ID: 351331 Cookbook: browseurl.jbs Time: 15:08:12 Date: 10/02/2021 Version: 31.0.0 Emerald Table of Contents
Table of Contents 2 Analysis Report https://pub.lucidpress.com/0b597a37-4b38-4f16-a698- 8076bb6f34d1/ 4 Overview 4 General Information 4 Detection 4 Signatures 4 Classification 4 Startup 4 Malware Configuration 4 Yara Overview 4 Sigma Overview 4 Signature Overview 4 AV Detection: 5 Compliance: 5 Mitre Att&ck Matrix 5 Behavior Graph 5 Screenshots 6 Thumbnails 6 Antivirus, Machine Learning and Genetic Malware Detection 7 Initial Sample 7 Dropped Files 7 Unpacked PE Files 7 Domains 7 URLs 7 Domains and IPs 8 Contacted Domains 8 Contacted URLs 8 URLs from Memory and Binaries 8 Contacted IPs 9 Public 10 General Information 10 Simulations 11 Behavior and APIs 11 Joe Sandbox View / Context 11 IPs 11 Domains 11 ASN 11 JA3 Fingerprints 11 Dropped Files 11 Created / dropped Files 12 Static File Info 20 No static file info 20 Network Behavior 20 Network Port Distribution 20 TCP Packets 20 UDP Packets 22 DNS Queries 23 DNS Answers 23 HTTPS Packets 24 Code Manipulations 29 Statistics 29 Behavior 29 System Behavior 29
Copyright null 2021 Page 2 of 30 Analysis Process: iexplore.exe PID: 5580 Parent PID: 792 29 General 29 File Activities 30 Registry Activities 30 Analysis Process: iexplore.exe PID: 664 Parent PID: 5580 30 General 30 File Activities 30 Registry Activities 30 Disassembly 30
Copyright null 2021 Page 3 of 30 Analysis Report https://pub.lucidpress.com/0b597a37-4…b38-4f16-a698-8076bb6f34d1/
Overview
General Information Detection Signatures Classification
Sample URL: https://pub.lucidpres s.com/0b597a37-4b38-4f1 AAnntttiiivviiirrruuss /// SSccaannnneerrr ddeettteecctttiiioonn fffoorrr ssuubb… 6-a698-8076bb6f34d1/ Antivirus / Scanner detection for sub Analysis ID: 351331 Most interesting Screenshot:
Ransomware
Miner Spreading
mmaallliiiccciiioouusss
malicious
Evader Phishing
sssuusssppiiiccciiioouusss
suspicious
cccllleeaann
clean
Exploiter Banker
Spyware Trojan / Bot
Adware
Score: 48 Range: 0 - 100 Whitelisted: false Confidence: 100%
Startup
System is w10x64 iexplore.exe (PID: 5580 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596) iexplore.exe (PID: 664 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5580 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A) cleanup
Malware Configuration
No configs have been found
Yara Overview
No yara matches
Sigma Overview
No Sigma rule has matched
Signature Overview
Copyright null 2021 Page 4 of 30 • AV Detection • Compliance • Networking • System Summary
Click to jump to signature section
AV Detection:
Antivirus / Scanner detection for submitted sample
Compliance:
Uses new MSVCR Dlls
Uses secure TLS version for HTTPS connections
Binary contains paths to debug symbols
Mitre Att&ck Matrix
Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Windows Path Process Masquerading 1 OS File and Remote Data from Exfiltration Encrypted Eavesdrop on Remotely Modify Accounts Management Interception Injection 1 Credential Directory Services Local Over Other Channel 2 Insecure Track Device System Instrumentation Dumping Discovery 1 System Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Process LSASS Application Remote Data from Exfiltration Non- Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Injection 1 Memory Window Desktop Removable Over Application Redirect Phone Wipe Data Lockout Initialization Initialization Discovery Protocol Media Bluetooth Layer Calls/SMS Without Scripts Scripts Protocol 1 Authorization Domain At (Linux) Logon Script Logon Obfuscated Files Security Query SMB/Windows Data from Automated Application Exploit SS7 to Obtain Delete Accounts (Windows) Script or Information Account Registry Admin Shares Network Exfiltration Layer Track Device Device Device (Windows) Manager Shared Protocol 2 Location Cloud Data Drive Backups
Behavior Graph
Copyright null 2021 Page 5 of 30 Hide Legend Behavior Graph Legend: ID: 351331 Process URL: https://pub.lucidpress.com/... Signature Startdate: 10/02/2021 Architecture: WINDOWS Created File Score: 48 DNS/IP Info Is Dropped
Is Windows Process www.lucidpress.com app.lucidpress.com Number of created Registry Values
Number of created Files started Visual Basic Antivirus / Scanner detection for submitted Delphi sample Java
.Net C# or VB.NET
C, C++ or other language iexplore.exe Is malicious
Internet 1 74
started
iexplore.exe
2 47
www.google.co.uk stats.l.doubleclick.net
172.217.22.195, 443, 49713, 49714 173.194.76.155, 443, 49709, 49710 5 other IPs or domains GOOGLEUS GOOGLEUS United States United States
Screenshots
Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Copyright null 2021 Page 6 of 30 Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Source Detection Scanner Label Link https://pub.lucidpress.com/0b597a37-4b38-4f16-a698-8076bb6f34d1/ 0% Virustotal Browse https://pub.lucidpress.com/0b597a37-4b38-4f16-a698-8076bb6f34d1/ 0% Avira URL Cloud safe https://pub.lucidpress.com/0b597a37-4b38-4f16-a698-8076bb6f34d1/ 100% SlashNext Fake Login Page type: Phishing & Social Engineering
Dropped Files
No Antivirus matches
Unpacked PE Files
No Antivirus matches
Domains
Source Detection Scanner Label Link www.google.co.uk 0% Virustotal Browse
URLs
Copyright null 2021 Page 7 of 30 Source Detection Scanner Label Link https://js.hsleadflows.net/leadflows.js 0% URL Reputation safe https://js.hsleadflows.net/leadflows.js 0% URL Reputation safe https://js.hsleadflows.net/leadflows.js 0% URL Reputation safe https://js.hsleadflows.net/leadflows.js 0% URL Reputation safe https://analytics.lucid.app 0% Avira URL Cloud safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe https://www.google.%/ads/ga-audiences? 0% URL Reputation safe hammerjs.github.io/ 0% Avira URL Cloud safe https://lucidspark.com/contact/contact-sales 0% Avira URL Cloud safe brandon.aaron.sh) 0% Avira URL Cloud safe https://www.lucidspark.com/enterprise 0% Avira URL Cloud safe https://www.preprodchart.com 0% Avira URL Cloud safe https://analytics.app.preprodchart.com 0% Avira URL Cloud safe https://analytics.app.preprodpress.com 0% Avira URL Cloud safe www.wikipedia.com/ 0% URL Reputation safe www.wikipedia.com/ 0% URL Reputation safe www.wikipedia.com/ 0% URL Reputation safe https://analytics.lucidchart.eu 0% Avira URL Cloud safe
Domains and IPs
Contacted Domains
Name IP Active Malicious Antivirus Detection Reputation www.lucidpress.com 99.86.159.56 true false high app.lucidpress.com 3.209.16.152 true false high stats.l.doubleclick.net 173.194.76.155 true false high www.google.co.uk 172.217.22.195 true false 0%, Virustotal, Browse unknown d2pjrbs8oo6puz.cloudfront.net 13.226.169.69 true false high pub.lucidpress.com unknown unknown false high stats.g.doubleclick.net unknown unknown false high
Contacted URLs
Name Malicious Antivirus Detection Reputation https://pub.lucidpress.com/0b597a37-4b38-4f16-a698-8076bb6f34d1/ false high
URLs from Memory and Binaries
Name Source Malicious Antivirus Detection Reputation https://player.vimeo.com/api/player.js viewer[1].js.2.dr false high https://www.lucidpress.com viewer[1].js.2.dr false high https://player.vimeo.com/video/ viewer[1].js.2.dr false high https://lucidpress.zendesk.com/hc viewer[1].js.2.dr false high viewer[1].js.2.dr false high https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v 3.2 https://www.youtube.com/embed/ viewer[1].js.2.dr false high https://pub.lucidpress.com/0b597a37-4b38-4f16-a698- {F912A7F2-6BF4-11EB-90E6-ECF4B false high 8076bb6f34d1/Root B82F7E0}.dat.1.dr https://d2pjrbs8oo6puz.cloudfront.net/0b597a37-4b38- 0b597a37-4b38-4f16-a698-8076bb false high 4f16-a698-8076bb6f34d1/thumb-0.png 6f34d1[1].htm.2.dr www.amazon.com/ msapplication.xml.1.dr false high https://pub.lucidpress.com/0b597a37-4b38-4f16-a698- ~DF0ACE495C2FE58817.TMP.1.dr false high 8076bb6f34d1/ g.co/ng/security#xss viewer[1].js.2.dr false high https://js.hsleadflows.net/leadflows.js viewer[1].js.2.dr false URL Reputation: safe unknown URL Reputation: safe URL Reputation: safe URL Reputation: safe https://www.lucidpress.com/favicon.ico?v=3 imagestore.dat.2.dr, 0b597a37-4b38- false high 4f16-a698-8076bb6f34d1[1].htm.2.dr https://analytics.lucid.app viewer[1].js.2.dr false Avira URL Cloud: safe unknown
