571DD4BAF8BFBDF6FB5DABDD791CF6C789A0264806B314CA58
SHA-512: 43B5B46C3362FFABAA1A4E121AE3EBA65066BCCAE16985EAAF0C3E957DA69B4624BAC48F1EB64AEC6859C8791943AD4BB67523F085EDBB72B5C7C92F79926F49
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/img/flags/min/fr.png
Preview:.PNG........IHDR................n...8IDAT..m.=.TA...[..`.'Q.....n..Xp#&&.".&2..i. fFN7U_.......w7........H...z.;p.......O..s<>H. ..$.>~........6._.%...t.......]35.....#...Tz.IZk..$...^3U.6.%K........9S.ZU.[..H^.......u.m.9..U.4..Me.I.........U.l.(.....$.|....Z.2..A.&....3\^.Q..s...W..do...q.....&..-....O.n.....W.Zc.TUc.._.. `....{f..H.....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\fr[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\img2[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 349 x 232, 8-bit colormap, non-interlaced
Size (bytes): 29539
Entropy (8bit): 7.981707864111388
Encrypted: false
MD5: F2E08A24CECDA906D995CE24BA4A908E
SHA1: 255E14DE7A7CDFDA96C776B9DF303C3E59C675D7
SHA-256: C3EF58A649DAA83E33DBE0E0B8B6D5A500B9B11E8F81B8A17317F10E674FBA2D
SHA-512: E1019A0E9C605743FFB7DCA7E4662DC9D9182B19205A5B2B280486069871543AD3F501BB8CEF4413AB83DA17D178227EDFB6BC0D843B833A026E36FF6CF59BC0
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/theme/Health/FitnessReg/img/img2.png
Preview:.PNG........IHDR...].........{&......gAMA......a.....sRGB.........tEXtSoftware.Adobe ImageReadyq.e<....PLTE......Liq..............................*)*...B=>.........xd`............................................................"...........'.....,..........."..&..).........../.....5".2 ....%.....)..... .....E,"O2(+..<&....P5+8#....$!!......K1'$..A)..........W:1T8.aA7T5+<)"8%.H.$fD9E1)lH=|SB..x1" 5&$A+"]>4...yP?kE8'&'.YH8*(A.'.\K..|/...`OZD=....WE.YI|VG....eSuM<..osNA..qpL@.|l-,-I5-._Pa>2..];0.TC- .S>8..wwRD.dTfB6pJ:..N:3...iX.ud..t.....z...[N....~sZ=3...wg...o[..Z9/`LF<.,W7-.r`.zh.le.kW.fY.m]..[HD.`L..{......jZ.n_..dQLeH?...nRK..t<:;..l.....|f~`XQA?...eO...\H....re...phJ;[email protected]^oXR.........wa..-'&.yms^[email protected]]x[S...iMF..z....|.fRyda...HEF.tphUS...zr\Y[....um....jg...PLM.{}wWMhcd...spq..............................i..y4).h>q....tRNS.............._..O.o.#.M.. .IDATx..Oh#.........B.$[R[.[AS.,.}i\}i.J.......a...,.6..`.9...!..X..$7%.E.$.6.e.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\img5[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 36 x 27, 8-bit colormap, non-interlaced
Size (bytes): 443
Entropy (8bit): 7.054690541169671
Encrypted: false
MD5: 2816C03032DAAD377EB076FD6C6DB0E4
SHA1: C955122CB0100C71A675BB182E3815A0F130FAFF
SHA-256: 9E6B7E95D008722AF0B172A41786BDF0CBA6BB1DC8DFDF60F8FE3EE281895FDE
SHA-512: A75CCE9EDEC0FADF4D5BA17772DCA2133E945D9958A08D669D1657C3E87BC7DA3656E4E03BE57C26E5A1DD15782DFEDFD0309DC36A89FECD6E3BDC207B602A42
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/theme/Health/FitnessReg/img/img5.png
Preview:.PNG........IHDR...$.........#.......gAMA......a.....sRGB.........tEXtSoftware.Adobe ImageReadyq.e<...fPLTE..l..gD:&..l.a.[Liq.V.uAo]5...'$...FSF+o]5..Q.\..g.uA6/!RE+.[.V.V..g.aD:&..KaR0.a..K`Q0}i;..F.{......tRNS.......R62.[.....IDAT(.....0.D.a.I............[.`[email protected])..0.;[email protected].....{O....^@.}."7D..u..G............,..J@..|J7b..I.`^.(...P.......?..}`.Z?.=.....3.....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\it[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced
Size (bytes): 420
Entropy (8bit): 6.603113117388936
Encrypted: false
MD5: 784F7EB333F0591558BCCE9616A3C105
SHA1: C786C15B1B86629C1BBB6AC12BE5FBA39181DEC0
SHA-256: C7992F57D67156F994A38C6BB4EC72FA57601A284558DB5E065C02DC36EE9D8C
SHA-512: 0F3FEAA63385520F2565C7AED0D6D7A0B6F66B78FB6C8845A026199C375707911822B93534033C15F0F517677C1E9A400263C1B6022794401CBF8D7367639B6D
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/img/flags/min/it.png
Preview:.PNG........IHDR................n....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...6IDATx.bd........10.ax....*.RU.... ..ba..P.Z.R....IJJ........bb....... .e.&..ba`[email protected][email protected]..@.`.....5.............B.1....b..b.z.h....%..(....@ [email protected]`.. [email protected].....>[email protected]...?.. o....B.FFF.8PR.).#...........([email protected]`.
