Automated Malware Analysis Report For

ID: 431516 Cookbook: browseurl.jbs Time: 20:48:54 Date: 08/06/2021 Version: 32.0.0 Black Diamond Table of Contents

Table of Contents 2 Analysis Report https://pub.lucidpress.com/1f6d8117-547a-408d-a63c-31977cec8524/ 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Process Tree 3 Malware Configuration 3 Yara Overview 3 Sigma Overview 3 Signature Overview 3 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 4 Thumbnails 4 Antivirus, Machine Learning and Genetic Malware Detection 5 Initial Sample 5 Dropped Files 5 Unpacked PE Files 5 Domains 5 URLs 5 Domains and IPs 6 Contacted Domains 6 Contacted URLs 6 URLs from Memory and Binaries 6 Contacted IPs 6 Public 6 General Information 7 Simulations 7 Behavior and APIs 7 Joe Sandbox View / Context 7 IPs 7 Domains 7 ASN 7 JA3 Fingerprints 7 Dropped Files 7 Created / dropped Files 8 Static File Info 15 No static file info 15 Network Behavior 15 Network Port Distribution 15 TCP Packets 15 UDP Packets 16 DNS Queries 16 DNS Answers 16 HTTPS Packets 17 Code Manipulations 22 Statistics 23 Behavior 23 System Behavior 23 Analysis Process: iexplore.exe PID: 5220 Parent PID: 792 23 General 23 File Activities 23 Registry Activities 23 Analysis Process: iexplore.exe PID: 5352 Parent PID: 5220 23 General 23 File Activities 23 Registry Activities 23 Disassembly 23

Copyright Joe Security LLC 2021 Page 2 of 24 Analysis Report https://pub.lucidpress.com/1f6d8117-54…7a-408d-a63c-31977cec8524/

Overview

General Information Detection Signatures Classification

Sample URL: https://pub.lucidpres No high impact signatures. s.com/1f6d8117-547a-408 d-a63c-31977cec8524/ Analysis ID: 431516 Infos:

Ransomware

Most interesting Screenshot: Miner Spreading

mmaallliiiccciiioouusss

malicious

Evader Phishing

sssuusssppiiiccciiioouusss

suspicious

cccllleeaann

clean

Exploiter Banker

Spyware Trojan / Bot

Adware

Score: 0 Range: 0 - 100 Whitelisted: false Confidence: 80%

Process Tree

System is w10x64 iexplore.exe (PID: 5220 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 5352 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5220 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Mitre Att&ck Matrix

Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Windows Path Process Masquerading 1 OS File and Remote Data from Exfiltration Encrypted Eavesdrop on Remotely Modify Accounts Management Interception Injection 1 Credential Directory Services Local Over Other Channel 2 Insecure Track Device System Instrumentation Dumping Discovery 1 System Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Process LSASS Application Remote Data from Exfiltration Non- Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Injection 1 Memory Window Desktop Removable Over Application Redirect Phone Wipe Data Lockout Initialization Initialization Discovery Protocol Media Bluetooth Layer Calls/SMS Without Scripts Scripts Protocol 1 Authorization Domain At (Linux) Logon Script Logon Obfuscated Files Security Query SMB/Windows Data from Automated Application Exploit SS7 to Obtain Delete Accounts (Windows) Script or Information Account Registry Admin Shares Network Exfiltration Layer Track Device Device Device (Windows) Manager Shared Protocol 2 Location Cloud Data Drive Backups

Behavior Graph

Hide Legend Behavior Graph Legend: ID: 431516 Process URL: https://pub.lucidpress.com/... Signature Startdate: 08/06/2021 Created File Architecture: WINDOWS DNS/IP Info Score: 0 Is Dropped

Is Windows Process

Number of created Registry Values

www.lucidpress.com app.lucidpress.com started Number of created Files

Visual Basic

Delphi

iexplore.exe Java .Net C# or VB.NET

C, C++ or other language 2 84 Is malicious

Internet started

iexplore.exe

2 48

www.google.de stats.l.doubleclick.net

142.251.36.227, 443, 49734, 49735 172.253.120.154, 443, 49729, 49730 6 other IPs or domains GOOGLEUS GOOGLEUS United States United States