Copyright null 2021 Page 8 of 30 Name Source Malicious Antivirus Detection Reputation momentjs.com/guides/#/warnings/add-inverted-param/ viewer[1].js.2.dr false high www.twitter.com/ msapplication.xml5.1.dr false high support.lucidpress.com viewer[1].js.2.dr false high https://www.google.%/ads/ga-audiences? ga[1].js.2.dr false URL Reputation: safe low URL Reputation: safe URL Reputation: safe www.opensource.org/licenses/mit-license.php viewerDeps[1].js.2.dr false high momentjs.com/guides/#/warnings/js-date/ viewer[1].js.2.dr false high https://github.com/jquery/jquery/issues/2267 viewerDeps[1].js.2.dr false high https://fast.wistia.com/assets/external/E-v1.js viewer[1].js.2.dr false high https://www.lucidpress.com/business/pricing/index.html viewer[1].js.2.dr false high www.reddit.com/ msapplication.xml4.1.dr false high https://salesforce-api.lucidchart.com/ viewer[1].js.2.dr false high www.apache.org/licenses/LICENSE-2.0 viewer[1].js.2.dr, viewerDeps[1].js.2.dr false high www.linkedin.com/shareArticle?mini=true&title= viewer[1].js.2.dr false high momentjs.com/guides/#/warnings/zone/ viewer[1].js.2.dr false high www.nytimes.com/ msapplication.xml3.1.dr false high d2pjrbs8oo6puz.cloudfront.net/0b597a37-4b38-4f16- 0b597a37-4b38-4f16-a698-8076bb false high a698-8076bb6f34d1/thumb-0.png 6f34d1[1].htm.2.dr https://analytics.app.lucidchart.com viewer[1].js.2.dr false high viewer[1].js.2.dr false high https://d2slcw3kip6qmk.cloudfront.net/app/webroot/img/img_pl aceholder.png https://angular.io/ viewer[1].js.2.dr, viewerDeps[1].js.2.dr false high hammerjs.github.io/ viewerDeps[1].js.2.dr false Avira URL Cloud: safe unknown https://www.lucidpress.com/pages/cyber-monday-2017 viewer[1].js.2.dr false high https://lucidspark.com/contact/contact-sales viewer[1].js.2.dr false Avira URL Cloud: safe unknown brandon.aaron.sh) viewerDeps[1].js.2.dr false Avira URL Cloud: safe low momentjs.com/guides/#/warnings/dst-shifted/ viewer[1].js.2.dr false high https://d2slcw3kip6qmk.cloudfront.net viewer[1].js.2.dr false high https://fast.wistia.net/embed/iframe/ viewer[1].js.2.dr false high https://lucidchart.zendesk.com/hc viewer[1].js.2.dr false high g.co/ng/security#xss). viewer[1].js.2.dr false high https://www.lucidchart.com/pages/visio-stencils viewer[1].js.2.dr false high https://www.lucidchart.com viewer[1].js.2.dr false high https://www.lucidspark.com/enterprise viewer[1].js.2.dr false Avira URL Cloud: safe unknown https://stats.g.doubleclick.net/j/collect? ga[1].js.2.dr false high g.co/ng/security#xss) viewer[1].js.2.dr false high https://analytics.app.lucidpress.com viewer[1].js.2.dr false high https://angular.io/api/common/NgForOf#change- viewer[1].js.2.dr false high propagation 0b597a37-4b38-4f16-a698-8076bb false high www.lucidpress.com/img/branding/press_mark_512.png) 6f34d1[1].htm.2.dr https://www.preprodchart.com viewer[1].js.2.dr false Avira URL Cloud: safe unknown www.youtube.com/ msapplication.xml7.1.dr false high support.lucidchart.com viewer[1].js.2.dr false high https://my.matterport.com/show/?m= viewer[1].js.2.dr false high https://analytics.app.preprodchart.com viewer[1].js.2.dr false Avira URL Cloud: safe unknown https://analytics.app.preprodpress.com viewer[1].js.2.dr false Avira URL Cloud: safe unknown www.gnu.org/licenses/gpl.html viewerDeps[1].js.2.dr false high www.wikipedia.com/ msapplication.xml6.1.dr false URL Reputation: safe unknown URL Reputation: safe URL Reputation: safe www.live.com/ msapplication.xml2.1.dr false high https://angular.io/license viewer[1].js.2.dr, viewerDeps[1].js.2.dr false high https://www.lucidpress.com/pages/edu-premium viewer[1].js.2.dr false high https://users.app.lucidchart.com viewer[1].js.2.dr false high https://analytics.lucidchart.eu viewer[1].js.2.dr false Avira URL Cloud: safe unknown momentjs.com/guides/#/warnings/min-max/ viewer[1].js.2.dr false high
Contacted IPs
Copyright null 2021 Page 9 of 30 No. of IPs < 25%
25% < No. of IPs < 50% 50% < No. of IPs < 75%
75% < No. of IPs
Public
IP Domain Country Flag ASN ASN Name Malicious 173.194.76.155 unknown United States 15169 GOOGLEUS false 13.226.169.69 unknown United States 16509 AMAZON-02US false 3.209.16.152 unknown United States 14618 AMAZON-AESUS false 99.86.159.56 unknown United States 16509 AMAZON-02US false 172.217.22.195 unknown United States 15169 GOOGLEUS false
General Information
Joe Sandbox Version: 31.0.0 Emerald Analysis ID: 351331 Start date: 10.02.2021 Start time: 15:08:12 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 3m 25s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: browseurl.jbs Sample URL: https://pub.lucidpress.com/0b597a37-4b38-4f16-a 698-8076bb6f34d1/ Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 Number of analysed new started processes analysed: 10 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled AMSI enabled Analysis Mode: default
Copyright null 2021 Page 10 of 30 Analysis stop reason: Timeout Detection: MAL Classification: mal48.win@3/26@7/5 Cookbook Comments: Adjust boot time Enable AMSI Warnings: Show All Exclude process from analysis (whitelisted): ielowutil.exe, SgrmBroker.exe, svchost.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 52.147.198.201, 104.42.151.234, 88.221.62.148, 104.43.139.144, 13.64.90.137, 172.217.22.232, 172.217.20.228, 40.88.32.150, 184.30.20.56, 152.199.19.161, 2.20.142.210, 2.20.142.209 Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, fs-wildcard.microsoft.com.edgekey.net, fs- wildcard.microsoft.com.edgekey.net.globalredir.aka dns.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, audownload.windowsupdate.nsatc.net, ssl-google- analytics.l.google.com, www.google.com, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, au-bg- shim.trafficmanager.net, skypedataprdcolwus17.cloudapp.net, fs.microsoft.com, ie9comview.vo.msecnd.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, skypedataprdcoleus16.cloudapp.net, ssl.google- analytics.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus16.cloudapp.net, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.
Simulations
Behavior and APIs
No simulations
Joe Sandbox View / Context
IPs
No context
Domains
No context
ASN
No context
JA3 Fingerprints
No context
Dropped Files
Copyright null 2021 Page 11 of 30 No context
Created / dropped Files
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F912A7F0-6BF4-11EB-90E6-ECF4BB82F7E0}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 30296 Entropy (8bit): 1.8478047970744291 Encrypted: false SSDEEP: 192:rRZSZG2zWxtz5ifzQZdTzM8QsLBkQrRDkAfsfkAqdajX:rXO9KDi7o5eb MD5: 05731FCC636BC88EF595E2B79065ADB8 SHA1: 6B64D368E8E9947F55B74C12698C1176D7B663D2 SHA-256: DD809948A909F131E27A8AD57142F5FE70B6800505FCE652CB47A60FE32BC9AA SHA-512: 85184B6825A27E4B4810F07AA7BD24C5CEF073FFFBC8D92C0C5CFA16967D851B88642E3311C19459A01513AE8E7043FCC41341CCC890BE33F65FA18DE7057260 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{000ECA30-6BF5-11EB-90E6-ECF4BB82F7E0}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 16984 Entropy (8bit): 1.5594985848415213 Encrypted: false SSDEEP: 48:IwPGcprGGwpa9G4pQ1GrapbSdGQpKIG7HpRDTGIpG:rFZeQ/6lBSnATTpA MD5: 2CC2537A72289993805D6AC42AFF5899 SHA1: D5217730455C8D6F9499C42A7E59368787BE8C2C SHA-256: 9C9F28840E8701B96D0A9298B239B1FF1519ED795C0714EFEC0B0B7C5DE106AD SHA-512: 69218FED29263DADA379E4165050ECE5FEF547182F5B3EF6E6C56605C98DFB2A5B9524C6272D18FB927DD301B56A7CD3D1CFFF4600F0014875025205E2D46EC5 Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F912A7F2-6BF4-11EB-90E6-ECF4BB82F7E0}.dat Process: C:\Program Files\internet explorer\iexplore.exe File Type: Microsoft Word Document Category: dropped Size (bytes): 27748 Entropy (8bit): 1.8223829901127202 Encrypted: false SSDEEP: 48:IwmGcprDGwpaGG4pQCGrapbSIGQpBWGHHpcHTGUp83GzYpm2eGoplkHxMGiNpekR:r6ZdQ26EBSwjV2RW1MlLTQ3nS8Ibr MD5: 8E927365A46C91C2D416B7BAD680E6CA SHA1: C25CF7B9EEDC7F359604222898536117BE358385 SHA-256: 35ACFA5C27563EFAE2EA5A85A8B6169B33E5F45027473F08BB7F6F55D88CF5F9 SHA-512: 118A61864A467F0F37AC9D25347E8B77155F1B442CD67345DF734E4D2431E4654C31624E7B776466E7B529BD7351FEC0550812F3ED1F13097AB3CEB90684987E Malicious: false Reputation: low Preview: ...... R.o.o.t. .E.n.t.r. y......