Copyright Joe Security LLC 2020 Page 27 of 44
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\ja[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced
Size (bytes): 420
Entropy (8bit): 6.8687287667848596
Encrypted: false
MD5: 10958397BC7C25C746E6E122365C003C
SHA1: 3C5B175471D77C6E813A140C6859BCA53952D9D3
SHA-256: 5EFCE88AC7228EA159BCF7FD1CC56D73C19428394218706524BAC0E9151D4C61
SHA-512: DE6380D995A3F7BA70E05112332A4BA72F88AC2AA2F502A308D3F979197DC0A75C9822012B491C7F2F95519571AD6CA15B757B10A05CB95DC7006B0BDE650EA3
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/img/flags/min/ja.png
Preview:.PNG........IHDR................n....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...6IDATx.b...+.......Df.........(....$..........SH.......S.......#....of.........h.@....^..............?}.?9....B..b...$.........../([email protected]...`.......Y.T..@,@...g......V...h..,)).....*.. &[email protected]........... ....:...sq........L...@[email protected].}.......e@.....?B......@ ..{..H... .....&.l..=....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\jquery-3.2.1.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 86659
Entropy (8bit): 5.36781915816204
Encrypted: false
MD5: C9F5AEECA3AD37BF2AA006139B935F0A
SHA1: 1055018C28AB41087EF9CCEFE411606893DABEA2
SHA-256: 87083882CC6015984EB0411A99D3981817F5DC5C90BA24F0940420C5548D82DE
SHA-512: DCFF2B5C2B8625D3593A7531FF4DDCD633939CC9F7ACFEB79C18A9E6038FDAA99487960075502F159D44F902D965B0B5AED32B41BFA66A1DC07D85B5D5152B58
Malicious: false
Reputation: low
IE Cache URL: https://code.jquery.com/jquery-3.2.1.min.js
Preview:/*! jQuery v3.2.1 | (c) JS Foundation and other contributors | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\jquery.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 86927
Entropy (8bit): 5.289249727087309
Encrypted: false
MD5: A46FB81762396B7BF2020774A2FB4D9E
SHA1: FB5EDD7A663DC8DDA7EC10815A7CD82A30FC98A7
SHA-256: D30B6114FB9496AE46B2A8CDF59379C8FFDB957534BD1DD73E626C7C61C7E67D
SHA-512: 40759595B05808DD911075918BDCC32FB91362019BDFCA24827043B8E54116E6EBE7362050EC72182B66481F1DC8D4EC4C8942C984FD597659313D71AD60DC33
Malicious: false
Reputation: low
IE Cache URL: https://page.dagmaar.com/tundra/css/jquery.min.js
Preview:/*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */..!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t||r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[c.call(e)]||"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\nl[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced
Size (bytes): 310
Entropy (8bit): 7.061834083172866
Encrypted: false
MD5: CC26AC6AD68E968750752C0CDE0D6892
SHA1: DD4896BE40309671612C6DEEE312DA6FAB236CED
SHA-256: E188F98C3D1C722D93CF24BB7C2561584A6FC3EA2D1AB35A7FD52B3BBB2188CD
Copyright Joe Security LLC 2020 Page 28 of 44
SHA-512: E419973DDBB45E15A1D88AAB2F1EA817B1DB19D9C4FCCDDB4B81C180F6EC667051DF6F1F8B17B4064EB6A2DB1A803CB4ABE9227522FB71AAB8C51F5DB8F79B9C
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/img/flags/min/nl.png
Preview:.PNG........IHDR................n....IDAT(.}..*.a...OR.$...\..2..025t....$18EG..~.>.....i..j..K..N...s..aA..1...C.j.......=@.."T)...t.zz.z..10`.(..X.@..)T..0....4....t:[email protected].*....M...........>_..]r.{..N/.4...*.8.......r....H.-./[email protected]......$js........IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\nl[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\no[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced
Size (bytes): 397
Entropy (8bit): 7.302234244872349
Encrypted: false
MD5: 37DE62B530E99E86F8786099B2DCA8C3
SHA1: F505131AD7B0E731B2B31AD9308D5CD4EE622A9C
SHA-256: F59E4CF0FA6EE21A54BA82946499F611B0333A1FC15E55590567A812D464B6FB
SHA-512: 743A8D4BDAFBA4C9D95DDC71004715CBE11188EFF738E5FB7372602BF426C7847E6E9CDF9F6E48AFF2851D0BFB9FEC23C1983F4D0C7D859E058C46FD702F4ACD
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/img/flags/min/no.png
Preview:.PNG........IHDR................n...TIDAT(.uQ=K.A..=....-...m,..F.O.Y.`'Z(v./P...X..!.B....3FP.",..w....,tX......./f.s..._W.}...J....0.lqr,..g.ukm.........I0.V;O..^.... 2...a...-'P...k6G.0(,[email protected][....;....)y&..|(. E.d....^."bY...]..n.....{.......s....`}..vl..8j#B.......&...Um1.w...T.>H..j.*..j.dfJ.....u.&...(...y...p..b.fp..X..x....%~...Z..4*n....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\pt[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced
Size (bytes): 407
Entropy (8bit): 7.291217478642379
Encrypted: false
MD5: 215E6C09FF86C0A60C97FF966C4BBD82
SHA1: AA22D321174EC605630B69CCD65373C3ED619C71
SHA-256: 2AF22923899EEA4A4997481BAE73840AB2F4294798B85509F3CB63C05FE68E2C
SHA-512: 55DCC042B98E846B9DE030A0539196C94100EA66979D5F15EF62D68487A853BF690AAF1C219E9B8A59527526059A71B7550F3E8BAB91B7BC6107B81AFEC7C289
Malicious: false
Reputation: low
IE Cache URL: https://spotdiets.com/img/flags/min/pt.png
Preview:.PNG........IHDR................n...^IDAT(.m.1k.a.....mR+.B:.!..".....:.t. ..3v)[email protected]..:$.K...3.;..O.)[email protected]..,.f0....H....Zu.8....q.%-...d...O.t6..{u..'...v.`[email protected]>..\[email protected].}..G~..p....7K.-.C6d........w9yrr....wv>Y.]lCJI.....[|...M....c.[.KA....*......E.+..+............0...............FvC.z&....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\show[1].htm
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with CRLF line terminators
Size (bytes): 629
Entropy (8bit): 5.487124080188551
Encrypted: false
MD5: 0F1B548A8832C0AE06DC904BA2DEF90B
SHA1: C4FB122ACAA0FCDDF018C00F49E0F7EF20BD6AF1
SHA-256: 4BF82AF36C8F96949F78949289ED3D4D40157C458C09BF4CFF56F69703C23A3A
SHA-512: FCF04BA79F6915C6CF27F63EB67B025CD06FC58D7D1512BCCA18E051B0900BC10C40B2B419C52A0FDACD4E3A955892F5BDCCD3063CE3E5E96512A4BDDF5A26BB
Malicious: true
Yara Hits: Rule: JoeSecurity_Phisher_1, Description: Yara detected Phisher, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\show[1].htm, Author: Joe SecurityRule: JoeSecurity_HtmlPhish_9, Description: Yara detected HtmlPhish_9, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\show[1].htm, Author: Joe Security
Reputation: low
IE Cache URL: https://www.cpagrip.com/show.php?l=0&u=7420&id=7769
