Play interactive tour

Edit tour

Analysis Report https://myeducation.netc.navy.mil/webta/home.html

Overview

General Information

Sample URL:	https://myeducation.netc.navy.mil/webta/home.html
Analysis ID:	387996
Infos:
Most interesting Screenshot:
Errors URL not reachable

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

No high impact signatures.

Classification

Analysis Advice

Joe Sandbox was unable to browse the URL (domain or webserver down or HTTPS issue), try to browse the URL again later

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Startup

System is w10x64

iexplore.exe (PID: 1976 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 5492 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1976 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 205.85.30.125:443 -> 192.168.2.7:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 205.85.30.125:443 -> 192.168.2.7:49696 version: TLS 1.2

Source: global traffic	HTTP traffic detected: GET /bridge/caCertsIssuedTofbcag4.p7c HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/10.0Host: repo.fpki.gov
Source: global traffic	HTTP traffic detected: GET /bridge/caCertsIssuedTofbcag4.p7c HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/10.0Host: repo.fpki.gov
Source: global traffic	HTTP traffic detected: GET /bridge/certificates/STRACBridgeRootCA.p7c HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/10.0Host: pki.strac.org

Source: unknown

DNS traffic detected: queries for: myeducation.netc.navy.mil

Source: 05762D5FA3F6598254134AC9682E08F40.2.dr	String found in binary or memory: http://aia.certipath.com/CertiPathBridgeCA-G3.p7c0
Source: 05762D5FA3F6598254134AC9682E08F40.2.dr	String found in binary or memory: http://aia.makeidentitysafe.com/sibca.p7c0
Source: 4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	String found in binary or memory: http://cacer.symauth.com/mpki/FortiorSolutionsICA2018.p7c0
Source: 004E57B65F99837F48C0700F1E6CC6810.2.dr	String found in binary or memory: http://certstatus.fti.org0Z
Source: 004E57B65F99837F48C0700F1E6CC6810.2.dr	String found in binary or memory: http://certstatus.strac.org0L
Source: 004E57B65F99837F48C0700F1E6CC6810.2.dr	String found in binary or memory: http://certstatus.strac.org0Q
Source: 05762D5FA3F6598254134AC9682E08F40.2.dr	String found in binary or memory: http://crl.certipath.com/CertiPathBridgeCA-G3.crl0
Source: 0192D13C45C9AB89127886822889A6160.2.dr	String found in binary or memory: http://crl.defence.gov.au/pki/crl/ADIOCA.crl0
Source: 0192D13C45C9AB89127886822889A6160.2.dr	String found in binary or memory: http://crl.defence.gov.au/pki0
Source: 92B4E4A7AF9423521FFED0DEDEE45E6C0.2.dr, 05762D5FA3F6598254134AC9682E08F40.2.dr	String found in binary or memory: http://crl.disa.mil/crl/DODINTEROPERABILITYROOTCA2.crl0
Source: 3EB18C7B0A0719AAA1141CD8C5D8430A0.2.dr	String found in binary or memory: http://crl.disa.mil/crl/DODROOTCA3.crl0l
Source: 92B4E4A7AF9423521FFED0DEDEE45E6C0.2.dr	String found in binary or memory: http://crl.disa.mil/crl/USDODCCEBINTEROPERABILITYROOTCA2.crl0
Source: 07D9B6BD3671FEA6AAF5B49151819D290.2.dr	String found in binary or memory: http://crl.disa.mil/issuedby/DODINTEROPERABILITYROOTCA2_IB.p7c0
Source: 92B4E4A7AF9423521FFED0DEDEE45E6C0.2.dr	String found in binary or memory: http://crl.disa.mil/issuedby/DODROOTCA3_IB.p7c0
Source: 07D9B6BD3671FEA6AAF5B49151819D29.2.dr	String found in binary or memory: http://crl.disa.mil/issuedto/DODINTEROPERABILITYROOTCA2_IT.p7c
Source: 92B4E4A7AF9423521FFED0DEDEE45E6C0.2.dr	String found in binary or memory: http://crl.disa.mil/issuedto/DODINTEROPERABILITYROOTCA2_IT.p7c0
Source: 92B4E4A7AF9423521FFED0DEDEE45E6C.2.dr	String found in binary or memory: http://crl.disa.mil/issuedto/DODROOTCA3_IT.p7c
Source: 3EB18C7B0A0719AAA1141CD8C5D8430A0.2.dr	String found in binary or memory: http://crl.disa.mil/issuedto/DODROOTCA3_IT.p7c0
Source: 0192D13C45C9AB89127886822889A616.2.dr	String found in binary or memory: http://crl.disa.mil/issuedto/USDODCCEBINTEROPERABILITYROOTCA2_IT.p7c
Source: 92B4E4A7AF9423521FFED0DEDEE45E6C0.2.dr	String found in binary or memory: http://crl.disa.mil/issuedto/USDODCCEBINTEROPERABILITYROOTCA2_IT.p7c0
Source: 3EB18C7B0A0719AAA1141CD8C5D8430A.2.dr	String found in binary or memory: http://crl.disa.mil/sign/DODSWCA_54.cer
Source: 05762D5FA3F6598254134AC9682E08F40.2.dr	String found in binary or memory: http://crl.makeidentitysafe.com/sibca.crl0
Source: 77EC63BDA74BD0D0E0426DC8F8008506.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 0192D13C45C9AB89127886822889A6160.2.dr	String found in binary or memory: http://ocsp.defence.gov.au0j
Source: 3EB18C7B0A0719AAA1141CD8C5D8430A0.2.dr	String found in binary or memory: http://ocsp.disa.mil0
Source: 92B4E4A7AF9423521FFED0DEDEE45E6C0.2.dr	String found in binary or memory: http://ocsp.disa.mil0J
Source: 05762D5FA3F6598254134AC9682E08F40.2.dr	String found in binary or memory: http://ocsp.disa.mil0Q
Source: 92B4E4A7AF9423521FFED0DEDEE45E6C0.2.dr	String found in binary or memory: http://ocsp.disa.mil0Z
Source: 4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	String found in binary or memory: http://pki-crl.symauth.com/FortiorSolutions/FortiorSolutionsICA2018.crl0
Source: 4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	String found in binary or memory: http://pki-ocsp.symauth.com0E
Source: 004E57B65F99837F48C0700F1E6CC6810.2.dr	String found in binary or memory: http://pki.fti.org/fti_ca/certificates/FTICA.p7c0
Source: 004E57B65F99837F48C0700F1E6CC6810.2.dr	String found in binary or memory: http://pki.fti.org/fti_ca/certificates/FTICA.p7c0%
Source: 004E57B65F99837F48C0700F1E6CC6810.2.dr	String found in binary or memory: http://pki.fti.org/fti_ca/crl/FTICA.crl0s
Source: 004E57B65F99837F48C0700F1E6CC681.2.dr	String found in binary or memory: http://pki.strac.org/bridge/certificates/STRACBridgeRootCA.p7c
Source: 004E57B65F99837F48C0700F1E6CC6810.2.dr	String found in binary or memory: http://pki.strac.org/bridge/certificates/STRACBridgeRootCA.p7c0
Source: 004E57B65F99837F48C0700F1E6CC6810.2.dr	String found in binary or memory: http://pki.strac.org/bridge/crl/STRACBridgeRootCA.crl0
Source: 4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	String found in binary or memory: http://pub.carillonfedserv.com/CAcerts/CFSCA2.p7c0/
Source: 4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	String found in binary or memory: http://pub.carillonfedserv.com/CRL/CFSCA2.crl0
Source: 4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	String found in binary or memory: http://pub.carillonfedserv.com/ocsp0
Source: 004E57B65F99837F48C0700F1E6CC6810.2.dr	String found in binary or memory: http://repo.fpki.gov/bridge/caCertsIssuedByfbcag4.p7c0
Source: 05762D5FA3F6598254134AC9682E08F4.2.dr	String found in binary or memory: http://repo.fpki.gov/bridge/caCertsIssuedTofbcag4.p7c
Source: 4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	String found in binary or memory: http://repo.fpki.gov/bridge/caCertsIssuedTofbcag4.p7c07
Source: 4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	String found in binary or memory: http://repo.fpki.gov/bridge/fbcag4.crl0
Source: 05762D5FA3F6598254134AC9682E08F40.2.dr	String found in binary or memory: http://repo.fpki.gov/fcpca/caCertsIssuedTofcpcag2.p7c07
Source: 05762D5FA3F6598254134AC9682E08F40.2.dr	String found in binary or memory: http://repo.fpki.gov/fcpca/fcpcag2.crl0
Source: 4CCD903D73EB7EFE434F6D744EEFC5A3.2.dr	String found in binary or memory: http://tscp-aia.symauth.com/IssuedTo-tscpbcasha256.p7c
Source: 05762D5FA3F6598254134AC9682E08F40.2.dr	String found in binary or memory: http://tscp-aia.symauth.com/IssuedTo-tscpbcasha256.p7c0
Source: 05762D5FA3F6598254134AC9682E08F40.2.dr	String found in binary or memory: http://tscp-crl.symauth.com/tscpbcasha256.crl0
Source: 4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	String found in binary or memory: http://tscp-sia.symauth.com/IssuedBy-tscpbcasha256.p7c0
Source: ~DF6B7D3C5DEAF48CCD.TMP.1.dr	String found in binary or memory: https://myeducation.netc.navy.mil/webta/home.html
Source: {45CF7CBC-9E5B-11EB-90E6-ECF4BB82F7E0}.dat.1.dr	String found in binary or memory: https://myeducation.netc.navy.mil/webta/home.htmlRoot
Source: 4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	String found in binary or memory: https://pub.carillonfedserv.com/CertificatePolicy.pdf0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443

Source: unknown	HTTPS traffic detected: 205.85.30.125:443 -> 192.168.2.7:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 205.85.30.125:443 -> 192.168.2.7:49696 version: TLS 1.2