Screenshots

Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Initial Sample

Source Detection Scanner Label Link https://pub.lucidpress.com/1f6d8117-547a-408d-a63c-31977cec8524/ 0% Avira URL Cloud safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Copyright Joe Security LLC 2021 Page 5 of 24 Source Detection Scanner Label Link https://lucidspark.com/integrations/jira-cards 0% Avira URL Cloud safe https://js.hsleadflows.net/leadflows.js 0% URL Reputation safe https://js.hsleadflows.net/leadflows.js 0% URL Reputation safe https://js.hsleadflows.net/leadflows.js 0% URL Reputation safe https://js.hsleadflows.net/leadflows.js 0% URL Reputation safe https://analytics.lucid.app 0% Virustotal Browse https://analytics.lucid.app 0% Avira URL Cloud safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe hammerjs.github.io/ 0% Avira URL Cloud safe https://lucidspark.com/contact/contact-sales 0% Avira URL Cloud safe brandon.aaron.sh) 0% Avira URL Cloud safe https://www.lucidspark.com/enterprise 0% Avira URL Cloud safe https://www.preprodchart.com 0% Avira URL Cloud safe https://analytics.app.preprodchart.com 0% Avira URL Cloud safe https://analytics.app.preprodpress.com 0% Avira URL Cloud safe www.wikipedia.com/ 0% URL Reputation safe www.wikipedia.com/ 0% URL Reputation safe www.wikipedia.com/ 0% URL Reputation safe https://analytics.lucidchart.eu 0% Avira URL Cloud safe

Domains and IPs

Contacted Domains

Name IP Active Malicious Antivirus Detection Reputation www.google.de 142.251.36.227 true false high www.lucidpress.com 143.204.98.57 true false high app.lucidpress.com 54.85.236.27 true false high stats.l.doubleclick.net 172.253.120.154 true false high www.lucidchart.com 143.204.98.100 true false high d2pjrbs8oo6puz.cloudfront.net 143.204.98.18 true false high pub.lucidpress.com unknown unknown false high stats.g.doubleclick.net unknown unknown false high

Contacted URLs

Name Malicious Antivirus Detection Reputation https://pub.lucidpress.com/1f6d8117-547a-408d-a63c-31977cec8524/ false high

URLs from Memory and Binaries

Contacted IPs

Public

IP Domain Country Flag ASN ASN Name Malicious 143.204.98.18 d2pjrbs8oo6puz.cloudfront. United States 16509 AMAZON-02US false net 142.251.36.227 www.google.de United States 15169 GOOGLEUS false 143.204.98.57 www.lucidpress.com United States 16509 AMAZON-02US false 143.204.98.100 www.lucidchart.com United States 16509 AMAZON-02US false 172.253.120.154 stats.l.doubleclick.net United States 15169 GOOGLEUS false 54.85.236.27 app.lucidpress.com United States 14618 AMAZON-AESUS false

Joe Sandbox Version: 32.0.0 Black Diamond Analysis ID: 431516 Start date: 08.06.2021 Start time: 20:48:54 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 3m 7s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs Sample URL: https://pub.lucidpress.com/1f6d8117-547a-408d-a 63c-31977cec8524/ Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 Number of analysed new started processes analysed: 15 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled AMSI enabled Analysis Mode: default Analysis stop reason: Timeout Detection: CLEAN Classification: clean0.win@3/24@8/6 Cookbook Comments: Adjust boot time Enable AMSI Warnings: Show All