Preview:<html>...<head>....<title>Loading Offer..</title>.......<meta http-equiv="refresh" content="0;url=https://unlocklink.com/redirect/action/1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi?uc=1016191004&tsid=7420" />.....<script type="text/javascript">......window.location.href = 'https://unlocklink.com/redirect/action/1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi?uc=1016191004&tsid=7420';.....</script>.....</head>...<body>......<noscript><center>Auto-Redirect failed, Please <a href="https://unlocklink.com/redirect/action/1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi?uc=1016191004&tsid=7420">Click Here</a> to continue.</center></noscript>...</body>..</html>
Copyright Joe Security LLC 2020 Page 29 of 44
C:\Users\user\AppData\Local\Temp\~DF3221657AE6454236.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Size (bytes): 25441
Entropy (8bit): 0.2879935234493843
Encrypted: false
MD5: 242AF7E5E246AE90237288D6DF062392
SHA1: 7E0DDC41DF56C93D832A6034D6082D213641AAC8
SHA-256: 07897F0E6213FD6FCC99B1121EB116EBA021628FC79B50080AF7A9D6C8A67A7B
SHA-512: EA3D3BED4DE6E74ADC6821D791B3CD53C401AD06F4E6B933E833E84902E7C8BC968F7EEB284FAA9EB70159D3BA662E608689BADC7AC90D7B2EFD0816B0279A33
Malicious: false
Reputation: low
Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\~DF7ACBE8CBF521B15D.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Size (bytes): 85807
Entropy (8bit): 1.6489256987138232
Encrypted: false
MD5: DC52BB9EBB00630B290EE16C02A47885
SHA1: 3378CAC9A360079F09EB06A5643B340260FED1D6
SHA-256: E0E5925850B1F0F1F84945A1A5B1C835C3100AB8227352D7AA491CC4E9B3247E
SHA-512: 7448280872D651907EB9CA6B22C41F82E14E5025B8E43380727839BBE9F40D0A1E108020E5F08715408B16BCB24B93E6C21D7B7405CD5E299172F4A0E43499BC
Malicious: false
Reputation: low
Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Temp\~DF8FB6BD296836E842.TMPProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: data
Size (bytes): 13029
Entropy (8bit): 0.4821675208773517
Encrypted: false
MD5: 50718A16F986EF2450F6E78AE4837ABA
SHA1: 97B1E5238BDAA3E24FACD3A4AFAF677FB9142D62
SHA-256: 57C44A08BC94F9E2C735F56C24EEE148066FA2ED42D8635A0DA30EB05354A0D6
SHA-512: 60544313ECB87B7B33CCFF8EAAED487DACA774C361D46E7E1065D42FDEA26F9F5ECB16E940DBCB0A5D958A9F542FC2A9D7DF7A7DBC3474575727125DF7F52005
Malicious: false
Reputation: low
Preview:.............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Name IP Active Malicious Antivirus Detection Reputation
unlocklink.com 104.27.191.231 true false 0%, Virustotal, Browse unknown
www.exclusiveyouroffers.com 104.24.126.214 true false 0%, Virustotal, Browse unknown
cdnjs.cloudflare.com 104.16.132.229 true false high
whos.amung.us 67.202.94.94 true false high
routeserve.info 104.18.222.81 true false 0%, Virustotal, Browse unknown
z-m.c10r.facebook.com 31.13.92.37 true false high
Domains and IPs
Contacted Domains
Copyright Joe Security LLC 2020 Page 30 of 44
www.cpagrip.com 104.26.3.51 true false high
page.dagmaar.com 162.213.251.209 true false 0%, Virustotal, Browse unknown
widgets.amung.us 50.23.131.235 true false high
spotdiets.com 104.18.171.73 true false 0%, Virustotal, Browse low
ipv4.imgur.map.fastly.net 151.101.12.193 true false 0%, Virustotal, Browse low
l.facebook.com unknown unknown false high
maxcdn.bootstrapcdn.com unknown unknown false high
code.jquery.com unknown unknown false high
i.imgur.com unknown unknown false high
Name IP Active Malicious Antivirus Detection Reputation
Name Malicious Antivirus Detection Reputation
routeserve.info/fit?affid=2162rtty146&page=f-2-fitness&clickid=6dc7a59fe2dd4a30b403ef5409309466&pubid=9-1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi%3A%3A7420-
false Avira URL Cloud: safe unknown
Name Source Malicious Antivirus Detection Reputation
https://page.dagmaar.com/tundra/wait.htmlRhttps://page.dagmaar.com/tundra/wait.html
~DF7ACBE8CBF521B15D.TMP.1.dr false Avira URL Cloud: safe unknown
https://github.com/BlackrockDigital/startbootstrap-heroic-features/blob/master/LICENSE)
heroic-features[1].css.2.dr false high
www.nytimes.com/ msapplication.xml3.1.dr false high
https://page.dagmaar.com/tundra/wait.html ~DF7ACBE8CBF521B15D.TMP.1.dr false Avira URL Cloud: safe unknown
https://page.dagmaRoot {921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe unknown
https://page.dagmaar.com/tundra/wait1.htmlTht/redirect/action/1Ind2My0uJSRhZzar.com/tundra/wait1.htm
{921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe unknown
https://page.dagmaar.com/tundra/wait1.htmlThtRoot {921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe unknown
https://unlocklink.com/redirect/action/1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi?uc=1016191004&tsid=7420
show[1].htm.2.dr false Avira URL Cloud: safe unknown
https://static.hotjar.com/c/hotjar- gtm[1].js.2.dr false high
www.amazon.com/ msapplication.xml.1.dr false high
https://page.dagmaar.c {921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe unknown
https://page.dagmaar.com/tundra/?fbclid=IwAR0ibFeRoot
{921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe unknown
https://getbootstrap.com/) bootstrap.bundle.min[1].js.2.dr, bootstrap.min[1].css.2.dr
false high
www.twitter.com/ msapplication.xml5.1.dr false high
https://i.imgur.com/d17hczI.jpg tundra[1].htm.2.dr false high
https://page.dagmaar.com/tundra/?fbclid=IwAR0ibFettps://page.dagmaar.com/tundra/?fbclid=IwAR0ibFew8p
{921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe unknown
https://spotdiets.com/img/assets/favicon.ico~ imagestore.dat.2.dr false Avira URL Cloud: safe low
https://unlocklink.com {921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr
false 0%, Virustotal, BrowseAvira URL Cloud: safe
unknown
https://startbootstrap.com/template-overviews/heroic-features)
heroic-features[1].css.2.dr false high
https://www.exclusiveyouroffers.com/DFBHL/2CTPL/?uid=44&sub2=18051831_19_0_16dc_684671_af0_206_5ec2b
1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi[1].htm.2.dr
false Avira URL Cloud: safe unknown
https://page.dagmaar.com/tundra/wait1.htmlThtregistration?theme=f-2-fitness&var.com/tundra/wait1.htm
{921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe unknown
https://github.com/twbs/bootstrap/graphs/contributors) bootstrap.bundle.min[1].js.2.dr false high
https://page.dagmaar.com/tundra/wait1.htmlThtm/show.php?l=0&u=7420&id=7769Root
{921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe unknown
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
registration[1].htm.2.dr false high
https://code.jquery.com/jquery-3.2.1.min.js registration[1].htm.2.dr false high
https://getbootstrap.com) bootstrap.14d4753b[1].css.2.dr, bootstrap.min[1].js.2.dr