Source: classification engine

Classification label: unknown0.win@3/30@6/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{45CF7CBA-9E5B-11EB-90E6-ECF4BB82F7E0}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user~1\AppData\Local\Temp\~DF997E2E9D72C1F602.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1976 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1976 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol2	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer1	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://myeducation.netc.navy.mil/webta/home.html	0%	Virustotal		Browse
https://myeducation.netc.navy.mil/webta/home.html	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://repo.fpki.gov/bridge/fbcag4.crl0	0%	Avira URL Cloud	safe
http://certstatus.strac.org0Q	0%	Avira URL Cloud	safe
http://ocsp.disa.mil0Q	0%	Avira URL Cloud	safe
http://aia.makeidentitysafe.com/sibca.p7c0	0%	Avira URL Cloud	safe
http://crl.defence.gov.au/pki/crl/ADIOCA.crl0	0%	Avira URL Cloud	safe
http://ocsp.disa.mil0Z	0%	Avira URL Cloud	safe
http://pki.strac.org/bridge/certificates/STRACBridgeRootCA.p7c	0%	Avira URL Cloud	safe
http://pki.strac.org/bridge/certificates/STRACBridgeRootCA.p7c0	0%	Avira URL Cloud	safe
http://ocsp.disa.mil0J	0%	Avira URL Cloud	safe
http://pki.fti.org/fti_ca/crl/FTICA.crl0s	0%	Avira URL Cloud	safe
http://certstatus.strac.org0L	0%	Avira URL Cloud	safe
http://pki.strac.org/bridge/crl/STRACBridgeRootCA.crl0	0%	Avira URL Cloud	safe
http://repo.fpki.gov/fcpca/caCertsIssuedTofcpcag2.p7c07	0%	Avira URL Cloud	safe
http://ocsp.defence.gov.au0j	0%	Avira URL Cloud	safe
http://pki.fti.org/fti_ca/certificates/FTICA.p7c0%	0%	Avira URL Cloud	safe
http://repo.fpki.gov/bridge/caCertsIssuedByfbcag4.p7c0	0%	Avira URL Cloud	safe
http://pub.carillonfedserv.com/CAcerts/CFSCA2.p7c0/	0%	Avira URL Cloud	safe
http://ocsp.disa.mil0	0%	Avira URL Cloud	safe
http://crl.certipath.com/CertiPathBridgeCA-G3.crl0	0%	Avira URL Cloud	safe
http://repo.fpki.gov/fcpca/fcpcag2.crl0	0%	Avira URL Cloud	safe
http://repo.fpki.gov/bridge/caCertsIssuedTofbcag4.p7c07	0%	Avira URL Cloud	safe
http://pub.carillonfedserv.com/ocsp0	0%	Avira URL Cloud	safe
http://pki.fti.org/fti_ca/certificates/FTICA.p7c0	0%	Avira URL Cloud	safe
http://pki-ocsp.symauth.com0E	0%	Avira URL Cloud	safe
http://crl.makeidentitysafe.com/sibca.crl0	0%	Avira URL Cloud	safe
https://pub.carillonfedserv.com/CertificatePolicy.pdf0	0%	Avira URL Cloud	safe
http://certstatus.fti.org0Z	0%	Avira URL Cloud	safe
http://pub.carillonfedserv.com/CRL/CFSCA2.crl0	0%	Avira URL Cloud	safe
http://crl.defence.gov.au/pki0	0%	URL Reputation	safe
http://crl.defence.gov.au/pki0	0%	URL Reputation	safe
http://crl.defence.gov.au/pki0	0%	URL Reputation	safe
http://aia.certipath.com/CertiPathBridgeCA-G3.p7c0	0%	Avira URL Cloud	safe
http://repo.fpki.gov/bridge/caCertsIssuedTofbcag4.p7c	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
pki.strac.org	172.67.10.220	true	false	unknown
d1j5ckqeil9o7.cloudfront.net	13.32.240.46	true	false	high
myeducation.netc.navy.mil	205.85.30.125	true	false	high
tscp-aia.symauth.com	unknown	unknown	false	high
repo.fpki.gov	unknown	unknown	false	unknown
crl.disa.mil	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://pki.strac.org/bridge/certificates/STRACBridgeRootCA.p7c	false	Avira URL Cloud: safe	unknown
http://repo.fpki.gov/bridge/caCertsIssuedTofbcag4.p7c	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://repo.fpki.gov/bridge/fbcag4.crl0	4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	false	Avira URL Cloud: safe	unknown
http://certstatus.strac.org0Q	004E57B65F99837F48C0700F1E6CC6810.2.dr	false	Avira URL Cloud: safe	unknown
http://crl.disa.mil/issuedto/DODINTEROPERABILITYROOTCA2_IT.p7c	07D9B6BD3671FEA6AAF5B49151819D29.2.dr	false		high
http://ocsp.disa.mil0Q	05762D5FA3F6598254134AC9682E08F40.2.dr	false	Avira URL Cloud: safe	unknown
http://crl.disa.mil/issuedto/DODROOTCA3_IT.p7c0	3EB18C7B0A0719AAA1141CD8C5D8430A0.2.dr	false		high
http://crl.disa.mil/issuedby/DODROOTCA3_IB.p7c0	92B4E4A7AF9423521FFED0DEDEE45E6C0.2.dr	false		high
http://pki-crl.symauth.com/FortiorSolutions/FortiorSolutionsICA2018.crl0	4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	false		high
http://aia.makeidentitysafe.com/sibca.p7c0	05762D5FA3F6598254134AC9682E08F40.2.dr	false	Avira URL Cloud: safe	unknown
http://crl.defence.gov.au/pki/crl/ADIOCA.crl0	0192D13C45C9AB89127886822889A6160.2.dr	false	Avira URL Cloud: safe	unknown
http://ocsp.disa.mil0Z	92B4E4A7AF9423521FFED0DEDEE45E6C0.2.dr	false	Avira URL Cloud: safe	unknown
http://tscp-aia.symauth.com/IssuedTo-tscpbcasha256.p7c0	05762D5FA3F6598254134AC9682E08F40.2.dr	false		high
http://pki.strac.org/bridge/certificates/STRACBridgeRootCA.p7c0	004E57B65F99837F48C0700F1E6CC6810.2.dr	false	Avira URL Cloud: safe	unknown
http://ocsp.disa.mil0J	92B4E4A7AF9423521FFED0DEDEE45E6C0.2.dr	false	Avira URL Cloud: safe	unknown
http://pki.fti.org/fti_ca/crl/FTICA.crl0s	004E57B65F99837F48C0700F1E6CC6810.2.dr	false	Avira URL Cloud: safe	unknown
http://certstatus.strac.org0L	004E57B65F99837F48C0700F1E6CC6810.2.dr	false	Avira URL Cloud: safe	unknown
http://tscp-sia.symauth.com/IssuedBy-tscpbcasha256.p7c0	4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	false		high
http://pki.strac.org/bridge/crl/STRACBridgeRootCA.crl0	004E57B65F99837F48C0700F1E6CC6810.2.dr	false	Avira URL Cloud: safe	unknown
http://crl.disa.mil/issuedby/DODINTEROPERABILITYROOTCA2_IB.p7c0	07D9B6BD3671FEA6AAF5B49151819D290.2.dr	false		high
http://repo.fpki.gov/fcpca/caCertsIssuedTofcpcag2.p7c07	05762D5FA3F6598254134AC9682E08F40.2.dr	false	Avira URL Cloud: safe	unknown
http://crl.disa.mil/crl/USDODCCEBINTEROPERABILITYROOTCA2.crl0	92B4E4A7AF9423521FFED0DEDEE45E6C0.2.dr	false		high
http://ocsp.defence.gov.au0j	0192D13C45C9AB89127886822889A6160.2.dr	false	Avira URL Cloud: safe	unknown
http://pki.fti.org/fti_ca/certificates/FTICA.p7c0%	004E57B65F99837F48C0700F1E6CC6810.2.dr	false	Avira URL Cloud: safe	unknown
http://repo.fpki.gov/bridge/caCertsIssuedByfbcag4.p7c0	004E57B65F99837F48C0700F1E6CC6810.2.dr	false	Avira URL Cloud: safe	unknown
http://pub.carillonfedserv.com/CAcerts/CFSCA2.p7c0/	4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	false	Avira URL Cloud: safe	unknown
http://ocsp.disa.mil0	3EB18C7B0A0719AAA1141CD8C5D8430A0.2.dr	false	Avira URL Cloud: safe	unknown
http://crl.disa.mil/issuedto/DODINTEROPERABILITYROOTCA2_IT.p7c0	92B4E4A7AF9423521FFED0DEDEE45E6C0.2.dr	false		high
http://crl.disa.mil/sign/DODSWCA_54.cer	3EB18C7B0A0719AAA1141CD8C5D8430A.2.dr	false		high
http://crl.certipath.com/CertiPathBridgeCA-G3.crl0	05762D5FA3F6598254134AC9682E08F40.2.dr	false	Avira URL Cloud: safe	unknown
http://repo.fpki.gov/fcpca/fcpcag2.crl0	05762D5FA3F6598254134AC9682E08F40.2.dr	false	Avira URL Cloud: safe	unknown
https://myeducation.netc.navy.mil/webta/home.htmlRoot	{45CF7CBC-9E5B-11EB-90E6-ECF4BB82F7E0}.dat.1.dr	false		high
http://repo.fpki.gov/bridge/caCertsIssuedTofbcag4.p7c07	4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	false	Avira URL Cloud: safe	unknown
http://pub.carillonfedserv.com/ocsp0	4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	false	Avira URL Cloud: safe	unknown
http://pki.fti.org/fti_ca/certificates/FTICA.p7c0	004E57B65F99837F48C0700F1E6CC6810.2.dr	false	Avira URL Cloud: safe	unknown
http://tscp-aia.symauth.com/IssuedTo-tscpbcasha256.p7c	4CCD903D73EB7EFE434F6D744EEFC5A3.2.dr	false		high
http://crl.disa.mil/crl/DODROOTCA3.crl0l	3EB18C7B0A0719AAA1141CD8C5D8430A0.2.dr	false		high
http://pki-ocsp.symauth.com0E	4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	false	Avira URL Cloud: safe	unknown
http://crl.makeidentitysafe.com/sibca.crl0	05762D5FA3F6598254134AC9682E08F40.2.dr	false	Avira URL Cloud: safe	unknown
https://pub.carillonfedserv.com/CertificatePolicy.pdf0	4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	false	Avira URL Cloud: safe	unknown
http://certstatus.fti.org0Z	004E57B65F99837F48C0700F1E6CC6810.2.dr	false	Avira URL Cloud: safe	unknown
http://crl.disa.mil/issuedto/DODROOTCA3_IT.p7c	92B4E4A7AF9423521FFED0DEDEE45E6C.2.dr	false		high
http://tscp-crl.symauth.com/tscpbcasha256.crl0	05762D5FA3F6598254134AC9682E08F40.2.dr	false		high
http://pub.carillonfedserv.com/CRL/CFSCA2.crl0	4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	false	Avira URL Cloud: safe	unknown
http://crl.defence.gov.au/pki0	0192D13C45C9AB89127886822889A6160.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://crl.disa.mil/issuedto/USDODCCEBINTEROPERABILITYROOTCA2_IT.p7c	0192D13C45C9AB89127886822889A616.2.dr	false		high
http://crl.disa.mil/issuedto/USDODCCEBINTEROPERABILITYROOTCA2_IT.p7c0	92B4E4A7AF9423521FFED0DEDEE45E6C0.2.dr	false		high
http://aia.certipath.com/CertiPathBridgeCA-G3.p7c0	05762D5FA3F6598254134AC9682E08F40.2.dr	false	Avira URL Cloud: safe	unknown
http://cacer.symauth.com/mpki/FortiorSolutionsICA2018.p7c0	4CCD903D73EB7EFE434F6D744EEFC5A30.2.dr	false		high
https://myeducation.netc.navy.mil/webta/home.html	~DF6B7D3C5DEAF48CCD.TMP.1.dr	false		high
http://crl.disa.mil/crl/DODINTEROPERABILITYROOTCA2.crl0	92B4E4A7AF9423521FFED0DEDEE45E6C0.2.dr, 05762D5FA3F6598254134AC9682E08F40.2.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
205.85.30.125	myeducation.netc.navy.mil	United States	665	DNIC-ASBLK-00616-00665US	false
13.32.240.46	d1j5ckqeil9o7.cloudfront.net	United States	16509	AMAZON-02US	false
172.67.10.220	pki.strac.org	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	387996
Start date:	15.04.2021
Start time:	19:26:33
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 2m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://myeducation.netc.navy.mil/webta/home.html
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	UNKNOWN
Classification:	unknown0.win@3/30@6/3
Cookbook Comments:	Adjust boot time Enable AMSI URL browsing timeout or error
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, ielowutil.exe, svchost.exe Excluded IPs from analysis (whitelisted): 104.42.151.234, 52.255.188.83, 168.61.161.212, 40.88.32.150, 88.221.62.148, 2.17.178.172, 2.20.142.210, 93.184.220.29, 13.88.21.125, 104.43.139.144, 23.57.80.111 Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, cs9.wac.phicdn.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e11290.dspg.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, audownload.windowsupdate.nsatc.net, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, crl-symcprod.digicert.com, fs.microsoft.com, crl.disa.mil.edgekey.net, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, a767.dscg3.akamai.net, skypedataprdcolcus16.cloudapp.net, skypedataprdcoleus17.cloudapp.net, e15113.dscf.akamaiedge.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus16.cloudapp.net, skypedataprdcolwus15.cloudapp.net Report size getting too big, too many NtDeviceIoControlFile calls found.
Errors:	URL not reachable

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\004E57B65F99837F48C0700F1E6CC681 Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	8794
Entropy (8bit):	7.189814377213339
Encrypted:	false
SSDEEP:	192:LxBo2jekcxBoVnMOSbhxdp7GNRm3q6Utr3edsi8V:M2jeqnSDYmHo6G
MD5:	8B067EC4C0E0C2353D990EDD05108442
SHA1:	6D4372624F0B9A836D24F8BA403DEDA10EAE98CE
SHA-256:	8644951D5D9822792F8CF3FB51804223704C6CCAE6FACFB819FE4760E382D908
SHA-512:	671E521B78A9AAB28F84EFA208822207A170D1B81E9311B7D02E18807277AFA031261C477D83F86249B6F42F030ED8D8F5DA336ADE3ACE872EE29E528E21B031
Malicious:	false
Reputation:	low
Preview:	0."V...H........"G0."C...1.0....H........")0...0...........2...\|..=.x....@.-0....H........0U1.0...U....US1.0...U....U.S. Government1.0...U....FPKI1.0...U....Federal Bridge CA G40...191217164945Z..220214220000Z0z1.0...U....US1.0...U....STRAC1'0%..U....STRAC PKI Trust Infrastructure1200..U...)STRAC Bridge Root Certification Authority0.."0....H.............0..........)..... ...FOBH..._.>...o{....@..4E1A....s..... `...L.td.2....g.al..[<z..UT....\|Y{5..%8}zc4.].}^?......6....k.H.&.._.=...l..p..p....g..HlA.vjs;..s+.{..:...&.8........ ct,.,....w..Z..+P.n.&.I.?...~sd.a....... ...Gv.Zf..a@..V..O.~R?J..T..._...[.=....x.MI.a.Gh..r.W.....[.4:IV.n.*..........M.t.-.7.r;.9f].Z...T.t.x.m..Cq.P..W..>H........\..w...g....U.....Q.2.bg......09jHY.........}..(..^+.+...-.....7q+e...+.W.&.(6.i#.o..8s...y.i..=....aG-.......W`......~z............{.V...i.:......"...,.Y........W0..S0...U.......!Pg@.:..g..3.UG.]=0...U.#..0...y..I..w.]A.e4..#...o0...U...........0...U.......0....0....U.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0192D13C45C9AB89127886822889A616 Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	3222
Entropy (8bit):	7.0573837188650606
Encrypted:	false
SSDEEP:	96:ZkHZkrdeER7FYQeIIYGkW0Wb4Sf/kHZkrdeER7FYQeIIYGkW0Wb4Sft:ZkHZkrnROQeIDZW0WBkHZkrnROQeIDZI
MD5:	24315E9EB2D7FC93B5CD2D5163E81ABF
SHA1:	121CE7D9F39AE809B3B9CAB096163FF76ED27F29
SHA-256:	AD0FCCB2C4EBFFDDA9F335AF231FD6EE8D676E3376F1C2DA98527C90D188DC7B
SHA-512:	2C976D9D7F5DC045E5261C8EC9991F74E53C410078391E3B5AEA1C38F964C9B853C08486A4C742389688E2191793186C98F6698EEA80842A7299C148BD858329
Malicious:	false
Reputation:	low
Preview:	0..G...H.........80..4...1.0....H..........0...0............YlS.D..- -&.U<v.B0....H........0v1.0...U....AU1.0...U....GOV1.0...U....DoD1.0...U....PKI1.0...U....CAs1/0-..U...&Australian Defence Interoperability CA0...180914001918Z..210914001918Z0t1.0...U....US1.0...U....U.S. Government1.0...U....DoD1.0...U....PKI1/0-..U...&US DoD CCEB Interoperability Root CA 20.."0....H.............0............z.L.o.;eA..z7...x.^...........^..U]...r.........A(.......8..f"..7...g...E.`X~..Z....ij.6.@.?.,....W.....ZD........:..q0..X...w.....:....C.{...@e.g.6..... A....L..B]1.aN...r..u.A...q.C.v...N..4.....w6.....a..4/Y.....B.#O.i....r.45s............0...0...U.......0.......0...U.$.....0.......06..+........0(0&..+.....0...http://ocsp.defence.gov.au0j..U. .c0a08..$..N....0+0)..+.........http://crl.defence.gov.au/pki0...$..N....0...$..N....0...$..N....0...U.6........0Q..U.!.J0H0...$..N......`.H.e...$0...$..N......`.H.e...'0...$..N......`.H.e...*0I..U......?0=.;09.7051.0...U..