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B98DD868-C8D5-11EB-90E4-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 30296 Entropy (8bit): 1.8597616336795502 Encrypted: false SSDEEP: 96:riiZQvZ4O2pJWCQwtCGfCotMC5CFCQfC6sX:riiZQvZ4O2pJWTwtNfdtMQgjfPsX MD5: 09FB43B1CC51304E7E989D4691A4FF9F SHA1: 32C8CE8F180487C0EF4FF27E9DA7E0A88EA3EFF9 SHA-256: C5F9423C7521BC3B9515C4943E1070BCA15AD8DD7051631664BCD335A9DBAC37 SHA-512: 08EB3EFAECA90042D957075B2DF1F1FFBEB274B3C4F503B02984DE594A8C4536354C4685ABD6D1A99BAE50018870F2B5EAAAD63469C9EDB93BFF89801E77DF E8 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B98DD86A-C8D5-11EB-90E4-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 24240 Entropy (8bit): 1.64664547939985 Encrypted: false SSDEEP: 48:IwXGcpruGwpaaG4pQGGrapbS8GQpBOGHHpcPTGUp8FGzYpmAyGoplWHsYLrGiNpm:rdZGQa6IBSUjd2ZW7MXLNYZg MD5: 6F9AE6CF5E4CFFD1212F7C982DBD6BE5 SHA1: 105DD8CC5016C4AF0CDFCDFA9091FF509D99EC13 SHA-256: D6E6132224D7248EFF8C3938A3BDCC571E81DAB30242194147837F1B702EF636 SHA-512: 0DDB9C00E3BD4256C637E828204C74228CA64DD52742B7C6278B9C79F484339CEACA9AE592021B19A3E8F3F073A3F71321FEBF0F6943DF5B27C19CDB590EAA8 8 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C09AAB52-C8D5-11EB-90E4-ECF4BB862DED}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 16984 Entropy (8bit): 1.5656634170410098 Encrypted: false SSDEEP: 48:IwkGcprVGwpa3G4pQrGrapbSAGQpKaG7HpRoTGIpG:r4Z/Q56fBSoA1TsA MD5: 86678BB221A72F0E80922C9790509007 SHA1: 37C442E3B31C4B5BF3D416860AFC9F9D4AFF6C21 SHA-256: 197EB07C966F576FA1434519BFF89B5E23D30EC0CAC0545A17BB3E1E0C3945F5 SHA-512: 05142F4ABB4CC6ABDBA353B89719C8C82EAEE4AE4E7D4A0B7C333249F9E65B8528E8DB8CEEBC0DABBA876CC0B9FFC416B3328A16DE1E15C15EBDA75D624A 60E8 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe Copyright Joe Security LLC 2021 Page 8 of 24 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 656 Entropy (8bit): 5.073679824883287 Encrypted: false SSDEEP: 12:TMHdNMNxOEPFFnWimI002EtM3MHdNMNxOEPFFnWimI00ObVbkEtMb:2d6NxOIFFSZHKd6NxOIFFSZ76b MD5: 6CA7DB4B815D939B21EF93CE478755E7 SHA1: 139D9FF834CD241019FA7C83B539DD03F0E0638F SHA-256: F99E38E2A7850ED35185D6D2C938A65E5107E8FEA94D1669CA1A234727B7B9A1 SHA-512: 97A434268B94CB7A6BB32C0E3AB0C5F69F54A81B19293D679119362DDD10198AA2FDCA778CEE88491A8EE2A84809F550714C6DB5C1F484FEE071AF1940124113 Malicious: false Reputation: low Preview: ..0x91b10c7b,0x01d75ce2< accdate>0x91b10c7b,0x01d75ce2....0x91b10c7b,0x01d75ce20 x91b10c7b,0x01d75ce2..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 653 Entropy (8bit): 5.097347010781194 Encrypted: false SSDEEP: 12:TMHdNMNxe2kPFFnWimI002EtM3MHdNMNxe2kPFFnWimI00Obkak6EtMb:2d6NxroFFSZHKd6NxroFFSZ7Aa7b MD5: 701D6654E775EF3EE061EA71AE475E36 SHA1: 089A51A8CA9581A5A2F6A8DFA631F80A3A86AFC9 SHA-256: E653B16026A711E429AB258F8B7C790824809173FAA6A8EBD74D44E3674A2119 SHA-512: 5A457418400A9EE5AFA737EF0095E200254256CFAF867FCC2F2BC7507A42C56A61C88715BAA395188036A7D3B26A835B14C8F0C072874E0C36017E20B13519A6 Malicious: false Reputation: low Preview: ..0x91b10c7b,0x01d75ce20x91b10c7b,0x01d75ce2....0x91b10c7b,0x01d75ce2 0x91b10c7b,0x01d75ce2..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 662 Entropy (8bit): 5.093871698034152 Encrypted: false SSDEEP: 12:TMHdNMNxvLPFFnWimI002EtM3MHdNMNxvLPFFnWimI00ObmZEtMb:2d6NxvLFFSZHKd6NxvLFFSZ7mb MD5: 7DCE4C8064417E93270C635927B419F1 SHA1: D6727332181960BC29CC782092C4F4FA906670AB SHA-256: 74E17A146EC89B52DB8B509B2292C899B807528E711714A65D7B941A99017905 SHA-512: E90DF09F26BB534DB589B33EABC3FBBC77F29DF965A5C96D59AF733FA11BB751F97D03BA7F6395CC0E7D284A0E711146F3FBBC3AC09DABEB717CE5930DC3E 330 Malicious: false Reputation: low Preview: ..0x91b10c7b,0x01d75ce2 0x91b10c7b,0x01d75ce2....0x91b10c7b,0x01d75ce20x91b10c7b,0x01d75ce2..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 647 Entropy (8bit): 5.089151474134799 Encrypted: false