false URL Reputation: safe low
Contacted URLs
URLs from Memory and Binaries
Copyright Joe Security LLC 2020 Page 31 of 44
https://page.dagmaar.com/tundra/wait1.htmlThttps://page.dagmaar.com/tundra/wait1.html
~DF7ACBE8CBF521B15D.TMP.1.dr false Avira URL Cloud: safe unknown
https://www.cpagrip.co {921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe unknown
https://www.cpagrip.com/show.php?l=0&u=7420&id=7769
~DF7ACBE8CBF521B15D.TMP.1.dr, wait1[1].htm.2.dr
false high
www.youtube.com/ msapplication.xml7.1.dr false high
https://page.dagmaar.com/tundra/wait1.html ~DF7ACBE8CBF521B15D.TMP.1.dr false Avira URL Cloud: safe unknown
https://spotdiets.com/registration?theme=f-2-fitness&v_id=bd5da739-77ef-3160-f695-b0599716f68d&page=
~DF7ACBE8CBF521B15D.TMP.1.dr, {921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe low
https://i.imgur.com/pk1EcBw.gif wait1[1].htm.2.dr false high
https://github.com/krux/postscribe/blob/master/LICENSE.gtm[1].js.2.dr false high
https://github.com/twbs/bootstrap/blob/master/LICENSE) bootstrap.bundle.min[1].js.2.dr, bootstrap.14d4753b[1].css.2.dr
false high
www.wikipedia.com/ msapplication.xml6.1.dr false 0%, Virustotal, BrowseURL Reputation: safe
low
www.live.com/ msapplication.xml2.1.dr false high
opensource.org/licenses/MIT). popper.min[1].js.2.dr false high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
registration[1].htm.2.dr false high
www.reddit.com/ msapplication.xml4.1.dr false high
https://page.dagmaar.com/tundra/wait1.htmlThtar.com/tundra/wait1.html
{921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe unknown
https://spotdiets.com/ {921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr
false 0%, Virustotal, BrowseAvira URL Cloud: safe
low
https://page.dagmaar.com/tundra/?fbclid=IwAR0ibFem/tundra/wait.html
{921968EE-9974-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe unknown
Name Source Malicious Antivirus Detection Reputation
No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs
IP Country Flag ASN ASN Name Malicious
50.23.131.235 United States 36351 unknown false
31.13.92.37 Ireland 32934 unknown false
151.101.12.193 United States 54113 unknown false
104.27.191.231 United States 13335 unknown false
Contacted IPs
Public
Copyright Joe Security LLC 2020 Page 32 of 44
Static File Info
No static file info
Network Port Distribution
Total Packets: 89
• 53 (DNS)
• 443 (HTTPS)
162.213.251.209 United States 22612 unknown false
104.26.3.51 United States 13335 unknown false
104.18.222.81 United States 13335 unknown false
104.24.126.214 United States 13335 unknown false
67.202.94.94 United States 32748 unknown false
104.18.171.73 United States 13335 unknown false
104.16.132.229 United States 13335 unknown false
IP Country Flag ASN ASN Name Malicious
Network Behavior
Timestamp Source Port Dest Port Source IP Dest IP
May 18, 2020 19:00:56.698769093 CEST 49744 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.699970961 CEST 49745 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.716296911 CEST 443 49744 31.13.92.37 192.168.2.5
May 18, 2020 19:00:56.716543913 CEST 49744 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.717619896 CEST 443 49745 31.13.92.37 192.168.2.5
May 18, 2020 19:00:56.717736006 CEST 49745 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.730534077 CEST 49744 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.730575085 CEST 49745 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.748023987 CEST 443 49744 31.13.92.37 192.168.2.5
May 18, 2020 19:00:56.748214006 CEST 443 49745 31.13.92.37 192.168.2.5
May 18, 2020 19:00:56.748795033 CEST 443 49744 31.13.92.37 192.168.2.5
May 18, 2020 19:00:56.748816967 CEST 443 49744 31.13.92.37 192.168.2.5
May 18, 2020 19:00:56.748830080 CEST 443 49744 31.13.92.37 192.168.2.5
May 18, 2020 19:00:56.748934031 CEST 49744 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.749072075 CEST 443 49745 31.13.92.37 192.168.2.5
May 18, 2020 19:00:56.749104023 CEST 443 49745 31.13.92.37 192.168.2.5
May 18, 2020 19:00:56.749130011 CEST 443 49745 31.13.92.37 192.168.2.5
May 18, 2020 19:00:56.749191999 CEST 49745 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.749305964 CEST 49745 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.798038960 CEST 49745 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.802212000 CEST 49744 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.810204029 CEST 49745 443 192.168.2.5 31.13.92.37
TCP Packets
Copyright Joe Security LLC 2020 Page 33 of 44
May 18, 2020 19:00:56.810750008 CEST 49744 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.810920954 CEST 49745 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.816154003 CEST 443 49745 31.13.92.37 192.168.2.5
May 18, 2020 19:00:56.816216946 CEST 443 49745 31.13.92.37 192.168.2.5
May 18, 2020 19:00:56.816364050 CEST 49745 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.817723989 CEST 49745 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.819885969 CEST 443 49744 31.13.92.37 192.168.2.5
May 18, 2020 19:00:56.819971085 CEST 443 49744 31.13.92.37 192.168.2.5
May 18, 2020 19:00:56.820036888 CEST 49744 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.820123911 CEST 49744 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.822103977 CEST 49744 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.827945948 CEST 443 49745 31.13.92.37 192.168.2.5
May 18, 2020 19:00:56.828142881 CEST 49745 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.828205109 CEST 443 49744 31.13.92.37 192.168.2.5
May 18, 2020 19:00:56.828329086 CEST 49744 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.828871965 CEST 443 49745 31.13.92.37 192.168.2.5
May 18, 2020 19:00:56.829039097 CEST 49745 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.867152929 CEST 443 49745 31.13.92.37 192.168.2.5
May 18, 2020 19:00:56.867296934 CEST 49745 443 192.168.2.5 31.13.92.37
May 18, 2020 19:00:56.881292105 CEST 443 49744 31.13.92.37 192.168.2.5
May 18, 2020 19:00:57.358274937 CEST 49747 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:57.359458923 CEST 49746 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:57.536346912 CEST 443 49747 162.213.251.209 192.168.2.5
May 18, 2020 19:00:57.536545992 CEST 49747 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:57.539290905 CEST 443 49746 162.213.251.209 192.168.2.5