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05762D5FA3F6598254134AC9682E08F4 Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	22804
Entropy (8bit):	7.055289524775974
Encrypted:	false
SSDEEP:	384:pjtflgT3u/0qD5wtSfOSmYmXvIjtflgT3u/0qD5wtSfOSmYmXvS:JttgT+/VNNmYttgT+/VNNma
MD5:	3A687F8A3C44C5A365A1D07B5A6794EE
SHA1:	96BE03CB5230A86370E69EEB515C323C3A148EED
SHA-256:	E72270E736AD9D9D4F8BBB1DD7B8A7142733DBCE1CD4D6008C8038BB7CF7893E
SHA-512:	7F21E5F573870E9BF2825DBCA6A527E1AA4C4D7976F8CAD2AEFC62CFD3A33A94EE3980619A34314B3B6459754D15B8138F2DD95209FD1CFB0D51A1481FB4B9BC
Malicious:	false
Reputation:	low
Preview:	0.,....H........,w0.,s...1.0....H........,Y0...0.........R...nh..9.J...B0....H........0h1.0...U....US1.0...U....CertiPath1"0 ..U....Certification Authorities1!0...U....CertiPath Bridge CA - G30...200121000000Z..230228235959Z0U1.0...U....US1.0...U....U.S. Government1.0...U....FPKI1.0...U....Federal Bridge CA G40.."0....H.............0.........'.X...@ha.L.1e.UD....s...._..\|......3.BP.?o..]..B.N..\|....(.j...y.si..,..X..32...wC.....du.d.V..k.\1.7].lrC.r....5p'.j.......Z.....\|..^......./c..+l.V.o#...l.~3.I...._.I......I.m.Y}....q..}.HC._....Br9...(e.....h od...raSi..t.......k.R.uUL'.~..........0...0...U......y..I..w.]A.e4..#...o0...U...........0Q..+........E0C0A..+.....0..5http://repo.fpki.gov/bridge/caCertsIssuedByfbcag4.p7c0...U.6.....0...U.......0....0....U. ...0..0...+......S....0...+......S....0...+......S....0...+......S....0...+......S....0...+......S....0...+......S....0...+......S....0...+......S....0...+......S....0B..U...;0907.5.3.1http://crl.certipath.com/Certi

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07D9B6BD3671FEA6AAF5B49151819D29 Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	3674
Entropy (8bit):	6.864983277306207
Encrypted:	false
SSDEEP:	48:3wlbakE0OdTh98EsaK4fpfyCLCevKmfliJfA6fka9eaBh+6hwlbakE0OdTh98Esv:1kQdThmFSbb8V9kQdThmFSbb8V/
MD5:	361FFBA8D70AA0F452164A539EF08BB4
SHA1:	B405699FDDD703865ECD9EBE9018354028DC92DD
SHA-256:	77F1D59DC3266A222E162C1FDA2B25162E453A0C2D7EB181544CCD9A9D9C86BD
SHA-512:	AD10C9138DC048AB6B0C5F8A75462B41971656C83BEAF4D345F8766E99C05941F21C683184B3D044A639CA6350558DD82909BAA7D9333E64CCE868CD84312262
Malicious:	false
Reputation:	low
Preview:	0..)...H..........0......1.0....H..........0...0..........[.2..<..-.........0....H........0U1.0...U....US1.0...U....U.S. Government1.0...U....FPKI1.0...U....Federal Bridge CA G40...191216170442Z..220806210000Z0l1.0...U....US1.0...U....U.S. Government1.0...U....DoD1.0...U....PKI1'0%..U....DoD Interoperability Root CA 20.."0....H.............0...............).(;.J...U...~.sr.h.f.c.^.......%/.~...K!`..?...C.......-..F.>.V...L..........Q..x.<.\...#I.P>....SR4.1.....M......Z.mk..+.N.{.A8.K.&5...i..%.M3..me.(...r...13.....PN...4.)...`a..OJ1..f......BC.y'.o..e.K.I....[uw.t...$gx...6.B......^..........0...0...U............+y.A.v\,....x0...U.#..0...y..I..w.]A.e4..#...o0...U...........0...U.......0....0....U. ...0~0...`.H.e.....0...`.H.e.....0...`.H.e.....0...`.H.e.....0...`.H.e.....0...`.H.e....%0...`.H.e.....0...`.H.e.....0...`.H.e....'0.....U.!....0...0...`.H.e.......`.H.e...'0...`.H.e.......`.H.e...*0...`.H.e....%..`.H.e...$0...`.H.e.......`.H.e.....0...`.H.e.......`.H.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3EB18C7B0A0719AAA1141CD8C5D8430A Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	2342
Entropy (8bit):	7.271019156557249
Encrypted:	false
SSDEEP:	48:hakWHuwk3teRrPVyqQEakWHuwk3teRrPVyqQi:gkxwkkr/Kkxwkkr/V
MD5:	6D3B82B83C29FFFDD4EBA47BE280290E
SHA1:	AC5FAF8CFBB8C238B89AEEFA1F8867782A086D58
SHA-256:	8DBBDD5E0DB08DEED15C48B14367E7DF1BC5068707355626AF0F8CFB470BF9EF
SHA-512:	58351E69ED630012F178251D36AFA3A3586D8EF169C9214883260605C860A44875C6B6178033009DA4BF8F1BC9A5178F25F585FB22E5281F44CE462256880E6A
Malicious:	false
Reputation:	low
Preview:	0...0..w........,0....H........0[1.0...U....US1.0...U....U.S. Government1.0...U....DoD1.0...U....PKI1.0...U....DoD Root CA 30...161122135128Z..221123135128Z0Z1.0...U....US1.0...U....U.S. Government1.0...U....DoD1.0...U....PKI1.0...U....DOD SW CA-540.."0....H.............0.........L'j?.g5.....k1..:c.r.......z..?..p2_{%.;......,.1.TB...[....7..\|.%..XX{.G;.E......Kj..7s.N.<....4b......ze;[...........S\|s...B...)...rPk..U...Q.....s.......%...m.p.y.l..oM.P.P....u.....P. .Y.r.z..a....6c.............T./f.]oX.......O.Z...{..........\0..X0...U.#..0...l...w..r..z.....f.E.0...U........(.,...t&......U.y.0...U...........0=..U. .6040...`.H.e...$0...`.H.e...'0...`.H.e...0...`.H.e...;0...U.......0.......0...U.$..0....07..U...00.0,..(.&http://crl.disa.mil/crl/DODROOTCA3.crl0l..+........`0^0:..+.....0...http://crl.disa.mil/issuedto/DODROOTCA3_IT.p7c0 ..+.....0...http://ocsp.disa.mil0....H.............d]8.$.n.%..h.Z.f..T.9.Fb&C}.?.d.6..x...sz...p.......dbs9.....(,....CC.9_=..A.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4CCD903D73EB7EFE434F6D744EEFC5A3 Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	11948
Entropy (8bit):	7.0146207866693135
Encrypted:	false
SSDEEP:	192:9OBiYIFTaTzTIYEIRglV6MQ1ZbTOBiYIFTaTzTIYEIRglV6MQ1ZbJ:9LTKREe1ZPLTKREe1Zd
MD5:	B8B7C7DFAA295310349F77C9C9EF6D6A
SHA1:	999D1D214C90BA26D92DE17A02E4208284D789BE
SHA-256:	2B6C767E9DBACBF57D683630072B5DDB7D5E5A28522F21F5C797E4E5234BD35C
SHA-512:	638257B07F32A7137475DDD72703119ABC1358E7660E67833429623CCDB6F8E4A44E0C0C62F77A5855C41F1896E538E06E9C4A8A0A9582C57BD9EC27CEA5692B
Malicious:	false
Reputation:	low
Preview:	0..R...H.........C0..?...1.0....H.........'0...0............0A..h.U..ga6 U-0....H........0..1.0...U....US1'0%..U....Carillon Federal Services Inc.1"0 ..U....Certification Authorities1,0..U...#Carillon Federal Services PIV-I CA20...200501193504Z..210506193504Z0O1.0...U....US1.0...U....TSCP Inc.1.0...U....CAs1.0...U....TSCP SHA256 Bridge CA0.."0...*.H.............0.........Y.....g....o..b..m..9._.>.g....0....U..N._...:8...f...r.#QH.Dg+..n....B[....X....O&...4..........>....X.".....6...W.\|...?.d..5.......B..AZ..w.....f.&k.{.9..Xt.$.t~......(.`j.FJQhJ...k..}u<.a8..wt..$..%.].#$...g.U.Z{.....O.....4..0.....8&..Js..........0...0...U.......0....0...U...........0~..+........r0p0=..+.....0..1http://pub.carillonfedserv.com/CAcerts/CFSCA2.p7c0/..+.....0..#http://pub.carillonfedserv.com/ocsp0>..U...70503.1./.-http://pub.carillonfedserv.com/CRL/CFSCA2.crl0..%..U. ....0...0...+......&...0...+......&...0...+......&...0...+......&...0....+......&...0..0A..+........5https://pub.carill