Copyright Joe Security LLC 2021 Page 9 of 24 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml SSDEEP: 12:TMHdNMNxiPFFnWimI002EtM3MHdNMNxiPFFnWimI00Obd5EtMb:2d6NxKFFSZHKd6NxKFFSZ7Jjb MD5: E8746CA67D835E5F1F101A779AEC2F62 SHA1: 646F074C1B62362A1F804F542368AE7EBFCE2EAB SHA-256: DC99589C6DED53021A0F3F1302374D6987E772C60FABAB371D3E4EB11D8677F6 SHA-512: AAC4CB135572C082F913C1777AB98BCA14FD936E03B6694240EC87370340CBE492F9AA7829DA42EB021C92988712CD8AB78EAD47631DF5C7754B9B7B061D2FF2 Malicious: false Reputation: low Preview: ..0x91b10c7b,0x01d75ce20x91b10c7b,0x01d75ce2....0x91b10c7b,0x01d75ce20x91b10 c7b,0x01d75ce2 ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 656 Entropy (8bit): 5.102447914187551 Encrypted: false SSDEEP: 12:TMHdNMNxhGwPFFnWimI002EtM3MHdNMNxhGwPFFnWimI00Ob8K075EtMb:2d6NxQMFFSZHKd6NxQMFFSZ7YKajb MD5: E8320AED7D24D7DAF36DAF7D5BE3B00B SHA1: 6EDBE8B0B808FBC2FBBCFBD13805E071D3922780 SHA-256: FB18BC45E78B201CCD5D24A1AD1656EE6E166173D5F5EF3B9393958A2215737A SHA-512: B893533643CD80C24442E47892CE544B82F45B64DC066512592024219ECC91F5B975D4BAD70E312139ADBD62EF989506B6B522D9195617AB6F66BD8C481A19E4 Malicious: false Reputation: low Preview: ..0x91b10c7b,0x01d75ce2< accdate>0x91b10c7b,0x01d75ce2....0x91b10c7b,0x01d75ce20 x91b10c7b,0x01d75ce2 ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 653 Entropy (8bit): 5.076755712637188 Encrypted: false SSDEEP: 12:TMHdNMNx0nPFFnWimI002EtM3MHdNMNx0nPFFnWimI00ObxEtMb:2d6Nx0PFFSZHKd6Nx0PFFSZ7nb MD5: 4538032C92B407850BA6FB677928183A SHA1: F06CC6A36E37376DEA8BE82ABDDC7683DD6742CB SHA-256: D6FFF33226346F2DD3C1E8D4DB643EBBA51B0181184F9B67A5237DFA7D90E9FB SHA-512: 565BECB10F2EFAA01E9ADDE87D0FD93813A4BE68384AB4F432C97C32FABD1880013A39C560485746179E7A3E90988C54C9D2751CD8475BA2D9276740D8E01FB E Malicious: false Reputation: low Preview: ..0x91b10c7b,0x01d75ce2 0x91b10c7b,0x01d75ce2....0x91b10c7b,0x01d75ce20x9 1b10c7b,0x01d75ce2 ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 656 Entropy (8bit): 5.114103526153984 Encrypted: false SSDEEP: 12:TMHdNMNxxPFFnWimI002EtM3MHdNMNxxPFFnWimI00Ob6Kq5EtMb:2d6NxNFFSZHKd6NxNFFSZ7ob MD5: 6D3460EA4E82FB76C94F49354253BC7C SHA1: ACE3CD3C7FAF985A70082B58EB917ACA50326A0F SHA-256: F8B476251FB4E12A042763246CBF43D52A02C5ACE7C254385E67C282C5D33602 SHA-512: 4D554CCD43F1DB645FDC11D98E2F303AF496549DABF3F2178604BCB94E9F40284F4CA617E573E11F85CC3A77128F54844E76860FB112086AA26856F06EDB239A