May 18, 2020 19:00:57.542825937 CEST 49746 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:57.568377018 CEST 49746 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:57.569494009 CEST 49747 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:57.746613026 CEST 443 49747 162.213.251.209 192.168.2.5
May 18, 2020 19:00:57.746637106 CEST 443 49747 162.213.251.209 192.168.2.5
May 18, 2020 19:00:57.746645927 CEST 443 49747 162.213.251.209 192.168.2.5
May 18, 2020 19:00:57.746654987 CEST 443 49747 162.213.251.209 192.168.2.5
May 18, 2020 19:00:57.746823072 CEST 49747 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:57.748781919 CEST 443 49747 162.213.251.209 192.168.2.5
May 18, 2020 19:00:57.748887062 CEST 49747 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:57.749747038 CEST 443 49746 162.213.251.209 192.168.2.5
May 18, 2020 19:00:57.749799967 CEST 443 49746 162.213.251.209 192.168.2.5
May 18, 2020 19:00:57.749814987 CEST 443 49746 162.213.251.209 192.168.2.5
May 18, 2020 19:00:57.749840975 CEST 49746 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:57.749875069 CEST 443 49746 162.213.251.209 192.168.2.5
May 18, 2020 19:00:57.749907970 CEST 49746 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:57.749999046 CEST 49746 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:57.751029015 CEST 443 49746 162.213.251.209 192.168.2.5
May 18, 2020 19:00:57.751105070 CEST 49746 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:57.855838060 CEST 49747 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:57.856568098 CEST 49747 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:57.857006073 CEST 49747 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:57.862418890 CEST 49746 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:57.863055944 CEST 49746 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:58.033832073 CEST 443 49747 162.213.251.209 192.168.2.5
May 18, 2020 19:00:58.033945084 CEST 49747 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:58.034128904 CEST 443 49747 162.213.251.209 192.168.2.5
May 18, 2020 19:00:58.034205914 CEST 49747 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:58.035177946 CEST 49747 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:58.039412975 CEST 443 49747 162.213.251.209 192.168.2.5
May 18, 2020 19:00:58.039582014 CEST 49747 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:58.041568041 CEST 443 49746 162.213.251.209 192.168.2.5
May 18, 2020 19:00:58.041708946 CEST 49746 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:58.041877031 CEST 443 49746 162.213.251.209 192.168.2.5
May 18, 2020 19:00:58.041991949 CEST 49746 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:58.047224045 CEST 49746 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:58.049676895 CEST 49747 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:58.051670074 CEST 49747 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:58.063723087 CEST 49747 443 192.168.2.5 162.213.251.209
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2020 Page 34 of 44
May 18, 2020 19:00:58.063993931 CEST 49747 443 192.168.2.5 162.213.251.209
May 18, 2020 19:00:58.122407913 CEST 49748 443 192.168.2.5 151.101.12.193
May 18, 2020 19:00:58.124073029 CEST 49749 443 192.168.2.5 151.101.12.193
May 18, 2020 19:00:58.143219948 CEST 443 49748 151.101.12.193 192.168.2.5
May 18, 2020 19:00:58.143413067 CEST 49748 443 192.168.2.5 151.101.12.193
May 18, 2020 19:00:58.144175053 CEST 49748 443 192.168.2.5 151.101.12.193
May 18, 2020 19:00:58.144478083 CEST 443 49749 151.101.12.193 192.168.2.5
May 18, 2020 19:00:58.144601107 CEST 49749 443 192.168.2.5 151.101.12.193
May 18, 2020 19:00:58.145534992 CEST 49749 443 192.168.2.5 151.101.12.193
May 18, 2020 19:00:58.164697886 CEST 443 49748 151.101.12.193 192.168.2.5
May 18, 2020 19:00:58.165896893 CEST 443 49749 151.101.12.193 192.168.2.5
May 18, 2020 19:00:58.166069984 CEST 443 49748 151.101.12.193 192.168.2.5
May 18, 2020 19:00:58.166100979 CEST 443 49748 151.101.12.193 192.168.2.5
May 18, 2020 19:00:58.166126013 CEST 443 49748 151.101.12.193 192.168.2.5
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source Port Dest Port Source IP Dest IP
May 18, 2020 19:00:55.264405012 CEST 56104 53 192.168.2.5 8.8.8.8
May 18, 2020 19:00:55.297919035 CEST 53 56104 8.8.8.8 192.168.2.5
May 18, 2020 19:00:56.646878004 CEST 62623 53 192.168.2.5 8.8.8.8
May 18, 2020 19:00:56.683629036 CEST 53 62623 8.8.8.8 192.168.2.5
May 18, 2020 19:00:57.193551064 CEST 59949 53 192.168.2.5 8.8.8.8
May 18, 2020 19:00:57.349813938 CEST 53 59949 8.8.8.8 192.168.2.5
May 18, 2020 19:00:58.070395947 CEST 61115 53 192.168.2.5 8.8.8.8
May 18, 2020 19:00:58.119961977 CEST 53 61115 8.8.8.8 192.168.2.5
May 18, 2020 19:00:58.977972984 CEST 57276 53 192.168.2.5 8.8.8.8
May 18, 2020 19:00:59.013902903 CEST 53 57276 8.8.8.8 192.168.2.5
May 18, 2020 19:00:59.790981054 CEST 54857 53 192.168.2.5 8.8.8.8
May 18, 2020 19:00:59.824680090 CEST 53 54857 8.8.8.8 192.168.2.5
May 18, 2020 19:01:03.272253990 CEST 55750 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:03.308784962 CEST 53 55750 8.8.8.8 192.168.2.5
May 18, 2020 19:01:14.425446033 CEST 50153 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:14.570280075 CEST 53 50153 8.8.8.8 192.168.2.5
May 18, 2020 19:01:22.938826084 CEST 51561 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:22.982498884 CEST 53 51561 8.8.8.8 192.168.2.5
May 18, 2020 19:01:23.616693974 CEST 65129 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:23.652899981 CEST 53 65129 8.8.8.8 192.168.2.5
May 18, 2020 19:01:24.032777071 CEST 52656 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:24.058211088 CEST 53 52656 8.8.8.8 192.168.2.5
May 18, 2020 19:01:24.068845987 CEST 63177 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:24.107284069 CEST 53 63177 8.8.8.8 192.168.2.5
May 18, 2020 19:01:24.750864029 CEST 56380 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:24.797308922 CEST 53 56380 8.8.8.8 192.168.2.5
May 18, 2020 19:01:25.004285097 CEST 62481 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:25.043401003 CEST 53 62481 8.8.8.8 192.168.2.5
May 18, 2020 19:01:25.289129019 CEST 57208 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:25.314541101 CEST 53 57208 8.8.8.8 192.168.2.5
May 18, 2020 19:01:25.377485037 CEST 50600 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:25.388895035 CEST 63741 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:25.395987988 CEST 62828 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:25.411294937 CEST 53 50600 8.8.8.8 192.168.2.5