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Microsoft Cabinet archive data, 58596 bytes, 1 file
Category:	dropped
Size (bytes):	58596
Entropy (8bit):	7.995478615012125
Encrypted:	true
SSDEEP:	1536:J7r25qSSheImS2zyCvg3nB/QPsBbgwYkGrLMQ:F2qSSwIm1m/QEBbgb1oQ
MD5:	61A03D15CF62612F50B74867090DBE79
SHA1:	15228F34067B4B107E917BEBAF17CC7C3C1280A8
SHA-256:	F9E23DC21553DAA34C6EB778CD262831E466CE794F4BEA48150E8D70D3E6AF6D
SHA-512:	5FECE89CCBBF994E4F1E3EF89A502F25A72F359D445C034682758D26F01D9F3AA20A43010B9A87F2687DA7BA201476922AA46D4906D442D56EB59B2B881259D3
Malicious:	false
Reputation:	low
Preview:	MSCF............,...................I........T........bR. .authroot.stl...s~.4..CK..8T....c_.d....A.K......&.-.J...."Y...$E.KB..D...D.....3.n..u.............\|..=H4..c&.......f.,..=..-....p2.:..`HX......b.......Di.a......M.....4.....i..}..:~N.<..>..V..CX......B......,.q.M.....HB..E~Q...)..Gax../..}7..f......O0...x..k..ha...y.K.0.h..(....{2Y.].g...yw..\|0.+?.`-../.xvy..e......w.+^...w\|.Q.k.9&.Q.EzS.f......>?w.G.......v.F......A......-P.$.Y...u....Z..g..>.0&.y.(..<.].`>... ..R.q...g.Y..s.y.B..B....Z.4.<?.R....1.8.<.=.8..[a.s.......add..).NtX....r....R.&W4.5]....k.._iK..xzW.w.M.>,5.}..}.tLX5Ls3_..).!..X.~...%.B.....YS9m.,.....BV`.Cee.....?......:.x-.q9j...Yps..W...1.A<.X.O....7.ei..a\.~=X....HN.#....h,....y...\.br.8.y"k).....~B..v....GR.g\|.z..+.D8.m..F .h............ItNs.\....s..,.f`D...]..k...:9..lk.<D....u...........[...*.wY.O....P?.U.l....Fc.ObLq......Fvk..G9.8..!..\T:K`.......'.3......;.u..h...uD..^.bS...r........j..j .=...s .FxV....g.c.s..9.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\92B4E4A7AF9423521FFED0DEDEE45E6C Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	2678
Entropy (8bit):	7.2151403986024105
Encrypted:	false
SSDEEP:	48:3CakE0/akWBhMsoI1fe0fgXfoV6ZsAWvuNak+y0CakWBhMsoI18WW1bqplsoVKpx:3DkUkKhAIE0YXTXWv5kGkKhAI6WyGpg7
MD5:	F424D34156A7546A06265F49032CC83A
SHA1:	AE531100FD3F7A464FB95EA341B333DA124F6ABD
SHA-256:	160A85CE2C392C2AA9D45450E0A4BB598FA9815CCD97648A6C4F680DD58B4F3F
SHA-512:	26F36A7C722EAD0C1ACC150B9993D41ED597C351EF7605F2FF060FA79372122DC09ADCFE44C852244F971DD48C9141CA45473A9DC44B610C32FC0F2BC7BB5807
Malicious:	false
Reputation:	low
Preview:	0..r...H.........c0.._...1.0....H.........G0..0...........f0....H........0l1.0...U....US1.0...U....U.S. Government1.0...U....DoD1.0...U....PKI1'0%..U....DoD Interoperability Root CA 20...190122152256Z..220122152256Z0[1.0...U....US1.0...U....U.S. Government1.0...U....DoD1.0...U....PKI1.0...U....DoD Root CA 30.."0....H.............0...........r..Kp........6.:R..0.R..G ...u.dn..`#..f@...h.QhI7.Y2M..C'.@.:....C......vs^..#[.?.......@... .L'Zy6..7!..Z....U.o1).r...HQ..7.5.o..........#m1.(xe..bR..}..]T....+.#T..L.t@;..E.g\..W....-............6.:%/.}.<....Y..:......;s4o....._..?..............0...0...U.#..0.........+y.A.v\,....x0...U.......0....0...U...........0G..U...@0>0<.:.8.6http://crl.disa.mil/crl/DODINTEROPERABILITYROOTCA2.crl0...U......l...w..r..z.....f.E.0\|..+........p0n0J..+.....0..>http://crl.disa.mil/issuedto/DODINTEROPERABILITYROOTCA2_IT.p7c0 ..+.....0...http://ocsp.disa.mil0Z..U. .S0Q0...`.H.e...$0...`.H.e...'0...`.H.e...0...`.H.e.....0...`.H.e.....0...`.H.e...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\004E57B65F99837F48C0700F1E6CC681 Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	modified
Size (bytes):	282
Entropy (8bit):	3.055560822389197
Encrypted:	false
SSDEEP:	3:kkFklfz/XfllXlE/u+e7ldlll1aMKxtDolNWFIwILqyt+61MbA+6lklLdS0HnOl5:kKsrrllKbc8F/ImR0ME+rS3eMalAl5t
MD5:	D9ABFF3A50DFBFDE7431311664DE1576
SHA1:	58D3ABC0C82BC6E781D5D160B32ECE3F3E9DA53C
SHA-256:	D32B990C7B6AF2D4BE049671B7F618EDE3DAF3DB953E5015029A53E64BFFF16A
SHA-512:	83EB960193DB957AF9C6728E3C10094ABAABEC38FFDA6571D12615B250E6C30A49B2571317421EE815D200A48D8A2FDD0BB5E1E3162FF486E576B77F0863256A
Malicious:	false
Reputation:	low
Preview:	p...... ....~...W{Y.h2..(....................................................... ...................(...........Z"..h.t.t.p.:././.p.k.i...s.t.r.a.c...o.r.g./.b.r.i.d.g.e./.c.e.r.t.i.f.i.c.a.t.e.s./.S.T.R.A.C.B.r.i.d.g.e.R.o.o.t.C.A...p.7.c...".1.e.4.1.a.3.e.e.d.1.d.e.d.5.1.:.0."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0192D13C45C9AB89127886822889A616 Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	680
Entropy (8bit):	3.3661563829433523
Encrypted:	false
SSDEEP:	12:vQlhMN42l2myuqwpOvHwIjQlhMN42l2myuqwpOvHwIz:vDNnyuqfzDNnyuqfD
MD5:	DEC6D62C7E60DF6767BEDC47D777674C
SHA1:	24998C91C77CBA55D8EDA4F443012D3B600FC9FE
SHA-256:	EAF81967F526103D18677A35AF3F11EA8D8D2D8F6A25EC2925E4AA7260AC858F
SHA-512:	FD2B7B43C47B717B1DF809A6D7DCA557260BE89A33244B254EF4A7CDD77384FCDB630216350AA7C9EB25EE89F442CDDBD897B4B06772B0D13938197DDDD776EA
Malicious:	false
Reputation:	low
Preview:	p...... ........an..h2..(....................................................... .........#.\...Q..V...........K...h.t.t.p.:././.c.r.l...d.i.s.a...m.i.l./.i.s.s.u.e.d.t.o./.U.S.D.O.D.C.C.E.B.I.N.T.E.R.O.P.E.R.A.B.I.L.I.T.Y.R.O.O.T.C.A.2._.I.T...p.7.c...".8.D.6.2.4.D.5.E.1.F.C.8.0.C.B.5.B.F.3.A.D.9.5.E.5.4.3.5.0.F.C.B.0.8.5.A.7.3.C.5."...p...... ........an..h2..(....................................................... .........#.\...Q..V...........K...h.t.t.p.:././.c.r.l...d.i.s.a...m.i.l./.i.s.s.u.e.d.t.o./.U.S.D.O.D.C.C.E.B.I.N.T.E.R.O.P.E.R.A.B.I.L.I.T.Y.R.O.O.T.C.A.2._.I.T...p.7.c...".8.D.6.2.4.D.5.E.1.F.C.8.0.C.B.5.B.F.3.A.D.9.5.E.5.4.3.5.0.F.C.B.0.8.5.A.7.3.C.5."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05762D5FA3F6598254134AC9682E08F4 Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	532
Entropy (8bit):	3.2269132061645687
Encrypted:	false
SSDEEP:	12:r/IkL3/OdpwFNtktuSKVyOdpwFNtktuSKz:zIkL3ip6/ktuSYyKp6/ktuS8
MD5:	9913ACE52DF62C82ECE4B9D8B134AB7B
SHA1:	B76B587507C7DD543F194E474D08C73A9D1FD677
SHA-256:	1548FCFCAFF975A51139404CB5C2E05522898BE50EA03B8EFE9D529963E2857E
SHA-512:	CBDDC5E8AAA0F7C47F2EF7A326F7085CABD75DB93DE24E20EC65FF4C504CC9F434EE45DA330165310270D30D9ACFD7A5820BA6AAC4D0B9D37D6CCDC0A1AAC54A
Malicious:	false
Reputation:	low
Preview:	p...... ....l.......h2..(....................................................... ........./e-.. ........OR.....,..h.t.t.p.:././.r.e.p.o...f.p.k.i...g.o.v./.b.r.i.d.g.e./.c.a.C.e.r.t.s.I.s.s.u.e.d.T.o.f.b.c.a.g.4...p.7.c...".2.c.8.a.-.5.b.f.8.d.6.f.7.8.4.4.4.0."...p...... ....l...C...h2..(....................................................... ........./e-.. ......~b......,..h.t.t.p.:././.r.e.p.o...f.p.k.i...g.o.v./.b.r.i.d.g.e./.c.a.C.e.r.t.s.I.s.s.u.e.d.T.o.f.b.c.a.g.4...p.7.c...".2.c.8.a.-.5.b.f.8.d.6.f.7.8.4.4.4.0."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07D9B6BD3671FEA6AAF5B49151819D29 Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	656
Entropy (8bit):	3.3497903198617016
Encrypted:	false
SSDEEP:	12:pCI4rlnR2MNumCqwTpInsd6bCI4rlnR2MNumCqwTpInsd6/:pVCN6qoIn9bVCN6qoIn9/
MD5:	71DE166D0D2B2B0A152DD9342C8CC7D8
SHA1:	CCD78852E407F479D1693E186782DBDB4B076B9C
SHA-256:	FD258ED542F6C913374DC03541FC6BCA4E3134B665C7BFA0152F7EB889C2E568
SHA-512:	F25468AC53A3A8C62155EB647EDF12B84AB24EBA726FB148024DB634606AE3A0963A9677701DF3BE8B4AD5DC3E7A08C120D287414DADADE4BC9594D3D0A154A6
Malicious:	false
Reputation:	low
Preview:	p...... ....~.......h2..(....................................................... ...........\...Q..V...........-...h.t.t.p.:././.c.r.l...d.i.s.a...m.i.l./.i.s.s.u.e.d.t.o./.D.O.D.I.N.T.E.R.O.P.E.R.A.B.I.L.I.T.Y.R.O.O.T.C.A.2._.I.T...p.7.c...".0.0.E.4.0.A.6.5.A.1.8.6.A.6.6.4.E.A.E.6.D.1.4.5.9.2.D.0.3.6.A.5.5.A.E.9.7.F.D.1."...p...... ....~...9Z..h2..(....................................................... ...........\...Q..V...........-...h.t.t.p.:././.c.r.l...d.i.s.a...m.i.l./.i.s.s.u.e.d.t.o./.D.O.D.I.N.T.E.R.O.P.E.R.A.B.I.L.I.T.Y.R.O.O.T.C.A.2._.I.T...p.7.c...".0.0.E.4.0.A.6.5.A.1.8.6.A.6.6.4.E.A.E.6.D.1.4.5.9.2.D.0.3.6.A.5.5.A.E.9.7.F.D.1."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3EB18C7B0A0719AAA1141CD8C5D8430A Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	564
Entropy (8bit):	3.1890360612633852
Encrypted:	false
SSDEEP:	12:ea19ln3lmB2oM8dxEl7lN/a19ln3lmB2oM8dxEl7lW:esXIAoVdxKhN/sXIAoVdxKhW
MD5:	EA380E830ECB258B1AA51239DE7FB84C
SHA1:	878DD2B785CB2BED11BE2EF28CB974727C4C3315
SHA-256:	949D576A27661BEECEE31B7D14D26EF567476ECFC0C11D9AA268302527EF8E57
SHA-512:	084E177DD4CB677BA5AD3BE078A0CB607FB6EDE7D82EEBB1E213A48B11993278CD6EC040492737C819E4B33E7CBCBB45BAD536A90238653820835032F492075E
Malicious:	false
Reputation:	low
Preview:	p...... ....P.....L.h2..(....................................................... ........p...D...Q..V...............h.t.t.p.:././.c.r.l...d.i.s.a...m.i.l./.s.i.g.n./.D.O.D.S.W.C.A._.5.4...c.e.r...".2.F.F.5.D.6.9.4.F.0.5.4.8.B.8.8.C.0.3.7.D.C.2.F.6.2.B.9.B.8.4.9.B.D.A.2.D.F.C.E."...p...... ....P...%...h2..(....................................................... ........p...D...Q..V...............h.t.t.p.:././.c.r.l...d.i.s.a...m.i.l./.s.i.g.n./.D.O.D.S.W.C.A._.5.4...c.e.r...".2.F.F.5.D.6.9.4.F.0.5.4.8.B.8.8.C.0.3.7.D.C.2.F.6.2.B.9.B.8.4.9.B.D.A.2.D.F.C.E."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4CCD903D73EB7EFE434F6D744EEFC5A3 Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	504
Entropy (8bit):	3.0768516116662443
Encrypted:	false
SSDEEP:	6:kKdz+li9ldCgilKH+IwUQo1ByJKDFz+li9ldCgilKH+IwUQo1Byo:F5Egila3p/1Uk5Egila3p/1Uo
MD5:	89AC8348DDA153E48E3BE5834EE5D8A3
SHA1:	47D1C923EFF18DB1CFD2704B8FB03778F3CE41EA
SHA-256:	F83E004411AE34F094BAE03CBED95C80C783DC1EA5E8FF768C8578DFDFA55D6D
SHA-512:	7E291983486537525786DC56DB9660EAAEA73109145C9BF6DC1CA3664D6C7D6484358426B43E3D0ADBB9813877ECF0224255EB11F3B4A03A629DC7DECF61F9C7
Malicious:	false
Reputation:	low
Preview:	p...... ....n...mW..h2..(....................................................... ..........`."...:..............V...h.t.t.p.:././.t.s.c.p.-.a.i.a...s.y.m.a.u.t.h...c.o.m./.I.s.s.u.e.d.T.o.-.t.s.c.p.b.c.a.s.h.a.2.5.6...p.7.c...".4.0.8.5.7.9.6.9.1.4."...p...... ....n.......h2..(....................................................... ..........`."...:..............V...h.t.t.p.:././.t.s.c.p.-.a.i.a...s.y.m.a.u.t.h...c.o.m./.I.s.s.u.e.d.T.o.-.t.s.c.p.b.c.a.s.h.a.2.5.6...p.7.c...".4.0.8.5.7.9.6.9.1.4."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	326
Entropy (8bit):	3.11466556781601
Encrypted:	false
SSDEEP:	6:kKGHlywTJ6YN+SkQlPlEGYRMY9z+4KlDA3RUe0ht:uFywTJ6HkPlE99SNxAhUe0ht
MD5:	8566DB40C5F235CAD7799C6938C38EA2
SHA1:	45B1AE338BCD9D3A248443A328B9A23CFC1E7134
SHA-256:	154B29CA1B2D0F71A6592DE715834DE44B486B2C1106474D7246D6B1F80B66E5
SHA-512:	B386180B16D07C1066F14F90991EFA927FA59783F5A6CEAFBECDBF5A50496B73F862E467F9BDF86977E99A546F0415A01396B498483EE27B260B3DAE1BA6C010
Malicious:	false
Reputation:	low
Preview:	p...... ............h2..(....................................................... ...................$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.d.8.f.4.f.3.f.6.f.d.7.1.:.0."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\92B4E4A7AF9423521FFED0DEDEE45E6C Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	3.2393977152987743
Encrypted:	false
SSDEEP:	3:kkFklg+azllXfllXlE/dDzOlz/l7hD8x3eJ1tTD7a3QnbxlRTHVIdTklURl39lUL:kKZDllSmRlEMtnuAbVZIylC9lUwdGhh
MD5:	0EEDDA9D3C5F56E26DC48404109F2C2C
SHA1:	4CCAAAE232FAC8189D6ABEDB5B8CD27C7E4DB3F5
SHA-256:	02966996A8F2ACE506EB31D1ECCBF0ED6AA17672CC29549B30955C30768F5A3D
SHA-512:	CB32A86369C9C7A9FA8D92CDEFC215BDED5489F711175CF795B458D6AFD0B85A601675845A6CF8ADEA6078A1365B3445A7C2114E88D736D31F6909B738826684
Malicious:	false
Reputation:	low
Preview:	p...... ....^...C.U.h2..(....................................................... ........x..F....Q..V...........v...h.t.t.p.:././.c.r.l...d.i.s.a...m.i.l./.i.s.s.u.e.d.t.o./.D.O.D.R.O.O.T.C.A.3._.I.T...p.7.c...".F.A.5.9.4.F.7.3.0.6.2.1.9.4.A.3.A.A.7.E.9.B.5.9.6.E.2.5.2.9.4.5.2.5.9.7.8.2.3.F."...

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{45CF7CBA-9E5B-11EB-90E6-ECF4BB82F7E0}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8532784143208823
Encrypted:	false
SSDEEP:	192:rFZcpZhk25fWvetxifMpHzMHPBq1D5sfQpWjX:rLc/hz5uveOdZ28J
MD5:	2631DAF4AC5B2A4BDFBFC633F8F1CAC1
SHA1:	9B7E4CBB3F3907F4257B5E6A312D799CE9F7B29E
SHA-256:	371ED28A4A32CA91A2A268EB0149ACE8C41F2A654AA106841DEA72B74EBD4A4E
SHA-512:	65E79A21BFC4474A59B9A909A205254788DAF7B24963DC244E0B3DBF52E1678FEA62D5E6C51623D6861AFCA56D1A9870800ED89586D43294FD10F1A9C13D1CF8
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{45CF7CBC-9E5B-11EB-90E6-ECF4BB82F7E0}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	24208
Entropy (8bit):	1.6365163764091282
Encrypted:	false
SSDEEP:	48:IwCGcprnGwpaQMG4pQW+GrapbSMGQpBiGHHpcnTGUp8qGzYpm+XGopFkkgoGCXpm:r2ZxQB6bBSEj52xWWMSrAWg
MD5:	D30FE6F44C0340A66DCF56DDFFE29B97
SHA1:	7768F345401619AF55EC57F3B03CEC4E3656630C
SHA-256:	EA2617C7E8F8695D30128D606A67DF69EFB535AD36005E8CC9DDFE6EAE87FB03
SHA-512:	BD85504D333C30FB7D2CD6D22B932E87D8535E09DE45129743A98468AEA50F9D85D29A5CAF15E8F25A5EA1DD6AAB4FC6F433AFC90F73C13133DEB840A8CBEC57
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4C520720-9E5B-11EB-90E6-ECF4BB82F7E0}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.563909790018671
Encrypted:	false
SSDEEP:	48:Iw5GcprQGwpan1G4pQxnGrapbSSGQpKxG7HpR+TGIpG:rfZ4Qn6tBS6AgT6A
MD5:	260D19692FF9D29C3EBB07448AA83A16
SHA1:	5186DAF1ACF2D86125E69469C582EB0AC22D770A
SHA-256:	A4AA8858A9A67B293781672729E8CD441BB7216619309A4A28D27A7DC4138111
SHA-512:	568058AA0B29D1C77435ECA4DF91D224169D066A5E54F2807D45A43857BF72EBD8A51588BB398F532E7AD640BA176C1859EB26E341B4941530A19BDE15B64B58
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\newErrorPageTemplate[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1612
Entropy (8bit):	4.869554560514657
Encrypted:	false
SSDEEP:	24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk
MD5:	DFEABDE84792228093A5A270352395B6
SHA1:	E41258C9576721025926326F76063C2305586F76
SHA-256:	77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
SHA-512:	E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/newErrorPageTemplate.css
Preview:	.body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\shieldcheck[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 4 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	17542
Entropy (8bit):	5.098535207562026
Encrypted:	false
SSDEEP:	192:y0lg+tOJclE3toiTKNJP8TWhmikcl9DppA2ecyg39u3RwXx1hWrERtSb:yEtOJ5NS0TSkEVeKKRwXxTWriSb
MD5:	7AC3FA54ED226CA44CEB994249E5C306
SHA1:	5FB7BE5D722DA876F62F0ADEF5C9A7D86D05688C
SHA-256:	AA2C5D165A9D1C383EB954B2BAFD118B6FE5200AA7EE3D83501D6F08149B825F
SHA-512:	B64351D281939F5B65C9BF0076C228182B86BDAC09959B8B2D530919AA747C840779EEA877B99938F2D33F359BB766095940974606D18C56B574B4691AE81BFF
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/shieldcheck.ico
Preview:	......00.... ..%..F... .... ......%........ ......6........ .h....@..(...0...`..... ................................................................................................................................................................................................................................................................................................................'...+...,...,...)...!...............................................................................................................................................................&OOO.XXX.\\\.[[[.[[[.WWW.LLL....c...0...&................................................................................................................................................YYY.nnn.............................XXX.TTT. S...-....................................................................................................................................;;;4ddd...........................................XXX.@@@...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\down[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	748
Entropy (8bit):	7.249606135668305
Encrypted:	false
SSDEEP:	12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
MD5:	C4F558C4C8B56858F15C09037CD6625A
SHA1:	EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
SHA-256:	39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
SHA-512:	D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/down.png
Preview:	.PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?\|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\invalidcert[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2865
Entropy (8bit):	5.408065735824215
Encrypted:	false
SSDEEP:	48:mPntofz4/i5DjktylVDJltwNWwzyRpigHAQLWnMxTUfMAbitRpigWYTGJywzwy/z:SE4a5HlVDJANSpiCWn5fmpiee1
MD5:	B8889E2796DD23C19DAA9BD263AE3C26
SHA1:	3B0E097ADED1C821665DA56D72909A7DB5B922E4
SHA-256:	8772217BBD9517BE03DD209D1323FC2D46108D39C97DF590F2C05BF53A173C7C
SHA-512:	24591C6428A90ACD22688989ED340068A3D977B2F7280D8BD002A6A43FBD1C22203FC34D24E1A3D7C6AAC7865BE36C50223563CDE31CED36F4324C5AF05016FB
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/invalidcert.js
Preview:	...function CertError()..{..error = '0';..DocQuery=document.location.search;..BeginError = DocQuery.indexOf("SSLError=");..if (BeginError > 0)..{..BeginError += 9;..EndError = DocQuery.indexOf("&", BeginError);..if (EndError > 0)..{..error = DocQuery.substring(BeginError,EndError);..}..else..{..error = DocQuery.substring(BeginError);..}..}..return error;..}..function PreventIgnoreCertErrors()..{..Policy = '0';..DocQuery=document.location.search;..BeginPolicy = DocQuery.indexOf("PreventIgnoreCertErrors=")+24;..if (BeginPolicy > 0)..{..EndPolicy = DocQuery.indexOf("&", BeginPolicy);..if (EndPolicy > 0)..{..Policy = DocQuery.substring(BeginPolicy,EndPolicy);..}..else..{..Policy = DocQuery.substring(BeginPolicy);..}..}..return Policy;..}..function closePage() {..window.close();..}..function BodyLoad()..{..var iError = CertError();..var iPolicy = PreventIgnoreCertErrors();..var sRealPageUrl = RealPageURL();..var iCertUnknownCA = 16777216;..var iCertExpired = 67108864;..var iCertCNMismatch

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\httpErrorPagesScripts[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	12105
Entropy (8bit):	5.451485481468043
Encrypted:	false
SSDEEP:	192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
MD5:	9234071287E637F85D721463C488704C
SHA1:	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
SHA-256:	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
SHA-512:	87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/httpErrorPagesScripts.js
Preview:	...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)\|ftp\|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\invalidcert[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2747
Entropy (8bit):	4.6225918717514975
Encrypted:	false
SSDEEP:	48:u7IEcY3V4VboHFmpsAgXtRkpNc7KaAkOtjH9gl:MioHsUXEG7XrOtul
MD5:	B57B31E5FF628B5C319C902C1388164D
SHA1:	33E30D7CC1BC64D8C966B65F8701A3473CBF9A40
SHA-256:	5F6258FE7C308635635E500903D767572372A0AEA4947C1A4BD61B4687F14036
SHA-512:	077B400E107BD83A18AE46416658AD36561B2FEB87D967A957D8E67DDCB34AF83D198C5C1C422EC80803CC8B3DD70A788DD983F275B78B937FF3ECF89919C378
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/invalidcert.htm?SSLError=16777216
Preview:	.<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="newErrorPageTemplate.css">.. <meta http-equiv="x-ua-compatible" content="IE=edge">.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>This site isn’t secure</title>.... <script src="invalidcert.js" language="javascript" type="text/javascript">.. </script>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.. <body onLoad="BodyLoad(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="invalidcert_mainTitle" class="title" style="color: #a90000;">This site is not secure</div>.. <div id="invalidcert_subError" class="BodyTextBlockStyle">.. This might mean that someon

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\errorPageStrings[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	4720
Entropy (8bit):	5.164796203267696
Encrypted:	false
SSDEEP:	96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
MD5:	D65EC06F21C379C87040B83CC1ABAC6B
SHA1:	208D0A0BB775661758394BE7E4AFB18357E46C8B
SHA-256:	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
SHA-512:	8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/errorPageStrings.js
Preview:	.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\shieldcritical[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 12 icons, 48x48, 16 colors, 32x32, 16 colors
Category:	downloaded
Size (bytes):	29926
Entropy (8bit):	5.629688416465816
Encrypted:	false
SSDEEP:	768:2ztZurROSBfIWD9UAv5OUcl2RCaNZ383b/gmBXqPsdEL:ld1mWJbROUclm9L8romBXqPbL
MD5:	A6696B2897CA69CFE271504ADCC37E72
SHA1:	ABD3EA2B0D0A345E148A8F3503C1C30D221EE98B
SHA-256:	F0F08719B27A039C0E9D402AD84AFC2CD8E6E9072A7D90FA0F8E33F47B9F7CEA
SHA-512:	857DBBBC33551CCBF63BFCD2DD03DEB8FE67E85B7753C31A82BC57028139692466D843AB1288896007CBD0BA994DDF1C80C0ACEDF1763EED0D0FC29F5AF2847B
Malicious:	false
Reputation:	low
IE Cache URL:	res://ieframe.dll/shieldcritical.ico
Preview:	......00......h....... ......................................(.......00..........&... ..........................v$..........h...>+..00.... ..%...0.. .... .....NV........ ......f........ .h...~p..(...0...`..............................................................................................."""""""""""""""""""""""""""""""""""""""""""""""""""""""""'www"""""""""""""""""""'x...w""""""""""""""""""w.....w""""""""""""""""'.......r"""""""""""""""x.w.....w""""""""""""""'...yyyy..r"""""""""""""x.........w""""""""""""'..yy......."""""""""""".....q.Y9y..r"""""""""""x..q........w""""""""""'.............""""""""""..............r"""""""""..y...........w""""""""(.y..q.....y..x.""""""""'...........y...r"""""""...Y..q.........r"""""""..yx...........xr""""""".yy....q.......x.""""""(...y.............""""""(...y....x.....y..""""""(...........y.y.w.r"""""(...y.............r"""""...yy......y..Y5..r"""""...........q...Y..r"""""..............915.r"""""............q.....r"""""..................r"""""

C:\Users\user\AppData\Local\Temp\~DF11EFF2197EADE752.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	modified
Size (bytes):	25441
Entropy (8bit):	0.3896561746652212
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAYSrPDjcOfb:kBqoxxJhHWSVSEabYSrPDQrNvXvN/O
MD5:	657F374CE750980EC1B1C36F51ED1F20
SHA1:	3B95BC94D12E9D3BB80EBE7EB7234601AE0B43E0
SHA-256:	EB1B65A26C54F8FEEEDBCB78BC46F3D9E3819D7C7EDEF8E2F4E0ABA2F9073E87
SHA-512:	F261A02103EDE4BDA9160ACEA36DB406A680667E60961F1F77D1252EF181B6C7F297E5E06BC6051B841E839E9C58CCAE49B0657FA04A5F9B2591B09AB237091E
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF6B7D3C5DEAF48CCD.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	34401
Entropy (8bit):	0.356880123050665
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwxD29lwxFc9l2xM9l25:kBqoxKAuvScS+vRT6+I+Hkkf
MD5:	579C1DF5AC23B418D5A6DFDD460F9A95
SHA1:	9C4021CE122E322123BB9C762CB22D292072EC4A
SHA-256:	F553D5DA75D320F1F5445C9CBCD33443C44CBA4D366ADF181BE94F65465E1653
SHA-512:	D883DA7D5D7178E48847C106716D0296A6FE819B36F9BCACBA302C517ED5B44D5E4B7B83A7740C8A1587B60D80DD566535B4481486B1F059EF8E72C19A74239F
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF997E2E9D72C1F602.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.48184464067967564
Encrypted:	false
SSDEEP:	12:c9lCg5/9lCgeK9l26an9l26an9l8fR49l8fRI9lTqaSXQ7:c9lLh9lLh9lIn9lIn9lo49loI9lWakW
MD5:	94C5DD0BF29C315F4EF74BFF44D61348
SHA1:	1BCB79E873BAFC4EEC7DEFD84D8DC59CEC9CA180
SHA-256:	71BEB13892B8A5D95D9852FC0FEE46B7682C85CBC8134A2D3ADDC41E6B8E0B5A
SHA-512:	9C670DCCEB6EC676EE321EADA8A7B357DE775C137849FB3CE6C883697690EDF61150B27F12DDCF0ACA566ED28DCE92641374C4A553D67FDA31D7361A90F639A3
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 15, 2021 19:27:25.314497948 CEST	49696	443	192.168.2.7	205.85.30.125
Apr 15, 2021 19:27:25.314543009 CEST	49697	443	192.168.2.7	205.85.30.125
Apr 15, 2021 19:27:25.508586884 CEST	443	49696	205.85.30.125	192.168.2.7
Apr 15, 2021 19:27:25.508622885 CEST	443	49697	205.85.30.125	192.168.2.7
Apr 15, 2021 19:27:25.508791924 CEST	49696	443	192.168.2.7	205.85.30.125
Apr 15, 2021 19:27:25.508850098 CEST	49697	443	192.168.2.7	205.85.30.125
Apr 15, 2021 19:27:25.550424099 CEST	49697	443	192.168.2.7	205.85.30.125
Apr 15, 2021 19:27:25.551069021 CEST	49696	443	192.168.2.7	205.85.30.125
Apr 15, 2021 19:27:25.746304989 CEST	443	49697	205.85.30.125	192.168.2.7
Apr 15, 2021 19:27:25.746350050 CEST	443	49697	205.85.30.125	192.168.2.7
Apr 15, 2021 19:27:25.746429920 CEST	49697	443	192.168.2.7	205.85.30.125
Apr 15, 2021 19:27:25.746471882 CEST	49697	443	192.168.2.7	205.85.30.125
Apr 15, 2021 19:27:26.043972969 CEST	49696	443	192.168.2.7	205.85.30.125
Apr 15, 2021 19:27:26.240171909 CEST	443	49696	205.85.30.125	192.168.2.7
Apr 15, 2021 19:27:26.240199089 CEST	443	49696	205.85.30.125	192.168.2.7
Apr 15, 2021 19:27:26.240474939 CEST	49696	443	192.168.2.7	205.85.30.125
Apr 15, 2021 19:27:27.642443895 CEST	49702	80	192.168.2.7	13.32.240.46
Apr 15, 2021 19:27:27.643280983 CEST	49703	80	192.168.2.7	13.32.240.46
Apr 15, 2021 19:27:27.690093994 CEST	80	49702	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.690210104 CEST	49702	80	192.168.2.7	13.32.240.46
Apr 15, 2021 19:27:27.690902948 CEST	49702	80	192.168.2.7	13.32.240.46
Apr 15, 2021 19:27:27.691783905 CEST	80	49703	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.691904068 CEST	49703	80	192.168.2.7	13.32.240.46
Apr 15, 2021 19:27:27.692351103 CEST	49703	80	192.168.2.7	13.32.240.46
Apr 15, 2021 19:27:27.738490105 CEST	80	49702	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.739906073 CEST	80	49703	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.742712021 CEST	80	49702	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.742753983 CEST	80	49702	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.742780924 CEST	80	49702	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.742808104 CEST	80	49702	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.742815018 CEST	49702	80	192.168.2.7	13.32.240.46
Apr 15, 2021 19:27:27.742835045 CEST	80	49702	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.742857933 CEST	49702	80	192.168.2.7	13.32.240.46
Apr 15, 2021 19:27:27.742863894 CEST	80	49702	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.742892027 CEST	80	49702	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.742914915 CEST	49702	80	192.168.2.7	13.32.240.46
Apr 15, 2021 19:27:27.742921114 CEST	80	49702	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.742949963 CEST	80	49702	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.742995024 CEST	49702	80	192.168.2.7	13.32.240.46
Apr 15, 2021 19:27:27.770979881 CEST	80	49703	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.771027088 CEST	80	49703	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.771056890 CEST	80	49703	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.771085024 CEST	80	49703	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.771110058 CEST	80	49703	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.771135092 CEST	49703	80	192.168.2.7	13.32.240.46
Apr 15, 2021 19:27:27.771137953 CEST	80	49703	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.771163940 CEST	80	49703	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.771189928 CEST	80	49703	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.771193981 CEST	49703	80	192.168.2.7	13.32.240.46
Apr 15, 2021 19:27:27.771236897 CEST	80	49703	13.32.240.46	192.168.2.7
Apr 15, 2021 19:27:27.771262884 CEST	49703	80	192.168.2.7	13.32.240.46
Apr 15, 2021 19:27:27.934776068 CEST	49703	80	192.168.2.7	13.32.240.46
Apr 15, 2021 19:27:27.983948946 CEST	49697	443	192.168.2.7	205.85.30.125
Apr 15, 2021 19:27:28.130330086 CEST	49707	80	192.168.2.7	172.67.10.220
Apr 15, 2021 19:27:28.139720917 CEST	443	49697	205.85.30.125	192.168.2.7
Apr 15, 2021 19:27:28.171583891 CEST	80	49707	172.67.10.220	192.168.2.7
Apr 15, 2021 19:27:28.171713114 CEST	49707	80	192.168.2.7	172.67.10.220
Apr 15, 2021 19:27:28.172209978 CEST	49707	80	192.168.2.7	172.67.10.220
Apr 15, 2021 19:27:28.175429106 CEST	443	49697	205.85.30.125	192.168.2.7
Apr 15, 2021 19:27:28.175508022 CEST	49697	443	192.168.2.7	205.85.30.125
Apr 15, 2021 19:27:28.213222980 CEST	80	49707	172.67.10.220	192.168.2.7
Apr 15, 2021 19:27:28.390650988 CEST	80	49707	172.67.10.220	192.168.2.7
Apr 15, 2021 19:27:28.390685081 CEST	80	49707	172.67.10.220	192.168.2.7
Apr 15, 2021 19:27:28.390708923 CEST	80	49707	172.67.10.220	192.168.2.7
Apr 15, 2021 19:27:28.390732050 CEST	80	49707	172.67.10.220	192.168.2.7
Apr 15, 2021 19:27:28.390748024 CEST	49707	80	192.168.2.7	172.67.10.220
Apr 15, 2021 19:27:28.390773058 CEST	49707	80	192.168.2.7	172.67.10.220
Apr 15, 2021 19:27:28.390785933 CEST	80	49707	172.67.10.220	192.168.2.7
Apr 15, 2021 19:27:28.402982950 CEST	80	49707	172.67.10.220	192.168.2.7
Apr 15, 2021 19:27:28.403048992 CEST	80	49707	172.67.10.220	192.168.2.7
Apr 15, 2021 19:27:28.403074026 CEST	80	49707	172.67.10.220	192.168.2.7
Apr 15, 2021 19:27:28.403084040 CEST	49707	80	192.168.2.7	172.67.10.220
Apr 15, 2021 19:27:28.403142929 CEST	49707	80	192.168.2.7	172.67.10.220
Apr 15, 2021 19:27:28.419789076 CEST	49696	443	192.168.2.7	205.85.30.125
Apr 15, 2021 19:27:28.575675011 CEST	443	49696	205.85.30.125	192.168.2.7
Apr 15, 2021 19:27:28.611367941 CEST	443	49696	205.85.30.125	192.168.2.7
Apr 15, 2021 19:27:28.611476898 CEST	49696	443	192.168.2.7	205.85.30.125

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 15, 2021 19:27:15.599970102 CEST	57820	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:15.648727894 CEST	53	57820	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:16.942387104 CEST	50848	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:16.991553068 CEST	53	50848	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:17.793109894 CEST	61242	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:17.841767073 CEST	53	61242	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:19.118626118 CEST	58562	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:19.167558908 CEST	53	58562	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:20.130038977 CEST	56590	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:20.181617022 CEST	53	56590	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:21.773142099 CEST	60501	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:21.823417902 CEST	53	60501	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:22.796109915 CEST	53775	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:22.845909119 CEST	53	53775	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:23.197984934 CEST	51837	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:23.264281034 CEST	53	51837	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:24.390021086 CEST	55411	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:24.460256100 CEST	63668	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:24.508939028 CEST	53	63668	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:25.300004959 CEST	53	55411	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:25.562092066 CEST	54640	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:25.610925913 CEST	53	54640	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:26.020559072 CEST	58739	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:26.522377968 CEST	53	58739	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:26.570334911 CEST	60338	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:26.822757959 CEST	58717	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:26.882873058 CEST	53	58717	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:27.064956903 CEST	53	60338	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:27.576282978 CEST	59762	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:27.641107082 CEST	53	59762	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:27.813436031 CEST	54329	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:27.874254942 CEST	53	54329	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:27.906048059 CEST	58052	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:27.954648018 CEST	53	58052	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:28.027218103 CEST	54008	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:28.128994942 CEST	53	54008	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:28.807553053 CEST	59451	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:28.856312990 CEST	53	59451	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:29.596018076 CEST	52914	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:29.647528887 CEST	53	52914	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:30.410413027 CEST	64569	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:30.462107897 CEST	53	64569	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:31.787549019 CEST	52816	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:31.836205006 CEST	53	52816	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:33.069658041 CEST	50781	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:33.118467093 CEST	53	50781	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:34.479398966 CEST	54230	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:34.528060913 CEST	53	54230	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:35.661720991 CEST	54911	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:35.710442066 CEST	53	54911	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:36.565779924 CEST	49958	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:36.615951061 CEST	53	49958	8.8.8.8	192.168.2.7
Apr 15, 2021 19:27:43.940438032 CEST	50860	53	192.168.2.7	8.8.8.8
Apr 15, 2021 19:27:43.997816086 CEST	53	50860	8.8.8.8	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Apr 15, 2021 19:27:24.390021086 CEST	192.168.2.7	8.8.8.8	0xd9ac	Standard query (0)	myeducation.netc.navy.mil	A (IP address)	IN (0x0001)
Apr 15, 2021 19:27:26.020559072 CEST	192.168.2.7	8.8.8.8	0x72db	Standard query (0)	crl.disa.mil	A (IP address)	IN (0x0001)
Apr 15, 2021 19:27:26.570334911 CEST	192.168.2.7	8.8.8.8	0xbbbe	Standard query (0)	crl.disa.mil	A (IP address)	IN (0x0001)
Apr 15, 2021 19:27:27.576282978 CEST	192.168.2.7	8.8.8.8	0x471b	Standard query (0)	repo.fpki.gov	A (IP address)	IN (0x0001)
Apr 15, 2021 19:27:27.813436031 CEST	192.168.2.7	8.8.8.8	0xf17d	Standard query (0)	tscp-aia.symauth.com	A (IP address)	IN (0x0001)
Apr 15, 2021 19:27:28.027218103 CEST	192.168.2.7	8.8.8.8	0xbf75	Standard query (0)	pki.strac.org	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Apr 15, 2021 19:27:25.300004959 CEST	8.8.8.8	192.168.2.7	0xd9ac	No error (0)	myeducation.netc.navy.mil		205.85.30.125	A (IP address)	IN (0x0001)
Apr 15, 2021 19:27:26.522377968 CEST	8.8.8.8	192.168.2.7	0x72db	No error (0)	crl.disa.mil	crl.disa.mil.apps.gcds.disa.mil		CNAME (Canonical name)	IN (0x0001)
Apr 15, 2021 19:27:26.522377968 CEST	8.8.8.8	192.168.2.7	0x72db	No error (0)	crl.disa.mil.apps.gcds.disa.mil	crl.disa.mil.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Apr 15, 2021 19:27:27.064956903 CEST	8.8.8.8	192.168.2.7	0xbbbe	No error (0)	crl.disa.mil	crl.disa.mil.apps.gcds.disa.mil		CNAME (Canonical name)	IN (0x0001)
Apr 15, 2021 19:27:27.064956903 CEST	8.8.8.8	192.168.2.7	0xbbbe	No error (0)	crl.disa.mil.apps.gcds.disa.mil	crl.disa.mil.edgekey.net		CNAME (Canonical name)	IN (0x0001)
Apr 15, 2021 19:27:27.641107082 CEST	8.8.8.8	192.168.2.7	0x471b	No error (0)	repo.fpki.gov	d1j5ckqeil9o7.cloudfront.net		CNAME (Canonical name)	IN (0x0001)
Apr 15, 2021 19:27:27.641107082 CEST	8.8.8.8	192.168.2.7	0x471b	No error (0)	d1j5ckqeil9o7.cloudfront.net		13.32.240.46	A (IP address)	IN (0x0001)
Apr 15, 2021 19:27:27.641107082 CEST	8.8.8.8	192.168.2.7	0x471b	No error (0)	d1j5ckqeil9o7.cloudfront.net		13.32.240.57	A (IP address)	IN (0x0001)
Apr 15, 2021 19:27:27.641107082 CEST	8.8.8.8	192.168.2.7	0x471b	No error (0)	d1j5ckqeil9o7.cloudfront.net		13.32.240.121	A (IP address)	IN (0x0001)
Apr 15, 2021 19:27:27.641107082 CEST	8.8.8.8	192.168.2.7	0x471b	No error (0)	d1j5ckqeil9o7.cloudfront.net		13.32.240.61	A (IP address)	IN (0x0001)
Apr 15, 2021 19:27:27.874254942 CEST	8.8.8.8	192.168.2.7	0xf17d	No error (0)	tscp-aia.symauth.com	crl-symcprod.digicert.com		CNAME (Canonical name)	IN (0x0001)
Apr 15, 2021 19:27:28.128994942 CEST	8.8.8.8	192.168.2.7	0xbf75	No error (0)	pki.strac.org		172.67.10.220	A (IP address)	IN (0x0001)
Apr 15, 2021 19:27:28.128994942 CEST	8.8.8.8	192.168.2.7	0xbf75	No error (0)	pki.strac.org		104.22.9.226	A (IP address)	IN (0x0001)
Apr 15, 2021 19:27:28.128994942 CEST	8.8.8.8	192.168.2.7	0xbf75	No error (0)	pki.strac.org		104.22.8.226	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

repo.fpki.gov

pki.strac.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.7	49702	13.32.240.46	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Apr 15, 2021 19:27:27.690902948 CEST	275	OUT	GET /bridge/caCertsIssuedTofbcag4.p7c HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/10.0 Host: repo.fpki.gov
Apr 15, 2021 19:27:27.742712021 CEST	277	IN	HTTP/1.1 200 OK Content-Type: application/pkcs7-mime Content-Length: 11402 Connection: keep-alive Server: Apache X-Frame-Options: DENY Last-Modified: Fri, 09 Apr 2021 17:24:25 GMT Accept-Ranges: bytes Date: Thu, 15 Apr 2021 16:54:34 GMT Expires: Thu, 15 Apr 2021 16:54:34 GMT Cache-Control: max-age=7200, s-maxage=7200, must-revalidate ETag: "2c8a-5bf8d6f784440" X-Cache: Hit from cloudfront Via: 1.1 9bd09ac7aca1ea8ca6c788136a9ce480.cloudfront.net (CloudFront) X-Amz-Cf-Pop: AMS50-C1 X-Amz-Cf-Id: b5GWar9PXGksEbJK-OxAKwOtP0L15l5g_0bbSRUC8mw0eLae9THbGQ== Age: 1973 Data Raw: 30 82 2c 86 06 09 2a 86 48 86 f7 0d 01 07 02 a0 82 2c 77 30 82 2c 73 02 01 01 31 00 30 0b 06 09 2a 86 48 86 f7 0d 01 07 01 a0 82 2c 59 30 82 09 f3 30 82 07 db a0 03 02 01 02 02 10 52 f0 f6 bf 6e 68 cd 92 d6 39 94 4a 06 9f e0 42 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0c 05 00 30 68 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 12 30 10 06 03 55 04 0a 13 09 43 65 72 74 69 50 61 74 68 31 22 30 20 06 03 55 04 0b 13 19 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 69 65 73 31 21 30 1f 06 03 55 04 03 13 18 43 65 72 74 69 50 61 74 68 20 42 72 69 64 67 65 20 43 41 20 2d 20 47 33 30 1e 17 0d 32 30 30 31 32 31 30 30 30 30 30 30 5a 17 0d 32 33 30 32 32 38 32 33 35 39 35 39 5a 30 55 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 18 30 16 06 03 55 04 0a 13 0f 55 2e 53 2e 20 47 6f 76 65 72 6e 6d 65 6e 74 31 0d 30 0b 06 03 55 04 0b 13 04 46 50 4b 49 31 1d 30 1b 06 03 55 04 03 13 14 46 65 64 65 72 61 6c 20 42 72 69 64 67 65 20 43 41 20 47 34 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 e5 27 14 58 00 81 01 40 68 61 89 4c cd 31 65 ab 55 44 af c9 0e 0b 73 ee a5 b6 af 8b ea 5f b4 db 7c 0e b1 af 95 15 d7 33 09 42 50 1d 3f 6f ef 98 14 5d 0f 91 42 91 4e ce fa 7c c6 9e a3 cf ba c6 b5 28 fd 6a fa cf c3 79 fd 73 69 e1 92 0f 2c 1d 08 58 c9 f9 33 32 b5 cc ab 18 77 43 01 0b 84 c1 b0 64 75 10 64 c6 56 af c5 6b d1 5c 31 f0 37 5d 84 6c 72 43 0a 72 bf b1 ae b2 35 70 27 bf 6a 11 db 88 df c7 e5 ea 1c 5a 8e ef 0b ad f3 7c a0 11 5e 0e 15 a9 00 ce 83 8a 9d 2f 63 ad 13 2b 6c a6 56 84 6f 23 cc f2 dc 6c b8 7e 33 a5 49 b9 e3 c0 da 5f d2 49 ce c8 a5 d8 c5 80 9d 99 49 88 6d e5 59 7d f2 0a fa 93 71 89 dc 7d ea 48 43 e8 5f ea e7 0f fb 42 72 39 d2 ca e9 28 65 11 ce 19 09 80 68 20 6f 64 9f 03 b7 72 61 53 69 b6 f9 74 d4 1e dd c3 0d df d3 6b eb 52 89 75 55 4c 27 fb 7e df 02 03 01 00 01 a3 82 05 aa 30 82 05 a6 30 1d 06 03 55 1d 0e 04 16 04 14 79 f0 00 49 eb 7f 77 c2 5d 41 02 65 34 8a 90 23 9b 1e 07 6f 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 51 06 08 2b 06 01 05 05 07 01 0b 04 45 30 43 30 41 06 08 2b 06 01 05 05 07 30 05 86 35 68 74 74 70 3a 2f 2f 72 65 70 6f 2e 66 70 6b 69 2e 67 6f 76 2f 62 72 69 64 67 65 2f 63 61 43 65 72 74 73 49 73 73 75 65 64 42 79 66 62 63 61 67 34 2e 70 37 63 30 0a 06 03 55 1d Data Ascii: 0,H,w0,s10H,Y00Rnh9JB0H0h10UUS10UCertiPath1"0 UCertification Authorities1!0UCertiPath Bridge CA - G30200121000000Z230228235959Z0U10UUS10UU.S. Government10UFPKI10UFederal Bridge CA G40"0H0'X@haL1eUDs_\|3BP?o]BN\|(jysi,X32wCdudVk\17]lrCr5p'jZ\|^/c+lVo#l~3I_IImY}q}HC_Br9(eh odraSitkRuUL'~00UyIw]Ae4#o0U0Q+E0C0A+05http://repo.fpki.gov/bridge/caCertsIssuedByfbcag4.p7c0U
Apr 15, 2021 19:27:27.742753983 CEST	278	IN	Data Raw: 36 04 03 02 01 00 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 81 ab 06 03 55 1d 20 04 81 a3 30 81 a0 30 0e 06 0c 2b 06 01 04 01 81 bb 53 01 01 01 01 30 0e 06 0c 2b 06 01 04 01 81 bb 53 01 01 01 02 30 0e 06 0c 2b 06 01 04 01 81 bb 53 01 Data Ascii: 60U00U 00+S0+S0+S0+S0+S0+S0+S0+S0+S0+S0BU;0907531http://crl.certipath.com/Ce
Apr 15, 2021 19:27:27.742780924 CEST	280	IN	Data Raw: fd de 96 2e f4 21 44 86 51 29 11 02 e0 fe 64 54 96 94 3e 37 18 83 fc 22 30 d3 34 fa 62 66 2f 42 ad eb d5 c6 48 28 01 e8 67 47 66 10 e0 65 60 85 7a 08 cc 97 91 7e 9a c7 bc e6 d4 b6 d0 6e a6 2e b9 ec e9 15 16 14 bb 12 a5 a1 bd d8 ff f0 5d 09 0b 40 Data Ascii: .!DQ)dT>7"04bf/BH(gGfe`z~n.]@$;'.zN.e.w#!UuCvQKwgEm%sEA@1V#R2Czn73)l~IxL\|lY%aSDLFUv)$E(Fx;xDCgGAj'
Apr 15, 2021 19:27:27.742808104 CEST	281	IN	Data Raw: 02 01 0b 2a 06 0a 60 86 48 01 65 03 02 01 03 04 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 81 84 06 03 55 1d 1e 01 01 ff 04 7a 30 78 a1 76 30 39 a4 37 30 35 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 18 30 16 06 03 55 04 0a 13 0f 55 2e Data Ascii: *`He0U00Uz0xv0970510UUS10UU.S. Government10UDoD0970510UUS10UU.S. Government10UECA0U$00GU@0>0<:86http://crl.disa.mil/crl/DODINTEROPERABI
Apr 15, 2021 19:27:27.742835045 CEST	282	IN	Data Raw: c2 5d 41 02 65 34 8a 90 23 9b 1e 07 6f 30 1f 06 03 55 1d 23 04 18 30 16 80 14 f4 27 5c a9 c3 7c 47 f4 fa a6 a7 b0 59 97 aa dd 35 26 17 e3 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 81 f9 Data Ascii: ]Ae4#o0U#0'\\|GY5&0U0U00U 00`He0`He0`He0`He0`He0`He0`He0`He0`He0`He0`He
Apr 15, 2021 19:27:27.742863894 CEST	284	IN	Data Raw: 41 46 45 20 49 64 65 6e 74 69 74 79 31 22 30 20 06 03 55 04 0b 13 19 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 69 65 73 31 20 30 1e 06 03 55 04 03 13 17 53 41 46 45 20 49 64 65 6e 74 69 74 79 20 42 72 69 64 67 65 20 43 41 Data Ascii: AFE Identity1"0 UCertification Authorities1 0USAFE Identity Bridge CA0201028000000Z231031235959Z0U10UUS10UU.S. Government10UFPKI10UFederal Bridge CA G40"0*H0'X@h
Apr 15, 2021 19:27:27.742892027 CEST	285	IN	Data Raw: 2e 32 d3 82 ae 54 58 c0 23 16 91 5f dd 68 bf 20 fa 90 ec 6e 89 9a 69 ce 8b 8c 5e 41 b0 21 1b 42 4a c3 ea 1b c5 21 3b 03 e7 10 f5 90 c5 bf 9f 1f 49 69 76 4a 57 1f cd ce 20 61 e8 6a 4d 35 6f 85 54 d2 b9 47 54 ba a7 63 6e 8a b0 6f bf 93 4c 85 c9 c2 Data Ascii: .2TX#_h ni^A!BJ!;IivJW ajM5oTGTcnoL1ojHJX"Ez:#h7V=()BQ8b[jT9(\2/'pa.<}ZJ7`y>w~w8q1SQm:6?
Apr 15, 2021 19:27:27.742921114 CEST	287	IN	Data Raw: 6f 74 43 41 2e 70 37 63 30 27 06 08 2b 06 01 05 05 07 30 01 86 1b 68 74 74 70 3a 2f 2f 63 65 72 74 73 74 61 74 75 73 2e 73 74 72 61 63 2e 6f 72 67 30 51 06 08 2b 06 01 05 05 07 01 0b 04 45 30 43 30 41 06 08 2b 06 01 05 05 07 30 05 86 35 68 74 74 Data Ascii: otCA.p7c0'+0http://certstatus.strac.org0Q+E0C0A+05http://repo.fpki.gov/bridge/caCertsIssuedByfbcag4.p7c0U0pki@strac.org0AU!8040+m`He0+m`He0+m
Apr 15, 2021 19:27:27.742949963 CEST	288	IN	Data Raw: 7c 0e b1 af 95 15 d7 33 09 42 50 1d 3f 6f ef 98 14 5d 0f 91 42 91 4e ce fa 7c c6 9e a3 cf ba c6 b5 28 fd 6a fa cf c3 79 fd 73 69 e1 92 0f 2c 1d 08 58 c9 f9 33 32 b5 cc ab 18 77 43 01 0b 84 c1 b0 64 75 10 64 c6 56 af c5 6b d1 5c 31 f0 37 5d 84 6c Data Ascii: \|3BP?o]BN\|(jysi,X32wCdudVk\17]lrCr5p'jZ\|^/c+lVo#l~3I_IImY}q}HC_Br9(eh odraSitkRuUL'~00U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.7	49703	13.32.240.46	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Apr 15, 2021 19:27:27.692351103 CEST	275	OUT	GET /bridge/caCertsIssuedTofbcag4.p7c HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/10.0 Host: repo.fpki.gov
Apr 15, 2021 19:27:27.770979881 CEST	289	IN	HTTP/1.1 200 OK Content-Type: application/pkcs7-mime Content-Length: 11402 Connection: keep-alive Server: Apache X-Frame-Options: DENY Last-Modified: Fri, 09 Apr 2021 17:24:25 GMT Accept-Ranges: bytes Date: Thu, 15 Apr 2021 16:54:34 GMT Expires: Thu, 15 Apr 2021 16:54:34 GMT Cache-Control: max-age=7200, s-maxage=7200, must-revalidate ETag: "2c8a-5bf8d6f784440" X-Cache: Hit from cloudfront Via: 1.1 575b0bfed88abe713ca72d1b4c29e4f3.cloudfront.net (CloudFront) X-Amz-Cf-Pop: AMS50-C1 X-Amz-Cf-Id: BtnRWvu4tjGptfkpwBOcR-e_tFvOHADZ7UuVtLLGsP8KuttaM_-U6w== Age: 1973 Data Raw: 30 82 2c 86 06 09 2a 86 48 86 f7 0d 01 07 02 a0 82 2c 77 30 82 2c 73 02 01 01 31 00 30 0b 06 09 2a 86 48 86 f7 0d 01 07 01 a0 82 2c 59 30 82 09 f3 30 82 07 db a0 03 02 01 02 02 10 52 f0 f6 bf 6e 68 cd 92 d6 39 94 4a 06 9f e0 42 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0c 05 00 30 68 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 12 30 10 06 03 55 04 0a 13 09 43 65 72 74 69 50 61 74 68 31 22 30 20 06 03 55 04 0b 13 19 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 69 65 73 31 21 30 1f 06 03 55 04 03 13 18 43 65 72 74 69 50 61 74 68 20 42 72 69 64 67 65 20 43 41 20 2d 20 47 33 30 1e 17 0d 32 30 30 31 32 31 30 30 30 30 30 30 5a 17 0d 32 33 30 32 32 38 32 33 35 39 35 39 5a 30 55 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 18 30 16 06 03 55 04 0a 13 0f 55 2e 53 2e 20 47 6f 76 65 72 6e 6d 65 6e 74 31 0d 30 0b 06 03 55 04 0b 13 04 46 50 4b 49 31 1d 30 1b 06 03 55 04 03 13 14 46 65 64 65 72 61 6c 20 42 72 69 64 67 65 20 43 41 20 47 34 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 e5 27 14 58 00 81 01 40 68 61 89 4c cd 31 65 ab 55 44 af c9 0e 0b 73 ee a5 b6 af 8b ea 5f b4 db 7c 0e b1 af 95 15 d7 33 09 42 50 1d 3f 6f ef 98 14 5d 0f 91 42 91 4e ce fa 7c c6 9e a3 cf ba c6 b5 28 fd 6a fa cf c3 79 fd 73 69 e1 92 0f 2c 1d 08 58 c9 f9 33 32 b5 cc ab 18 77 43 01 0b 84 c1 b0 64 75 10 64 c6 56 af c5 6b d1 5c 31 f0 37 5d 84 6c 72 43 0a 72 bf b1 ae b2 35 70 27 bf 6a 11 db 88 df c7 e5 ea 1c 5a 8e ef 0b ad f3 7c a0 11 5e 0e 15 a9 00 ce 83 8a 9d 2f 63 ad 13 2b 6c a6 56 84 6f 23 cc f2 dc 6c b8 7e 33 a5 49 b9 e3 c0 da 5f d2 49 ce c8 a5 d8 c5 80 9d 99 49 88 6d e5 59 7d f2 0a fa 93 71 89 dc 7d ea 48 43 e8 5f ea e7 0f fb 42 72 39 d2 ca e9 28 65 11 ce 19 09 80 68 20 6f 64 9f 03 b7 72 61 53 69 b6 f9 74 d4 1e dd c3 0d df d3 6b eb 52 89 75 55 4c 27 fb 7e df 02 03 01 00 01 a3 82 05 aa 30 82 05 a6 30 1d 06 03 55 1d 0e 04 16 04 14 79 f0 00 49 eb 7f 77 c2 5d 41 02 65 34 8a 90 23 9b 1e 07 6f 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 51 06 08 2b 06 01 05 05 07 01 0b 04 45 30 43 30 41 06 08 2b 06 01 05 05 07 30 05 86 35 68 74 74 70 3a 2f 2f 72 65 70 6f 2e 66 70 6b 69 2e 67 6f 76 2f 62 72 69 64 67 65 2f 63 61 43 65 72 74 73 49 73 73 75 65 64 42 79 66 62 63 61 67 34 2e 70 37 63 30 0a 06 03 55 1d Data Ascii: 0,H,w0,s10H,Y00Rnh9JB0H0h10UUS10UCertiPath1"0 UCertification Authorities1!0UCertiPath Bridge CA - G30200121000000Z230228235959Z0U10UUS10UU.S. Government10UFPKI10UFederal Bridge CA G40"0H0'X@haL1eUDs_\|3BP?o]BN\|(jysi,X32wCdudVk\17]lrCr5p'jZ\|^/c+lVo#l~3I_IImY}q}HC_Br9(eh odraSitkRuUL'~00UyIw]Ae4#o0U0Q+E0C0A+05http://repo.fpki.gov/bridge/caCertsIssuedByfbcag4.p7c0U
Apr 15, 2021 19:27:27.771027088 CEST	291	IN	Data Raw: 36 04 03 02 01 00 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 81 ab 06 03 55 1d 20 04 81 a3 30 81 a0 30 0e 06 0c 2b 06 01 04 01 81 bb 53 01 01 01 01 30 0e 06 0c 2b 06 01 04 01 81 bb 53 01 01 01 02 30 0e 06 0c 2b 06 01 04 01 81 bb 53 01 Data Ascii: 60U00U 00+S0+S0+S0+S0+S0+S0+S0+S0+S0+S0BU;0907531http://crl.certipath.com/Ce
Apr 15, 2021 19:27:27.771056890 CEST	292	IN	Data Raw: fd de 96 2e f4 21 44 86 51 29 11 02 e0 fe 64 54 96 94 3e 37 18 83 fc 22 30 d3 34 fa 62 66 2f 42 ad eb d5 c6 48 28 01 e8 67 47 66 10 e0 65 60 85 7a 08 cc 97 91 7e 9a c7 bc e6 d4 b6 d0 6e a6 2e b9 ec e9 15 16 14 bb 12 a5 a1 bd d8 ff f0 5d 09 0b 40 Data Ascii: .!DQ)dT>7"04bf/BH(gGfe`z~n.]@$;'.zN.e.w#!UuCvQKwgEm%sEA@1V#R2Czn73)l~IxL\|lY%aSDLFUv)$E(Fx;xDCgGAj'
Apr 15, 2021 19:27:27.771085024 CEST	293	IN	Data Raw: 02 01 0b 2a 06 0a 60 86 48 01 65 03 02 01 03 04 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 81 84 06 03 55 1d 1e 01 01 ff 04 7a 30 78 a1 76 30 39 a4 37 30 35 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 18 30 16 06 03 55 04 0a 13 0f 55 2e Data Ascii: *`He0U00Uz0xv0970510UUS10UU.S. Government10UDoD0970510UUS10UU.S. Government10UECA0U$00GU@0>0<:86http://crl.disa.mil/crl/DODINTEROPERABI
Apr 15, 2021 19:27:27.771110058 CEST	295	IN	Data Raw: c2 5d 41 02 65 34 8a 90 23 9b 1e 07 6f 30 1f 06 03 55 1d 23 04 18 30 16 80 14 f4 27 5c a9 c3 7c 47 f4 fa a6 a7 b0 59 97 aa dd 35 26 17 e3 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 81 f9 Data Ascii: ]Ae4#o0U#0'\\|GY5&0U0U00U 00`He0`He0`He0`He0`He0`He0`He0`He0`He0`He0`He
Apr 15, 2021 19:27:27.771137953 CEST	296	IN	Data Raw: 41 46 45 20 49 64 65 6e 74 69 74 79 31 22 30 20 06 03 55 04 0b 13 19 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 69 65 73 31 20 30 1e 06 03 55 04 03 13 17 53 41 46 45 20 49 64 65 6e 74 69 74 79 20 42 72 69 64 67 65 20 43 41 Data Ascii: AFE Identity1"0 UCertification Authorities1 0USAFE Identity Bridge CA0201028000000Z231031235959Z0U10UUS10UU.S. Government10UFPKI10UFederal Bridge CA G40"0*H0'X@h
Apr 15, 2021 19:27:27.771163940 CEST	298	IN	Data Raw: 2e 32 d3 82 ae 54 58 c0 23 16 91 5f dd 68 bf 20 fa 90 ec 6e 89 9a 69 ce 8b 8c 5e 41 b0 21 1b 42 4a c3 ea 1b c5 21 3b 03 e7 10 f5 90 c5 bf 9f 1f 49 69 76 4a 57 1f cd ce 20 61 e8 6a 4d 35 6f 85 54 d2 b9 47 54 ba a7 63 6e 8a b0 6f bf 93 4c 85 c9 c2 Data Ascii: .2TX#_h ni^A!BJ!;IivJW ajM5oTGTcnoL1ojHJX"Ez:#h7V=()BQ8b[jT9(\2/'pa.<}ZJ7`y>w~w8q1SQm:6?
Apr 15, 2021 19:27:27.771189928 CEST	299	IN	Data Raw: 6f 74 43 41 2e 70 37 63 30 27 06 08 2b 06 01 05 05 07 30 01 86 1b 68 74 74 70 3a 2f 2f 63 65 72 74 73 74 61 74 75 73 2e 73 74 72 61 63 2e 6f 72 67 30 51 06 08 2b 06 01 05 05 07 01 0b 04 45 30 43 30 41 06 08 2b 06 01 05 05 07 30 05 86 35 68 74 74 Data Ascii: otCA.p7c0'+0http://certstatus.strac.org0Q+E0C0A+05http://repo.fpki.gov/bridge/caCertsIssuedByfbcag4.p7c0U0pki@strac.org0AU!8040+m`He0+m`He0+m
Apr 15, 2021 19:27:27.771236897 CEST	300	IN	Data Raw: 7c 0e b1 af 95 15 d7 33 09 42 50 1d 3f 6f ef 98 14 5d 0f 91 42 91 4e ce fa 7c c6 9e a3 cf ba c6 b5 28 fd 6a fa cf c3 79 fd 73 69 e1 92 0f 2c 1d 08 58 c9 f9 33 32 b5 cc ab 18 77 43 01 0b 84 c1 b0 64 75 10 64 c6 56 af c5 6b d1 5c 31 f0 37 5d 84 6c Data Ascii: \|3BP?o]BN\|(jysi,X32wCdudVk\17]lrCr5p'jZ\|^/c+lVo#l~3I_IImY}q}HC_Br9(eh odraSitkRuUL'~00U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.7	49707	172.67.10.220	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Apr 15, 2021 19:27:28.172209978 CEST	317	OUT	GET /bridge/certificates/STRACBridgeRootCA.p7c HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/10.0 Host: pki.strac.org
Apr 15, 2021 19:27:28.390650988 CEST	323	IN	HTTP/1.1 200 OK Date: Thu, 15 Apr 2021 17:27:28 GMT Content-Type: application/pkcs7-mime Content-Length: 8794 Connection: keep-alive Set-Cookie: __cfduid=dc7c8593288f83d29b81d98f624deac7d1618507648; expires=Sat, 15-May-21 17:27:28 GMT; path=/; domain=.strac.org; HttpOnly; SameSite=Lax Last-Modified: Sat, 08 Feb 2020 22:48:51 GMT Accept-Ranges: bytes ETag: "1e41a3eed1ded51:0" X-Powered-By: ASP.NET CF-Cache-Status: DYNAMIC cf-request-id: 09782be4cc00002c0dc4bf9000000001 Server: cloudflare CF-RAY: 6406e2814fbe2c0d-FRA Data Raw: 30 82 22 56 06 09 2a 86 48 86 f7 0d 01 07 02 a0 82 22 47 30 82 22 43 02 01 01 31 00 30 0b 06 09 2a 86 48 86 f7 0d 01 07 01 a0 82 22 29 30 82 07 b6 30 82 06 9e a0 03 02 01 02 02 14 12 32 05 8a e7 98 7c c9 ff 3d aa 78 c7 b8 08 13 b8 40 e1 2d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 55 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 18 30 16 06 03 55 04 0a 13 0f 55 2e 53 2e 20 47 6f 76 65 72 6e 6d 65 6e 74 31 0d 30 0b 06 03 55 04 0b 13 04 46 50 4b 49 31 1d 30 1b 06 03 55 04 03 13 14 46 65 64 65 72 61 6c 20 42 72 69 64 67 65 20 43 41 20 47 34 30 1e 17 0d 31 39 31 32 31 37 31 36 34 39 34 35 5a 17 0d 32 32 30 32 31 34 32 32 30 30 30 30 5a 30 7a 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 0e 30 0c 06 03 55 04 0a 13 05 53 54 52 41 43 31 27 30 25 06 03 55 04 0b 13 1e 53 54 52 41 43 20 50 4b 49 20 54 72 75 73 74 20 49 6e 66 72 61 73 74 72 75 63 74 75 72 65 31 32 30 30 06 03 55 04 03 13 29 53 54 52 41 43 20 42 72 69 64 67 65 20 52 6f 6f 74 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 b8 03 29 a6 1d f3 8a 1f e2 20 de c7 f9 46 4f 42 48 d7 bc ff a2 5f f8 3e 1d 8c 98 6f 7b cd dd da 8c e1 40 1b e7 34 45 31 41 fe d1 0f ab 73 c3 2a ce ec 0f a7 20 60 ae c6 b2 e1 4c f4 74 64 e9 32 d4 e9 e0 d7 67 dc 61 6c df dd 5b 3c 7a 05 c6 55 54 13 dc d2 07 7c 59 7b 35 a6 11 25 38 7d 7a 63 34 f5 5d c3 7d 5e 3f ee b4 f7 a9 ae 98 b9 36 ba 8b 83 f9 6b c7 48 16 26 ea f3 5f 1a 3d da 06 e6 6c c0 8c 70 87 f3 70 d5 03 9b c6 67 11 ad 48 6c 41 18 76 6a 73 3b 81 a5 73 2b 99 7b f6 f1 3a b1 fa b1 26 92 38 95 13 f9 1b a4 e1 f8 a2 20 63 74 2c b7 2c cc c2 ee f1 77 8a eb 5a 1f ba 2b 50 1a 6e df 26 d6 49 87 3f de e6 1f 7e 73 64 c3 ab 61 f3 e3 10 1c cd a8 bd ee 20 ef 8d cc 12 47 76 eb 5a 66 fc 7f 61 40 ee cb 56 d9 c4 4f 1e 7e 52 3f 4a b1 0c 54 17 a1 c6 5f a6 01 e5 5b c7 a9 3d 1a d8 b3 bc f9 78 d3 4d 49 10 61 1f 47 68 11 ab 72 96 57 a6 b7 d6 2a 86 c8 b0 5b 84 34 3a 49 56 bc 6e b7 2a dd ec f6 c9 c3 95 9c c1 11 d7 04 4d b7 74 cd 2d d2 37 9d 72 3b e5 39 66 5d 99 5a 09 a9 ab 54 d8 74 85 78 a4 6d d2 0c 43 71 17 50 b8 1c 57 a2 1c 3e 48 e9 d4 b9 98 8a 93 d9 fa 18 5c c1 13 77 95 bc 00 67 07 8a 80 f4 55 e5 c6 0b ae c2 51 ab 32 ec 9d 62 67 11 dc 8a 1c 16 dc 0c 30 39 6a 48 59 93 00 19 1b e3 08 0d 07 a8 7d 84 eb b0 28 bb 04 5e 2b 90 2b b2 8e da 2d 80 da 19 da 18 37 71 2b 65 e1 f0 1a 2b d3 57 ea 26 aa 28 Data Ascii: 0"VH"G0"C10H")002\|=x@-0H0U10UUS10UU.S. Government10UFPKI10UFederal Bridge CA G40191217164945Z220214220000Z0z10UUS10USTRAC1'0%USTRAC PKI Trust Infrastructure1200U)STRAC Bridge Root Certification Authority0"0H0) FOBH_>o{@4E1As* `Ltd2gal[<zUT\|Y{5%8}zc4]}^?6kH&_=lppgHlAvjs;s+{:&8 ct,,wZ+Pn&I?~sda GvZfa@VO~R?JT_[=xMIaGhrW[4:IVnMt-7r;9f]ZTtxmCqPW>H\wgUQ2bg09jHY}(^++-7q+e+W&(
Apr 15, 2021 19:27:28.390685081 CEST	325	IN	Data Raw: 36 00 69 23 93 6f 0a b9 38 73 dc e7 d9 88 79 a1 69 87 0d 3d 14 e6 14 98 61 47 2d 87 12 1b a6 1c 82 a8 57 60 8a e2 11 87 bc d6 a1 7e 7a ce f8 c1 ff 14 be b5 08 b6 f2 8a 85 d5 de 7b f1 56 a9 fb 80 69 ed 8c 3a eb 17 ff b0 8f f8 22 f9 b9 ba 2c 02 59 Data Ascii: 6i#o8syi=aG-W`~z{Vi:",YW0S0U!Pg@:g3UG]=0U#0yIw]Ae4#o0U0U00U 00`He0`He0`He
Apr 15, 2021 19:27:28.390708923 CEST	326	IN	Data Raw: 6e 66 72 61 73 74 72 75 63 74 75 72 65 31 24 30 22 06 03 55 04 03 13 1b 46 54 49 20 43 65 72 74 69 66 69 63 61 74 69 6f 6e 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 30 30 31 30 39 30 31 30 37 32 36 5a 17 0d 32 33 30 31 30 38 30 31 30 37 32 36 Data Ascii: nfrastructure1$0"UFTI Certification Authority0200109010726Z230108010726Z0z10UUS10USTRAC1'0%USTRAC PKI Trust Infrastructure1200U)STRAC Bridge Root Certification Authority0"0*H0)
Apr 15, 2021 19:27:28.390732050 CEST	327	IN	Data Raw: 69 2e 6f 72 67 30 82 01 57 06 03 55 1d 21 04 82 01 4e 30 82 01 4a 30 1c 06 0c 2b 06 01 04 01 82 f6 4f 02 02 05 01 06 0c 2b 06 01 04 01 82 b6 6d 02 01 05 01 30 1c 06 0c 2b 06 01 04 01 82 f6 4f 02 02 05 02 06 0c 2b 06 01 04 01 82 b6 6d 02 01 05 02 Data Ascii: i.org0WU!N0J0+O+m0+O+m0+O+m0+O+m0+O+m0+O+m0+O+m0+
Apr 15, 2021 19:27:28.390785933 CEST	328	IN	Data Raw: 1c 5a 8e ef 0b ad f3 7c a0 11 5e 0e 15 a9 00 ce 83 8a 9d 2f 63 ad 13 2b 6c a6 56 84 6f 23 cc f2 dc 6c b8 7e 33 a5 49 b9 e3 c0 da 5f d2 49 ce c8 a5 d8 c5 80 9d 99 49 88 6d e5 59 7d f2 0a fa 93 71 89 dc 7d ea 48 43 e8 5f ea e7 0f fb 42 72 39 d2 ca Data Ascii: Z\|^/c+lVo#l~3I_IImY}q}HC_Br9(eh odraSitkRuUL'~00U#0!Pg@:g3UG]=0UyIw]Ae4#o0U0U 00+m
Apr 15, 2021 19:27:28.402982950 CEST	330	IN	Data Raw: b6 6d 02 01 05 01 06 0a 60 86 48 01 65 03 02 01 03 01 30 1a 06 0c 2b 06 01 04 01 82 b6 6d 02 01 05 02 06 0a 60 86 48 01 65 03 02 01 03 02 30 1a 06 0c 2b 06 01 04 01 82 b6 6d 02 01 05 03 06 0a 60 86 48 01 65 03 02 01 03 03 30 1a 06 0c 2b 06 01 04 Data Ascii: m`He0+m`He0+m`He0+m`He0+m`He0+m`He0+m`He0+m`He0+m`He0
Apr 15, 2021 19:27:28.403048992 CEST	331	IN	Data Raw: 29 53 bb 31 f4 c8 c1 f5 17 ca 4c 70 74 d8 39 cb e6 c5 b6 3c d6 2f ab fa e8 91 6e 04 1d 0d 4b eb ab 77 fd ba 76 de 97 9b af 04 b9 87 c0 ac 38 b2 3b 57 a9 92 f1 9e 11 d4 d8 42 6c c1 70 51 88 3d 39 7b c8 12 32 90 70 ba 78 3c a8 30 c1 f1 99 2d 8f 8c Data Ascii: )S1Lpt9</nKwv8;WBlpQ=9{2px<0-\|es{Y1>>R<TaiK<L`3FfC:DG\|:gf\]Fv]x]l;(JLCF56V-z"N<-zgr:EHeAJS8:<
Apr 15, 2021 19:27:28.403074026 CEST	332	IN	Data Raw: 02 01 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 02 01 00 32 da bd f8 e2 bc 00 f2 c8 1c 43 e2 33 77 f5 66 38 d7 f5 e7 ac 8f 26 bc 47 9e 55 ee 0a 00 c0 72 85 c7 79 81 61 1a 07 49 ef 9a 9a f1 c0 02 e8 f9 49 59 e6 9d e7 9a 8c 29 e2 75 da Data Ascii: 0H2C3wf8&GUryaIIY)umJ91NWw:W<_OAF$Q24d9&`G}>HrRFRJFiS#px#H,~xwHM`\

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Apr 15, 2021 19:27:25.746304989 CEST	205.85.30.125	443	192.168.2.7	49697	CN=myeducation.netc.navy.mil, OU=USN, OU=PKI, OU=DoD, O=U.S. Government, C=US	CN=DOD SW CA-54, OU=PKI, OU=DoD, O=U.S. Government, C=US	Wed Mar 06 22:56:05 CET 2019	Sun Mar 06 22:56:05 CET 2022	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Apr 15, 2021 19:27:26.240171909 CEST	205.85.30.125	443	192.168.2.7	49696	CN=myeducation.netc.navy.mil, OU=USN, OU=PKI, OU=DoD, O=U.S. Government, C=US	CN=DOD SW CA-54, OU=PKI, OU=DoD, O=U.S. Government, C=US	Wed Mar 06 22:56:05 CET 2019	Sun Mar 06 22:56:05 CET 2022	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 1976 Parent PID: 792

General

Start time:	19:27:22
Start date:	15/04/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff72e960000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: iexplore.exe PID: 5492 Parent PID: 1976

General

Start time:	19:27:22
Start date:	15/04/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1976 CREDAT:17410 /prefetch:2
Imagebase:	0x2e0000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://myeducation.netc.navy.mil/webta/home.html

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 1976 Parent PID: 792

General

Chronological Activities

Analysis Process: iexplore.exe PID: 5492 Parent PID: 1976

General

Chronological Activities

Disassembly