Copyright Joe Security LLC 2021 Page 10 of 24 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Malicious: false Reputation: low Preview: ..0x91b10c7b,0x01d75ce2< accdate>0x91b10c7b,0x01d75ce2....0x91b10c7b,0x01d75ce20 x91b10c7b,0x01d75ce2 ..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 659 Entropy (8bit): 5.087808961934216 Encrypted: false SSDEEP: 12:TMHdNMNxcPFFnWimI002EtM3MHdNMNxcPFFnWimI00ObVEtMb:2d6NxwFFSZHKd6NxwFFSZ7Db MD5: A075943F371BEBF5DDBD320F0A4AD771 SHA1: 862BB2823341C8073B983AA58ED5FFB731CA033F SHA-256: 190A2D119F91451ABCCDDD893F2C025D693144EC10FB0510C902AB52050573A2 SHA-512: 128E4939AAA619A6DC22DF681266B14A72DD668EA979D86A1F31840C43593B5188EE7A5AE1211AC7D520CFF40B94A638D756ED11517C08883B36A9D7E11B6C05 Malicious: false Reputation: low Preview: ..0x91b10c7b,0x01d75ce2 0x91b10c7b,0x01d75ce2....0x91b10c7b,0x01d75ce20x91b10c7b,0x01d75ce2..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 653 Entropy (8bit): 5.075016928829099 Encrypted: false SSDEEP: 12:TMHdNMNxfnPFFnWimI002EtM3MHdNMNxfnPFFnWimI00Obe5EtMb:2d6NxXFFSZHKd6NxXFFSZ7ijb MD5: 4C02C5D144C0A22ABFE398323C1ACC85 SHA1: E11A2484E3E86426FA20A05FF4A93111A3106317 SHA-256: 9AB44BB254D982A02DDDCE750073C46334DD848690FCEF9706690FAB150693A0 SHA-512: C603235FC0C84CF86534CEAFCC7A5D52622E25BE24CFB59B0DB1EA2303F7917D3D97BF42147D531878B44EF64F80A6950320B62099AF7DD619A238F98523819E Malicious: false Reputation: low Preview: ..0x91b10c7b,0x01d75ce2 0x91b10c7b,0x01d75ce2....0x91b10c7b,0x01d75ce2 0x91b10c7b,0x01d75ce2..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\en[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines, with no line terminators Category: downloaded Size (bytes): 131591 Entropy (8bit): 4.888822358775632 Encrypted: false SSDEEP: 1536:BptTcCq9Ljlizm/3K4xfWhOJ3ZaPI7XvYFqkXpCUXe:BpNc3FjliY64IhOqPI7XQFqkXpCUXe MD5: 1D745CA352E54415EECBD42FDB8FBFCC SHA1: CAA5AF487FCF64B15CEDE0BA953FF7396EB50934 SHA-256: 055BEDDEC3C4889B63A558224EF91A156B8AC1554028750112C8BE9141CAB1D0 SHA-512: D6B8C402C42C33A0C42CC41BEDD895C06E9253F6C730B803896E509DDE52DB577627BD826470C06D78FF1BD713E3F997E2D9A19A99EA37DAF18F700E4B5B223 6 Malicious: false Reputation: low IE Cache URL: https://pub.lucidpress.com/e734146a-3bee-49f2-9ca1-77bbecbfd690/en.js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\viewerDeps[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 299318 Entropy (8bit): 5.535814454533552 Encrypted: false SSDEEP: 6144:cDY0j9qeAmO4kyQQya98Hr+E4Pv08762Mz18psfLzWaGuXBWgKYDx:YYA9qeJlMzuKzGMd MD5: D82DC51BBBF073E36575DE6ED06A085D SHA1: 0C8EE63D60E77B09231C09E352AFC8E1E81B6E3A SHA-256: 8F4821079ABC965A1863D8F8CE8BDE76FB6A4B98885FB3F5DE796B1F47C7AA36 SHA-512: 1AF3CA3364EDD77995FBEFA90E62E2A9C17138174553E302C8908F3188E028A477B59AD5DE3EFD0D7AA6A440C8BEDBD348E1C69548ACF9A46C0459236B4DD6F 4 Malicious: false Reputation: low IE Cache URL: https://pub.lucidpress.com/e734146a-3bee-49f2-9ca1-77bbecbfd690/viewerDeps.js Preview: !function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports):"function"==typeof define&&define.amd?define(["exports"],e):e((t=t||self).St={})}(this,(fun ction(t){"use strict";class e{constructor(t,e){this.state={angle:0,area:[],position:{x:0,y:0},hardAngle:0,hardDrawingAngle:0},this.createdDensity=e,this.nowDrawingDensity =this.createdDensity,this.render=t}setDensity(t){this.createdDensity=t,this.nowDrawingDensity=t}setDrawingDensity(t){this.nowDrawingDensity=t}setPosition(t){thi s.state.position=t}setAngle(t){this.state.angle=t}setArea(t){this.state.area=t}setHardDrawingAngle(t){this.state.hardDrawingAngle=t}setHardAngle(t){this.state.hardAngle=t ,this.state.hardDrawingAngle=t}setOrientation(t){this.orientation=t}getDrawingDensity(){return this.nowDrawingDensity}getDensity(){return this.createdDensity}ge tHardAngle(){return this.state.hardAngle}}class i extends e{constructor(t,e,i){super(t,i),this.image=null,this.isLoad=!1,this.loadingAngle=0,this.image=new Image,this.ima