May 18, 2020 19:01:25.417443037 CEST 59454 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:25.421360970 CEST 53 62828 8.8.8.8 192.168.2.5
May 18, 2020 19:01:25.422580957 CEST 53 63741 8.8.8.8 192.168.2.5
May 18, 2020 19:01:25.442765951 CEST 53 59454 8.8.8.8 192.168.2.5
May 18, 2020 19:01:25.457312107 CEST 61686 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:25.482611895 CEST 53 61686 8.8.8.8 192.168.2.5
May 18, 2020 19:01:26.227576017 CEST 55283 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:26.261362076 CEST 53 55283 8.8.8.8 192.168.2.5
May 18, 2020 19:01:26.298474073 CEST 57208 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:26.323878050 CEST 53 57208 8.8.8.8 192.168.2.5
May 18, 2020 19:01:27.229345083 CEST 55283 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:27.254648924 CEST 53 55283 8.8.8.8 192.168.2.5
UDP Packets
Copyright Joe Security LLC 2020 Page 35 of 44
May 18, 2020 19:01:27.307250023 CEST 57208 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:27.332684040 CEST 53 57208 8.8.8.8 192.168.2.5
May 18, 2020 19:01:27.796940088 CEST 57733 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:27.810307026 CEST 58376 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:27.822233915 CEST 53 57733 8.8.8.8 192.168.2.5
May 18, 2020 19:01:27.852420092 CEST 53 58376 8.8.8.8 192.168.2.5
May 18, 2020 19:01:28.302391052 CEST 55283 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:28.327668905 CEST 53 55283 8.8.8.8 192.168.2.5
May 18, 2020 19:01:30.094886065 CEST 57208 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:30.120320082 CEST 53 57208 8.8.8.8 192.168.2.5
May 18, 2020 19:01:30.304434061 CEST 55283 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:30.329737902 CEST 53 55283 8.8.8.8 192.168.2.5
May 18, 2020 19:01:34.097407103 CEST 57208 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:34.122750998 CEST 53 57208 8.8.8.8 192.168.2.5
May 18, 2020 19:01:34.305964947 CEST 55283 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:34.331238031 CEST 53 55283 8.8.8.8 192.168.2.5
May 18, 2020 19:01:37.763890982 CEST 62387 53 192.168.2.5 8.8.8.8
May 18, 2020 19:01:37.789201021 CEST 53 62387 8.8.8.8 192.168.2.5
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
May 18, 2020 19:00:56.646878004 CEST 192.168.2.5 8.8.8.8 0x49f7 Standard query (0)
l.facebook.com A (IP address) IN (0x0001)
May 18, 2020 19:00:57.193551064 CEST 192.168.2.5 8.8.8.8 0x918b Standard query (0)
page.dagmaar.com
A (IP address) IN (0x0001)
May 18, 2020 19:00:58.070395947 CEST 192.168.2.5 8.8.8.8 0x6a3c Standard query (0)
i.imgur.com A (IP address) IN (0x0001)
May 18, 2020 19:00:58.977972984 CEST 192.168.2.5 8.8.8.8 0x5218 Standard query (0)
widgets.amung.us
A (IP address) IN (0x0001)
May 18, 2020 19:00:59.790981054 CEST 192.168.2.5 8.8.8.8 0x446b Standard query (0)
whos.amung.us A (IP address) IN (0x0001)
May 18, 2020 19:01:14.425446033 CEST 192.168.2.5 8.8.8.8 0x6892 Standard query (0)
page.dagmaar.com
A (IP address) IN (0x0001)
May 18, 2020 19:01:22.938826084 CEST 192.168.2.5 8.8.8.8 0x3050 Standard query (0)
www.cpagrip.com A (IP address) IN (0x0001)
May 18, 2020 19:01:23.616693974 CEST 192.168.2.5 8.8.8.8 0x2c2 Standard query (0)
unlocklink.com A (IP address) IN (0x0001)
May 18, 2020 19:01:24.068845987 CEST 192.168.2.5 8.8.8.8 0x988c Standard query (0)
www.exclusiveyouroffers.com
A (IP address) IN (0x0001)
May 18, 2020 19:01:24.750864029 CEST 192.168.2.5 8.8.8.8 0x9b80 Standard query (0)
routeserve.info A (IP address) IN (0x0001)
May 18, 2020 19:01:25.004285097 CEST 192.168.2.5 8.8.8.8 0x2dc9 Standard query (0)
spotdiets.com A (IP address) IN (0x0001)
May 18, 2020 19:01:25.395987988 CEST 192.168.2.5 8.8.8.8 0x45f2 Standard query (0)
code.jquery.com A (IP address) IN (0x0001)
May 18, 2020 19:01:25.417443037 CEST 192.168.2.5 8.8.8.8 0xb276 Standard query (0)
cdnjs.cloudflare.com
A (IP address) IN (0x0001)
May 18, 2020 19:01:25.457312107 CEST 192.168.2.5 8.8.8.8 0xb1b3 Standard query (0)
maxcdn.bootstrapcdn.com
A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
May 18, 2020 19:00:56.683629036 CEST
8.8.8.8 192.168.2.5 0x49f7 No error (0) l.facebook.com z-m.c10r.facebook.com CNAME (Canonical name)
IN (0x0001)
May 18, 2020 19:00:56.683629036 CEST
8.8.8.8 192.168.2.5 0x49f7 No error (0) z-m.c10r.facebook.com
31.13.92.37 A (IP address) IN (0x0001)
May 18, 2020 19:00:57.349813938 CEST
8.8.8.8 192.168.2.5 0x918b No error (0) page.dagmaar.com
162.213.251.209 A (IP address) IN (0x0001)
May 18, 2020 19:00:58.119961977 CEST
8.8.8.8 192.168.2.5 0x6a3c No error (0) i.imgur.com ipv4.imgur.map.fastly.net CNAME (Canonical name)
IN (0x0001)
May 18, 2020 19:00:58.119961977 CEST
8.8.8.8 192.168.2.5 0x6a3c No error (0) ipv4.imgur.map.fastly.net
151.101.12.193 A (IP address) IN (0x0001)
May 18, 2020 19:00:59.013902903 CEST
8.8.8.8 192.168.2.5 0x5218 No error (0) widgets.amung.us
50.23.131.235 A (IP address) IN (0x0001)
DNS Queries
DNS Answers
Copyright Joe Security LLC 2020 Page 36 of 44
May 18, 2020 19:00:59.013902903 CEST
8.8.8.8 192.168.2.5 0x5218 No error (0) widgets.amung.us
173.192.200.70 A (IP address) IN (0x0001)
May 18, 2020 19:00:59.824680090 CEST
8.8.8.8 192.168.2.5 0x446b No error (0) whos.amung.us 67.202.94.94 A (IP address) IN (0x0001)
May 18, 2020 19:00:59.824680090 CEST
8.8.8.8 192.168.2.5 0x446b No error (0) whos.amung.us 67.202.94.93 A (IP address) IN (0x0001)
May 18, 2020 19:00:59.824680090 CEST
8.8.8.8 192.168.2.5 0x446b No error (0) whos.amung.us 67.202.94.86 A (IP address) IN (0x0001)
May 18, 2020 19:01:14.570280075 CEST
8.8.8.8 192.168.2.5 0x6892 No error (0) page.dagmaar.com
162.213.251.209 A (IP address) IN (0x0001)
May 18, 2020 19:01:22.982498884 CEST
8.8.8.8 192.168.2.5 0x3050 No error (0) www.cpagrip.com
104.26.3.51 A (IP address) IN (0x0001)
May 18, 2020 19:01:22.982498884 CEST
8.8.8.8 192.168.2.5 0x3050 No error (0) www.cpagrip.com
104.26.2.51 A (IP address) IN (0x0001)
May 18, 2020 19:01:23.652899981 CEST
8.8.8.8 192.168.2.5 0x2c2 No error (0) unlocklink.com 104.27.191.231 A (IP address) IN (0x0001)
May 18, 2020 19:01:23.652899981 CEST
8.8.8.8 192.168.2.5 0x2c2 No error (0) unlocklink.com 104.27.190.231 A (IP address) IN (0x0001)
May 18, 2020 19:01:24.107284069 CEST
8.8.8.8 192.168.2.5 0x988c No error (0) www.exclusiveyouroffers.com
104.24.126.214 A (IP address) IN (0x0001)
May 18, 2020 19:01:24.107284069 CEST
8.8.8.8 192.168.2.5 0x988c No error (0) www.exclusiveyouroffers.com
104.24.127.214 A (IP address) IN (0x0001)
May 18, 2020 19:01:24.797308922 CEST
8.8.8.8 192.168.2.5 0x9b80 No error (0) routeserve.info 104.18.222.81 A (IP address) IN (0x0001)
May 18, 2020 19:01:24.797308922 CEST
8.8.8.8 192.168.2.5 0x9b80 No error (0) routeserve.info 104.18.223.81 A (IP address) IN (0x0001)
May 18, 2020 19:01:25.043401003 CEST
8.8.8.8 192.168.2.5 0x2dc9 No error (0) spotdiets.com 104.18.171.73 A (IP address) IN (0x0001)
May 18, 2020 19:01:25.043401003 CEST
8.8.8.8 192.168.2.5 0x2dc9 No error (0) spotdiets.com 104.18.170.73 A (IP address) IN (0x0001)
May 18, 2020 19:01:25.421360970 CEST
8.8.8.8 192.168.2.5 0x45f2 No error (0) code.jquery.com cds.s5x3j6q5.hwcdn.net CNAME (Canonical name)
IN (0x0001)
May 18, 2020 19:01:25.442765951 CEST
8.8.8.8 192.168.2.5 0xb276 No error (0) cdnjs.cloudflare.com
104.16.132.229 A (IP address) IN (0x0001)
May 18, 2020 19:01:25.442765951 CEST
8.8.8.8 192.168.2.5 0xb276 No error (0) cdnjs.cloudflare.com
104.16.133.229 A (IP address) IN (0x0001)
May 18, 2020 19:01:25.482611895 CEST
8.8.8.8 192.168.2.5 0xb1b3 No error (0) maxcdn.bootstrapcdn.com
cds.j3z9t3p6.hwcdn.net CNAME (Canonical name)
IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
routeserve.info
Session ID Source IP Source Port Destination IP Destination Port Process
0 192.168.2.5 49766 104.18.222.81 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
HTTP Request Dependency Graph
HTTP Packets
Copyright Joe Security LLC 2020 Page 37 of 44
May 18, 2020 19:01:24.820148945 CEST
472 OUT GET /fit?affid=2162rtty146&page=f-2-fitness&clickid=6dc7a59fe2dd4a30b403ef5409309466&pubid=9-1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi%3A%3A7420- HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: routeserve.info
May 18, 2020 19:01:24.854407072 CEST
473 IN HTTP/1.1 301 Moved PermanentlyDate: Mon, 18 May 2020 17:01:24 GMTTransfer-Encoding: chunkedConnection: keep-aliveCache-Control: max-age=3600Expires: Mon, 18 May 2020 18:01:24 GMTLocation: https://routeserve.info/fit?affid=2162rtty146&page=f-2-fitness&clickid=6dc7a59fe2dd4a30b403ef5409309466&pubid=9-1Ind2My0uJSRhZzwiKHNmf3BlZ2E_eQ_Pyi%3A%3A7420-Vary: Accept-EncodingServer: cloudflareCF-RAY: 595723d629bdc27c-FRAcf-request-id: 02ca54b9dc0000c27cb3338200000001Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
TimestampkBytestransferred Direction Data
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
May 18, 2020 19:00:56.748830080 CEST
31.13.92.37 443 192.168.2.5 49744 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Apr 15 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Tue Jul 14 14:00:00 CEST 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
May 18, 2020 19:00:56.749130011 CEST
31.13.92.37 443 192.168.2.5 49745 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Apr 15 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Tue Jul 14 14:00:00 CEST 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
May 18, 2020 19:00:57.748781919 CEST
162.213.251.209 443 192.168.2.5 49747 CN=page.dagmaar.com CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Mon Mar 16 01:00:00 CET 2020 Fri Nov 02 01:00:00 CET 2018 Tue May 30 12:48:38 CEST 2000
Wed Mar 17 00:59:59 CET 2021 Wed Jan 01 00:59:59 CET 2031 Sat May 30 12:48:38 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Fri Nov 02 01:00:00 CET 2018
Wed Jan 01 00:59:59 CET 2031
HTTPS Packets
Copyright Joe Security LLC 2020 Page 38 of 44
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Tue May 30 12:48:38 CEST 2000
Sat May 30 12:48:38 CEST 2020
May 18, 2020 19:00:57.751029015 CEST
162.213.251.209 443 192.168.2.5 49746 CN=page.dagmaar.com CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Mon Mar 16 01:00:00 CET 2020 Fri Nov 02 01:00:00 CET 2018 Tue May 30 12:48:38 CEST 2000
Wed Mar 17 00:59:59 CET 2021 Wed Jan 01 00:59:59 CET 2031 Sat May 30 12:48:38 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Fri Nov 02 01:00:00 CET 2018
Wed Jan 01 00:59:59 CET 2031
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Tue May 30 12:48:38 CEST 2000
Sat May 30 12:48:38 CEST 2020
May 18, 2020 19:00:58.166126013 CEST
151.101.12.193 443 192.168.2.5 49748 CN=*.imgur.com, O="Imgur, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Jan 15 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013
Wed Mar 16 13:00:00 CET 2022 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
May 18, 2020 19:00:58.167373896 CEST
151.101.12.193 443 192.168.2.5 49749 CN=*.imgur.com, O="Imgur, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Jan 15 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013
Wed Mar 16 13:00:00 CET 2022 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
May 18, 2020 19:00:59.331677914 CEST
50.23.131.235 443 192.168.2.5 49750 CN=whos.amung.us, O=whos.amung.us Inc, L=Calgary, ST=Alberta, C=CA, SERIALNUMBER=2014337048, OID.1.3.6.1.4.1.311.60.2.1.2=Alberta, OID.1.3.6.1.4.1.311.60.2.1.3=CA, OID.2.5.4.15=Private Organization CN=GeoTrust EV RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=GeoTrust EV RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 09 01:00:00 CET 2018 Mon Nov 06 13:22:46 CET 2017
Mon May 25 14:00:00 CEST 2020 Sat Nov 06 13:22:46 CET 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GeoTrust EV RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Nov 06 13:22:46 CET 2017
Sat Nov 06 13:22:46 CET 2027
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2020 Page 39 of 44
May 18, 2020 19:00:59.332870007 CEST
50.23.131.235 443 192.168.2.5 49751 CN=whos.amung.us, O=whos.amung.us Inc, L=Calgary, ST=Alberta, C=CA, SERIALNUMBER=2014337048, OID.1.3.6.1.4.1.311.60.2.1.2=Alberta, OID.1.3.6.1.4.1.311.60.2.1.3=CA, OID.2.5.4.15=Private Organization CN=GeoTrust EV RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=GeoTrust EV RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 09 01:00:00 CET 2018 Mon Nov 06 13:22:46 CET 2017
Mon May 25 14:00:00 CEST 2020 Sat Nov 06 13:22:46 CET 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GeoTrust EV RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Nov 06 13:22:46 CET 2017
Sat Nov 06 13:22:46 CET 2027
May 18, 2020 19:01:00.066315889 CEST
67.202.94.94 443 192.168.2.5 49752 CN=whos.amung.us, O=whos.amung.us Inc, L=Calgary, ST=Alberta, C=CA, SERIALNUMBER=2014337048, OID.1.3.6.1.4.1.311.60.2.1.2=Alberta, OID.1.3.6.1.4.1.311.60.2.1.3=CA, OID.2.5.4.15=Private Organization CN=GeoTrust EV RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=GeoTrust EV RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 09 01:00:00 CET 2018 Mon Nov 06 13:22:46 CET 2017
Mon May 25 14:00:00 CEST 2020 Sat Nov 06 13:22:46 CET 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GeoTrust EV RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Nov 06 13:22:46 CET 2017
Sat Nov 06 13:22:46 CET 2027
May 18, 2020 19:01:00.068881035 CEST
67.202.94.94 443 192.168.2.5 49753 CN=whos.amung.us, O=whos.amung.us Inc, L=Calgary, ST=Alberta, C=CA, SERIALNUMBER=2014337048, OID.1.3.6.1.4.1.311.60.2.1.2=Alberta, OID.1.3.6.1.4.1.311.60.2.1.3=CA, OID.2.5.4.15=Private Organization CN=GeoTrust EV RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=GeoTrust EV RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 09 01:00:00 CET 2018 Mon Nov 06 13:22:46 CET 2017
Mon May 25 14:00:00 CEST 2020 Sat Nov 06 13:22:46 CET 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GeoTrust EV RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Nov 06 13:22:46 CET 2017
Sat Nov 06 13:22:46 CET 2027
May 18, 2020 19:01:15.149008036 CEST
162.213.251.209 443 192.168.2.5 49757 CN=page.dagmaar.com CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Mon Mar 16 01:00:00 CET 2020 Fri Nov 02 01:00:00 CET 2018 Tue May 30 12:48:38 CEST 2000
Wed Mar 17 00:59:59 CET 2021 Wed Jan 01 00:59:59 CET 2031 Sat May 30 12:48:38 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0
37f463bf4616ecd445d4a1937da06e19
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Fri Nov 02 01:00:00 CET 2018
Wed Jan 01 00:59:59 CET 2031
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Tue May 30 12:48:38 CEST 2000
Sat May 30 12:48:38 CEST 2020
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2020 Page 40 of 44
May 18, 2020 19:01:23.099189997 CEST
104.26.3.51 443 192.168.2.5 49758 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Thu Mar 19 01:00:00 CET 2020 Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020 Fri Oct 09 14:00:00 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020
May 18, 2020 19:01:23.110989094 CEST
104.26.3.51 443 192.168.2.5 49759 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Thu Mar 19 01:00:00 CET 2020 Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020 Fri Oct 09 14:00:00 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020
May 18, 2020 19:01:23.724201918 CEST
104.27.191.231 443 192.168.2.5 49761 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Sat Feb 22 01:00:00 CET 2020 Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020 Fri Oct 09 14:00:00 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020
May 18, 2020 19:01:23.724431038 CEST
104.27.191.231 443 192.168.2.5 49760 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Sat Feb 22 01:00:00 CET 2020 Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020 Fri Oct 09 14:00:00 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020
May 18, 2020 19:01:24.159926891 CEST
104.24.126.214 443 192.168.2.5 49764 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Mon Oct 07 02:00:00 CEST 2019 Wed Oct 14 14:00:00 CEST 2015
Tue Oct 06 14:00:00 CEST 2020 Fri Oct 09 14:00:00 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2020 Page 41 of 44
May 18, 2020 19:01:24.166491985 CEST
104.24.126.214 443 192.168.2.5 49765 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Mon Oct 07 02:00:00 CEST 2019 Wed Oct 14 14:00:00 CEST 2015
Tue Oct 06 14:00:00 CEST 2020 Fri Oct 09 14:00:00 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020
May 18, 2020 19:01:24.907212973 CEST
104.18.222.81 443 192.168.2.5 49768 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Tue Apr 07 02:00:00 CEST 2020 Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020 Fri Oct 09 14:00:00 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020
May 18, 2020 19:01:25.092432022 CEST
104.18.171.73 443 192.168.2.5 49770 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Tue Apr 07 02:00:00 CEST 2020 Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020 Fri Oct 09 14:00:00 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020
May 18, 2020 19:01:25.093637943 CEST
104.18.171.73 443 192.168.2.5 49769 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Tue Apr 07 02:00:00 CEST 2020 Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020 Fri Oct 09 14:00:00 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020
May 18, 2020 19:01:25.489948034 CEST
104.16.132.229 443 192.168.2.5 49778 CN=cloudflare.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Tue Jan 07 01:00:00 CET 2020 Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020 Fri Oct 09 14:00:00 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2020 Page 42 of 44
Code Manipulations
Statistics
Behavior
• iexplore.exe
• iexplore.exe
Click to jump to process
System Behavior
May 18, 2020 19:01:25.498224974 CEST
104.16.132.229 443 192.168.2.5 49777 CN=cloudflare.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Tue Jan 07 01:00:00 CET 2020 Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020 Fri Oct 09 14:00:00 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Start time: 19:00:54
Start date: 18/05/2020
Path: C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit): false
Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase: 0x7ff6c50a0000
File size: 823560 bytes
MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596
Has administrator privileges: false
Programmed in: C, C++ or other language
Reputation: low
Analysis Process: iexplore.exe PID: 4380 Parent PID: 696Analysis Process: iexplore.exe PID: 4380 Parent PID: 696
General
Copyright Joe Security LLC 2020 Page 43 of 44
Disassembly
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 19:00:54
Start date: 18/05/2020
Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit): true
Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4380 CREDAT:17410 /prefetch:2
Imagebase: 0x1060000
File size: 822536 bytes
MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A
Has administrator privileges: false
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Analysis Process: iexplore.exe PID: 4880 Parent PID: 4380Analysis Process: iexplore.exe PID: 4880 Parent PID: 4380
General
Copyright Joe Security LLC 2020 Page 44 of 44