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe
Copyright null 2021 Page 12 of 30 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 660 Entropy (8bit): 5.0582119918525725 Encrypted: false SSDEEP: 12:TMHdNMNxOErBzmyKBzm1nWimI002EtM3MHdNMNxOErBzmyKBzm1nWimI00OYVbkt:2d6NxOYYyKY1SZHKd6NxOYYyKY1SZ7xb MD5: DC44C154965548EE7EDD6A3E70322C84 SHA1: 889A3A2BEC7C0C77BCCF4A43A01046CFA17C721B SHA-256: E5834FC913B9E02ACF6EA0D84C9CEB0F697BC5DFA82B1981225AACFB717561F7 SHA-512: E6DBA46C54BC7DC04EE753C68077608E3679414A444906E5D6FFE018ABC160FA50E6793E6CCFB21DE7E11B489B382ADA774D920B77A88DD5F3831161BE7B641 8 Malicious: false Reputation: low Preview: ..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 657 Entropy (8bit): 5.09205566166084 Encrypted: false SSDEEP: 12:TMHdNMNxe2kunyHn1nWimI002EtM3MHdNMNxe2kunyHn1nWimI00OYkak6EtMb:2d6NxrRnyHn1SZHKd6NxrRnyHn1SZ7JS MD5: F25B0C5BA43D05276956F0F9DFA7B61B SHA1: EF05E9CAA4E6F0B4E91E3E301C6ED5752E207790 SHA-256: 77EA0D1BA2AE90E061723C7B0918AD849524D93A22363F642EB7D30ABE6B77B8 SHA-512: 0ADE3459EE1D0E1189A1745C1BE5AFD6D64D25104ACA0FDE5497732A6AE3F575ED3888DB59D6B75D3ABB54ECE9CE19AEF2ED26BF84F1E1C2DD95DB31BB641 37A Malicious: false Reputation: low Preview: ..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 666 Entropy (8bit): 5.043731399871213 Encrypted: false SSDEEP: 12:TMHdNMNxvLrcnyKcn1nWimI002EtM3MHdNMNxvLrcnyKcn1nWimI00OYmZEtMb:2d6NxvXcnyKcn1SZHKd6NxvXcnyKcn1E MD5: A0F6B2E43405776A12575C5D875AEE4F SHA1: 96B7E0CE1702581A901F3B1FA7A7D3AF6A8192ED SHA-256: 01FC728F9EAFA0DDCB3DAD836D8BFE6C2FA4C7ADBA4CA45E2FEB1A607C82F7A9 SHA-512: 8BFCE8FD062E0ED678C4009765554CBC79B93F926F74DAF0471745ADAED7F77F84336FA8F7DD8CA5B2009D0ED6D49C3FB7CC7B1F81A19CFFF9B33282B31DE1 C9 Malicious: false Reputation: low Preview: ..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 651
Copyright null 2021 Page 13 of 30 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Entropy (8bit): 5.0818805174604895 Encrypted: false SSDEEP: 12:TMHdNMNxir/RP+AyK/RP+A1nWimI002EtM3MHdNMNxir/RP+AyK/RP+A1nWimI0i:2d6NxGx+AyKx+A1SZHKd6NxGx+AyKx+S MD5: D1A4549959E6A8D81CCDD0D8B4780D2C SHA1: C73940B27EBD8C1FA482EAC466CA371A356DD3C9 SHA-256: 5A0219FC8EDF1B75C9C90BECE3BCF2C80B60A8F54BA3FB5C4020E25D60926F06 SHA-512: EB657552C6E719F298A0A5C93DFF51130D1B0105925A5A19768EEB5EB150AE8A4A5797310D0E1DCDED60374355C8B233B18F18D1D2306D4C9124B96FBBF05AB9 Malicious: false Reputation: low Preview: ..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: modified Size (bytes): 660 Entropy (8bit): 5.0595999549454085 Encrypted: false SSDEEP: 12:TMHdNMNxhGwrcnyKcn1nWimI002EtM3MHdNMNxhGwrcnyKcn1nWimI00OY8K075t:2d6NxQMcnyKcn1SZHKd6NxQMcnyKcn1q MD5: F1DDA208D5B305638EB31856C8E8A582 SHA1: EACC6FC55D5D1337D81F2C50FAE11B4FC44E27BA SHA-256: 94BEBBFA0448B5FC434E00943D201388A63C6977C9EBD1E307ED3AB9E1EFDC78 SHA-512: 1A344EA581BF0CFE9CB117DD0C3CF76715637E738CEB01A202BB3EA047318B78C3BBF6FB707DC3462DE8BAED499E93F1E4B2763EE47FA24D3D121105EE7EB7 6A Malicious: false Reputation: low Preview: ..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 657 Entropy (8bit): 5.057044649698566 Encrypted: false SSDEEP: 12:TMHdNMNx0nrBzmyKBzm1nWimI002EtM3MHdNMNx0nrBzmyKBzm1nWimI00OYxEty:2d6Nx0rYyKY1SZHKd6Nx0rYyKY1SZ7+b MD5: 2FCA0ED7D995D6DFBAF383EA7526BDBF SHA1: 5AFD651D10760BE117544B7AAB3845EF6E10317D SHA-256: 1562DD2A4DA1184063327AE7E4A706995A7571BAE6176DA4090A1D1A1505D7C2 SHA-512: 439B2E3F184E110A59E38B30A835DDF842633A7759D8CC9E3E2F144D7529FFDE2350E6B7D5C2123CC7D35B3306B03DD2D83D42236BC2B2F9D4F7C6005B672BC4 Malicious: false Reputation: low Preview: ..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 660 Entropy (8bit): 5.113032788371099 Encrypted: false SSDEEP: 12:TMHdNMNxxr/RP+AyK/RP+A1nWimI002EtM3MHdNMNxxr/RP+AyKBzm1nWimI00OL:2d6NxVx+AyKx+A1SZHKd6NxVx+AyKY1S MD5: A8EDC2CD40CB47344EBBCECF24A24FBB SHA1: D7E931A08156FAA94151FCC5F4F8ACB2800D6BF3
Copyright null 2021 Page 14 of 30 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml SHA-256: B5FB18D17A69A6FEF6C3AD557B4B2A5A18399B8D1A14140CCDA8C96146DB9F24 SHA-512: E26A5E336DEDE6F094928333552E19BECD0CC2B5D00EA796C1C4C0A5963A5A67466647A9568E8A8280705386DA32AE7BAB81D07A2025CF8F936E89CFEA200649 Malicious: false Reputation: low Preview: ..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 663 Entropy (8bit): 5.1052924990150395 Encrypted: false SSDEEP: 12:TMHdNMNxcrdJAyKdJA1nWimI002EtM3MHdNMNxcrdJAyKdJA1nWimI00OYVEtMb:2d6NxQduyKdu1SZHKd6NxQduyKdu1SZU MD5: 1249BFE13291A981DA8A3507A7736F85 SHA1: 3B8BD1C9B88EE7EFE1BF85CB577DA9AEAD93AAF5 SHA-256: 021B4B1CEAD547B750D7C864492ACD8FA9CB3E55050EAF91D834FFBD26F51954 SHA-512: 790117B6DAD5E6029D8CEBAE28BCBE36430B170DC849640A426A286ECE3DBE52F4BC26FA8AABE6AAC8074947109631C9B84853F58CCF12F916D052454262B2F 6 Malicious: false Reputation: low Preview: ..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Process: C:\Program Files\internet explorer\iexplore.exe File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 657 Entropy (8bit): 5.0676450461006155 Encrypted: false SSDEEP: 12:TMHdNMNxfnr/RP+AyK/RP+A1nWimI002EtM3MHdNMNxfnr/RP+AyK/RP+A1nWimX:2d6NxDx+AyKx+A1SZHKd6NxDx+AyKx+l MD5: 9CDE5EBDF83C0F16ED0071432D8FAEFD SHA1: 6CFE32B7F6E62D81C5F7D179B21C55E434F8FD9E SHA-256: 571FAF2084A3FF565195DEA3741E125C7C4890327A0AAE759CCFF1945BF3042A SHA-512: 85002C7780357B510C9E4CB1942B10ED937E4A62DEAC31AA10B2E848735D2CF65BE07914C051DAF61FF429F30AD596A5E9BB0FE745CC9A5F0FFB33EBDBE8CA AF Malicious: false Reputation: low Preview: ..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\po60zt0\imagestore.dat Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: data Category: modified Size (bytes): 879 Entropy (8bit): 6.793533107324673 Encrypted: false SSDEEP: 24:p3Em/6DduFFFFC/mA0j3CFAqTaqrrSFFFFFFFD:p3Em/6DduFFFFXAwCrHruFFFFFFFD MD5: 02B5B74F6324D61E0F6F9EA086B9FF9E SHA1: 45A2EE6E10258433F27C0B5801ECB4D5441C9D19 SHA-256: 77D18C3469B75AD15A160F514CA7BE966D8D833AB690C6FA1260CDBDF9709C6B SHA-512: B2F4E6D11EB8D63A72E0DAFD6B69D2C8F6C7FCFA53DF445C3303A2C9931DF9D80D0F9DFE511371199F22A6D10C260C360DE1A2A59DA78E3651655B46C4C9846 3 Malicious: false
Copyright null 2021 Page 15 of 30 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\po60zt0\imagestore.dat Reputation: low Preview: *.h.t.t.p.s.:././.w.w.w...l.u.c.i.d.p.r.e.s.s...c.o.m./.f.a.v.i.c.o.n...i.c.o.?.v.=.3...... PNG...... IHDR...`...`...... w8....pHYs...... sRGB...... gAMA...... a.....IDATx...A+.Q....7EI...(R ,...... X..X.Z.4+..de.|...1..$3Q...D.s...S.s....>.....9g.do.E...... 1....1....1....1....1...... [email protected].{P.k.C.Z;ds`\.M-....2M.50.. 4^..9....b.|...... !d...1S.O$in..x. .9...@G...... M=...... (...$...... M=N...... BgF...|..)g{A..=\.:.....`....`....`....`....`....`....`....`....`....`....`....`...>..;4)..:...>?0\...W...... 2..#.....`H...A.B6..qT.|<..E...... @....`....+.\.k..`.^. .X>.h:.n..'9..J... <.K.(.GE.z.z...4...... #'V.....1..4...8..8.Py.J...s^.$~..we..K..O.1....1....1....1....1....1....1....1....1...... 6...b.}\... .IEND.B`.`...`...... g$`.....g$`....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\style[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines, with no line terminators Category: downloaded Size (bytes): 429481 Entropy (8bit): 5.294660680081011 Encrypted: false SSDEEP: 3072:iT+j1Pg7X69+AOZUnzgIgHZhbRefQfaH8c8Rr4TNbtiPk02toZ4nj:bfQfaU4uZ4nj MD5: 24769303760CB8B141C35D6480775BFE SHA1: B306C8037548EDDE0BFB243F30FCFDCF248B4851 SHA-256: 7F3DF99C7F4A283C3A986C8D137F1461B9133B7A6105D4A3BFF16ADEE51648AE SHA-512: 83777B700D2AA3349AC79AB410A3F5A90CFD2BFB443D20363050929DF4E9C5F4375B4709981EA50EADB500F8EF7B547817D65806C8859AA7E8F8C8FEED6D3D24 Malicious: false Reputation: low IE Cache URL: https://pub.lucidpress.com/c955c4a7-551d-4ec1-99bc-3d10439fe205/style.css Preview: .lucid-growl{position:relative;width:200px;background:#1071e5;color:#fff;border:1px solid #0d59b5;border-radius:2px;margin-bottom:4px;font-size:12px}.lucid-growl .close,. lucid-ubergrowl .rSide .close{background:#fff;font-size:10px;cursor:pointer;vertical-align:top}.lucid-growl .close{position:absolute;right:-4px;top:-4px;height:16px;width :16px;-webkit-box-sizing:border-box;box-sizing:border-box;border:1px solid #0d59b5;border-radius:50%;color:#0d59b5;text-align:center;line-height:14px;padding-bo ttom:1px}.lucid-ubergrowl,.lucid-ubergrowl .lSide,.lucid-ubergrowl .rSide{position:relative}.lucid-growl .close:before{content:'.'}.lucid-growl .message{margin:8px 10px;line- height:1.4}.lucid-growl .message a{color:#fff}.ubergrowl-container{left:0;right:0;text-align:center}.lucid-ubergrowl{display:inline-block;vertical-align:top;height:27px;white-s pace:nowrap;color:#fff;margin-bottom:4px;font-size:12px;font-weight:700}.lucid-ubergrowl div{height:27px}.lucid-ubergrowl .lSide,.lucid-ubergrowl .me
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\viewer[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: data Category: downloaded Size (bytes): 3250346 Entropy (8bit): 5.59292243343166 Encrypted: false SSDEEP: 49152:he7lq9l3IkeZsezw+qP2I6UMNIm962zX4uG8:teWvo MD5: 319C7E26B13BCA8B802E4C8C7CC1833D SHA1: FCB481A1A74385688DC14EE42C74A4E232D06707 SHA-256: 8D738DDB5FE0A3BCB63535D09B4DAE38C46F0A064D6D8DF10C7B62C77052D06D SHA-512: F457521D7AA6948B18875EB3E74EB16DE18A8EDD51CD18E4CBD7B2DC2FF20AF3F389E58452134BE6636F2B84E1B9E2E38A867AB0EDDF6C3B19F9D24B2D7043 C7 Malicious: false Reputation: low IE Cache URL: https://pub.lucidpress.com/c955c4a7-551d-4ec1-99bc-3d10439fe205/viewer.js Preview: var vwr;function vwraa(a){var b=0;return function(){return b C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\app-banner[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 951 Entropy (8bit): 4.892688444401544 Encrypted: false SSDEEP: 12:gKRzP3DsEZyW5e9fWORnJYYaGWutm4HNV0FofgiBpUdTdigqacDHZtbViWj:dkOe97JJYYNHtm4aofgiBpbDH/bnj MD5: F84FA4AD7B35BC1E13F6B79E4BC08F4D SHA1: 88F9A86674FDF3198FF66045BF656DE7D381B662 SHA-256: FB9ABB6AE9383EF9A1694AE3E0EC28B139E0059AD71500DD5A9359A065B469C9 SHA-512: 164C1D6EAB64ED9A0BD5FE7B27D6851B73EA2AF6CF3B89472F22B8302E6E8C83F98AAFC8DDCCA04074ACAA84A94048C5C58C76EE1F2A3F0E29A36FD5182812 55 Malicious: false Reputation: low Copyright null 2021 Page 16 of 30 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\app-banner[1].css IE Cache URL: https://app.lucidpress.com/css/apps/press/viewer/app-banner.css Preview: .app-banner{position:absolute;top:0;left:0;right:0;width:auto;height:64px;padding:10px;background:#f2f2f2;border-bottom:#ccc solid 1px;font-family:Helvetica,Arial,sans-se rif}.app-banner-close{position:absolute;display:block;top:0;left:0;bottom:0;width:30px;height:auto;margin:0;padding:0;border:none;-webkit-appearance:none;font-size:20px;t ext-align:center;line-height:84px;color:#5d646f}.app-banner-icon{position:absolute;left:30px}.app-banner-info{position:absolute;left:104px;font-size:12px;line-height:16px ;color:#999;padding-top:8px}.app-banner-info strong{font-weight:400;font-size:14px;color:#000}.app-banner-info em{font-style:normal;color:#333}.app-banner-actio ns{float:right}.app-banner-action{float:left;height:48px;margin-top:8px;margin-left:10px;line-height:48px;padding:0 16px;background:#f8f8f8;border:1px solid rgba(0,0,0,.1 );border-radius:6px;color:#00c2a8;font-size:18px;text-transform:uppercase}.app-banner-action:active{opacity:.5} C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\en[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: UTF-8 Unicode text, with very long lines, with no line terminators Category: downloaded Size (bytes): 122698 Entropy (8bit): 4.8947889311451585 Encrypted: false SSDEEP: 1536:5ptTL3q9LjliIWqZ4xfWhOJ3ZVPMXtwkXpCYLb:5pNL6Fjlinc4IhOlPMXtwkXpCYLb MD5: 8B4DF9002571C5D5F9FAE80F568B6322 SHA1: D6449A16C6B582D9B18C0051C6FA1F986022983B SHA-256: EDAF1B165C33AAD89D1F29927F5CC5FBB3061DBD40C1C85FE33E848826B52303 SHA-512: AFB01A1C57C9F65D3236351814F3DEEB21C9C275746AA5F3C9D3E802A857BCAC7ED0077562D1809AEFB58318086D3DAB60B25254AD5A605999CE60A694BCF5B 4 Malicious: false Reputation: low IE Cache URL: https://pub.lucidpress.com/c955c4a7-551d-4ec1-99bc-3d10439fe205/en.js Preview: i18n.setData(JSON.parse("{\"actionpanel-layers-done\":\"Done\",\"admin-error-no-connection\":\"Could not connect to server. Check your internet connection.\",\"auth-app-l ogin-page-title\":\"Log in\",\"auth-app-login-page-title-v3\":\"Log in to access {products} and {productLast}\",\"billing-info-countries-AC\":\"Ascension Island\",\"billing-info-co untries-AD\":\"Andorra\",\"billing-info-countries-AE\":\"United Arab Emirates\",\"billing-info-countries-AF\":\"Afghanistan\",\"billing-info-countries-AG\":\"Antigua and Barbuda\",\"billing-info-countries-AI\":\"Anguilla\",\"billing-info-countries-AL\":\"Albania\",\"billing-info-countries-AM\":\"Armenia\",\"billing-info-countries-AN\":\"Netherlands Antilles\",\"billing-info-countries-AO\":\"Angola\",\"billing-info-countries-AQ\":\"Antarctica\",\"billing-info-countries-AR\":\"Argentina\",\"billing-info-countries-AS\":\"American Samoa\",\"billing-info-countries-AT\":\"Austria\",\"billing-info-countries-AU\":\"Australia\",\"billing-info-countrie C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\loading[1].css Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines, with no line terminators Category: downloaded Size (bytes): 821 Entropy (8bit): 4.934965949776017 Encrypted: false SSDEEP: 12:douwPRvos+y7BD5l/q5/A9HzD8xKTzD8xKRh3uhAuRhSlueAu0n:dDwhEKbZqle0kQkRhehHRhReH0n MD5: 878CF683397A2522AFA6120C708EAFEE SHA1: 4213687D5569FEBD69A49C162C98C52AAB3CADC7 SHA-256: 1DFA2D4931873638FC43750237D7618917356FAC471F0B5DB9098EB6D9CD6033 SHA-512: 933DCF405BE32A8024E723EFC90AC2E098CAE27EEE1630FF3A48C75796A3E73114E0EE63BB58A600B932905675993E875B5F8266D3059B786CC348E3F3C03EC1 Malicious: false Reputation: low IE Cache URL: https://app.lucidpress.com/css/apps/press/viewer/loading.css Preview: .loading-svg{width:0;height:0}.loading-dots{width:120px;height:20px;position:relative}.loading-dots div{background:#a9afb8;width:20px;height:20px;border-radius:50%;- webkit-transform:translateX(0);-ms-transform:translateX(0);transform:translateX(0);position:absolute;left:0;-webkit-animation:slide 2s infinite ease;animation:slide 2s infinite ease}@-webkit-keyframes slide{5%,95%{-webkit-transform:translateX(0);transform:translateX(0)}45%,55%{-webkit-transform:translateX(100px);transform:translateX( 100px)}}@keyframes slide{5%,95%{-webkit-transform:translateX(0);transform:translateX(0)}45%,55%{-webkit-transform:translateX(100px);transform:translateX(100px)} }.loading-dots div:nth-child(2){-webkit-animation-delay:.15s;animation-delay:.15s}.loading-dots div:nth-child(3){-webkit-animation-delay:.3s;animation-delay:.3s} C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\0b597a37-4b38-4f16-a698-8076bb6f34d1[1].htm Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: HTML document, ASCII text Category: downloaded Size (bytes): 7587 Entropy (8bit): 4.697891738037394 Encrypted: false SSDEEP: 96:vHZ46yFDqu4LB0e8vPWCtkqBi481iorqTJeSLtqyVQDt90Sf3eTiL9UtSY7t456m:fZ3Yk0sIJeSL4WIt9p/emUtSYBlt7uM2 MD5: FC6A6E899E2BD518F36EC66F78CCEB44 SHA1: 0AF49E2C564E4DDD62BCF88593A25E76EF3297FB SHA-256: E6B50560250013578D244DECAFCDEB6F6A2A68E3985D0DEFDB26C375FF6165DF SHA-512: 3DAA1FB194075BBC1D90E9D98DD03FDC0937470C6841C8E6559A04C72A44E18B1D731C9D3C8621C58EE3FF05649BE5FBBA8E511CFD10CBF059876970B97C2C1 0 Malicious: false Reputation: low Copyright null 2021 Page 17 of 30 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\0b597a37-4b38-4f16-a698-8076bb6f34d1[1].htm IE Cache URL: https://pub.lucidpress.com/0b597a37-4b38-4f16-a698-8076bb6f34d1/ Preview: ....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\favicon[1].ico Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced Category: dropped Size (bytes): 757 Entropy (8bit): 7.028220010997942 Encrypted: false SSDEEP: 12:6v/7kE/6Ts/yPdJt2FFFFCedEmOaf85OhjL7HRoCoBP4OFlJxAqWnrPIPd7XSFF6:C/6DduFFFFC/mA0j3CFAqTaqrrSFFFFG MD5: A6B3E320675A214FDA0A28F567AE1993 SHA1: E393FF070774BC3E792667BB1766D7A9558FB308 SHA-256: E15A61ED81758E453D4C7B439E5A3A3336FDE8AC3B01C07AD0280B36D5DB9F9C SHA-512: 1FD6BBEB14560787D751D4B2695BDD2B78A50BFD595B27B1A7C62654BE6EE1F72648B47F2EA9B0FE3570028361C0C40E2B64DC7ECD4281BA45DA607F0E335D9 1 Malicious: false Reputation: low Preview: .PNG...... IHDR...`...`...... w8....pHYs...... sRGB...... gAMA...... a.....IDATx...A+.Q....7EI...(R,...... X..X.Z.4+..de.|...1..$3Q...D.s...S.s....>.....9g.do.E...... 1....1....1....1....1...... [email protected].{P.k.C.Z;ds`\.M-....2M.50.. 4^..9....b.|...... !d...1S.O$in..x. .9...@G...... M=...... (...$...... M=N...... BgF...|..)g{A..=\.:.....`....`....`....`....`....`....`....`....`....`....`... .`...>..;4)..:...>?0\...W...... 2..#.....`H...A.B6..qT.|<..E...... @....`....+.\.k..`.^. .X>.h:.n..'9..J...<.K.(.GE.z.z...4...... #'V.....1..4...8..8.Py.J...s^.$~..we..K..O.1....1....1....1....1....1....1....1....1...... 6...b.}\....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\ga[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 46274 Entropy (8bit): 5.48786904450865 Encrypted: false SSDEEP: 768:aqNVrKn0VGhn+K7U1r2p/Y60fyy3/g3OMZht1z1prkfw1+9NZ5VA:RHrLVGhnpIwp/Y7cnz1RkLL5m MD5: E9372F0EBBCF71F851E3D321EF2A8E5A SHA1: 2C7D19D1AF7D97085C977D1B69DCB8B84483D87C SHA-256: 1259EA99BD76596239BFD3102C679EB0A5052578DC526B0452F4D42F8BCDD45F SHA-512: C3A1C74AC968FC2FA366D9C25442162773DB9AF1289ADFB165FC71E7750A7E62BD22F424F241730F3C2427AFFF8A540C214B3B97219A360A231D4875E6DDEE6F Malicious: false Reputation: low IE Cache URL: https://ssl.google-analytics.com/ga.js Copyright null 2021 Page 18 of 30 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\ga[1].js Preview: (function(){var E;var g=window,n=document,p=function(a){var b=g._gaUserPrefs;if(b&&b.ioo&&b.ioo()||a&&!0===g["ga-disable-"+a])return!0;try{var c=g.external;if(c &&c._gaUserPrefs&&"oo"==c._gaUserPrefs)return!0}catch(f){}a=[];b=n.cookie.split(";");c=/^\s*AMP_TOKEN=\s*(.*?)\s*$/;for(var d=0;d C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\i18n[1].js Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe File Type: ASCII text, with very long lines Category: downloaded Size (bytes): 3322 Entropy (8bit): 5.439910857565113 Encrypted: false SSDEEP: 96:mVUli5yxoZONeWmZ/ie8LSOE2Il81Go1K:pxyONej/isOEH61K MD5: C229F6AE1BC277658A2E387FFE0380D2 SHA1: 20574BBC14D78F8B6EB82A9BA93BE07E23CA4585 SHA-256: E288698182B7EF77D043470E4C108068F55D704EAFD8C1F59EA48E9980B1D151 SHA-512: B5377D4C8F8BAE75CB1057981A09FA224737C3212DB2F791E020DAF2BCBCBF5370EE28B3219A760C1DED8C5043747E533376A5728E9524F090FD90A4CD3500E2 Malicious: false Reputation: low IE Cache URL: https://pub.lucidpress.com/c955c4a7-551d-4ec1-99bc-3d10439fe205/i18n.js Preview: ;(function(){var g=/&/g,h=//g,m=/"/g,n=/'/g,q=/\x00/g,r=/[\x00&<>"']/;function t(a,b){var e={},c;for(c in a)e[c]=b.call(void 0,a[c],c,a);return e};function u(){this.data={} ;this.a="en";this.g=!1;this.f="";this.c=/\{(\S+?)\}/gm}this.i18n||(this.i18n=new u);u.prototype.setData=function(a,b){var e=this.data,c=typeof e;if("object"==c&&null!=e|| "function"==c)for(var f in a)e[f]=a[f];else this.data=a;this.a=b||"en"};u.prototype.getLanguage=function(){return this.a};u.prototype.setDebug=function(a,b){this.g=a;b&&( this.f=b.split("").filter(function(a){return/[\w \.!@#$%^&*\?]/.test(a)}).join(""))};.u.prototype.getInLocale=function(a,b,e,c){b=a+"--"+b;e=e&&t(e,function(b){return"num ber"==typeof b?new I18nFormattedNumber(b,a,{}):b instanceof I18nFormattedNumber?new I18nFormattedNumber(b.value,a,b.b):b});c=this.get(b,e,c);return c==b?null:c} ;.u.prototype.get=function(a,b,e){b=b||{};if("count"in b){var c=b.count;if("number"==typeof c||c instanceof I18nFormattedNumber){var f=a;var c=c insta C:\Users\user\AppData\Local\Temp\~DF0ACE495C2FE58817.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Category: dropped Size (bytes): 35445 Entropy (8bit): 0.5095130650252571 Encrypted: false SSDEEP: 48:kBqoxKAuvScS+55pLC2I2nkHx9Wx3nGWx2xYxzxMW0:kBqoxKAuvScS+npLCJ63nS MD5: A78CEA4FA6385D695126E4B5E06D2811 SHA1: 12471998B95C6ED8088C6BADE20B1510B2CBEE6A SHA-256: 8A79456AD38BD647AA6D4E7C15E1E90315FC1270FBF769E38ECF819E805FD652 SHA-512: C8D25D696C72EE9920F73E0F0452F2BC179F4153E0392FFE79F2BC8B776F5D3640B56FC050AB726DFBC3890C53E37C5C248B66C4A52BC2303A8687BF6681D2FB Malicious: false Reputation: low Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(...... C:\Users\user\AppData\Local\Temp\~DF6FE9049C61D9AAA7.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Category: dropped Size (bytes): 25441 Entropy (8bit): 0.30166039637070224 Encrypted: false SSDEEP: 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAU1:kBqoxxJhHWSVSEabU1 MD5: 3F964B3AC95D725DF96FF7DF270E1757 SHA1: 401B6ED499A04F9969178B1B77E5B9252AFA20AF SHA-256: 75D02472DD4A7472B87E9894D8A197112BC8486BD8C5D7141ACCB2EB7BBF59C9 SHA-512: 0736F0DF100E72EE302FD52F63E56DA4BE8382822321B0A4E97F3ED829CDD1C9FBFBFB9A5AB10045B8C850DC9B1F3B46A03A72D448ECDD794E86215DF79971A 9 Malicious: false Reputation: low Copyright null 2021 Page 19 of 30 C:\Users\user\AppData\Local\Temp\~DF6FE9049C61D9AAA7.TMP Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(...... C:\Users\user\AppData\Local\Temp\~DFDBEE94A0F109F98A.TMP Process: C:\Program Files\internet explorer\iexplore.exe File Type: data Category: dropped Size (bytes): 13029 Entropy (8bit): 0.4761383249969825 Encrypted: false SSDEEP: 24:c9lLh9lLh9lIn9lIn9lo+9lou9lWcqoSPIHPL:kBqoIZv3KL MD5: D6F3F3D2E3D9775D913BD9D7085DD978 SHA1: 6147786F85B6EB8C49B927AAA41B75036B583697 SHA-256: 7EDE03E37927460A1A23DD66E3351EC56FA0E30507128F56F3793604C771C522 SHA-512: 568F3E591238113BA90C5B5026E9C57991EEC57AF1AE11994A405EC19AB7799BB008E582627B3FC03F788320F05AD3638B39CE0607CB3CCE75D7371416BAFB38 Malicious: false Reputation: low Preview: ...... *%..H..M..{y..+.0...(...... *%..H..M..{y..+.0...(...... Static File Info No static file info Network Behavior Network Port Distribution Total Packets: 83 • 53 (DNS) • 443 (HTTPS) TCP Packets Timestamp Source Port Dest Port Source IP Dest IP Feb 10, 2021 15:09:09.431174040 CET 49700 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.432157040 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.476054907 CET 443 49700 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.476176023 CET 49700 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.477102995 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.477209091 CET 49701 443 192.168.2.7 13.226.169.69 Copyright null 2021 Page 20 of 30 Timestamp Source Port Dest Port Source IP Dest IP Feb 10, 2021 15:09:09.487365961 CET 49700 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.490936995 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.532250881 CET 443 49700 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.535315037 CET 443 49700 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.535345078 CET 443 49700 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.535371065 CET 443 49700 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.535393000 CET 49700 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.535422087 CET 49700 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.535860062 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.538641930 CET 443 49700 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.538743019 CET 49700 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.538980007 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.538996935 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.539016962 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.539060116 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.539094925 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.542423010 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.542488098 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.597172976 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.602849960 CET 49700 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.604208946 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.604636908 CET 49700 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.605122089 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.642388105 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.642647028 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.642669916 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.642761946 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.642790079 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.646162033 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.647680998 CET 443 49700 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.648387909 CET 443 49700 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.648432016 CET 443 49700 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.648467064 CET 49700 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.648497105 CET 49700 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.649095058 CET 49700 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.649149895 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.649419069 CET 443 49700 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.649461985 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.649497986 CET 443 49700 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.649538994 CET 49700 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.649543047 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:09.649997950 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.691266060 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:09.693835020 CET 443 49700 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.074909925 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.074937105 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.074948072 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.075038910 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.075072050 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.174952030 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.181180954 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.181436062 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.181652069 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.181804895 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.220035076 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.226186037 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.226243973 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.226453066 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.226603031 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.239187002 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.239217043 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.239304066 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.239325047 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.239733934 CET 443 49701 13.226.169.69 192.168.2.7 Copyright null 2021 Page 21 of 30 Timestamp Source Port Dest Port Source IP Dest IP Feb 10, 2021 15:09:10.239754915 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.239794016 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.239805937 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.241038084 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.241060972 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.241157055 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.241166115 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.242255926 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.242283106 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.242352962 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.243515015 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.243535995 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.243592978 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.243619919 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.244776011 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.244793892 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.244859934 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.244893074 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.246011972 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.246062040 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.246093988 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.246115923 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.247299910 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.247344017 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.247348070 CET 49703 443 192.168.2.7 99.86.159.56 Feb 10, 2021 15:09:10.247369051 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.247401953 CET 49701 443 192.168.2.7 13.226.169.69 Feb 10, 2021 15:09:10.248579025 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.248595953 CET 443 49701 13.226.169.69 192.168.2.7 Feb 10, 2021 15:09:10.248651981 CET 49701 443 192.168.2.7 13.226.169.69 UDP Packets Timestamp Source Port Dest Port Source IP Dest IP Feb 10, 2021 15:09:02.372344017 CET 55411 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:02.420945883 CET 53 55411 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:03.338009119 CET 63668 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:03.386579990 CET 53 63668 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:07.396074057 CET 54640 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:07.455075026 CET 53 54640 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:07.770879030 CET 58739 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:07.820849895 CET 53 58739 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:09.322896957 CET 60338 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:09.406178951 CET 53 60338 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:09.774883032 CET 58717 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:09.823565006 CET 53 58717 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:10.185828924 CET 59762 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:10.245564938 CET 53 59762 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:11.468964100 CET 54329 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:11.534142971 CET 53 54329 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:12.859704018 CET 58052 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:12.925020933 CET 53 58052 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:13.402194023 CET 54008 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:13.468060970 CET 53 54008 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:13.653953075 CET 59451 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:13.705430984 CET 53 59451 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:13.898863077 CET 52914 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:13.964422941 CET 53 52914 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:14.605614901 CET 64569 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:14.654292107 CET 53 64569 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:15.701241970 CET 52816 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:15.752921104 CET 53 52816 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:16.802664995 CET 50781 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:16.854644060 CET 53 50781 8.8.8.8 192.168.2.7 Copyright null 2021 Page 22 of 30 Timestamp Source Port Dest Port Source IP Dest IP Feb 10, 2021 15:09:17.842267036 CET 54230 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:17.893834114 CET 53 54230 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:18.731616974 CET 54911 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:18.780405045 CET 53 54911 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:19.325081110 CET 49958 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:19.387408018 CET 53 49958 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:19.805730104 CET 50860 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:19.862540960 CET 53 50860 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:27.443805933 CET 50452 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:27.503676891 CET 53 50452 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:27.691358089 CET 59730 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:27.740019083 CET 53 59730 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:27.987896919 CET 59310 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:28.051487923 CET 53 59310 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:28.595278025 CET 51919 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:28.644021034 CET 53 51919 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:37.403439045 CET 64296 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:37.452285051 CET 53 64296 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:38.467483044 CET 64296 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:38.516884089 CET 53 64296 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:38.684542894 CET 56680 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:38.733604908 CET 53 56680 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:39.458050966 CET 64296 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:39.506860971 CET 53 64296 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:39.763706923 CET 56680 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:39.812422037 CET 53 56680 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:40.753004074 CET 56680 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:40.801903009 CET 53 56680 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:41.471817970 CET 64296 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:41.520514011 CET 53 64296 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:42.768945932 CET 56680 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:42.817683935 CET 53 56680 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:45.688422918 CET 64296 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:45.737139940 CET 53 64296 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:46.785938025 CET 56680 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:46.839490891 CET 53 56680 8.8.8.8 192.168.2.7 Feb 10, 2021 15:09:50.469557047 CET 58820 53 192.168.2.7 8.8.8.8 Feb 10, 2021 15:09:50.530996084 CET 53 58820 8.8.8.8 192.168.2.7 DNS Queries Timestamp Source IP Dest IP Trans ID OP Code Name Type Class Feb 10, 2021 15:09:09.322896957 CET 192.168.2.7 8.8.8.8 0x89c6 Standard query pub.lucidp A (IP address) IN (0x0001) (0) ress.com Feb 10, 2021 15:09:10.185828924 CET 192.168.2.7 8.8.8.8 0xec58 Standard query www.lucidp A (IP address) IN (0x0001) (0) ress.com Feb 10, 2021 15:09:11.468964100 CET 192.168.2.7 8.8.8.8 0xdfc4 Standard query app.lucidp A (IP address) IN (0x0001) (0) ress.com Feb 10, 2021 15:09:13.402194023 CET 192.168.2.7 8.8.8.8 0x60e8 Standard query stats.g.do A (IP address) IN (0x0001) (0) ubleclick.net Feb 10, 2021 15:09:13.898863077 CET 192.168.2.7 8.8.8.8 0x8abc Standard query www.google A (IP address) IN (0x0001) (0) .co.uk Feb 10, 2021 15:09:27.443805933 CET 192.168.2.7 8.8.8.8 0x3f94 Standard query www.lucidp A (IP address) IN (0x0001) (0) ress.com Feb 10, 2021 15:09:27.987896919 CET 192.168.2.7 8.8.8.8 0x1928 Standard query app.lucidp A (IP address) IN (0x0001) (0) ress.com DNS Answers Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Feb 10, 2021 8.8.8.8 192.168.2.7 0x89c6 No error (0) pub.lucidp d2pjrbs8oo6puz.cloudfron CNAME IN (0x0001) 15:09:09.406178951 ress.com t.net (Canonical CET name) Feb 10, 2021 8.8.8.8 192.168.2.7 0x89c6 No error (0) d2pjrbs8oo 13.226.169.69 A (IP address) IN (0x0001) 15:09:09.406178951 6puz.cloud CET front.net Copyright null 2021 Page 23 of 30 Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Feb 10, 2021 8.8.8.8 192.168.2.7 0x89c6 No error (0) d2pjrbs8oo 13.226.169.97 A (IP address) IN (0x0001) 15:09:09.406178951 6puz.cloud CET front.net Feb 10, 2021 8.8.8.8 192.168.2.7 0x89c6 No error (0) d2pjrbs8oo 13.226.169.4 A (IP address) IN (0x0001) 15:09:09.406178951 6puz.cloud CET front.net Feb 10, 2021 8.8.8.8 192.168.2.7 0x89c6 No error (0) d2pjrbs8oo 13.226.169.24 A (IP address) IN (0x0001) 15:09:09.406178951 6puz.cloud CET front.net Feb 10, 2021 8.8.8.8 192.168.2.7 0xec58 No error (0) www.lucidp 99.86.159.56 A (IP address) IN (0x0001) 15:09:10.245564938 ress.com CET Feb 10, 2021 8.8.8.8 192.168.2.7 0xec58 No error (0) www.lucidp 99.86.159.59 A (IP address) IN (0x0001) 15:09:10.245564938 ress.com CET Feb 10, 2021 8.8.8.8 192.168.2.7 0xec58 No error (0) www.lucidp 99.86.159.9 A (IP address) IN (0x0001) 15:09:10.245564938 ress.com CET Feb 10, 2021 8.8.8.8 192.168.2.7 0xec58 No error (0) www.lucidp 99.86.159.70 A (IP address) IN (0x0001) 15:09:10.245564938 ress.com CET Feb 10, 2021 8.8.8.8 192.168.2.7 0xdfc4 No error (0) app.lucidp 3.209.16.152 A (IP address) IN (0x0001) 15:09:11.534142971 ress.com CET Feb 10, 2021 8.8.8.8 192.168.2.7 0xdfc4 No error (0) app.lucidp 54.85.236.27 A (IP address) IN (0x0001) 15:09:11.534142971 ress.com CET Feb 10, 2021 8.8.8.8 192.168.2.7 0xdfc4 No error (0) app.lucidp 54.144.101.159 A (IP address) IN (0x0001) 15:09:11.534142971 ress.com CET Feb 10, 2021 8.8.8.8 192.168.2.7 0x60e8 No error (0) stats.g.do stats.l.doubleclick.net CNAME IN (0x0001) 15:09:13.468060970 ubleclick.net (Canonical CET name) Feb 10, 2021 8.8.8.8 192.168.2.7 0x60e8 No error (0) stats.l.do 173.194.76.155 A (IP address) IN (0x0001) 15:09:13.468060970 ubleclick.net CET Feb 10, 2021 8.8.8.8 192.168.2.7 0x60e8 No error (0) stats.l.do 173.194.76.157 A (IP address) IN (0x0001) 15:09:13.468060970 ubleclick.net CET Feb 10, 2021 8.8.8.8 192.168.2.7 0x60e8 No error (0) stats.l.do 173.194.76.154 A (IP address) IN (0x0001) 15:09:13.468060970 ubleclick.net CET Feb 10, 2021 8.8.8.8 192.168.2.7 0x60e8 No error (0) stats.l.do 173.194.76.156 A (IP address) IN (0x0001) 15:09:13.468060970 ubleclick.net CET Feb 10, 2021 8.8.8.8 192.168.2.7 0x8abc No error (0) www.google 172.217.22.195 A (IP address) IN (0x0001) 15:09:13.964422941 .co.uk CET Feb 10, 2021 8.8.8.8 192.168.2.7 0x3f94 No error (0) www.lucidp 65.9.69.128 A (IP address) IN (0x0001) 15:09:27.503676891 ress.com CET Feb 10, 2021 8.8.8.8 192.168.2.7 0x3f94 No error (0) www.lucidp 65.9.69.104 A (IP address) IN (0x0001) 15:09:27.503676891 ress.com CET Feb 10, 2021 8.8.8.8 192.168.2.7 0x3f94 No error (0) www.lucidp 65.9.69.77 A (IP address) IN (0x0001) 15:09:27.503676891 ress.com CET Feb 10, 2021 8.8.8.8 192.168.2.7 0x3f94 No error (0) www.lucidp 65.9.69.10 A (IP address) IN (0x0001) 15:09:27.503676891 ress.com CET Feb 10, 2021 8.8.8.8 192.168.2.7 0x1928 No error (0) app.lucidp 3.209.16.152 A (IP address) IN (0x0001) 15:09:28.051487923 ress.com CET Feb 10, 2021 8.8.8.8 192.168.2.7 0x1928 No error (0) app.lucidp 54.85.236.27 A (IP address) IN (0x0001) 15:09:28.051487923 ress.com CET Feb 10, 2021 8.8.8.8 192.168.2.7 0x1928 No error (0) app.lucidp 54.144.101.159 A (IP address) IN (0x0001) 15:09:28.051487923 ress.com CET HTTPS Packets Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Copyright null 2021 Page 24 of 30 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Feb 10, 2021 13.226.169.69 443 192.168.2.7 49700 CN=*.lucidpress.com CN=Amazon, Sat Apr Tue May 771,49196-49195- 9e10692f1b7f78228b2d4e 15:09:09.538641930 CN=Amazon, OU=Server CA OU=Server CA 1B, 04 04 49200-49199- 424db3a98c CET 1B, O=Amazon, C=US O=Amazon, C=US 02:00:00 14:00:00 49188-49187- CN=Amazon Root CA 1, CN=Amazon Root CEST CEST 49192-49191- O=Amazon, C=US CA 1, O=Amazon, 2020 2021 49162-49161- CN=Starfield Services Root C=US CN=Starfield Thu Oct Sun Oct 49172-49171-157- Certificate Authority - G2, Services Root 22 19 156-61-60-53-47- O="Starfield Technologies, Certificate Authority - 02:00:00 02:00:00 10,0-10-11-13-35- Inc.", L=Scottsdale, G2, O="Starfield CEST CEST 16-23-24- ST=Arizona, C=US Technologies, Inc.", 2015 2025 65281,29-23-24,0 L=Scottsdale, Mon Thu Dec ST=Arizona, C=US May 25 31 OU=Starfield Class 2 14:00:00 02:00:00 Certification CEST CET Authority, 2015 2037 O="Starfield Wed Wed Technologies, Inc.", Sep 02 Jun 28 C=US 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CA CN=Amazon Root Thu Oct Sun Oct 1B, O=Amazon, C=US CA 1, O=Amazon, 22 19 C=US 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Mon Thu Dec O=Amazon, C=US Services Root May 25 31 Certificate Authority - 14:00:00 02:00:00 G2, O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Sep 02 Jun 28 O="Starfield Technologies, Authority, 02:00:00 19:39:16 Inc.", L=Scottsdale, O="Starfield CEST CEST ST=Arizona, C=US Technologies, Inc.", 2009 2034 C=US Feb 10, 2021 13.226.169.69 443 192.168.2.7 49701 CN=*.lucidpress.com CN=Amazon, Sat Apr Tue May 771,49196-49195- 9e10692f1b7f78228b2d4e 15:09:09.542423010 CN=Amazon, OU=Server CA OU=Server CA 1B, 04 04 49200-49199- 424db3a98c CET 1B, O=Amazon, C=US O=Amazon, C=US 02:00:00 14:00:00 49188-49187- CN=Amazon Root CA 1, CN=Amazon Root CEST CEST 49192-49191- O=Amazon, C=US CA 1, O=Amazon, 2020 2021 49162-49161- CN=Starfield Services Root C=US CN=Starfield Thu Oct Sun Oct 49172-49171-157- Certificate Authority - G2, Services Root 22 19 156-61-60-53-47- O="Starfield Technologies, Certificate Authority - 02:00:00 02:00:00 10,0-10-11-13-35- Inc.", L=Scottsdale, G2, O="Starfield CEST CEST 16-23-24- ST=Arizona, C=US Technologies, Inc.", 2015 2025 65281,29-23-24,0 L=Scottsdale, Mon Thu Dec ST=Arizona, C=US May 25 31 OU=Starfield Class 2 14:00:00 02:00:00 Certification CEST CET Authority, 2015 2037 O="Starfield Wed Wed Technologies, Inc.", Sep 02 Jun 28 C=US 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CA CN=Amazon Root Thu Oct Sun Oct 1B, O=Amazon, C=US CA 1, O=Amazon, 22 19 C=US 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Mon Thu Dec O=Amazon, C=US Services Root May 25 31 Certificate Authority - 14:00:00 02:00:00 G2, O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Sep 02 Jun 28 O="Starfield Technologies, Authority, 02:00:00 19:39:16 Inc.", L=Scottsdale, O="Starfield CEST CEST ST=Arizona, C=US Technologies, Inc.", 2009 2034 C=US Copyright null 2021 Page 25 of 30 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Feb 10, 2021 99.86.159.56 443 192.168.2.7 49704 CN=*.lucidpress.com CN=Amazon, Sat Apr Tue May 771,49196-49195- 9e10692f1b7f78228b2d4e 15:09:10.356462002 CN=Amazon, OU=Server CA OU=Server CA 1B, 04 04 49200-49199- 424db3a98c CET 1B, O=Amazon, C=US O=Amazon, C=US 02:00:00 14:00:00 49188-49187- CN=Amazon Root CA 1, CN=Amazon Root CEST CEST 49192-49191- O=Amazon, C=US CA 1, O=Amazon, 2020 2021 49162-49161- CN=Starfield Services Root C=US CN=Starfield Thu Oct Sun Oct 49172-49171-157- Certificate Authority - G2, Services Root 22 19 156-61-60-53-47- O="Starfield Technologies, Certificate Authority - 02:00:00 02:00:00 10,0-10-11-13-35- Inc.", L=Scottsdale, G2, O="Starfield CEST CEST 16-23-24- ST=Arizona, C=US Technologies, Inc.", 2015 2025 65281,29-23-24,0 L=Scottsdale, Mon Thu Dec ST=Arizona, C=US May 25 31 OU=Starfield Class 2 14:00:00 02:00:00 Certification CEST CET Authority, 2015 2037 O="Starfield Wed Wed Technologies, Inc.", Sep 02 Jun 28 C=US 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CA CN=Amazon Root Thu Oct Sun Oct 1B, O=Amazon, C=US CA 1, O=Amazon, 22 19 C=US 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Mon Thu Dec O=Amazon, C=US Services Root May 25 31 Certificate Authority - 14:00:00 02:00:00 G2, O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Sep 02 Jun 28 O="Starfield Technologies, Authority, 02:00:00 19:39:16 Inc.", L=Scottsdale, O="Starfield CEST CEST ST=Arizona, C=US Technologies, Inc.", 2009 2034 C=US Feb 10, 2021 99.86.159.56 443 192.168.2.7 49703 CN=*.lucidpress.com CN=Amazon, Sat Apr Tue May 771,49196-49195- 9e10692f1b7f78228b2d4e 15:09:10.364223003 CN=Amazon, OU=Server CA OU=Server CA 1B, 04 04 49200-49199- 424db3a98c CET 1B, O=Amazon, C=US O=Amazon, C=US 02:00:00 14:00:00 49188-49187- CN=Amazon Root CA 1, CN=Amazon Root CEST CEST 49192-49191- O=Amazon, C=US CA 1, O=Amazon, 2020 2021 49162-49161- CN=Starfield Services Root C=US CN=Starfield Thu Oct Sun Oct 49172-49171-157- Certificate Authority - G2, Services Root 22 19 156-61-60-53-47- O="Starfield Technologies, Certificate Authority - 02:00:00 02:00:00 10,0-10-11-13-35- Inc.", L=Scottsdale, G2, O="Starfield CEST CEST 16-23-24- ST=Arizona, C=US Technologies, Inc.", 2015 2025 65281,29-23-24,0 L=Scottsdale, Mon Thu Dec ST=Arizona, C=US May 25 31 OU=Starfield Class 2 14:00:00 02:00:00 Certification CEST CET Authority, 2015 2037 O="Starfield Wed Wed Technologies, Inc.", Sep 02 Jun 28 C=US 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CA CN=Amazon Root Thu Oct Sun Oct 1B, O=Amazon, C=US CA 1, O=Amazon, 22 19 C=US 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Mon Thu Dec O=Amazon, C=US Services Root May 25 31 Certificate Authority - 14:00:00 02:00:00 G2, O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Sep 02 Jun 28 O="Starfield Technologies, Authority, 02:00:00 19:39:16 Inc.", L=Scottsdale, O="Starfield CEST CEST ST=Arizona, C=US Technologies, Inc.", 2009 2034 C=US Copyright null 2021 Page 26 of 30 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Feb 10, 2021 3.209.16.152 443 192.168.2.7 49706 CN=app.lucidchart.com CN=Amazon, Wed Fri Feb 771,49196-49195- 9e10692f1b7f78228b2d4e 15:09:11.792479992 CN=Amazon, OU=Server CA OU=Server CA 1B, Jan 20 18 49200-49199- 424db3a98c CET 1B, O=Amazon, C=US O=Amazon, C=US 01:00:00 00:59:59 49188-49187- CN=Amazon Root CA 1, CN=Amazon Root CET CET 49192-49191- O=Amazon, C=US CA 1, O=Amazon, 2021 2022 49162-49161- CN=Starfield Services Root C=US CN=Starfield Thu Oct Sun Oct 49172-49171-157- Certificate Authority - G2, Services Root 22 19 156-61-60-53-47- O="Starfield Technologies, Certificate Authority - 02:00:00 02:00:00 10,0-10-11-13-35- Inc.", L=Scottsdale, G2, O="Starfield CEST CEST 16-23-24- ST=Arizona, C=US Technologies, Inc.", 2015 2025 65281,29-23-24,0 L=Scottsdale, Mon Thu Dec ST=Arizona, C=US May 25 31 OU=Starfield Class 2 14:00:00 02:00:00 Certification CEST CET Authority, 2015 2037 O="Starfield Wed Wed Technologies, Inc.", Sep 02 Jun 28 C=US 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CA CN=Amazon Root Thu Oct Sun Oct 1B, O=Amazon, C=US CA 1, O=Amazon, 22 19 C=US 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Mon Thu Dec O=Amazon, C=US Services Root May 25 31 Certificate Authority - 14:00:00 02:00:00 G2, O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Sep 02 Jun 28 O="Starfield Technologies, Authority, 02:00:00 19:39:16 Inc.", L=Scottsdale, O="Starfield CEST CEST ST=Arizona, C=US Technologies, Inc.", 2009 2034 C=US Feb 10, 2021 3.209.16.152 443 192.168.2.7 49705 CN=app.lucidchart.com CN=Amazon, Wed Fri Feb 771,49196-49195- 9e10692f1b7f78228b2d4e 15:09:11.792557001 CN=Amazon, OU=Server CA OU=Server CA 1B, Jan 20 18 49200-49199- 424db3a98c CET 1B, O=Amazon, C=US O=Amazon, C=US 01:00:00 00:59:59 49188-49187- CN=Amazon Root CA 1, CN=Amazon Root CET CET 49192-49191- O=Amazon, C=US CA 1, O=Amazon, 2021 2022 49162-49161- CN=Starfield Services Root C=US CN=Starfield Thu Oct Sun Oct 49172-49171-157- Certificate Authority - G2, Services Root 22 19 156-61-60-53-47- O="Starfield Technologies, Certificate Authority - 02:00:00 02:00:00 10,0-10-11-13-35- Inc.", L=Scottsdale, G2, O="Starfield CEST CEST 16-23-24- ST=Arizona, C=US Technologies, Inc.", 2015 2025 65281,29-23-24,0 L=Scottsdale, Mon Thu Dec ST=Arizona, C=US May 25 31 OU=Starfield Class 2 14:00:00 02:00:00 Certification CEST CET Authority, 2015 2037 O="Starfield Wed Wed Technologies, Inc.", Sep 02 Jun 28 C=US 02:00:00 19:39:16 CEST CEST 2009 2034 CN=Amazon, OU=Server CA CN=Amazon Root Thu Oct Sun Oct 1B, O=Amazon, C=US CA 1, O=Amazon, 22 19 C=US 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Mon Thu Dec O=Amazon, C=US Services Root May 25 31 Certificate Authority - 14:00:00 02:00:00 G2, O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Sep 02 Jun 28 O="Starfield Technologies, Authority, 02:00:00 19:39:16 Inc.", L=Scottsdale, O="Starfield CEST CEST ST=Arizona, C=US Technologies, Inc.", 2009 2034 C=US Copyright null 2021 Page 27 of 30 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest Feb 10, 2021 173.194.76.155 443 192.168.2.7 49710 CN=*.g.doubleclick.net, CN=GTS CA 1O1, Tue Jan Tue Apr 771,49196-49195- 9e10692f1b7f78228b2d4e 15:09:13.578372002 O=Google LLC, L=Mountain O=Google Trust 19 13 49200-49199- 424db3a98c CET View, ST=California, C=US Services, C=US 08:57:05 09:57:04 49188-49187- CN=GTS CA 1O1, O=Google CN=GlobalSign, CET CEST 49192-49191- Trust Services, C=US O=GlobalSign, 2021 2021 49162-49161- OU=GlobalSign Root Thu Jun Wed 49172-49171-157- CA - R2 15 Dec 15 156-61-60-53-47- 02:00:42 01:00:42 10,0-10-11-13-35- CEST CET 16-23-24- 2017 2021 65281,29-23-24,0 CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Feb 10, 2021 173.194.76.155 443 192.168.2.7 49709 CN=*.g.doubleclick.net, CN=GTS CA 1O1, Tue Jan Tue Apr 771,49196-49195- 9e10692f1b7f78228b2d4e 15:09:13.578627110 O=Google LLC, L=Mountain O=Google Trust 19 13 49200-49199- 424db3a98c CET View, ST=California, C=US Services, C=US 08:57:05 09:57:04 49188-49187- CN=GTS CA 1O1, O=Google CN=GlobalSign, CET CEST 49192-49191- Trust Services, C=US O=GlobalSign, 2021 2021 49162-49161- OU=GlobalSign Root Thu Jun Wed 49172-49171-157- CA - R2 15 Dec 15 156-61-60-53-47- 02:00:42 01:00:42 10,0-10-11-13-35- CEST CET 16-23-24- 2017 2021 65281,29-23-24,0 CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Feb 10, 2021 172.217.22.195 443 192.168.2.7 49714 CN=www.google.co.uk, CN=GTS CA 1O1, Tue Jan Tue Apr 771,49196-49195- 9e10692f1b7f78228b2d4e 15:09:14.068209887 O=Google LLC, L=Mountain O=Google Trust 19 13 49200-49199- 424db3a98c CET View, ST=California, C=US Services, C=US 09:02:47 10:02:46 49188-49187- CN=GTS CA 1O1, O=Google CN=GlobalSign, CET CEST 49192-49191- Trust Services, C=US O=GlobalSign, 2021 2021 49162-49161- OU=GlobalSign Root Thu Jun Wed 49172-49171-157- CA - R2 15 Dec 15 156-61-60-53-47- 02:00:42 01:00:42 10,0-10-11-13-35- CEST CET 16-23-24- 2017 2021 65281,29-23-24,0 CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Feb 10, 2021 172.217.22.195 443 192.168.2.7 49713 CN=www.google.co.uk, CN=GTS CA 1O1, Tue Jan Tue Apr 771,49196-49195- 9e10692f1b7f78228b2d4e 15:09:14.068506956 O=Google LLC, L=Mountain O=Google Trust 19 13 49200-49199- 424db3a98c CET View, ST=California, C=US Services, C=US 09:02:47 10:02:46 49188-49187- CN=GTS CA 1O1, O=Google CN=GlobalSign, CET CEST 49192-49191- Trust Services, C=US O=GlobalSign, 2021 2021 49162-49161- OU=GlobalSign Root Thu Jun Wed 49172-49171-157- CA - R2 15 Dec 15 156-61-60-53-47- 02:00:42 01:00:42 10,0-10-11-13-35- CEST CET 16-23-24- 2017 2021 65281,29-23-24,0 CN=GTS CA 1O1, O=Google CN=GlobalSign, Thu Jun Wed Trust Services, C=US O=GlobalSign, 15 Dec 15 OU=GlobalSign Root 02:00:42 01:00:42 CA - R2 CEST CET 2017 2021 Feb 10, 2021 3.209.16.152 443 192.168.2.7 49726 CN=app.lucidchart.com CN=Amazon, Wed Fri Feb 771,49196-49195- 37f463bf4616ecd445d4a1 15:09:28.308299065 CN=Amazon, OU=Server CA OU=Server CA 1B, Jan 20 18 49200-49199- 937da06e19 CET 1B, O=Amazon, C=US O=Amazon, C=US 01:00:00 00:59:59 49188-49187- CN=Amazon Root CA 1, CN=Amazon Root CET CET 49192-49191- O=Amazon, C=US CA 1, O=Amazon, 2021 2022 49162-49161- CN=Starfield Services Root C=US CN=Starfield Thu Oct Sun Oct 49172-49171-157- Certificate Authority - G2, Services Root 22 19 156-61-60-53-47- O="Starfield Technologies, Certificate Authority - 02:00:00 02:00:00 10,0-10-11-13-35- Inc.", L=Scottsdale, G2, O="Starfield CEST CEST 23-65281,29-23- ST=Arizona, C=US Technologies, Inc.", 2015 2025 24,0 L=Scottsdale, Mon Thu Dec ST=Arizona, C=US May 25 31 OU=Starfield Class 2 14:00:00 02:00:00 Certification CEST CET Authority, 2015 2037 O="Starfield Wed Wed Technologies, Inc.", Sep 02 Jun 28 C=US 02:00:00 19:39:16 CEST CEST 2009 2034 Copyright null 2021 Page 28 of 30 Source Dest Not Not JA3 SSL Client Timestamp Source IP Port Dest IP Port Subject Issuer Before After Fingerprint JA3 SSL Client Digest CN=Amazon, OU=Server CA CN=Amazon Root Thu Oct Sun Oct 1B, O=Amazon, C=US CA 1, O=Amazon, 22 19 C=US 02:00:00 02:00:00 CEST CEST 2015 2025 CN=Amazon Root CA 1, CN=Starfield Mon Thu Dec O=Amazon, C=US Services Root May 25 31 Certificate Authority - 14:00:00 02:00:00 G2, O="Starfield CEST CET Technologies, Inc.", 2015 2037 L=Scottsdale, ST=Arizona, C=US CN=Starfield Services Root OU=Starfield Class 2 Wed Wed Certificate Authority - G2, Certification Sep 02 Jun 28 O="Starfield Technologies, Authority, 02:00:00 19:39:16 Inc.", L=Scottsdale, O="Starfield CEST CEST ST=Arizona, C=US Technologies, Inc.", 2009 2034 C=US Code Manipulations Statistics Behavior • iexplore.exe • iexplore.exe Click to jump to process System Behavior Analysis Process: iexplore.exe PID: 5580 Parent PID: 792 General Start time: 15:09:06 Start date: 10/02/2021 Path: C:\Program Files\internet explorer\iexplore.exe Wow64 process (32bit): false Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding Imagebase: 0x7ff6237b0000 File size: 823560 bytes MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596 Has elevated privileges: true Copyright null 2021 Page 29 of 30 Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low File Activities Source File Path Access Attributes Options Completion Count Address Symbol Source File Path Offset Length Value Ascii Completion Count Address Symbol Source File Path Offset Length Completion Count Address Symbol Registry Activities Source Key Path Name Type Data Completion Count Address Symbol Source Key Path Name Type Old Data New Data Completion Count Address Symbol Analysis Process: iexplore.exe PID: 664 Parent PID: 5580 General Start time: 15:09:07 Start date: 10/02/2021 Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Wow64 process (32bit): true Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5580 CREDAT:17410 /prefetch:2 Imagebase: 0x2c0000 File size: 822536 bytes MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A Has elevated privileges: true Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low File Activities Source File Path Access Attributes Options Completion Count Address Symbol Source File Path Offset Length Value Ascii Completion Count Address Symbol Source File Path Offset Length Completion Count Address Symbol Registry Activities Source Key Path Name Type Data Completion Count Address Symbol Disassembly Copyright null 2021 Page 30 of 30