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ga[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 46274 Entropy (8bit): 5.48786904450865 Encrypted: false SSDEEP: 768:aqNVrKn0VGhn+K7U1r2p/Y60fyy3/g3OMZht1z1prkfw1+9NZ5VA:RHrLVGhnpIwp/Y7cnz1RkLL5m MD5: E9372F0EBBCF71F851E3D321EF2A8E5A SHA1: 2C7D19D1AF7D97085C977D1B69DCB8B84483D87C SHA-256: 1259EA99BD76596239BFD3102C679EB0A5052578DC526B0452F4D42F8BCDD45F SHA-512: C3A1C74AC968FC2FA366D9C25442162773DB9AF1289ADFB165FC71E7750A7E62BD22F424F241730F3C2427AFFF8A540C214B3B97219A360A231D4875E6DDEE6F Malicious: false Reputation: low IE Cache URL: https://ssl.google-analytics.com/ga.js Preview: (function(){var E;var g=window,n=document,p=function(a){var b=g._gaUserPrefs;if(b&&b.ioo&&b.ioo()||a&&!0===g["ga-disable-"+a])return!0;try{var c=g.external;if(c &&c._gaUserPrefs&&"oo"==c._gaUserPrefs)return!0}catch(f){}a=[];b=n.cookie.split(";");c=/^\s*AMP_TOKEN=\s*(.*?)\s*$/;for(var d=0;d

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\old_browser[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, UTF-8 Unicode text, with very long lines Category: dropped Size (bytes): 122912 Entropy (8bit): 5.398588379305328 Encrypted: false SSDEEP: 768:5bo6IBlJ7DuYyYiYMYnY/Y3YDYlYnY/YJlYojmyVjZKdT2+Q2PHqYUXQxYySPQm6:Vo/Z7DrRElVrF4rxY3zzkQPzwQaPHeG MD5: 4F431FEC504BD4BB6DF5F2E1C2223287 SHA1: AE5443E345D0C2157ADA6F3187DFE46523A9B57F SHA-256: C19F8C560FA5C043F8260EDEF8B65B981FE9BD8E097B9F783B9FAC86D6FA612E SHA-512: 1CBF12877B0BE7E57467333CDE3E1F1C92B7DCCEDD03C3F965B0D2782703E08B968C287AA0707D0883BAC327807C2B2F83C9EF7C0626C12463E2ABB707B91436 Malicious: false Reputation: low

Copyright Joe Security LLC 2021 Page 12 of 24 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\old_browser[1].htm Preview: