Upload
khangminh22
View
0
Download
0
Embed Size (px)
Citation preview
2
4444444444455667777778899
111212141414151515151515474747474749515258727272727272
Table of Contents
Table of ContentsAnalysis Report https://www.sephora.com/product/coconut-cleansing-oil-P416146?skuId=1918697&icid2=products grid:p416146:product
OverviewGeneral InformationDetectionSignaturesClassification
StartupMalware ConfigurationYara OverviewSigma OverviewSignature OverviewMitre Att&ck MatrixBehavior GraphScreenshots
ThumbnailsAntivirus, Machine Learning and Genetic Malware Detection
Initial SampleDropped FilesUnpacked PE FilesDomainsURLs
Domains and IPsContacted DomainsContacted URLsURLs from Memory and BinariesContacted IPsPublic
General InformationSimulations
Behavior and APIsJoe Sandbox View / Context
IPsDomainsASNJA3 FingerprintsDropped Files
Created / dropped FilesStatic File Info
No static file infoNetwork Behavior
Network Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTPS Packets
Code ManipulationsStatistics
BehaviorSystem Behavior
Analysis Process: iexplore.exe PID: 6804 Parent PID: 792General
Copyright null 2020 Page 2 of 73
7272
73737373
73
File ActivitiesRegistry Activities
Analysis Process: iexplore.exe PID: 6852 Parent PID: 6804GeneralFile ActivitiesRegistry Activities
Disassembly
Copyright null 2020 Page 3 of 73
Analysis Report https://www.sephora.com/product/coconut-cleansing-oil-P416146?skuId=1918697&icid2=products grid:p416146:product…
Overview
General Information
Sample URL: https://www.sephora.com/product/coconut-cleansing-oil-P416146?skuId=1918697&icid2=products grid:p416146:product
Analysis ID: 303351
Most interesting Screenshot:
Detection
Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 80%
Signatures
No high impact signatures.
Classification
Malware Configuration
Yara Overview
Sigma Overview
No Sigma rule has matched
Signature Overview
Ransomware
Spreading
Phishing
Banker
Trojan / Bot
Adware
Spyware
Exploiter
Evader
Miner
clean
clean
clean
clean
clean
clean
clean
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
malicious
malicious
malicious
malicious
malicious
malicious
malicious
System is w10x64
iexplore.exe (PID: 6804 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
iexplore.exe (PID: 6852 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6804 CREDAT:17410 /prefetch:2 MD5:
071277CC2E3DF41EEEA8013E2AB58D5A)cleanup
No configs have been found
No yara matches
Startup
Copyright null 2020 Page 4 of 73
• Networking
• System Summary
Click to jump to signature section
There are no malicious signatures, There are no malicious signatures, click here to show all signaturesclick here to show all signatures ..
Mitre Att&ck Matrix
InitialAccess Execution Persistence
PrivilegeEscalation
DefenseEvasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
CommandandControl
NetworkEffects
RemoteServiceEffects Impact
ValidAccounts
WindowsManagementInstrumentation
PathInterception
ProcessInjection 1
Masquerading 1 OSCredentialDumping
File andDirectoryDiscovery 1
RemoteServices
Data fromLocalSystem
ExfiltrationOver OtherNetworkMedium
EncryptedChannel 2
Eavesdrop onInsecureNetworkCommunication
RemotelyTrack DeviceWithoutAuthorization
ModifySystemPartition
DefaultAccounts
ScheduledTask/Job
Boot orLogonInitializationScripts
Boot orLogonInitializationScripts
ProcessInjection 1
LSASSMemory
ApplicationWindowDiscovery
RemoteDesktopProtocol
Data fromRemovableMedia
ExfiltrationOverBluetooth
Non-ApplicationLayerProtocol 1
Exploit SS7 toRedirect PhoneCalls/SMS
RemotelyWipe DataWithoutAuthorization
DeviceLockout
DomainAccounts
At (Linux) Logon Script(Windows)
LogonScript(Windows)
Obfuscated Filesor Information
SecurityAccountManager
QueryRegistry
SMB/WindowsAdmin Shares
Data fromNetworkSharedDrive
AutomatedExfiltration
ApplicationLayerProtocol 2
Exploit SS7 toTrack DeviceLocation
ObtainDeviceCloudBackups
DeleteDeviceData
Behavior Graph
Copyright null 2020 Page 5 of 73
Behavior Graph
ID: 303351
URL: https://www.sephora.com/pro...
Startdate: 23/10/2020
Architecture: WINDOWS
Score: 0
www.sephora.com
iexplore.exe
2 67
started
iexplore.exe
6 274
started
www.res-x.com
69.43.132.198, 443, 49735, 49736
ZCOLO-SAN01US
United States
t.co
104.244.42.133, 443, 49768, 49769
TWITTERUS
United States
55 other IPs or domains
Legend:
Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Hide Legend
ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
Screenshots
Copyright null 2020 Page 6 of 73
Source Detection Scanner Label Link
https://www.sephora.com/product/coconut-cleansing-oil-P416146?skuId=1918697&icid2=products%20grid:p416146:product
0% Avira URL Cloud safe
No Antivirus matches
No Antivirus matches
No Antivirus matches
Source Detection Scanner Label Link
https://binary-stellar-system.github.io/js/pixels.js 0% Avira URL Cloud safe
https://sephora.com.br 0% Avira URL Cloud safe
https://cdn.attn.tv/sephora/dtag.js 0% Avira URL Cloud safe
Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Dropped Files
Unpacked PE Files
Domains
URLs
Copyright null 2020 Page 7 of 73
https://constructor.io 0% Avira URL Cloud safe
https://www.sephora.co 0% Avira URL Cloud safe
https://content.zeronaught.com/js/sephora.js 0% Avira URL Cloud safe
Source Detection Scanner Label Link
Name IP Active Malicious Antivirus Detection Reputation
mboxedge37.tt.omtrdc.net 34.252.156.174 true false unknown
dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
34.248.119.134 true false high
cnstrc.com 99.86.2.122 true false unknown
platform.twitter.map.fastly.net 151.101.12.157 true false unknown
sephora.lithium.com 208.74.204.225 true false high
d3rpajgr3c5p5n.cloudfront.net 99.86.2.27 true false high
scontent.xx.fbcdn.net 31.13.92.14 true false high
t.co 104.244.42.133 true false high
905be570e97f4ef089c185a9efc9a022-e309da9b9aaf.cdn.forter.com
54.234.37.95 true false high
cdn3.forter.com 3.222.142.14 true false high
cdn0.forter.com 100.24.81.90 true false high
sephora.com.ssl.d1.sc.omtrdc.net 15.237.136.106 true false unknown
cdn9.forter.com 99.86.2.126 true false high
s.twitter.com 104.244.42.195 true false high
s.thebrighttag.com 34.248.248.83 true false high
sephora.cnstrc.com 34.193.180.122 true false unknown
zeronaught.com 216.239.32.21 true false unknown
d6kvlftt98j8x.cloudfront.net 99.86.2.80 true false high
network.bazaarvoice.com 3.228.27.111 true false high
www.res-x.com 69.43.132.198 true false unknown
duihxgfnjg37f.cloudfront.net 99.86.2.4 true false high
dkc22lxchcg0u.cloudfront.net 99.86.2.32 true false high
sephora.tt.omtrdc.net 52.212.193.208 true false unknown
e309da9b9aaf.cdn4.forter.com 99.86.2.87 true false high
ghs.googlehosted.com 172.217.168.83 true false unknown
static.ads-twitter.com unknown unknown false unknown
s.btstatic.com unknown unknown false unknown
www.sephora.com unknown unknown false high
s.go-mpulse.net unknown unknown false unknown
pdp.api.htap.io unknown unknown false unknown
smetrics.sephora.com unknown unknown false high
api.bluecore.com unknown unknown false high
cm.everesttech.net unknown unknown false high
6852bd0f.akstat.io unknown unknown false unknown
trial-eum-clientnsv4-s.akamaihd.net unknown unknown false high
apps.bazaarvoice.com unknown unknown false high
analytics-static.ugc.bazaarvoice.com unknown unknown false high
content.zeronaught.com unknown unknown false unknown
api.zeronaught.com unknown unknown false unknown
dpm.demdex.net unknown unknown false high
84-17-52-40_s-80-239-148-16_ts-1603485128-clienttons-s.akamaihd.net
unknown unknown false high
cdn.attn.tv unknown unknown false unknown
sephora.demdex.net unknown unknown false high
trial-eum-clienttons-s.akamaihd.net unknown unknown false high
connect.facebook.net unknown unknown false high
community.sephora.com unknown unknown false high
analytics.twitter.com unknown unknown false high
kqitikcq56kbwx4thxea-pbxs01-df277e29b-clientnsv4-s.akamaihd.net
unknown unknown false high
edge1.certona.net unknown unknown false unknown
c.go-mpulse.net unknown unknown false unknown
Domains and IPs
Contacted Domains
Copyright null 2020 Page 8 of 73
Name IP Active Malicious Antivirus Detection Reputation
Name Malicious Antivirus Detection Reputation
https://www.sephora.com/shopping-list false high
https://www.sephora.com/basket false high
https://www.sephora.com/product/coconut-cleansing-oil-P416146?skuId=1918697&icid2=products%20grid:p416146:product
false high
https://www.sephora.com/shop/makeup-tools false high
https://www.sephora.com/brands-list false high
https://www.sephora.com/shop/hair-products false high
https://www.sephora.com/beauty/new-beauty-products false high
Name Source Malicious Antivirus Detection Reputation
https://www.sephora.com/brands-list brands-list[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s1826148-main-grid.jpg?pb=2020-03-sephora-clean-2019
sun-lotion[1].htm.3.dr false high
https://binary-stellar-system.github.io/js/pixels.js tag[1].js0.3.dr false Avira URL Cloud: safe unknown
https://www.sephora.com/productimages/sku/s1800242-main-grid.jpg
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s1635564-main-grid.jpg
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/shop/sun-lotion sun-lotion[1].htm.3.dr false high
https://www.sephora.com/product/renewed-hope-in-jar-spf-30-P393516
sun-lotion[1].htm.3.dr false high
https://sephora.com.br components.chunk.B60CoriginmasterD20201019155832[1].js.3.dr
false Avira URL Cloud: safe unknown
https://www.sephora.com/beauty/new-beauty-products new-beauty-products[1].htm.3.dr, ~DF47427BE7B36DF802.TMP.2.dr
false high
https://www.sephora.com/brands-list.Beauty {34A4A022-15BA-11EB-90E4-ECF4BB862DED}.dat.2.dr
false high
https://www.sephora.com/shop/bath-body bath-body[1].htm.3.dr false high
https://www.sephora.com/product/color-control-cushion-compact-broad-spectrum-spf-50-P378121
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s1468164-main-grid.jpg
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s1325216-main-grid.jpg
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/product/intense-therapy-lip-balm-spf-25-P12573
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s2375418-main-grid.jpg?pb=2020-03-sephora-clean-2019
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/product/oil-pore-control-mattifier-broad-spectrum-spf-45-pa-P446934
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/shop/hair-productss ~DF47427BE7B36DF802.TMP.2.dr false high
https://cdn.attn.tv/sephora/dtag.js tag[1].js1.3.dr false Avira URL Cloud: safe unknown
https://constructor.io sephora_L16704[1].js.3.dr false Avira URL Cloud: safe unknown
bazaarvoice.com bv[1].js.3.dr false high
https://www.sephora.com/shop/hair-products8Hair {34A4A022-15BA-11EB-90E4-ECF4BB862DED}.dat.2.dr
false high
https://www.sephora.com/shop/skincare6Skincar {34A4A022-15BA-11EB-90E4-ECF4BB862DED}.dat.2.dr
false high
https://sephora.demdex.net/dest5.html?d_nsid=0% ~DF47427BE7B36DF802.TMP.2.dr false high
https://www.sephora.co {34A4A022-15BA-11EB-90E4-ECF4BB862DED}.dat.2.dr
false Avira URL Cloud: safe unknown
https://www.sephora.com/shop/fragrancetsSPS ~DF47427BE7B36DF802.TMP.2.dr false high
https://www.sephora.com/oduct/coconut-cleansing-oil-P416146?skuId=1918697&icid2=products%20grid:p416
~DF47427BE7B36DF802.TMP.2.dr false high
https://connect.facebook.net/en_US/fbevents.js tag[1].js1.3.dr false high
https://github.com/krux/postscribe/blob/master/LICENSE.js[1].js.3.dr false high
https://www.sephora.com/shop/bath-bodysco ~DF47427BE7B36DF802.TMP.2.dr false high
schema.org/LimitedAvailability sun-lotion[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s2338325-main-grid.jpg
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/shoRoot {34A4A022-15BA-11EB-90E4-ECF4BB862DED}.dat.2.dr
false high
Contacted URLs
URLs from Memory and Binaries
Copyright null 2020 Page 9 of 73
www.day.com/jcr/cq/1.0 2020-10-23-hp-slide-minis-cyoa-us-d-slice[1].jpg.3.dr
false high
https://community.sephora.com/t5/COVID-19/As-we-start-to-reopen-some-stores-we-want-to-share-what-we
G01OAI8Y.htm.3.dr false high
https://www.sephora.com/product/supergoop-jet-set-spf-travel-kit-P456402
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/shop/makeup-cosmetics {34A4A022-15BA-11EB-90E4-ECF4BB862DED}.dat.2.dr
false high
https://apps.bazaarvoice.com/bv.js bv[1].js.3.dr false high
https://www.sephora.com/productimages/sku/s2140051-main-grid.jpg?pb=2020-03-allure-best-2018
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/shop/fragrance fragrance[1].htm.3.dr false high
https://www.sephora.com/product/plantscription-spf-25-power-anti-aging-cream-P409834
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/shop/skincaresmetics ~DF47427BE7B36DF802.TMP.2.dr false high
https://community.sephora.com makeup-cosmetics[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s2252591-main-grid.jpg?pb=2020-03-sephora-clean-2019
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s2324705-main-grid.jpg
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/shop/fragrance&Fragrance {34A4A022-15BA-11EB-90E4-ECF4BB862DED}.dat.2.dr
false high
https://www.consumerfinance.gov/learnmore priority.bundle.B60CoriginmasterD20201019155832[1].js.3.dr
false high
https://www.sephora.com/product/green-defense-daily-mineral-sunscreen-P449188
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s2255271-main-grid.jpg
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s2346930-main-grid.jpg
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/product/dynamic-skin-recovery-spf50-P443354
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s1207174-main-grid.jpg
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s2344778-main-grid.jpg?pb=2020-03-sephora-clean-2019
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/product/isle-paradise-own-your-glow-kit-P456988
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/product/universal-purse-spray-P395315?skuId=1664341&keyword=refillable%20ato
fragrance[1].htm.3.dr false high
https://www.sephora.com/basket-listpping-list ~DF47427BE7B36DF802.TMP.2.dr false high
https://www.sephora.com/product/lancome-renergie-lift-multi-action-ultra-dark-spot-correcting-cream-
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/product/self-tan-purity-bronzing-water-face-mist-P432262
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s2170330-main-grid.jpg?pb=2020-03-allure-best-2015
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s2212058-main-grid.jpg
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s1509512-main-grid.jpg
sun-lotion[1].htm.3.dr false high
https://apps.bazaarvoice.com/deployments/sephora/main_site/production/en_US/bv.js
a8690a7205f632257b83009d90ceb4f6da291ff7[1].js.3.dr
false high
https://www.sephora.com/pCosmetics {34A4A022-15BA-11EB-90E4-ECF4BB862DED}.dat.2.dr
false high
https://www.sephora.com/shop/makeup-tools makeup-tools[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s2347789-main-grid.jpg?pb=2020-03-sephora-clean-2019
sun-lotion[1].htm.3.dr false high
https://content.zeronaught.com/js/sephora.js sephora_common[1].js1.3.dr, sephora_common[1].js.3.dr
false Avira URL Cloud: safe unknown
https://www.sephora.com/product/glow-clear-color-correcting-self-tanning-mousse-P443829
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s2221182-main-grid.jpg
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/product/amazonian-clay-bb-tinted-moisturizer-broad-spectrum-spf-20-sunscreen
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/shop/bath-bodys ~DF47427BE7B36DF802.TMP.2.dr false high
https://www.sephora.com/shop/fragrancetsn ~DF47427BE7B36DF802.TMP.2.dr false high
https://www.sephora.com/product/daywear-advanced-multi-protection-anti-oxidant-creme-broad-spectrum-
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/productimages/product/p416146-main-hero.jpg
coconut-cleansing-oil-P416146[1].htm.3.dr
false high
Name Source Malicious Antivirus Detection Reputation
Copyright null 2020 Page 10 of 73
https://www.sephora.com/productimages/sku/s1933076-main-grid.jpg
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/shop/sun-lotionsco ~DF47427BE7B36DF802.TMP.2.dr false high
https://www.sephora.com/product/tinted-self-tanning-body-mist-P286510
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/product/innisfree-daily-uv-defense-sunscreen-spf-36-P456392
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s2268779-main-grid.jpg?pb=2020-03-sephora-clean-2019
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/shop/makeup-toolsrMakeup {34A4A022-15BA-11EB-90E4-ECF4BB862DED}.dat.2.dr
false high
https://ad.doubleclick.net/ad/N2992.Google/B8208461.110259833;sz=1x1;u=data-sdfa=asfdf-
32cbe8765a6a41d0553df50d1cff9556f184d138[1].js.3.dr
false high
schema.org/InStock sun-lotion[1].htm.3.dr false high
https://www.sephora.com/product/essential-c-day-moisture-spf-30-broad-spectrum-spf-30-pa-P9940
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/product/peter-thomas-roth-water-drench-hyaluronic-hydrating-moisturizer-spf-
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s1585256-main-grid.jpg?pb=2020-03-sephora-clean-2019
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/product/biossance-squalane-zinc-sheer-mineral-sunscreen-spf-30-pa-P456410
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s2012326-main-grid.jpg
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/product/coconut-cleansing-oil-P416146?skuId=1918697&icid2=products%20grid:p4
~DF47427BE7B36DF802.TMP.2.dr false high
https://www.sephora.com/product/invisiblur-perfecting-shield-broad-spectrum-spf-30-pa-P394397
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s1496488-main-grid.jpg
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/quiz/fragrance-iq?icid2=fragrance_glossary_101_fragranceiq_quiz_html
fragrance[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s1302629-main-grid.jpg?pb=2020-03-sephora-value-2019
sun-lotion[1].htm.3.dr false high
https://www.sephora.com/productimages/sku/s2145340-main-grid.jpg
sun-lotion[1].htm.3.dr false high
https://jira.sephora.com/browse/ILLUPH-69238?focusedCommentId=433529&page=com.atlassian.jira.plugin.
VisitorAPI[1].js.3.dr false high
Name Source Malicious Antivirus Detection Reputation
Contacted IPs
Copyright null 2020 Page 11 of 73
General Information
Joe Sandbox Version: 30.0.0 Red Diamond
Analysis ID: 303351
No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs
IP Country Flag ASN ASN Name Malicious
100.24.81.90 United States 14618 AMAZON-AESUS false
3.222.142.14 United States 14618 AMAZON-AESUS false
31.13.92.14 Ireland 32934 FACEBOOKUS false
99.86.2.4 United States 16509 AMAZON-02US false
172.217.168.83 United States 15169 GOOGLEUS false
99.86.2.27 United States 16509 AMAZON-02US false
99.86.2.32 United States 16509 AMAZON-02US false
34.248.119.134 United States 16509 AMAZON-02US false
52.212.193.208 United States 16509 AMAZON-02US false
15.237.136.106 United States 16509 AMAZON-02US false
216.239.32.21 United States 15169 GOOGLEUS false
54.76.175.152 United States 16509 AMAZON-02US false
34.248.248.83 United States 16509 AMAZON-02US false
104.244.42.133 United States 13414 TWITTERUS false
99.86.2.122 United States 16509 AMAZON-02US false
208.74.204.225 United States 40402 LITHIUMUS false
104.244.42.195 United States 13414 TWITTERUS false
99.86.2.126 United States 16509 AMAZON-02US false
54.234.37.95 United States 14618 AMAZON-AESUS false
99.86.2.87 United States 16509 AMAZON-02US false
69.43.132.198 United States 22489 ZCOLO-SAN01US false
34.193.180.122 United States 14618 AMAZON-AESUS false
3.228.27.111 United States 14618 AMAZON-AESUS false
99.86.2.80 United States 16509 AMAZON-02US false
34.252.156.174 United States 16509 AMAZON-02US false
151.101.12.157 United States 54113 FASTLYUS false
Public
Copyright null 2020 Page 12 of 73
Start date: 23.10.2020
Start time: 22:30:59
Joe Sandbox Product: CloudBasic
Overall analysis duration: 0h 5m 53s
Hypervisor based Inspection enabled: false
Report type: light
Cookbook file name: browseurl.jbs
Sample URL: https://www.sephora.com/product/coconut-cleansing-oil-P416146?skuId=1918697&icid2=products grid:p416146:product
Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed: 15
Number of new started drivers analysed: 0
Number of existing processes analysed: 0
Number of existing drivers analysed: 0
Number of injected processes analysed: 0
Technologies: HCA enabledEGA enabledAMSI enabled
Analysis Mode: default
Analysis stop reason: Timeout
Detection: CLEAN
Classification: clean0.win@3/197@39/26
Cookbook Comments: Adjust boot timeEnable AMSIBrowsing link: https://www.sephora.com/Browsing link: https://www.sephora.com/shopping-listBrowsing link: https://www.sephora.com/basketBrowsing link: https://www.sephora.com/beauty/new-beauty-productsBrowsing link: https://www.sephora.com/brands-listBrowsing link: https://www.sephora.com/shop/makeup-cosmeticsBrowsing link: https://www.sephora.com/shop/skincareBrowsing link: https://www.sephora.com/shop/hair-productsBrowsing link: https://www.sephora.com/shop/fragranceBrowsing link: https://www.sephora.com/shop/makeup-toolsBrowsing link: https://www.sephora.com/shop/bath-body
Copyright null 2020 Page 13 of 73
Warnings:Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exeTCP Packets have been reduced to 100Created / dropped Files have been reduced to 100Excluded IPs from analysis (whitelisted): 104.108.39.131, 92.122.246.182, 104.83.112.99, 92.122.246.223, 2.17.187.116, 66.117.28.86, 104.83.87.185, 172.217.22.104, 216.58.215.240, 172.217.168.48, 172.217.168.80, 52.255.148.73, 51.104.144.132, 80.239.148.27, 80.239.148.18, 80.239.148.16, 152.199.19.161, 95.101.184.67, 51.103.5.159, 93.184.221.240, 80.239.148.32, 80.239.152.136, 104.42.151.234Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, storage.googleapis.com, s.btstatic.edgekey.net, a1024.dscg.akamai.net, domains2.kibocommerce.com.edgekey.net, skypedataprdcoleus07.cloudapp.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wns.notify.windows.com.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, wu.azureedge.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, par02p.wns.notify.windows.com.akadns.net, a248.b.akamai.net, go.microsoft.com, www.googletagmanager.com, emea1.notify.windows.com.akadns.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, e12028.b.akamaiedge.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, wu.wpc.apr-52dd2.edgecastdns.net, au-bg-shim.trafficmanager.net, e3568.x.akamaiedge.net, e4518.dscx.akamaiedge.net, ip46.go-mpulse.net.edgekey.net, e3214.f.akamaiedge.net, client.wns.windows.com, fs.microsoft.com, ie9comview.vo.msecnd.net, cm.everesttech.net.akadns.net, www-googletagmanager.l.google.com, wu.ec.azureedge.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, wildcard46.akstat.io.edgekey.net, e4518.dscapi7.akamaiedge.net, umwatsonrouting.trafficmanager.net, www.sephora.com.edgekey.net, wildcard46.go-mpulse.net.edgekey.net, go.microsoft.com.edgekey.net, skypedataprdcolwus16.cloudapp.net, cs9.wpc.v0cdn.netReport size exceeded maximum capacity and may have missing behavior information.Report size getting too big, too many NtCreateFile calls found.Report size getting too big, too many NtDeviceIoControlFile calls found.VT rate limit hit for: https://www.sephora.com/product/coconut-cleansing-oil-P416146?skuId=1918697&icid2=products%20grid:p416146:product
No simulations
Show All
Simulations
Behavior and APIs
Joe Sandbox View / Context
Copyright null 2020 Page 14 of 73
No context
No context
No context
No context
No context
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\I91NC6PA\www.sephora[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 1092398
Entropy (8bit): 5.246323866357945
Encrypted: false
SSDEEP: 1536:XLzM421xhWWyWWWCkk1n8LLLyL7mZhOLL//3/u/8yyCkktkdkyS47737u7AyYNND:l
MD5: 708882C15D64838E83F79BC9C01451E4
SHA1: 4790AECDD27962ADA0F1122945FC2903093CC3B3
SHA-256: 0074E2B891CC72430495FA29E708B0DE08B8098C959A19901D7A9E13299064A6
SHA-512: 9FF8F3864EE2EAF1621739429E2F3F38F62A8B6DA7B15392FF0AAEA24384D465BBD04C967D40E2051687FC5930ECAE938EC4D34948824879CC39C861E0B7937B
Malicious: false
Reputation: low
Preview:<root></root><root></root><root><item name="_constructorio_search_session_id" value="1" ltime="4164702928" htime="30845382" /><item name="_constructorio_search_session" value="{"sessionId":1,"lastTime":1603517508715}" ltime="4164542928" htime="30845382" /></root><root><item name="_constructorio_search_session_id" value="1" ltime="4164702928" htime="30845382" /><item name="_constructorio_search_session" value="{"sessionId":1,"lastTime":1603517508715}" ltime="4164702928" htime="30845382" /></root><root><item name="_constructorio_search_session_id" value="1" ltime="4164702928" htime="30845382" /><item name="_constructorio_search_session" value="{"sessionId":1,"lastTime":1603517508715}" ltime="4164702928" htime="30845382" /><item name="targetProductPageType" value="{"data":"FS"}" ltime="4167042928" htime="30845382" /></root><root><item name="_constructorio_search_session_id" value="1" ltime="4164702928" htime="
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{34A4A020-15BA-11EB-90E4-ECF4BB862DED}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Category: dropped
Size (bytes): 30296
Entropy (8bit): 1.859378124635818
Encrypted: false
SSDEEP: 96:rqZhZK2i9WgYPtgYJfgYyRMgEMg+gvfgdcX:rqZhZK2i9WDtNfeRMABefucX
MD5: 317C403B88C32DF385DD20D5D4EECF6E
SHA1: F891DD708605BB7EC17DAAB411DEF6432B4A388C
SHA-256: BAEFD5ED6338627C830F9E4224AF6E3A007EB101CA0337383D36B765CC49504C
SHA-512: 86931126830B51211DC0A96FD98F017F08383C8C371D5E8D812A61018C39DB93D3561F1D83ABB957343406D829CC297CE794BF29FF90B3F45C6A97BF0026A494
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
IPs
Domains
ASN
JA3 Fingerprints
Dropped Files
Created / dropped Files
Copyright null 2020 Page 15 of 73
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{34A4A022-15BA-11EB-90E4-ECF4BB862DED}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Category: dropped
Size (bytes): 205730
Entropy (8bit): 2.6110611089751625
Encrypted: false
SSDEEP: 768:Ca/bvRIpIbzbvRITIJPi2TiRfFSDTp2BG/+NcKcwNVGItIWNx:CZVGIt5/
MD5: CF90A3399F8189F93091417471CA8B0D
SHA1: 5A5FD82E1126D7CA93C2CBCECD1E374C2611C3A8
SHA-256: 169F9AC06C8F15719F60E9FA906AC5B60BDEB2909B3E4A20BABA8F5B89E3F69D
SHA-512: AA9F9568AA21C30A57F72500FB4010AD050E3C91B236AC9B74E081AC62E094EEA1CBE3649AA86F743CD3C82A167634E8E5D975DE2FD13BAFAC972ABF14601D6F
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{34A4A023-15BA-11EB-90E4-ECF4BB862DED}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Category: dropped
Size (bytes): 16984
Entropy (8bit): 1.565828558783338
Encrypted: false
SSDEEP: 48:IwvGcpreGwpaPG4pQHGrapbShrGQpK/G7HpR5sTGIpG:rlZWQB6bBShFAOT54A
MD5: 96BD596694427A38489AA6B4B756A365
SHA1: 673244AA2913792A4102F45C5213F02089774D6E
SHA-256: F05173E9B514276795F55AB88DEF5DF938B3A793A445CE92AA216943C5BC8032
SHA-512: 01D577E06F493C3E4FF227E14F050B10D5726A86275F017EE6E9C120D70114D790D9A4AB18651C704F820515EEA2EF34CFF6CCE6385E0C6180E866A7C8B8E239
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.datProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Category: dropped
Size (bytes): 92904
Entropy (8bit): 2.941647352781926
Encrypted: false
SSDEEP: 384:xt/+x/Kh/ah/eF/at/ep/Kx/et/C1/C9/mR/U:xt2xChSh2FytWpCx2t6169eR8
MD5: 301D30C0178BE7BF42DFA319D2D1F2B3
SHA1: A49D8141064C6D24A2D8213803ED63B7CE509E69
SHA-256: BF28230B534A2D26B43AF75A4DDAF2518C2FCE4C7968A32B7B134CC3A896DDDF
SHA-512: 29BA407403183105F64B38EBAA8C1AAD06B4C5B47B0FF2FAA4461AF677C85B308E48128A121ED60D4CAF991CB953EF3797C1A7CC08EDECBED978587F476B1DA8
Malicious: false
Reputation: low
Preview:#.h.t.t.p.s.:././.w.w.w...s.e.p.h.o.r.a...c.o.m./.f.a.v.i.c.o.n...i.c.o.~.................h.......(....... .................................~.IIG.....('%.....:97.............,+*.....>=<.....765.....................%$".....--+.....KJI.eed.........SSQ.432.................................ZYX.##!.........nml.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\2020-01-06-global-sephora-collection-hair-lg-us-d-slice[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Category: downloaded
Size (bytes): 15422
Entropy (8bit): 7.821623714495784
Encrypted: false
Copyright null 2020 Page 16 of 73
SSDEEP: 384:nAuStRT1e1lho3DsWx1u6xMgRXFQtHyQMtAH:GYh/S1uiRXatHyQWK
MD5: 763D5DDB01FFDB7CFBB9B5C5D5AC368E
SHA1: AD0A79E2958E0C21177305B99F76905BF33DE3A3
SHA-256: A610AC304168F9A6D0643F363A21E20AF2CD268C3ABA3216887900906284EED6
SHA-512: F2432EF9A4FF3DFE204E4540EAAF4E7E6057C6883655750EA5F71F09CBDEF7207C0257D01A5DBA5DE5429731FA31EE3B28149263AD7183F62B93C109DE8A7F99
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/contentimages/meganav/large/2020-01-06-global-sephora-collection-hair-lg-us-d-slice.jpg?imwidth=221
Preview:II.. ...$..o.N.K..=wv........................................................................B...........B.....................;......WMPHOTO..F.q....0...,[email protected]"..................@.!.F.(Gr......X.V.Jk..v...N.|.9...+....t.......O.o......"l........W.?.V...=......^...>.f...Q.Z..ia.....(Y..y....U.( ..m.].`[email protected].:Y.;.T....e+.XyFb1....a......co...g.A..v?...eM..).. mzsV..:A`C"cq...M.O..M.".;CL.N"B.\Q..#a.........uDp.n.v.P.......!...,vi...O.1...#..0...6..!).h.(.....$.+.......K..%......D.|.....v.....E`.p.<.#.%0.JV...7.j.......*[email protected]...$`<.bA..U...'..". [email protected]. !.....-2.>.W3..I.H@B#......Y.K\.>.+l..G5d.v.'.OrV.).o..h...G...Y...g.K..*......R..1.......D@..............)e.....#..`H.Pk#...C.h..E.dz..JYF.E.....Bgi...`.H".C0...`.v$<.....U3.I\[email protected].!.H....!...`s&.:.:.....,FtM%q....ozn....I......Dm.......HjV..p*/qf#!97g....bT.-.w|....E...Q......f..Y..u.E.BA.h.|...)2.U_.lZw+K*L.#.....h5!..8k.G=D.A(..#.mP.5&.L =...........6.$.. .@_...._.d.....E..A.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\2020-01-06-global-sephora-collection-hair-lg-us-d-slice[1].wdp
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\2020-04-23-global-nav-lg-pro-brushes-us-ca-d-slice[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Category: downloaded
Size (bytes): 20130
Entropy (8bit): 7.685547717359284
Encrypted: false
SSDEEP: 384:bfzlYOay9X2uTJ/LPMBYKKrMy93TybfwHdXXifjhJk3zWAQfWlkK6:bf7N9mUJD8Ugzw9Hs1JkDDQfAf6
MD5: 2EBF80B8FC3060C503AE56563B12242E
SHA1: B63C9793CF3419E38123A57529135887C109546D
SHA-256: 69F0F7FEA9886D5FD5307ABF04B0DC75828045915834612E6EC64025FCD17BE6
SHA-512: D1D032CCC085EB9838635F37E8BE791FE4A6281D193562461BD55F33A68ECFF58F541F3102AB800B75D6974E496B75ABFE96D79B024446DBB5D91F67DA8C8EBC
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/contentimages/meganav/large/2020-04-23-global-nav-lg-pro-brushes-us-ca-d-slice.jpg?imwidth=221
Preview:II.. ...$..o.N.K..=wv........................................................................B...........B.....................N......WMPHOTO..E.q....0....l<>F............A.........L......... ..*.....0.......` @........[...k..,.T....&Z.2o.OE=.+).T...&....i.f./.u./.=.1.:....t.@/,.?is..5....le..2p...n...$Y]W.J...D..0.LJ.."/l..z8.....,.(...a ...{w....,I....}m.;.%e,Bph...\.z...J..-...O.PI.a...62...X..".{i.#(.....%_.a.........I]I...fN*...CU.[mS.]0.O.T..l...Q......[..G..W.....e9".P..U.....[~` .H3;96V.....C,[email protected]".(@.:.u.t..;e.h.{...X...H.jQ<....E[.C... 9@....$..IW...,G. ..t...N.N.@o.",...B..J..8..#...s.e..f).}....I8].h..x0.A.!.K..P...Q..M.(.KI.(4...n^..a.......WL....0K+.T..c.BR.IpP.2...%N...'.GX..-......jx.C...i_R..o..C.q3..UT...!y.A..'....$.c....).CH...r.P[e......... ...........................J .F.!a......c...8.. .."q..G.. ..!....i...8.)[email protected]................!..,...AD.. ..N..0..2...1.(o5.!..D........................a.>{.....E..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\2020-08-01-global-nav-lg-fragrance-us-ca-d-slice-221x404[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Category: downloaded
Size (bytes): 24672
Entropy (8bit): 7.858184344692181
Encrypted: false
SSDEEP: 384:gThBJk3W7+vCS8/Zwd+THy/jv4kSsix5cVFX0knwopJLcnNfvSnOBnOIqXWqkvl:g9BJkR8haoHy/jwkoxALTbcRSnOBnOLc
MD5: E9DD760D777214FC1F5202BACFE13037
SHA1: 57C4BB4E85BEF003FE5AC2C56CCF4CEF48700801
SHA-256: 64035BE0811D7B65FB1B7A2704AE2B2F72ACC1D60DA700E3FEE49C7BEC10061B
SHA-512: A93E38D410F77DAA91D7A23610EFB7C9E8BC284B9DEEE284463652B3B893BD04B8B1DF4BC73FB793428DD0EDFC687F2BA8C332E5BFCAF3C1C507CFB8D71E36C1
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/contentimages/meganav/large/2020-08-01-global-nav-lg-fragrance-us-ca-d-slice-221x404.jpg?imwidth=221
Preview:II.. ...$..o.N.K..=wv........................................................................B...........B....................._......WMPHOTO..E.q....0...,8:B.. ........U.......A......... ."..^X.RY...Ws..c.1............M7....x.8..AgQ..yBd..l....CE.'.....H..>X..J....[."3*{J.$<.%..o..3n..E..+ B...K.*S.2.D.......X..td....~.3{.y..PI.a%".SLi...LDu.=....14f..C1....L...<[email protected]....+.i.b.&.0.. [email protected]/.....S....L....F....o)".Rv2y........q.RD.... H-(F.8.....G)C[.AW.*.......U<u...P..E.0$..v%...1F$K.....0.{...*.*MrD!....Y....W.r.h.$E .9.g..K%..fwls...N..E.(.. eM.S...w.(C..7.!..=C.d...l.X2R. ......h..H....;..gJ:..oD...X.SU.3...b..P...E..kgt.n.C,z..$xX.9..c...RDaL.. G,..j...B.P..T.'.E.b.V....!...6F.....!.!8.?.R.v,..u8.g..Rz.MSB.G..S.@...,2.Y.......iO..#=g..n..o.$2..f.'.U(.2.<..j...x&.,..r..#d. .Y...Yx.Z.<.@4..^....>......... .G...,U.2Y..4.e..F.7.P.P.3!0.!............^R.(J-m.< D.hB.v.`.....a.....T..E.....5Q}.0. ......0......2...#3.........$0...........n...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\2020-09-01-global-nav-chanel-lg-us-ca-d-slice[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Category: downloaded
Size (bytes): 19091
Entropy (8bit): 7.7611428172519465
Encrypted: false
SSDEEP: 384:VfKAqjxvzIU/9034FEpPf0c+5Dy2NyWIQ/jF:IAIItIEp3B+R3DIGj
MD5: 0F5F2094427DCF6BF79E3142709EFC2E
Copyright null 2020 Page 17 of 73
SHA1: 7C831DB568A7233F599591AAC5FA83EB632DB975
SHA-256: 511B468E20ED32824A33153496DC8F458753ABB501A898E86A51103EA16CD8A6
SHA-512: 01FC177415A1B0ADC28F499EFABD6456E256AB76B5D3EAC33655CFDFEC5CEDBCD8FE8C05959685948F1CEAB70C5F3F0C695B55D71FA361DFF9EA9E091C83E2B8
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/contentimages/meganav/large/2020-09-01-global-nav-chanel-lg-us-ca-d-slice.jpg?imwidth=221
Preview:II.. ...$..o.N.K..=wv........................................................................B...........B.....................J......WMPHOTO..F.q....0...LJJT...`.....a.i=Q.......QL...).>..QP....EY...&..........t$p+......f...C..2...[..Btc...N..".G.....yu..}E&...e..([email protected]@....'=...r6.-..(..t..e....Vd.2.]...X.7R`*............[....6w..vrY..v.)%.o.>[email protected]..#e...WN.D3q.....Q.Ny..H..4.!N.=h..Nhw....{Tl.^.W.Z........p....s.j...Z....M;!.m.t.n..Ux......=.'..m..u.+.a....*K..L....U..aq...F.V.P..!..[[email protected].\PL.......*.$R....h.j(M...>.-0.....F...x(Z...G.Kr/lA.D........D..O..Z...A....>9j)[..2...t.P4...\..I..|GU...c...P.!...e.5V.2.Q!..H.....2A.g..z.:..q.Iu1.^E^z....N.^T..UX*..l#.......Q.F...`[email protected].(H9...fl......'(.1.`A..@ .sf`.........P3.JI_h...Z........3f.Z...:..-..TUR...&..q.(......\......m..TC..H2F..F..I~0...(.&.. ...B..%...$A... ..@.!.!.mk.:r......'=.....!..4%. 2T..,..|2.`.].i.C.(.w....%.'..AD9....d..9.K...\.o
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\2020-09-01-global-nav-chanel-lg-us-ca-d-slice[1].wdp
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\2020-09-01-global-nav-lg-sc-sku-launch-skincare-us-d-slice[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 221x404, frames 3
Category: downloaded
Size (bytes): 24317
Entropy (8bit): 7.969064108038873
Encrypted: false
SSDEEP: 384:mPpMBU/hJLxAzDyQAXXXXXRpyCjv6A9GeNVPfShQG9KRaMqli2J/tEQkMwf6Jh3E:kpMmzLxAvBWICNGeNBqQ9ApA2hOQS6HE
MD5: 0F5C1D7FA54C1F95F7179FC8FDD59C96
SHA1: 87A88B6B1BC3459EA3329D9620ACF93B4690AA2C
SHA-256: 6C0CD5CD0628A6749BA467438511BC54685761DAE1F127D1B7DDF3A98A7FF394
SHA-512: 7C551E806D71E8A5A3AB60BB637B760AAEF47CCDD757B2E714A3BABE4A031CD0ADB55EBF1CD860C3F7DB3FB49E232922075BB780C7C538867B5031145CD596FA
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/contentimages/meganav/large/2020-09-01-global-nav-lg-sc-sku-launch-skincare-us-d-slice.jpg?imwidth=221
Preview:......JFIF..............................................................................*................................................................*...........".................................................m.................w8....>..u.c.%{~P.:~8.....&."sk...g..iz.......#.y..|.~.......'}Y...%.."=....>..=o.2.GyQ.%.V...V....p..|Y.{....D..:.y....2...s2.....}'..W.>`..&zE..S|..........z.....Ws.+......?.^.y..i..0}$Q.'G..........p.-.1tE.Z.(T..Vr..Z.D.sew.k...l..1}.!..X..w..9.....q.......>/..4.I.Nhjm..g.~_.2zs]....xM.L...3`..o......,8F.v..j...5..:..)].o@L1.=......N...M@.....,..a......p.U..u..]....q..M.$.9+.......,......+..... .....+....#[email protected]..|............P...]....U.....n.F.......&.\...o..".dWs...U<DM{...n5...5........yY,..T.aIZqw..T...w8Y...Xr....6..J.L..+...p....iR)...Gu([email protected].{.+.....J!j..r...r.....]k...@>`.9.s..Vr....C....*L.'.M..F...q.Z.6.m.B...R.1GV..Et....S...e}.._.LB...u..V......zZ...g....t...p..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BrightTag.jquery-1.5.1[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 84267
Entropy (8bit): 5.381912522858036
Encrypted: false
SSDEEP: 1536:7IjkWHsI8NmX85vZBcUReFj3KQuXwvGjq6ADlOeaRpfqERwn8hVZ3ikF9zioXi8/:wkm6BRkOQQVZSOty84MA41L
MD5: AB43425DE1998762603D663D1F7D4FD6
SHA1: 084D900C3099BFD52E71B6490A9DEC91FCAD2BAF
SHA-256: 1D878D54B9A998F52C94A6956310423CBA9996302C42F60D9B7FE81DA51992C7
SHA-512: 660349749B012E11AF1FFD60D176439A8A0365F3115F83ADD33F803D60217AD2777599ABAEA13B547DE81387A5556C3E09E555C8950D895D5D6774BDA0F4F9B3
Malicious: false
Reputation: low
IE Cache URL: https://s.btstatic.com/BrightTag.jquery-1.5.1.js
Preview:(function(ca,u,p){function pa(a,b,d){if(d===p&&1===a.nodeType)if(d=a.getAttribute("data-"+b),"string"===typeof d){try{d="true"===d?!0:"false"===d?!1:"null"===d?null:!c.isNaN(d)?parseFloat(d):Wa.test(d)?c.parseJSON(d):d}catch(e){}c.data(a,b,d)}else d=p;return d}function da(a){for(var b in a)if("toJSON"!==b)return!1;return!0}function E(){return!1}function K(){return!0}function qa(a,b,d){var e=c.extend({},d[0]);e.type=a;e.originalEvent={};e.liveFired=p;c.event.handle.call(b,e);e.isDefaultPrevented()&&.d[0].preventDefault()}function Xa(a){var b,d,e,f,h,g,k,l,n,q,m,p=[];f=[];h=c._data(this,"events");if(!(a.liveFired===this||!h||!h.live||a.target.disabled||a.button&&"click"===a.type)){a.namespace&&(m=RegExp("(^|\\.)"+a.namespace.split(".").join("\\.(?:.*\\.)?")+"(\\.|$)"));a.liveFired=this;var s=h.live.slice(0);for(k=0;k<s.length;k++)h=s[k],h.origType.replace(R,"")===a.type?f.push(h.selector):s.splice(k--,1);f=c(a.target).closest(f,a.currentTarget);l=0;for(n=f.length;l<n;l++){q=f[l];for(k=0;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Cat_Banner_Skincare[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Category: downloaded
Size (bytes): 9226
Entropy (8bit): 7.755495691431183
Encrypted: false
SSDEEP: 192:Z6S1EMMlUvO4XS84XGMldgWAhQqmliTUGDkk7XdTYujTIarJnhedD:bM2vOv84fldgWpAU6NUuj7JnhmD
MD5: CCE83026CD001468020084E95EDDA1AB
Copyright null 2020 Page 18 of 73
SHA1: B501CC7026B4929E3CFFFD811F9634D50E68B093
SHA-256: 0ADC8B3F0C1AC90EA037F9ECBC3DF1833E73E7040A84EB032F313C246054862C
SHA-512: 50B2F1A0E277EC1469930BABF0E69B782AC03DCDE7BF8F9216FACEC6DB6F0E1128E027D4C9752A82F8285CD00FE3E06BC92ED8232EC9C7DB029B59B35E23E465
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/contentimages/categories/banners/category_banners/Cat_Banner_Skincare.jpg?imwidth=777
Preview:II.. ...$..o.N.K..=wv.........................................................m..............B...........B.....................#......WMPHOTO..E.q...l0..$$.BBL.DD...................... .........UUUU0....0|!7....!.r...{6..gz.(..!.%..(. .O.I..M...*.....XK<...ef..Z2.Tj.G.c..9..3.Y..j.....3...........G..KK...........[.1}.X..........tm.~1b......9:..[[email protected]...:..(.B%UXA.$..a..Y....S.~....Hu.O.e#...&|[email protected]....!YUUT.].!.a./.-s[...>..?.].nR[cF..s.T.... ..54..K....i"....go......GY.....L....T.i...r~.R...h.^ci1.w.....$U.P.]&....X...........l..E.3.F*d4...|..D {f.....4.A....v....3.....1.....a@.....................................#q.J.0....p..2. .|!r.l..Fc.0.3....8....}P.?$........G.@f0A5 .@.....!,..h...q..ogb..b`0..}[email protected].....`I..=;c|.....P)Kj.R$.Q.d!9..].........z...m..1.q.r'.Qb..U..G..S..ZE......h..d. .(........J..... .....Y?..u..n....M.W....B.>6X./[email protected].}......ld.a..t....0..6..[7C..gF.~...8..cG.b(.|d..6....#.T..R.y..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Cat_Banner_Skincare[1].wdp
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Resonance[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 45857
Entropy (8bit): 5.258178921035355
Encrypted: false
SSDEEP: 768:OixiDurEU1+r8cl92ra3c7dAo/VpW/CfBEBsBtXrXac6wHih:O2LK4JVY
MD5: 1627B914111FCB0672F83D9770D7D796
SHA1: 83E368667F3186A40C070CF4A4B8B9B055BF8C97
SHA-256: B1B607595229091EA27CA5DFE385AB4ED240F318EEE52E8448F7DFDBF4B4DA85
SHA-512: CC205866E2AABB375F97C5617CA319191A1C0E16BEED07667BA8455C339C5F2D4B593A18EF2601B87196BCDDAEBB45F39521867C4105AE9A95191DD147DD1D27
Malicious: false
Reputation: low
IE Cache URL: https://www.res-x.com/ws/r2/Resonance.aspx?appid=sephora01&tk=225132365597353&ss=311603776979577&sg=1&pg=222054363148678&vr=5.10x&bx=true&sc=product1_rr&sc=product2_rr&sc=product4_rr&ev=product&ei=1918697&no=20&ex=SKU1918697;&language=ENGLISH&ccb=Sephora.certona&ur=https%3A%2F%2Fwww.sephora.com%2Fproduct%2Fcoconut-cleansing-oil-P416146%3FskuId%3D1918697%26icid2%3Dproducts%2520grid%3Ap416146%3Aproduct&plk=&rf=
Preview:Sephora.certona({"resonance":{"schemes":[{"scheme":"product1_rr","explanation":"Similar Products","display":"yes","items":[{"id":"P442566","display_name":"Slaai. Makeup-Melting Butter Cleanser","variation_type":"None","product_type":"standard","product_url":"\/product\/slaai-makeup-melting-butter-cleanser-P442566","brand_name":"Drunk Elephant","default_sku_id":"2170355","reviews":1208,"rating":3.853,"heroImageAltText":"Clean at Sephora","certona_algorithm_id":"35","certona_experience_id":"4015","certona_audience_id":"451","certona_strategy_id":"77651","skus":[{"sku_number":"2170355","sku_size":"","sku_type":"Standard","list_price":34.00,"primary_product_id":"P442566","additional_sku_desc":"Slaai. Makeup-Melting Butter Cleanser","grid_images":"\/productimages\/sku\/s2170355-main-zoom.jpg?imwidth=135&pb=2020-03-allure-clean-2019","hero_images":"\/productimages\/sku\/s2170355-main-zoom.jpg?imwidth=270&pb=2020-03-allure-clean-2019","large_hero_images":"\/productimages\/sku\/s2170355-
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\a8690a7205f632257b83009d90ceb4f6da291ff7[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Category: downloaded
Size (bytes): 445
Entropy (8bit): 4.744141307861108
Encrypted: false
SSDEEP: 12:i2Q183bKjkNu3C9dHJBWAKXiY6MaDRWUkEaxopgFYn:i86kNuS9dHJBHKXi5MyRWUnA96n
MD5: 825663864DF4500C8746B89391E96A10
SHA1: BDBC07BCD844AD9DF796E5CDE9FF99F41E25AFFC
SHA-256: 0E8AC59E68343C4017F94E65814DB7697DE99DD5CE852EAB6BBE85E05BE84C76
SHA-512: 0B284F59BBDEA143375009FEDB154A05CD2490F1208CC18FADF23F96B1AFDE0055BFC8ACBFB7E6586298E4BEE0B489ABD52C3B9390544880C4876CC8ABFD3F2A
Malicious: false
Reputation: low
IE Cache URL: https://s.btstatic.com/lib/a8690a7205f632257b83009d90ceb4f6da291ff7.js?v=2
Preview:if (!Sephora.configurationSettings.isCCPABannerEnabled || bt_cookie('ccpaConsentCookie') == 1) {. . const script = document.createElement('script');. . script.src = 'https://apps.bazaarvoice.com/deployments/sephora/main_site/production/en_US/bv.js';. script.async = true;. . const firstScript = document.getElementsByTagName('script')[0];. firstScript.parentNode.insertBefore(script, firstScript);. .}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\adsct[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Category: dropped
Size (bytes): 43
Entropy (8bit): 3.16293190511019
Encrypted: false
Copyright null 2020 Page 19 of 73
SSDEEP: 3:CUk4lmfpse:eBse
MD5: 377D257F2D2E294916143C069141C1C5
SHA1: B7CAE69682CF31DD670B65088DB8395ACDA6ED3E
SHA-256: AC8778041FDB7F2E08CEB574C9A766247EA26F1A7D90FA854C4EFCF4B361A957
SHA-512: 01211111688DC2007519FF56603FBE345D057337B911C829AAEE97B8D02E7D885E7A2C2D51730F54A04AEBC1821897C8041F15E216F1C973ED313087FA91A3FB
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........L..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\adsct[1].gif
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\adsct[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: dropped
Size (bytes): 31
Entropy (8bit): 4.195816471537619
Encrypted: false
SSDEEP: 3:oxo+/tDcsv:oxftDH
MD5: 872BB1FC2F7775CD82F45D110BBC384E
SHA1: 9C134426D5E946AB36A5BE3A201E81F37F50DC99
SHA-256: DF3E003CC30E9BDD0313100E8EE5D468070B4B34D11AD355F276A356D4B9C7BF
SHA-512: CF29A8BA5843488B5CF055783EB0C787305C29CC8FE0084E61F6F15C7B9D4791B5072984998EC2AEDF03F55E05024930E88DDDB28E8CD853658A47A0B6AA42AE
Malicious: false
Reputation: low
Preview:twttr.conversion.loadPixels({})
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\cat_hair_navbar_more_030316_image[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 777 x 30, 8-bit grayscale, non-interlaced
Category: downloaded
Size (bytes): 1728
Entropy (8bit): 7.842934254038715
Encrypted: false
SSDEEP: 48:L2zg0vvrq+jh7d9+7oA/s1XEUf3EIV4ZhMsf:GNTRdWseUf3EI+f
MD5: 4C617B2EB6027064420A05AA83868535
SHA1: CCC49D7EBCFEE00579A040484C54D0AD32CE58D7
SHA-256: 0BCE1FED4B3D60A8422594A5E8D86019E0177F4359D32B13C2E03F851D8390A2
SHA-512: BB055A435BC024373FFBA5B9FCF2A1EFBFD7C8A912B1B00235062CD9414E06D966D8203852AE52638FE5F6C985F5F6D6E0AA5A834D71DBD200B0A8D2BF9F93B5
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/contentimages/categories/bottomnavs/hair/cat_hair_navbar_more_030316_image.jpg?imwidth=777
Preview:.PNG........IHDR.............B.......orNT..w....zIDATx..]..W....B0..@....,,.....h7....../[email protected].).....nWcS....Y....Zo.A/p./...3...l..6.w..~.........zu}......X...7....#7..v........0..m.#[email protected].`p.J6...4...b......XXT.Q.>.a..,3}5..cL.0..|.?....SP..x....=..jD.<]..y....t}.u.#d5.n.6........N.IW.A.X.Pr...H.D%.._|B.C..]..sN. e.....p. ..z...........d..H3D%..UW..i<0.c.$w2.`.F...C0c9\.....H.L.....p.eR.(......zj..s..8@...<T%.*..'..d3.'.A&.%.v8HU`..J.u.m..=j....../...{.....i.8r.o.....2...H..dS-.*.x.J=.M4.LC...GF.....hd.=.T....._......r..3.s..v..O...;.;.m..P.=.J.(.......5{..e.G..0-...e.j..8d.?....Q.*y<..qOh5....8...:Y....Ul....!...h.....].....T.....r..o.28....r=..G...VC....V..yy.~..;`..f@[email protected].`.e..{{.x..n.....7xz....k?..).7Ff}..m....B..fBTB..........~%..O....Q8.B..7...3..Eh.!...4ZJ8?.(....G.....6.9..:j........E}....K..oP.O0d:.1..?m.0.`1L..u._..e...gn..........e..e.....,qOh99!.`..\.X.c..Z/.-
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\community[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 2159
Entropy (8bit): 4.158301325599582
Encrypted: false
SSDEEP: 48:ii3SudzUKdDtudGWDPBgoZgoGVylvQkUWYq1OgoCo2QhEq3wHTyAyS:iitTZudt7G516LYEzo2QJwHTyAH
MD5: 8E1691835338DB541BA3262EDB46F3B0
SHA1: 63F3E5DCE513D5EAD2DCADC1C1CD46C30B79B3FA
SHA-256: F3E23EF7D149BE99D3BF80E190B163E4F1D875DB0817A0DF10CB669BC09E48C7
SHA-512: BD8D7261620A36B0DEC93DAAC3A7A11CC6D844FE0D62553A90A7BCCC44FBF2FD7B9B84EDDDB63D8E98E401C83A58C21D5D5C07E26CD2EAE0A618C97554E5C82C
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/img/ufe/icons/community.svg
Copyright null 2020 Page 20 of 73
Preview:<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><g fill="none" fill-rule="evenodd"><path d="M0 0h24v24H0z"/><path d="M3.5 3.914H3v-.5a.5.5 0 00-1 0v.5h-.5a.5.5 0 000 1H2v.5a.5.5 0 001 0v-.5h.5a.5.5 0 000-1m5.707 1.5l.354-.354a.5.5 0 00-.708-.707l-.353.354-.354-.354a.5.5 0 00-.707.707l.354.354-.354.354a.5.5 0 00.707.707L8.5 6.12l.353.354a.502.502 0 00.708 0 .5.5 0 000-.707l-.354-.354zm-3.639-2.5c-.276 0-.51-.224-.51-.5s.214-.5.49-.5h.02a.5.5 0 010 1m16 5c-.276 0-.51-.224-.51-.5s.214-.5.49-.5h.02a.5.5 0 010 1M4 22.364c0-.17.013-.334.025-.5H1.038c.275-1.764 2.014-2.695 3.952-2.933.239-.381.515-.738.825-1.061C2.891 17.926 0 19.32 0 22.364a.5.5 0 00.5.5h3.592a1.483 1.483 0 01-.092-.5m15-10.5c-1.103 0-2 .897-2 2s.897 2 2 2 2-.897 2-2-.897-2-2-2m0 5c-1.654 0-3-1.346-3-3s1.346-3 3-3 3 1.346 3 3-1.346 3-3 3m-14-5c-1.103 0-2 .897-2 2s.897 2 2 2 2-.897 2-2-.897-2-2-2m0 5c-1.654 0-3-1.346-3-3s1.346-3 3-3 3 1.346 3 3-1.346 3-3 3m13.185 1.006c.31.323.586.68.825 1.062 1.939.237 3.676 1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\community[1].svg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\components.chunk.B60CoriginmasterD20201019155832[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Category: downloaded
Size (bytes): 3168083
Entropy (8bit): 5.343442755259661
Encrypted: false
SSDEEP: 49152:QgJckpugqWDiuA2LCwvP4nBoLEdhTatK36pzPS8DpKgCzuu/v7nkD:JFyoYMN
MD5: 466495F5A93E3DBFD88FFB815CD1FD4C
SHA1: C495911DAF51079D09ECDDEEC959D0715FCA1FBE
SHA-256: 759BCEBA8BCB351D8E28625BC2DB3F204359E48C68A1E0E4636B30FD91F2EB50
SHA-512: 361040878A4CFE236CD56221D9B9F0845975FA3EDA7E72E38DCA22AB21D83D721F782B0095C5DF7E49A570C146AC8E289CE2AA738F43F7F28B7B5DB64B6F3D62
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/js/ufe/isomorphic/components.chunk.B60CoriginmasterD20201019155832.js
Preview:(window.webpackJsonp=window.webpackJsonp||[]).push([[0],Array(96).concat([function(e,t,o){var f=o(1),a=o(8),i=o(1265),g=o(16),n=o(39),c=o(1275),s=o(20),l=o(4),y=o(3),p=o(183),b=o(1279),u=o(70),d=o(93),C=o(10),v=o(9),h=o(5),m=o(2),E=o(18),S=o(11),I=o(104),R=o(37).ERROR_CODES,P=o(1488).hasAVS,A=o(17).getProp,k=!1,T=!1,w=null,O=h.isPlayEdit()?"/playedit":"/checkout",_="/checkout/ropis",x={GIFT_CARD_ADDRESS:{name:"giftCardShipAddress",path:"giftcardshipping",title:"giftCardShippingAddress"},GIFT_CARD_OPTIONS:{name:"giftCardShipOptions",path:"giftcarddelivery",title:"giftCardDeliveryMessage"},SHIP_ADDRESS:{name:"shipAddress",path:"shipping",title:"shippingAddress"},SHIP_OPTIONS:{name:"shipOptions",path:"delivery",title:"deliveryGiftOptions"},PAYMENT:{name:"payment",path:"payment",title:"paymentMethod"},ACCOUNT:{name:"account",path:"account",title:"accountCreation"},REVIEW:{name:"review",path:"checkout",title:"reviewPlaceOrder"}},r=/^(\$0.00|0,00\s*\$|FREE|GRATUIT)$/i;function D(){var e=0<ar
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\config[1].jsonProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 16872
Entropy (8bit): 4.95819178871273
Encrypted: false
SSDEEP: 192:+5XVnsnLyajeCQ4Cq+lbQpXVnsnLyajeCQ4Cq+lbQCitXVnsnLyajeCQ4Cq+lbp:8Rs2PbeRs2PbnURs2Pbp
MD5: 9E8FF53FF95170E367A0C2EDFF426FBE
SHA1: B7A23F3E94AEFF09C2F971DBF766EFDBBB05CDE0
SHA-256: A1EAC2E48583E9C94D266FD082CF004B90441910C77994618F9E3FC66123E2F4
SHA-512: 54919EC986CE0A5282B35B46215D44308F9AC5D1194F519C01EC2777F5A8FCF3A4BD3761811095D1C22157E4ABB4D3A14DB54DFAA3E210F07DCBCFDCBCF204BE
Malicious: false
Reputation: low
Preview:{"h.key":"FS9BD-W3YYU-T5EYF-DZEKW-5ERXU","h.d":"www.sephora.com","h.t":1603485128307,"h.cr":"6ddae51c08931fff4540bc9de087709d438bef86","session_id":"6a4ad840-014b-46f2-8831-5b7ee8bae2a0","site_domain":"www.sephora.com","beacon_url":"//6852bd0d.akstat.io/","autorun":true,"instrument_xhr":true,"beacon_interval":5,"BW":{"enabled":false},"RT":{"session_exp":1800},"ResourceTiming":{"enabled":true,"splitAtPath":true},"Errors":{"enabled":true,"monitorTimeout":true,"monitorEvents":true,"maxErrors":5,"sendAfterOnload":true,"sendInterval":1000},"Continuity":{"enabled":true,"waitAfterOnload":1000},"PageParams":{"xhr":"match","pageGroups":[{"type":"Regexp","parameter1":"/checkout/confirmation","parameter2":"order confirmation","on":["navigation"]},{"type":"Custom","parameter1":"wa.pageType","on":["navigation"]},{"type":"Custom","parameter1":"window.digitalData.page.category.pageType","on":["navigation"]},{"type":"Custom","parameter1":"Sephora.analytics.backendData.pageType","on":["navigation"]},{"
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\dc[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: downloaded
Size (bytes): 187
Entropy (8bit): 5.678512843542901
Encrypted: false
SSDEEP: 3:YBG/9mHovIughHwRY/Gs1ky3jq2emV9S3jrBO1S+9UiskfcFNxYniPxzUHJFON4D:YMoNJw+/GUc29crBO177s0KNxYiPYLOA
MD5: 8BAD799AFEA5229E38AE91C827C212EC
SHA1: F6472DCE3214FA23CF9081EE27C3FBD94AB2C311
SHA-256: C36D4E5A7D539AFA5D69B5AF66EF5CD10AA30A0568C01CE0CDFB1EBBF2A1AB1E
SHA-512: DB9E75C7DBD155749EC63243E22A1FB70FCC05A14CB84BC5C1DEA2706432584A4CFD360879C981575B5FE252E97D4426B88BDA447DAF7D0C515AA32219C34C32
Malicious: false
Copyright null 2020 Page 21 of 73
Reputation: low
IE Cache URL: https://api.zeronaught.com/sephora/dc?key=AIzaSyAaDUq6-hRN7J5DbGb-rFI_i5CjNHTK0tk&sc=AFAIKVd1AQAAsoHrw6fQBD4WFfp34eawCMEDlXkuW_Je7IwecRxdU79B1eoy%7C1%7C0%7C28a80abe48f848c4873611d4066013e270bd70a2&si=%7B%22uuid%22%3A%228fffca7f8f79874d%22%2C%22pid%22%3A%22383baab168f8e611%22%2C%22ts%22%3A1603517536%2C%22p%22%3A0%2C%22v%22%3A%7B%7D%2C%22c%22%3A%7B%22sc%22%3A1%7D%2C%22cv%22%3A%7B%7D%2C%22tp%22%3A310%2C%22ut%22%3A%7B%22ts%22%3A1603517529%2C%22sc%22%3A1%7D%7D
Preview:{"dc": "{\"c\": \"NVJjUHFTQ1pUNEhBNURaUA==mGdUPw4vo9xPAiywB-7JU-M3mwXZOa8XX6YazJQZC7CXhtoakgozqvouoFNBS4CkxFb6wV-RXpIi1GIYFR5ogzuBVehDBxpsjB9vbJ9A7dU6xwo=\", \"dc\": \"000\", \"mf\": 0}"}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\dc[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\dc[2].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: downloaded
Size (bytes): 187
Entropy (8bit): 5.6194835842836
Encrypted: false
SSDEEP: 3:YBG/9mHoiNnnvKziWzdcZNHOQWmBu7v6JHpmOMzsVVzoykP6a15QN4Hnjn:YMoZNvKLc7H1u2u0zvkP6sQkjn
MD5: D0A2BA9AD03DBFBA4C62D93F62581D3D
SHA1: 8B302B9C5BA64C2D9883FA9BD899A3C84D2576D3
SHA-256: 989BE2FBFE08E037CE08DC451772E248CF0BE1A08D24D2D5EDD7EF97F38DAA29
SHA-512: 86EB2BC3402D6D534E44CEAD0C486929A8DCE016A8ED2B817D9A9BEDF761CE279C5A0DEFB957C0E5E0173E927E5C8B84881E726B3A0EBF0C40FB81710F34EF27
Malicious: false
Reputation: low
IE Cache URL: https://api.zeronaught.com/sephora/dc?key=AIzaSyAaDUq6-hRN7J5DbGb-rFI_i5CjNHTK0tk&sc=AFAIKVd1AQAAsoHrw6fQBD4WFfp34eawCMEDlXkuW_Je7IwecRxdU79B1eoy%7C1%7C0%7C28a80abe48f848c4873611d4066013e270bd70a2&si=%7B%22uuid%22%3A%22ae5e8ccbacc319c1%22%2C%22pid%22%3A%22135c9c763dcdad81%22%2C%22ts%22%3A1603517550%2C%22p%22%3A0%2C%22v%22%3A%7B%7D%2C%22c%22%3A%7B%22sc%22%3A1%7D%2C%22cv%22%3A%7B%7D%2C%22tp%22%3A356%2C%22ut%22%3A%7B%22ts%22%3A1603517549%2C%22sc%22%3A1%7D%7D
Preview:{"dc": "{\"c\": \"MEhsNndBNHpCdmZtWW16ZQ==nBc-LP7NLess_4I5NCa9d39P22ao75JCNN1kwFsCygmNbm1GK7nw6h7v1xHxhMlbe4XeBCKmm6kjltpIM-flzpt4T43IcWgBINVpjTImJrIEtP4=\", \"dc\": \"000\", \"mf\": 0}"}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\dc[3].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: downloaded
Size (bytes): 187
Entropy (8bit): 5.7638496934940235
Encrypted: false
SSDEEP: 3:YBG/9mHoNa+Wvi0mCoMZ4LmRUQScy4DMX60beDSYZNQN4Hnjn:YMol+W6AfGn8y4D/SYZNQkjn
MD5: AFABF96446D626A2E4D7457F2EA9E6E3
SHA1: 06EB6E24E44B6374F1192134FE355933B785AC17
SHA-256: F4D377F030646EFD97EB9A9840B1FBA8FEA320498E6D1A4A2481850241A7D532
SHA-512: 91FD89432AF06CD7B2C753DC48E96E50035D957538B495CAFA226C88F078CB3923BA880075525908020E38C7D824650E8C2ECE8031FAF2BB95678BF8913029EC
Malicious: false
Reputation: low
IE Cache URL: https://api.zeronaught.com/sephora/dc?key=AIzaSyAaDUq6-hRN7J5DbGb-rFI_i5CjNHTK0tk&sc=AFAIKVd1AQAAsoHrw6fQBD4WFfp34eawCMEDlXkuW_Je7IwecRxdU79B1eoy%7C1%7C0%7C28a80abe48f848c4873611d4066013e270bd70a2&si=%7B%22uuid%22%3A%220889491f22e5aa11%22%2C%22pid%22%3A%22fc8f7bccc6e72b07%22%2C%22ts%22%3A1603517566%2C%22p%22%3A0%2C%22v%22%3A%7B%7D%2C%22c%22%3A%7B%22sc%22%3A1%7D%2C%22cv%22%3A%7B%7D%2C%22tp%22%3A540%2C%22ut%22%3A%7B%22ts%22%3A1603517565%2C%22sc%22%3A1%7D%7D
Preview:{"dc": "{\"c\": \"Z2R1ckFOZU5seDU1aHNGSQ==a898FsGp-9SbuGQnQuVgnAWMxGLKtr_Qow7RR1leAtZLeeffw4y5gezL3nRchW_Y9FeMMS1sbEUxbw9WCxUxjKfWv0IihE5Drty4QYiB6r7H26w=\", \"dc\": \"000\", \"mf\": 0}"}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\dest5[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Category: dropped
Size (bytes): 6983
Entropy (8bit): 5.483922930498494
Encrypted: false
SSDEEP: 96:inw1EOb9muLpw47eIDCpXHG5z/QkqJeMnSSyi8c2Kgn/UnNsnA2aI4j4e:iPc/xDCpX8/in/y+2KgMSA26l
MD5: 2C9C2EE145EE280B85A217AD7045FAE5
SHA1: 6ABE394B53B32816ECA642126FD62BCD91D17348
SHA-256: 7BEA17A80A61ED0F54248B4FFC4C718F7C8FF2619742577A73591D62CE074DA8
SHA-512: 3762C5F678EB4858000FCF379EA1C8BEA54F2A211A3F940300876D1697B82012C57B0E614E33770D8F5626B2F4C3B7842B658C926E12974A43A1B0A313E2DB79
Malicious: false
Copyright null 2020 Page 22 of 73
Reputation: low
Preview:<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">.<html lang="en-US"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Adobe AudienceManager</title><script type="text/javascript">.var Demdex={version:"6.2",dest:"5",PROTOCOL:"https:"==document.location.protocol?"https:":"http:",COOKIE_DOMAIN:function(){var a=document.domain;/demdex\.net$/i.test(a)&&(a=".demdex.net");return a}(),SIX_MONTHS_IN_MINUTES:259200,THREAD_YIELDING_DELAY:100,errorReportingEnabled:!1,sent:[],errored:[],timesDextpWasCleared:0,dpids:null,cbmacros:["%timestamp%","%rnd%","%did%","%http_proto%"],validators:{isPopulatedString:function(a){return"string"==typeof a&&a.length}},addListener:function(){if(document.addEventListener)return function(a,.b,c){a.addEventListener(b,function(a){"function"==typeof c&&c(a)},!1)};if(document.attachEvent)return function(a,b,c){a.attachEvent("on"+b,function(a){"function"==typeof c&&c(a)})}}(),replaceMacro:f
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\dest5[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\favicon[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: MS Windows icon resource - 3 icons, 16x16, 8 bits/pixel, 32x32, 8 bits/pixel
Category: dropped
Size (bytes): 7406
Entropy (8bit): 2.83820851036548
Encrypted: false
SSDEEP: 24:u9NhBZqhSHv/161+XZ1n7UidXQ35xiGbTJoeO3Cf4K3/70eoaYBrVO2yiSQlKtYK:IiSMQ7ZGXXpOSft/70eOHOpiSJY3M
MD5: 0950D4C583446302F71BAA6B9259FCBF
SHA1: FDB1A01CAE7CF98A6E4D7178E4CB34D3BCF41F34
SHA-256: 0DE77535D019861BC9E6B0E22084A3CF7BD4389E666AAACA3FED54A936E0209D
SHA-512: DA7904D91F65A32F251BDFF6143C785CD563EA0676AA11479D7074AF2C118D24B183C0E52930CE27E579EF1720F3B35B7D54A5129B63767AC9160599235EBBC4
Malicious: false
Reputation: low
Preview:..............h...6... ..............00..........F...(....... .................................~.IIG.....('%.....:97.............,+*.....>=<.....765.....................%$".....--+.....KJI.eed.........SSQ.432.................................ZYX.##!.........nml...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fbevents[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 270819
Entropy (8bit): 5.394714747594753
Encrypted: false
SSDEEP: 3072:wOFSFnSZqYDGtOFSFnSZqYDGtOFSFnSZqYDGI:wOURSLDGtOURSLDGtOURSLDGI
MD5: C2F4A6B621273B7E5B0887CD8C8D2CDD
SHA1: A580E8A94341B18D3000492908D33F4C4DEAD56C
SHA-256: AFD6514E83F2ACF3A8E9F5554D91BE705E923C0790417C0993292B226ADF2E92
SHA-512: FAF05BB42968631C17189BA23201E6364A3CDA02F3F5DF96FC8A99B63B16A891BC54D0E4E109005D69CAA49BAAC3E184A17B7C5BDE40E9B0DAC9D0BF26BD8BF4
Malicious: false
Reputation: low
IE Cache URL: https://connect.facebook.net/en_US/fbevents.js
Preview:/**.* Copyright (c) 2017-present, Facebook, Inc. All rights reserved..*.* You are hereby granted a non-exclusive, worldwide, royalty-free license to use,.* copy, modify, and distribute this software in source code or binary form for use.* in connection with the web services and APIs provided by Facebook..*.* As with any software that integrates with the Facebook platform, your use of.* this software is subject to the Facebook Platform Policy.* [http://developers.facebook.com/policy/]. This copyright notice shall be.* included in all copies or substantial portions of the software..*.* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS.* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR.* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER.* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN.* CONNECTION WI
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\huda-logo[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Category: downloaded
Size (bytes): 942
Entropy (8bit): 7.151390568949531
Encrypted: false
SSDEEP: 24:j2RVGpVNn2EGkeXt+pveY4P2JDjHzYnmI8WHb:j2XCVQbVevkID/0m3+b
MD5: 4DEF40DF980E2E4E9799B10545A0BB9A
SHA1: 3DED078AE650B0E26E2FA54F0EFF84575E2355F5
SHA-256: 6D819A3805056B80B2C21C5D6982A398D5EAFFC582FDC4A95416D1DD6A7886CC
SHA-512: BAF61FB3DEA574EFED2B710E29F07014F65705ED3007EDB9375E8A2DE264D3D6C6934967016DE7037E48479952A17D5CC4BB609B100C6371AAD599D39CFBDDC4
Malicious: false
Reputation: low
Copyright null 2020 Page 23 of 73
IE Cache URL: https://www.sephora.com/contentimages/brands/brands_az/huda-logo.jpg?imwidth=144
Preview:II.. ...$..o.N.K..=wv.........................................................Z..............B...........B....................(.......WMPHOTO..F.q...Y0....^^j.F&......).........@.... .........UUV..k.F.k..-<.'..UU..................................3 ..h."..5(.aB......I..4t.nI......;<s.&...J...T.<..&..i.<WJ0......t.(P......U.&|..E<.".Ii....<..[[email protected]?......E...e_I..<A....Y.......7.4&........*...'.iXJ....,.64L.e.n])."N.]..7#.9.i."...d..hh..p.V..e..:./h..7....:....R..[)G.H6.I?l.Z..$7D.x...>4M.L.[..<d.Y.Rm......EfT....=x...2.+X?D.48....D...|*Q.r..ia..V...*4Q..m..0h.4l.`...P,._.9.....2C.$..-K.....@<.B.....!X.fJB.c1..E.....Z."...79.5...@7^..J.7.z.B.M.O....hDH.....g\....(.9..:.T.......*)R....o...>..m.....$Ugq.<.....c..n.1Q..r.)k..tV.Y...5.D^+.F....@..$.JS.N.H...X.&+0J..nD..jO...O...x...^..`Jj..7)....S.H..QaR.........JSP.Q....!...R.7....%4.D. %h.^....C..H-zjn..h.>k....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\huda-logo[1].wdp
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\id[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: downloaded
Size (bytes): 123
Entropy (8bit): 4.897102078075946
Encrypted: false
SSDEEP: 3:ByeTWhi9SEjXptHQBJHnz2iNWRkpNBKKxH+3emR8Lyn:Biiw6PHQBJHnz2iNWR69pob
MD5: 980718011F7AB406F21DD7F7477717DC
SHA1: D7E2B626C2D345239096D433F07F262F14CFCDD6
SHA-256: A7CAD95D1C42B253EDC1F4BD86F9DDB932C28015A6862BAA3CEE03F751999339
SHA-512: CC95CCBB3DA2CD0F30C15D2641321833A931870DF7705E381126EBDE2DD24C6BF78875CD1F7ED802A1437AEE1B43A8BF6563B5A6B4DD8615D41AABDF84DEBA4D
Malicious: false
Reputation: low
IE Cache URL: https://network.bazaarvoice.com/id.json?_=dps5uo&callback=_bvajsonp1
Preview:_bvajsonp1({"BVID":"1e6670e7-e7a4-42bc-b362-199ee85d42e5","BVSID":"03490cd7-e094-42b8-aae2-9b427aa25be0","NoCookie":false})
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\id[2].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: downloaded
Size (bytes): 123
Entropy (8bit): 4.897102078075946
Encrypted: false
SSDEEP: 3:ByeTWhi9SEjXptHQBJHnz2iNWRkpNBKKxH+3emR8Lyn:Biiw6PHQBJHnz2iNWR69pob
MD5: 980718011F7AB406F21DD7F7477717DC
SHA1: D7E2B626C2D345239096D433F07F262F14CFCDD6
SHA-256: A7CAD95D1C42B253EDC1F4BD86F9DDB932C28015A6862BAA3CEE03F751999339
SHA-512: CC95CCBB3DA2CD0F30C15D2641321833A931870DF7705E381126EBDE2DD24C6BF78875CD1F7ED802A1437AEE1B43A8BF6563B5A6B4DD8615D41AABDF84DEBA4D
Malicious: false
Reputation: low
IE Cache URL: https://network.bazaarvoice.com/id.json?_=oo5e8y&callback=_bvajsonp1
Preview:_bvajsonp1({"BVID":"1e6670e7-e7a4-42bc-b362-199ee85d42e5","BVSID":"03490cd7-e094-42b8-aae2-9b427aa25be0","NoCookie":false})
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\id[3].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: downloaded
Size (bytes): 123
Entropy (8bit): 4.897102078075946
Encrypted: false
SSDEEP: 3:ByeTWhi9SEjXptHQBJHnz2iNWRkpNBKKxH+3emR8Lyn:Biiw6PHQBJHnz2iNWR69pob
MD5: 980718011F7AB406F21DD7F7477717DC
SHA1: D7E2B626C2D345239096D433F07F262F14CFCDD6
SHA-256: A7CAD95D1C42B253EDC1F4BD86F9DDB932C28015A6862BAA3CEE03F751999339
SHA-512: CC95CCBB3DA2CD0F30C15D2641321833A931870DF7705E381126EBDE2DD24C6BF78875CD1F7ED802A1437AEE1B43A8BF6563B5A6B4DD8615D41AABDF84DEBA4D
Malicious: false
Reputation: low
IE Cache URL: https://network.bazaarvoice.com/id.json?_=8wfo9x&callback=_bvajsonp1
Preview:_bvajsonp1({"BVID":"1e6670e7-e7a4-42bc-b362-199ee85d42e5","BVSID":"03490cd7-e094-42b8-aae2-9b427aa25be0","NoCookie":false})
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\id[4].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Copyright null 2020 Page 24 of 73
Category: downloaded
Size (bytes): 123
Entropy (8bit): 4.897102078075946
Encrypted: false
SSDEEP: 3:ByeTWhi9SEjXptHQBJHnz2iNWRkpNBKKxH+3emR8Lyn:Biiw6PHQBJHnz2iNWR69pob
MD5: 980718011F7AB406F21DD7F7477717DC
SHA1: D7E2B626C2D345239096D433F07F262F14CFCDD6
SHA-256: A7CAD95D1C42B253EDC1F4BD86F9DDB932C28015A6862BAA3CEE03F751999339
SHA-512: CC95CCBB3DA2CD0F30C15D2641321833A931870DF7705E381126EBDE2DD24C6BF78875CD1F7ED802A1437AEE1B43A8BF6563B5A6B4DD8615D41AABDF84DEBA4D
Malicious: false
Reputation: low
IE Cache URL: https://network.bazaarvoice.com/id.json?_=amgfq&callback=_bvajsonp1
Preview:_bvajsonp1({"BVID":"1e6670e7-e7a4-42bc-b362-199ee85d42e5","BVSID":"03490cd7-e094-42b8-aae2-9b427aa25be0","NoCookie":false})
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\id[4].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\location[1].jsonProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: downloaded
Size (bytes): 105
Entropy (8bit): 4.374522220182386
Encrypted: false
SSDEEP: 3:YAqIJHwDD64riDJLBF92LibBZfpfMAzJHY:YAq+4diN1FMQDjzJHY
MD5: F7101056D6969884AD0A381FABC350AD
SHA1: F178D744EAFE1E0F3F50C691D7F164029CBC4F35
SHA-256: 67D17709B7E7BC4D1CA79AC8C0105D3C4257433576EE77C342785E5B17A7514F
SHA-512: 5C889719FEC64D19A4D9D18819084AB403C03F0B271BE892C82448DBFFE44AE1BF05583187F1FD24AD61309F153C30AFC22BC09FF0D954FD4433FF22AEBCF01B
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/api/util/location?radius=25
Preview:{"errorCode":-1,"errorMessages":["No stores found near your location."],"key":"location.stores.notfound"}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\logo[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 1651
Entropy (8bit): 4.134836278727537
Encrypted: false
SSDEEP: 48:dvjGC2U8pq45Qog4RVgcj5d1Amxvy6xMXG7DVM:JGC2UN2lVImBx97DVM
MD5: 6247637576BF7D9282AB8E5B3AEA7B0A
SHA1: BA01916A6FC2192610BAC7639F37828B2A3859EF
SHA-256: 26315778F8A273A9F1D05C98A18B2F7F89327DAB9EB71111D39D8AF30127D8EF
SHA-512: CA04C095922B19E4BBC5B0BBFB3AB9CE6C857EEA0CBF8AA9338FAB73F6278DAAD7B096E03A9D8567498CD3627207A6E926B7FF41EE1C1548655193183AF470D2
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/img/ufe/logo.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 435.2 1000 129.6"><path fill="none" d="M812.6 472.1c-2.2-20.1-27.4-18.6-32.2-18.6h-10.1V495c4.3.2 7.6.2 11.9.2 5.1 0 33 .7 30.4-23.1zM631.4 452.9c-28.7 0-44.9 21.2-44.9 47.1 0 26.1 16.2 47.1 44.9 47.1s44.9-21.2 44.9-47.1c0-26.1-16.4-47.1-44.9-47.1zM305.1 454.2h-10.8v44.3H307c11.4 0 34.8-1.1 33.5-23.5-.8-22.9-30.4-20.8-35.4-20.8zM944.3 458.3L924.9 519l39.9-.2-20.3-60.5"/><path d="M493.4 487.3h-62.8v-48.2h-19v122.4h19v-58h62.8v58h18.8V439.1h-18.8M308.1 438.7c-6.9-.2-20.9-.2-33.3-.2v122.9H294v-46.6c4.8 0 14.7-.4 22.7-.6 11.2-.2 40.4-5.8 40.2-39.5.3-38-41.8-36-48.8-36zm-1 59.8h-12.7v-44.3h10.8c5 0 34.5-2.2 35.4 20.7 1.2 22.5-22.1 23.6-33.5 23.6zM130.9 438.5l.2 122.9h77.1v-16h-57.9v-41.7h41c0-3.5-.2-8.6 0-15.3h-41v-33.5h57.9c-.2-9.7 0-16.4 0-16.4h-77.3zM18.8 468.5c0-20.1 26.6-20.9 42.3-8 5.4-15.5 5.8-16.6 5.8-16.6C21.1 421.9.2 451 .2 469.6c0 44.5 63.1 35 54 66.3-3.2 11.4-23.5 17.9-46.9 3.7-1.7 4.8-4.5 10.6-7.3 16.4 30.9 16.2 71 8.4 72.3-25
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\makeup-cosmetics[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Category: dropped
Size (bytes): 284222
Entropy (8bit): 5.316512121851748
Encrypted: false
SSDEEP: 1536:vNorlWoUm7EdOdl7rT47x15raAnqmGPbIP8L1C6ILTwj8FeXwLLjIVe:vNorlWSQUX7glZme
Copyright null 2020 Page 25 of 73
MD5: DB0487FB424A3D845150656916C47C51
SHA1: F210BB0586C69F5296ADEDE01BF6A5A267BDB891
SHA-256: 0F7E3EFE813F6710FCE81C87E8F0119949012D952C49B101856E5EC2926A05E2
SHA-512: 202B79FED36F039813ED5A13C10E70C990796FE353F13DA8EDEC8C83F89F7D63C75DDAD943377D681489DCC1ED0E27F580B60CF392736E230E5560B14E32CCBB
Malicious: false
Reputation: low
Preview:<!DOCTYPE html>.<html lang="en" class="css-mao3d8"><head data-comp="Head "><title>Makeup | Sephora</title><script>(function(){(function(a){"use strict";function b(c,d){if({}.hasOwnProperty.call(b.cache,c))return b.cache[c];var e=b.resolve(c);if(!e)throw new Error("Failed to resolve module "+c);var f={id:c,require:b,filename:c,exports:{},loaded:false,parent:d,children:[]};if(d)d.children.push(f);var g=c.slice(0,c.lastIndexOf("/")+1);b.cache[c]=f.exports;e.call(void 0,f,f.exports,g,c);f.loaded=true;return b.cache[c]=f.exports}b.modules={};b.cache={};b.resolve=function(h){return{}.hasOwnProperty.call(b.modules,h)?b.modules[h]:void 0};b.define=function(i,j){b.modules[i]=j};b.define("1",function(k,l,m,n){var o=b("2",k);var p=o["default"];var q=String.fromCharCode.bind(String);function r(s){return q(8238)+s+q(8237)}var t=r("OTWHHWJgj");var u=r("rBCUgmpuw");var v="";var w="";var x=void 0;var y=Object.defineProperty.bind(Object);(function(){var z=XMLHttpRequest.prototype;var A=z.open;var B=z.s
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\makeup-cosmetics[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\makeup-tools[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Category: dropped
Size (bytes): 239756
Entropy (8bit): 5.288313897624971
Encrypted: false
SSDEEP: 1536:/8orlRUm7pGOQl7rT473A1qmGPbIP8L1C6ILTw/EMVe:/8orlnlVQ7gc6je
MD5: 09B786B5608466FEC4CECEDE1B2F0DF7
SHA1: A8947701105B58835A0E60E4B90DE548341EB92E
SHA-256: 1A899061EF9AEA6CE03086A6C798D42FB1C22B0A54179246FF646DF977F09C7B
SHA-512: B5337CC1D3D7F32CC547A3A77FD467592175B0F89C9AD19FAE4FBD46E232F3285A6427FAE0EEE3639B71527378BD073551ADB261F855843C77820301D69B527A
Malicious: false
Reputation: low
Preview:<!DOCTYPE html>.<html lang="en" class="css-mao3d8"><head data-comp="Head "><title>Makeup Tools, Beauty Tools & Makeup Accessories | Sephora</title><script>(function(){(function(a){"use strict";function b(c,d){if({}.hasOwnProperty.call(b.cache,c))return b.cache[c];var e=b.resolve(c);if(!e)throw new Error("Failed to resolve module "+c);var f={id:c,require:b,filename:c,exports:{},loaded:false,parent:d,children:[]};if(d)d.children.push(f);var g=c.slice(0,c.lastIndexOf("/")+1);b.cache[c]=f.exports;e.call(void 0,f,f.exports,g,c);f.loaded=true;return b.cache[c]=f.exports}b.modules={};b.cache={};b.resolve=function(h){return{}.hasOwnProperty.call(b.modules,h)?b.modules[h]:void 0};b.define=function(i,j){b.modules[i]=j};b.define("1",function(k,l,m,n){var o=b("2",k);var p=o["default"];var q=String.fromCharCode.bind(String);function r(s){return q(8238)+s+q(8237)}var t=r("OTWHHWJgj");var u=r("rBCUgmpuw");var v="";var w="";var x=void 0;var y=Object.defineProperty.bind(Object);(function(){var z=XM
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\priority.bundle.B60CoriginmasterD20201019155832[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines
Category: downloaded
Size (bytes): 1008568
Entropy (8bit): 5.448359017198755
Encrypted: false
SSDEEP: 12288:F7Frb8P8wihAs5Jka9g6wea5HJhz9DWa49GnddddMyhCSRv0:7rb8PCDka9guCCSRM
MD5: 9738D18678647698833EC7FBFDD1F851
SHA1: 984C454DA4FC87086E07269E8BA47F370E3E96A4
SHA-256: 795AED835FB164D9FA4781200DA8A92FF0C8C178578BB7CDB70F188DF5150C16
SHA-512: 790DA1FE7A0F54A9312B0980C5108A8FD72DB07E8D3EA4412FC05123E4C01258F35801A18435892489D4284A0CA2D31437DCC6FA82031DA364203A98379E6882
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/js/ufe/isomorphic/priority.bundle.B60CoriginmasterD20201019155832.js
Preview:!function(s){function e(e){for(var t,n,r=e[0],o=e[1],i=0,a=[];i<r.length;i++)n=r[i],Object.prototype.hasOwnProperty.call(c,n)&&c[n]&&a.push(c[n][0]),c[n]=0;for(t in o)Object.prototype.hasOwnProperty.call(o,t)&&(s[t]=o[t]);for(u&&u(e);a.length;)a.shift()()}var n={},c={1:0};function l(e){if(n[e])return n[e].exports;var t=n[e]={i:e,l:!1,exports:{}};return s[e].call(t.exports,t,t.exports,l),t.l=!0,t.exports}l.e=function(o){var e,t=[],n=c[o];if(0!==n)if(n)t.push(n[2]);else{var r=new Promise(function(e,t){n=c[o]=[e,t]});t.push(n[2]=r);var i,a=document.createElement("script");a.charset="utf-8",a.timeout=120,l.nc&&a.setAttribute("nonce",l.nc),a.src=l.p+""+({0:"components",2:"postload"}[e=o]||e)+".chunk.B60CoriginmasterD20201019155832.js";var s=new Error;i=function(e){a.onerror=a.onload=null,clearTimeout(u);var t=c[o];if(0!==t){if(t){var n=e&&("load"===e.type?"missing":e.type),r=e&&e.target&&e.target.src;s.message="Loading chunk "+o+" failed.\n("+n+": "+r+")",s.name="ChunkLoadError",s.type=n,s.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\results[1].txtProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: downloaded
Size (bytes): 8
Entropy (8bit): 2.5
Encrypted: false
SSDEEP: 3:x:x
MD5: 402E7A087747CB56C718BDE84651F96A
SHA1: 7CE01F6381463362CF6AEF2F843A59261E8F5587
Copyright null 2020 Page 26 of 73
SHA-256: 662EFAF46C617DDBCB8FF4A2A8F64CFFD3D93630F1003F8E66511F369B87730F
SHA-512: 5080D776D0B123F20E97D44472EF2343BC022105AA67FC802B71668BAEB74A81530355589D50B1142165D17EF995AEAC196B6C15136D518A1EC0ABFA13C91D10
Malicious: false
Reputation: low
IE Cache URL: https://84-17-52-40_s-80-239-148-16_ts-1603485128-clienttons-s.akamaihd.net/eum/results.txt
Preview:Success!
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\results[1].txt
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\s1190529-main-zoom[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Category: downloaded
Size (bytes): 3931
Entropy (8bit): 7.840348113061861
Encrypted: false
SSDEEP: 48:ZNLxQAcGS8qmoEY5YmKmSGfkyOv1dGZkr2FQDr0wJHm1/JvOWXmQpVKzrOWrIw03:rO7D8hoXBKqYNEZpQvTUOWWQpcfY/Q9a
MD5: 7FD599A43D3AA15E5D18713B2CE043D8
SHA1: D8D37EAFE951C0D45FF41B23C202B58DF1FC5E03
SHA-256: CBA58C5C2EA58E9D76A06124338EDC03003E94C95E0F124B95DFFCD0CD57EECF
SHA-512: 05CE0E6190A2ED15C512D8298DEF95A2DE9C4F8019176F2A5D51BFC4310420EE92560571323118145C07BC90C890FAF8042020595D7FC838316BC4029E0D2E60
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/productimages/sku/s1190529-main-zoom.jpg?pb=2020-03-sephora-clean-2019&imwidth=162
Preview:II.. ...$..o.N.K..=wv........................................................................B...........B............................WMPHOTO..F.q....0..&..b`l.g.......................`[email protected]......!I-..T..@m7*..MU..Z...g.......<I+.:.u.o{. .2...!...)....Dj.@.\.G.....J.. f.e.~....aJ..9..Dl.X1.Y[..ye".....@9Tv.,..B.94...x..G\*........................I..-....p52.F.......u{1...(...D...p3+.h.#..gL.V.F.R.BQ.....9}.*....D.rB...z....t.r.0.ILA.`.......`........D.I=....H..Z.T..FFO..!i......;.....X..Y...~Qw..."..M. .#8.T.t..(..T#..?....0m......\..5swg.6.N.......C.{".... %q..K^...8Zz...,0.F.#....l....:.@....._)......@Gw~...G.;....LA-.I..d.da.*.H.;2Y..R..~....[An,[email protected]..@"/[email protected].[6...Sj..wSE.ow..N...JL...K.......E.......*.s0.f'..<.."EU#...(>6l.LP......N{..3.%..q..jj"...;.0y....4.Q.......xJ..D........r.......-.*,B.8...R..~.d[..(...7".....c.o!$j.W1.........Jg.klL.-.SM..^....*.$"....?J.z^
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\s2078327-main-zoom[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Category: downloaded
Size (bytes): 4570
Entropy (8bit): 7.768618994371553
Encrypted: false
SSDEEP: 96:dDOgq//iv4Lxglh771pnD9KH7VcylZDG1cZbFrC2DDdNdkxaK7F6qRZ5uc:4z/iAL6lBb9KLlZa1cnPDdD2aAcyZ
MD5: A4E4A242CA883E75E22E4EF32F1DBE9E
SHA1: 373630CF7743A17E548AB91A25BF3F06ED863A54
SHA-256: F6621F06CDBF242FA36527A7F9F65F204B099FD7F4507A6B2DFA0F15B2E25ADB
SHA-512: C3A9AA98C7D2E7BE86768FEFD51AC2C827D286BAB085E976465F5838C362A104597C6750E9C97846EA15B30BEB06173E107E89C8994D9F04A4119C439EB41FA4
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/productimages/sku/s2078327-main-zoom.jpg?pb=2020-03-sephora-clean-2019&imwidth=162
Preview:II.. ...$..o.N.K..=wv........................................................................C...........C....................T.......WMPHOTO..F.q....0..Ee.TV^............Z......@.... ......`o."."[email protected]..{.\N\."U... C.4l..+c.n.U..4k..p...&.....0}D...g_q9i..2j.hK..T.1,.....&..-..0?.@.`.P.......A..}.....2..@..`OD.\E... .=.c.&O...M.....P=......p.....eA 2......<[email protected].................................$..d...M*j.i..... .q...qOs.-....H.c\.(YF.P~......,..=GASRI_..(|D./..0...g.u....s..aa...>(d:8Q.8X.0..".............3Z.R.........ZGXxG;....L....i.S.d^.s.3..U....4.s.....I.j............^........,.D..W.*./.y..8d.....d&_Zl/F.m.l...%.3QP....f6J.}.D..o..H.p..pA_C..c...............i.,......k8{O../.....+&..M.6e.i...s...f............*.X..... .>..<d3....n..3.'....dp...'...H...#.m..5..+.&.wY.Z....V...X9...1.......4Z...OW.. .[9/...LsJ.9.0(.8....p../..b':O`....x.4..+.v8..Kq(|..z...llRr..bl....d!.O>...afd..F.A..... `L..t..(...K....q.|Gj...i..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\s2234110-main-zoom[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Category: downloaded
Size (bytes): 3745
Entropy (8bit): 7.759024634574218
Encrypted: false
SSDEEP: 48:Z2qfMZLsYkEoDWQAcT860qcVQpEblctSl+PY91hpd27yIBYojat8Ivef0o+kXX1i:vSsYkz5Yq2ZctqfiyIBfa9ef03kWw1k
MD5: 3A14D58BFBF2BC11C54E0C675DB18D11
SHA1: 3D506459F939D5406DE5B2B527BCA9D9032AFCB1
SHA-256: 74B5AB90768119398F9FABC5B2D34EBBB909210F3166F270561599F0AFD6FAD3
SHA-512: 724B0BF553BABA5E7C558048B7790FB43AADCFFE48A67BE73D48808DEB975E89E62A1E3B49DFC7D5E89CE4C869707851B585DA75127653AB4CBF0F01D6A3CC7E
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/productimages/sku/s2234110-main-zoom.jpg?imwidth=162
Copyright null 2020 Page 27 of 73
Preview:II.. ...$..o.N.K..=wv........................................................................B...........B............................WMPHOTO..F.q....0..Ee.TV^...................@.... .............+.;8kM.T..".2&K&.d...U}Jf>..`.9....;[l.V^[email protected].[......=.O....z.!...1-\...*FYq.e..SQ*.\dk.F..;...J.e..$.FW}y...q.Vj4d..CJo.t|....4{..l./("^q.%[email protected]?.p...!..T..H.....A.Y.8D.?.&P.'.............................KP........H.R.O.....yn...F.......H..m..y.H...r....v.$..~Q.s.d. ...(UIt.M.P.m.20{..A..<H..`w.X{..?].....?.......F.z..+w...F...... .....s..[j..t.b`S.t..2`...v..&B#..-.]kj.. ..03$\Q1.4.l.s.F...C.....|>...........02..wE...p.,_{...l).....gO.(T..........YEZm...3..Bh.%...B....%.....J.Q..).82..t.....,t.i..4.pP.IM2P.....W../..'.."F....0d2..q..!$B%.t[+......i....Y.......+......^.y*k.8.`N.....B/[email protected]<..o..<..yx.yeH...3....SV..G.....jP....'~.W..VP.......d.+.x.s....i"q$....VHl.....CNP.....g..S..R....'..X`...-i..?.%%.....%0.:....N....B...J.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\s2234110-main-zoom[1].wdp
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\script[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 160439
Entropy (8bit): 5.923416616383946
Encrypted: false
SSDEEP: 3072:LWaklqozPx0Pa2WsF+skmLHJvu3i+NtdCyxUQls4hJWASV+p:4lqmai2d+sxLJGy1cS4xR
MD5: EFEC2BC919B4D445E4E575B727160481
SHA1: E40BF0705D1BE87DEF3CD9C4C029041D536D3D1B
SHA-256: ACCF02F85E1F3D0819292F54BD6C88A22E4C55A4D8A3B1EF4D43195A9CD5159E
SHA-512: EF371603E41CBD1B08E8ADFD894A2B940106673D9CE5E46AC7DC90AE7114740DFE82FD61FA8E1F225EA8E197A7AD4AA4D96124EFD6CB523DC91C0343686716EE
Malicious: false
Reputation: low
IE Cache URL: https://e309da9b9aaf.cdn4.forter.com/sn/e309da9b9aaf/script.js
Preview:(function(){C6VV.K4K=1;u6VV.t7I="userOSver";C6VV.D6I='s';l6VV.g6m='ns';u6VV.A7I="top";l6VV.M6m='ptio';l6VV.B5E="then";l6VV.j5E="nodeType";u6VV.e7I="abs";u6VV.N7I="hardwareConcurrency";l6VV.W8E="bind";C6VV.C1I="to_location";l6VV.y4I="domainLookupEnd";u6VV.U5I=0.1;C6VV.t8I='/cd';l6VV.f3m="readyState";function C6VV(){}C6VV.o3I="substring";l6VV.v6E='Blob';u6VV.z1I='3';C6VV.Z3I="events";u6VV.a9I='/prop.json';u6VV.b2I="setTimeout";l6VV.T1E="constructor";u6VV.h7I="toString";C6VV.A6I=500;l6VV.N8E="charAt";l6VV.P6E="join";u6VV.t1I="toFixed";C6VV.A3I="";l6VV.X6m='riptL';C6VV.m4K=8;l6VV.b8E="setRequestHeader";l6VV.d4I="status";C6VV.p6I='cd';u6VV.x1I='resource';l6VV.R4I="domainLookupStart";u6VV.B7I="maxTouchPoints";l6VV.o6E="toLowerCase";l6VV.R6E='URL';u6VV.F1I=" (run) [";u6VV.P7I="self";u6VV.w9I="loadEventStart";l6VV.T8E="addEventListener";C6VV.R6I=1000;l6VV.e1E='c';u6VV.h2I="min";C6VV.q6I='iea';C6VV.R8I='tps:/';u6VV.p7I="isFirefox";C6VV.u1I='onunload';u6VV.F7I="isIE";l6VV.w4I="onmessage";C6VV.y8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\sephora_common[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: dropped
Size (bytes): 178878
Entropy (8bit): 6.079599608624257
Encrypted: false
SSDEEP: 3072:PhlE/w/drwODh+RLf8lzcYG2RHAkCqyerWPUl/qGub8D4J3vizi55qGiDDMYNQb3:JlEwdrPuLf8lzcYG2RHAkCqyerWPUl/w
MD5: 878BFEF91E73D8AAB9F40E211644E563
SHA1: AEDDA1A741263409373971D9A9EAD96C299E82BC
SHA-256: E9D72FF5FF897DE019758F52334AF2870EFDF42E2B733111621D8711D15352C6
SHA-512: 38E66ACB0F7E99A3D8D3EEE02EC5EB58BA3C46DAE486E9B27186B3F42175D0073C6B52E5B44A899B1FB8EA76B14798266F9EFA09F2D58679806E248EC7793277
Malicious: false
Reputation: low
Preview:(function V(l){var Y={},g={};var O=ReferenceError,Q=TypeError,y=Object,v=RegExp,r=Number,x=String,H=Array,U=y.bind,E=y.call,J=E.bind(U,E),j=y.apply,p=J(j),F=[].push,w=[].pop,k=[].slice,n=[].splice,o=[].join,T=[].map,B=J(F),b=J(k),c=J(o),P=J(T),M={}.hasOwnProperty,d=J(M),a=JSON.stringify,m=y.getOwnPropertyDescriptor,q=y.defineProperty,i=x.fromCharCode,A=Math.min,t=Math.floor,G=y.create,L="".indexOf,K="".charAt,W=J(L),u=J(K),I=typeof Uint8Array==="function"?Uint8Array:H;var R=[O,Q,y,v,r,x,H,U,E,j,F,w,k,n,o,T,M,a,m,q,i,A,t,G,L,K,I];var S=["jSpz3AAUvA","KfKXcdTQCVUJ","5z94tSAb9YaVVAMw","FPi0APztVUo3","l9SnSeTJew","AcGUGvTuXEVX84O5nw","mXJOzyEr0ZbDI1p_FXFctztbUGlIerD9WA","assign","QeyBHdjxABEu85WDqOzKHbE","cntl4xkW56CfBHM","dLL8DIWyAg","jr_7HKi9ISQGyZWn6KU","kfvTBZU","R1wxvw","method","WM6dSNc","complete","fkU-iFhQ88PkLQ","_Dcx_k9DisA","l4zBFZLm","QmB_6RMIkbTSDAZ-eT4","2aU","zxc27EUKrfPFai98Bm0","ZqDYCLikDQBxpLTz3uDOOPS-veXk9ylovtzydfTQWzc","HM7EA7OsMwM1przh","zp_0K4OAJw","b-mYYf3bXFwR__aiw
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\sid[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Category: downloaded
Size (bytes): 43
Entropy (8bit): 3.2226627197680635
Encrypted: false
SSDEEP: 3:CUzRtwv+L1pse:1/se
MD5: F837AA60B6FE83458F790DB60D529FC9
SHA1: 14AF87CCEC7F81BB28D53C84DA2FD5A9D5925CDA
SHA-256: DCECAB1355B5C2B9ECEF281322BF265AC5840B4688748586E9632B473A5FE56B
SHA-512: A85E09C3B5DBB560F4E03BA880047DBC8B4999A64C1F54FBFBCA17EE0BCBED3BC6708D699190B56668E464A59358D6B534C3963A1329BA01DB21075EF5BEDACE
Malicious: false
Reputation: low
Copyright null 2020 Page 28 of 73
IE Cache URL: https://network.bazaarvoice.com/sid.gif?_=h48157
Preview:GIF89a.............!.......,...........L..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\sid[1].gif
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\sid[2].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Category: downloaded
Size (bytes): 43
Entropy (8bit): 3.2226627197680635
Encrypted: false
SSDEEP: 3:CUzRtwv+L1pse:1/se
MD5: F837AA60B6FE83458F790DB60D529FC9
SHA1: 14AF87CCEC7F81BB28D53C84DA2FD5A9D5925CDA
SHA-256: DCECAB1355B5C2B9ECEF281322BF265AC5840B4688748586E9632B473A5FE56B
SHA-512: A85E09C3B5DBB560F4E03BA880047DBC8B4999A64C1F54FBFBCA17EE0BCBED3BC6708D699190B56668E464A59358D6B534C3963A1329BA01DB21075EF5BEDACE
Malicious: false
Reputation: low
IE Cache URL: https://network.bazaarvoice.com/sid.gif?_=aordr3
Preview:GIF89a.............!.......,...........L..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\st[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Category: dropped
Size (bytes): 43
Entropy (8bit): 3.2226627197680635
Encrypted: false
SSDEEP: 3:CUzRtwv+L1pse:1/se
MD5: F837AA60B6FE83458F790DB60D529FC9
SHA1: 14AF87CCEC7F81BB28D53C84DA2FD5A9D5925CDA
SHA-256: DCECAB1355B5C2B9ECEF281322BF265AC5840B4688748586E9632B473A5FE56B
SHA-512: A85E09C3B5DBB560F4E03BA880047DBC8B4999A64C1F54FBFBCA17EE0BCBED3BC6708D699190B56668E464A59358D6B534C3963A1329BA01DB21075EF5BEDACE
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........L..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\st[2].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Category: dropped
Size (bytes): 43
Entropy (8bit): 3.2226627197680635
Encrypted: false
SSDEEP: 3:CUzRtwv+L1pse:1/se
MD5: F837AA60B6FE83458F790DB60D529FC9
SHA1: 14AF87CCEC7F81BB28D53C84DA2FD5A9D5925CDA
SHA-256: DCECAB1355B5C2B9ECEF281322BF265AC5840B4688748586E9632B473A5FE56B
SHA-512: A85E09C3B5DBB560F4E03BA880047DBC8B4999A64C1F54FBFBCA17EE0BCBED3BC6708D699190B56668E464A59358D6B534C3963A1329BA01DB21075EF5BEDACE
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........L..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\st[3].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Category: dropped
Size (bytes): 43
Entropy (8bit): 3.2226627197680635
Encrypted: false
SSDEEP: 3:CUzRtwv+L1pse:1/se
Copyright null 2020 Page 29 of 73
MD5: F837AA60B6FE83458F790DB60D529FC9
SHA1: 14AF87CCEC7F81BB28D53C84DA2FD5A9D5925CDA
SHA-256: DCECAB1355B5C2B9ECEF281322BF265AC5840B4688748586E9632B473A5FE56B
SHA-512: A85E09C3B5DBB560F4E03BA880047DBC8B4999A64C1F54FBFBCA17EE0BCBED3BC6708D699190B56668E464A59358D6B534C3963A1329BA01DB21075EF5BEDACE
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........L..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\st[3].gif
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\stores[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 398
Entropy (8bit): 4.6991600063200805
Encrypted: false
SSDEEP: 6:tI9mc4slzXdhgr1VQR4W4DeFcPtbGhzV0degl7kuiefaPFeQf2KQPO0:t4BdSr1VlW4DLPgziQglov6aPB2Kh0
MD5: 86E19F3C9D4DE9992F5EECE987B1E6BE
SHA1: 448BDE59FFC5DC4CD4EFF2E3791A2F6C103FC00C
SHA-256: F4CD743BF861AB710A74255ABA92105015A2069CBE05C33D2D056E305D032821
SHA-512: 4F6CB8E3D9A605DD700942578EA4244E472C8EBB96D65973736F20B0E44EBB1FAE60B9C27AADA7D5F4647736FA601B3A3DE87169C0DB7657FB3F1329725BDBFE
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/img/ufe/icons/stores.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><g opacity=".6"><path d="M1.5 24a.5.5 0 01-.5-.5v-20a.5.5 0 01.5-.5h21a.5.5 0 01.5.5v20a.5.5 0 01-.5.5h-21zM22 23V4H2v19h20z"/><path d="M0 23h24v1H0z"/><path d="M7.5 24a.5.5 0 01-.5-.5v-10a.5.5 0 01.5-.5h9a.5.5 0 01.5.5v10a.5.5 0 01-.5.5h-9zm8.5-1v-9H8v9h8z"/><path d="M11.5 13h1v11h-1zM1 6V5h22v1zm0 2V7h22v1zm0 2V9h22v1z"/></g></svg>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\tag[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: dropped
Size (bytes): 2601
Entropy (8bit): 5.212707594004718
Encrypted: false
SSDEEP: 48:dnAND4sED4yDLysRbAviUCFXwHv4wV4ghKcAVyLNab1V2tWbOHV2m29DoPwAew5:xPFGvnVPhjHLEBV2Ak4PG
MD5: A95B41FD056C315BCB0BE37AF1E0BB2A
SHA1: C410C3AB26B4DE6B64BE33513FAB0C10F50D79DE
SHA-256: 2327C2B273ED4D1D6EF67B78705B62B0EB4648683445F1B070722A54C703C57F
SHA-512: B91C882A483B271D56E1E63DF7108AC29AB7B542542BC45B42DA043040A21D281D0113F95999C76FA894E746CA79D02878F70E2D95765FE319F954CF4ECF0479
Malicious: false
Reputation: low
Preview:BrightTag.site('N5k3uAH',function(s){.s.dbe('pixel :: user :: login status', 'window.localStorage.getItem(\x27createdNewUser\x27) ? \r\nJSON.parse(window.localStorage.getItem(\x27createdNewUser\x27)).data\x3d\x3d\x3d\x27fromStore\x27? \x27store\x27:\x27new\x27\r\n: window.localStorage.getItem(\x27hasPreviouslyLoggedIn\x27) ? \x27existing\x27 : \x27unrecognizable\x27;',{pageId:4045760});.s.domready(function(){.s.tag('\x3cscript src\x3d\x22https://cdn.attn.tv/sephora/dtag.js\x22\x3e\x3c/script\x3e',{tagId:7479801});.s.tag('\x3c!-- Facebook Pixel Code --\x3e\n\x3cscript\x3e\n /* Begin Facebook code */\n !function(f,b,e,v,n,t,s)\n {if(f.fbq)return;n\x3df.fbq\x3dfunction(){n.callMethod?\n n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n if(!f._fbq)f._fbq\x3dn;n.push\x3dn;n.loaded\x3d!0;n.version\x3d\x272.0\x27;\n n.queue\x3d[];t\x3db.createElement(e);t.async\x3d!0;\n t.src\x3dv;s\x3db.getElementsByTagName(e)[0];\n s.parentNode.insertBefore(t,s)}(window, do
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\targeter[1].jsonProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 2479
Entropy (8bit): 5.0490906801505435
Encrypted: false
SSDEEP: 48:Y4ko+ZSSgaGuHetPxau4NZSSgaGuHetPxau48ZSSgaGuHetPxac:rigaNet5adgaNet5aSgaNet5ac
MD5: BC8F247483D8A3BEF13F410B9AD88351
SHA1: 804C47B1645B2EE13BE0CF008F86B66FB0A7878C
SHA-256: 4B7F45F9C1AAD757FA241C31D4218BA70BC490DDA0D6A756ED4EF88A9993D0FF
SHA-512: B5C4AB44B48793BD13CE95428AA36BB51DFF434167A70A152F66554C861442B1800BAA8838D4124CAF7DAF497129DA8ACFCFBEE1FDD550FA2BD1183A408ED104
Malicious: false
Copyright null 2020 Page 30 of 73
Reputation: low
Preview:{"targeterResult":{"/atg/registry/RepositoryTargeters/Sephora/CCDynamicMessagingBasketTargeter":[{"attributes":["TermsAndConditions=*Subject to credit approval. Exclusions apply.","Message=Save {0} on this order when you open and use either Sephora Credit Card today*","CreditCardName=The Sephora Credit Card Program","CTAText=SEE DETAILS","CTADestination=/creditcard?icid2=ccBannerMessageNewStatusApp:See_Details","CTADestinationApp=creditcard","Icon=/contentimages/creditcard/cardicon/CreditCard.svg","TermsAndConditionsApp=*Subject to credit approval. Exclusions apply.","IconApp=/contentimages/creditcard/cardicon/2019-04-01-sephora-cc-icon-50x32-us-ca-slice.png"],"componentName":"Sephora Unified Placeholder Component","componentType":70,"name":"cc_banner_message_new_status_ufe","placeHolderType":"ccBannerMessageNewStatusApp"}],"/atg/registry/RepositoryTargeters/Sephora/CCDynamicMessagingInlineBasketTargeter":[{"attributes":["TermsAndConditions=*Subject to credit approval. Exclusions apply
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\targeter[1].json
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\white[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 640 x 80, 1-bit grayscale, non-interlaced
Category: downloaded
Size (bytes): 119
Entropy (8bit): 5.1650277573733
Encrypted: false
SSDEEP: 3:yionv//thPn/lvMilskMldhkx9mUkUJ33eoHiEoDXWjltjp:6v/lhPqG5kjwmY33PIDXWjXjp
MD5: 506B8D60005F2A0232FE9B64D3316157
SHA1: 4AB0BBC9D8823E7DE5A1A9C265AAE91B02744790
SHA-256: 809853F79805595E705CD42D0855BA10E24D3E8AB2F3F7355AAACBBA523F1687
SHA-512: 7E509927A1680BCF99C6C9A1CAD50259B0A08EE6FE16E6BD3ACDF910647F6BF8DB28349EF50B856985C58EF25DFDABD38D5541D995982F64BEADFBC67835AD14
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/contentimages/white.jpg?imwidth=1080
Preview:.PNG........IHDR.......P.............orNT..w....1IDATX...A..... ....{. ....B.P(...B.P(...B.P(....)..i.gI.....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\2019-02-01-global-nav-lg-fragrance-finder-cat-us-ca-d-slice[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Category: downloaded
Size (bytes): 25814
Entropy (8bit): 7.775623023289732
Encrypted: false
SSDEEP: 768:EJqhwI7kgY8v4Zl+mM+ir+8MpKbCNxtty:StIN6+mLiopKbCPry
MD5: FE90E37725A0B26733B76D918E6DB1A7
SHA1: E103AFD959898C0D560EA6400217B0BF2E73125C
SHA-256: 4F3FE5A3C9ACC5F98A8D2FF8654466509DD53A84C742A8727F3A08EFC51C35F4
SHA-512: B55D4E9AECDDB8ECAC5C5823D9126A11399C1FB2A0BA9DC9C14AF6F1B447CA8E4EE2CE12F34083C9BF37B02666751ED3C1E85776F720DDFCEA31134764D49738
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/contentimages/meganav/large/2019-02-01-global-nav-lg-fragrance-finder-cat-us-ca-d-slice.jpg?imwidth=221
Preview:II.. ...$..o.N.K..=wv........................................................................B...........B....................Pd......WMPHOTO..E.q....0..$$.BBL.DD........=S.................@.. !UUL"...Q...........!.HF...(...W...n.....vAO.'Q[M..m.. 8h..X..0.....`o.]E......K..>{...D.YjA...Q....B....../d6v.{....m.x.A.|.J.<...U.*t.0.].|.......mZ.2...J..:...ld.d.5VK(..Q.|...0&K....5..b.....%.......D$..Cu...HG...4......D..%...l .6.?..`D...[EM.F..iKs.....Dg..d.H..A!.}."R.h...*.........a2V=.9Y.<._.0434.:[email protected].."H......e...>...).~f.$.P...D..'.........Y...6Y8.AY&hH.pPU...&..H.T...,. iU,...g.UF.B..k..X,..o.......0.@(....`.!!@...\@..=.~O.~..U#j P......#:k.tn].n{d.9.}W...B.6r....iY.g....fh..[u.&...].\..-.Pd.....5.j....'..\M.)G....#....A..P/..l.=....B..T.].`y......-..n.....!.....cp.../.y.#[email protected]*N..d..e.A.A.~6.}.u..!<.....LT7.l.4.s...{..L..4.V0.jN......M..7...ZT+.R=R...).i.Cnc.".&.E..7.M..O.%9.......................................BF.1B...4A..BF.1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\2020-03-01-global-nav-lg-clean-makeup-us-ca-d-slice[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Category: downloaded
Size (bytes): 24144
Entropy (8bit): 7.802111868890511
Encrypted: false
SSDEEP: 384:9JZA+hUZqCjxG5cKpqpbasewsoPnhWgvbxyflmp9UauXkZBRgoqiAWlVv:9JZdUZqCjwLpabaTwZP7xyY/UZiTgoqU
MD5: 95A578F1237C785531D1DDC27F17B1E4
SHA1: A1E7FFEC311B1628B8052553CFD768EFA7A7A053
SHA-256: 12B95DDCF432E560F0BA72E0CC950EB68DA3F81A739FBF9E64455F3BA607938F
SHA-512: D4C2049E6F29F4B6C66C6B5291DD269AD78E08F525163407025793B3330EC82E66304DE1F0BC02791B851CF9315907BF5F9DB72F23B225FF4A327D266ACB1639
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/contentimages/meganav/large/2020-03-01-global-nav-lg-clean-makeup-us-ca-d-slice.jpg?imwidth=221
Copyright null 2020 Page 31 of 73
Preview:II.. ...$..o.N.K..=wv........................................................................B...........B.....................]......WMPHOTO..E.q....0..$$.BBL.DD.........LV........$..... [email protected]..][email protected]... "...p..D.`.q......o.r.......8.eI`...}....%`.......j.3...HP&A........[@'....[...A..?...&..."=....]l.....aK.....x....|kXz..].3G......T.q.L!Y......BP.. Da.E.L.....0.!.h!..#.....F.....Z...S....q.0.O..LBr(r..5.F4....a...*q.(Y.p....$,[email protected].%..[Ny.GZ.2.t.ZK.......UI.0.h......0&...$$...-....A.9h.j...N.L-.........,.. &......0fEX._V.x..4..... ...L...K.IZ.l=:...c..hL..:[email protected]...`l......N.T.&.F.....`Rt..:.M... ....p.T&.L...D..C......~...4N.0..K..-ET.'....R....../|.w..i..Z+..b..C.fhK..1g......V...H..4.OG.......j..#..r..]Q.3.Q(.{....+,.......^...a.....S.x$.#[email protected](q.+X...r....b.U....d..s..... ..I.$H@l ...a....f..T......B............................1.BKF[.D....A..C."Q....."1.A..p.)..ac.> ..a.!....R.'....O_.a..DA.Lg.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\2020-03-01-global-nav-lg-clean-makeup-us-ca-d-slice[1].wdp
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\2020-05-25-hp-botnav-skincare-essentials-us-d-slice[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Category: downloaded
Size (bytes): 20228
Entropy (8bit): 7.7539888681487295
Encrypted: false
SSDEEP: 384:u2VGO4NDLEzsl1R3BhTLsI8UMz3rKQ5IqsV0v2DWYUtG/RB:u254NnEzsRBhTYkMz3GV0vJRKRB
MD5: 3198D50FF318171DC61E8C74FB2AB734
SHA1: 6BBCFB73FC2C28E6C60CFC80C0681B88C0F5FB3E
SHA-256: F33AFA1686CB27A1CA377E36AC52683974F0E59F325A70D9D8DFD6441A8103FB
SHA-512: 5478F7FF2F345D3A53534E4D5D360E53AF68D8BB8E1218CB4ADF4269411A584EA3F6A930E34DE42DC342E91B627118469177F852521FE8DA7344C554D74FF4F6
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/contentimages/homepage/051920/Homepage/DesktopMweb/2020-05-25-hp-botnav-skincare-essentials-us-d-slice.jpg?imwidth=221
Preview:II.. ...$..o.N.K..=wv........................................................................B...........B....................~N......WMPHOTO..E.q....0..$$.BBL.DD.........Cg.......0|..... [email protected]..<VH.".....1....i&#.D.H..R....2.T`|......n..VX.A...."~.:V.+.O.Z..l.*N(.E.".....V.q$7Y(...l..h.,.S.H.....HBV=.D..J........].F.PE5..!.q.@[S..qJr..7....B....]w....,k..a{..N"4..7...-."!D)$..u&..L.H"1.a.P...e.....*..C.b=...A.iR..$$..."y.K............m7.rl...........B.1.b,...^N.EZ.B.....qB..R.~,.:.qWc.at...f.....m..*....F{X...........t.R.u..(u.7.a..P...L.A}..,fL.i{s.d.:.o{I....6.PL........V.sc..%Nv.5.M..... .F...#..1..D......R...4.IB,,N.D.RL...I..`.\.xd....02s...(.6.0.;a.d6...Y...N...(.."N.....Xixe" `.s0.$....2.a.u.O..v.y4....&.).q............k5d..a...&.%.e..E=...RS9..M.E./.E.."......w{B(.#...(...K0....vBh...H?.......... .g....uQ..G.Y,..(..A.$.......`).Uv..E$....m!......?....9...A.5.v..+...8.....Q............................qE.3.b%!...>.A.. b.(.....A..A..Qa......Kq.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\2020-08-20-nav-lg-routine-builder-us-ca-d-slice[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Category: downloaded
Size (bytes): 21289
Entropy (8bit): 7.769105451138588
Encrypted: false
SSDEEP: 384:jN5Mx+fcYChagGSEB/z4KC2DrVCusi6QxTedTCiZ6TCCEe3+3gS+GmhbnYXo8D:jN5C+E6gmMgDxxsgk+iZauhdOYXo8D
MD5: 816A839F07BAA98F2997D0D163C16657
SHA1: 820D83AE6EB5BFFFB2B911CF7DEB5E435BA890CD
SHA-256: 2A9404A4C16FB639D275F1139B02F33A219F84F8741D0422675F221BEE1C489B
SHA-512: 3DA2AFCE910AE028E9232A7AC460CD4D1013A4A146C63E80DE6128F599A80ABF90BE2C883E3E5C55F3FE54AFCFD3FA16B2E1122F02CFA3DEF4F7142BDEC13DF0
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/contentimages/meganav/large/2020-08-20-nav-lg-routine-builder-us-ca-d-slice.jpg?imwidth=221
Preview:II.. ...$..o.N.K..=wv........................................................................B...........B.....................R......WMPHOTO..E.q....0...,8:B.. ........Ft........|.....@. .......F...Q.v..EV..O...]- ..*U..NA^....A....V....T.......].n...]^...e8e....2.G...-.n..r.J....$4....Y+I}.b...8F.$.i..db&.I......`.3.p.u...GS]...%#.........P.31a.p..NKS3-..T........r..7IC`.5...U."W....>......\.q.......m..&...c.$3.'.`[email protected].+...p..'cX....X.m..`vp..>C._=.tu.#*L.....i.A....W.\Xo.7....$.{....B..kr%..eU.G)+.2f.D#....43!..h...<......B.(-..j...C......E.....D.#.&r>..U.jU..&....i/D.F.DM..f...T. ..h0.....LNQ........,:.h...l.~.Z..-...(.(K7P.%..RZ..c.X..X....`~...@}..l(..4...P....`......HIc........!UC.J2.^@....1..).^......&.z7....8.....=..`...Z.!f...$.....H........,..PT6.1.....j...Pa.H.(b.RHSo]_.U....5. ..V6....B...f.dX ....e.3...V-.2..8.."..A..VqFJ.....................................K.>.0.,.B.q.0. ..Q.B0........K.xcu... ..1...../D.Da..........7...2...0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\2020-10-19-hp-marketing-banner-sc-oct-holiday-teaser-us-ca-d-slice[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 482x202, frames 3
Category: downloaded
Size (bytes): 64294
Entropy (8bit): 7.98822590630287
Encrypted: false
SSDEEP: 1536:fRm+KDKQEBEB0TFajh6rRnDTlGC/T8mVbyJv:fRm+zBU0TFW0rHGKKv
MD5: 761E1A9464F897990673A4E3E8F5CBD5
SHA1: FEBEB4F0B6B6571B5362F6179D37F32CF457C169
SHA-256: E49663C085B53DAF8D8926E2289D3E45E8B6B34964514AD84CBDA37DA1228804
SHA-512: 444B6D19A4B13C759B033B395A12903E14E7E66573FF1626212F3E9A06D0F80A41FA337958AD3FDD54FADCABBAB21175CB9FA56D180AA504A4921479871A3307
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/contentimages/homepage/101320/Homepage/DesktopMweb/2020-10-19-hp-marketing-banner-sc-oct-holiday-teaser-us-ca-d-slice.jpg?imwidth=482
Copyright null 2020 Page 32 of 73
Preview:......JFIF..............................................................................................................................................................................................................1. ..L..../"@...8'..:t.8'L....S...?.D..2d.C.@=.....5.?e.vJK..[BUFE.../...f.....I..P..gF.H.....Xw._..Q.....t.M..(;.t.}T........l~?..9..g.Y9.Y?.(E.t#\.f....=K..-. f..TV....C...N....@:U.../..W^].r..........o..Q.|......w...d..a].......&4U../..&.7...<..#....t...vK..(.2u?0..360.zY.{A.......{...|7O..N.[..6W^.W..Uto1u..R..mllA.d4e.8h...X6.IM.6UtC<.....~.>.\;#qs.....q.....c.?.cbDr..b.;.F9r.r.a:.......bF1...... H.2d..R.2d..E...:..W.(d.%JI....g..9.h....=..V5........H.$H.2D.N.2h.8.K .K...v..&m.t.q*h..Nq.1.E.W....j..[*ft8. H.2d....D..r..2d..&...t.q*h..N&f4.23..n.+.*...1.i(..$..&M[......;.uIS[...:d..pN.7.%M.8t..d!....D...]2.j..X..,("D."D.d...B...r`~.....t.&..:n.J.6p.I..L..o.......*....];."D."D.c.[|H.Q#B%..)uj%..2n..'N......g.G..(...}.~.3:..q
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\2020-10-19-hp-marketing-banner-sc-oct-holiday-teaser-us-ca-d-slice[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\35396449d4c62aaa8d3087ef954e60e52c5576b3[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Category: downloaded
Size (bytes): 390
Entropy (8bit): 4.989317321262231
Encrypted: false
SSDEEP: 6:C3f4KFIQbmniZ783T/KjkqCOi+8mgO9l37VK4DLSmXZCRTGRWV/OQCyA+bDRWUki:i2Q183bKjkDu3EiA4WdLDRWUkEKxop6A
MD5: 50B9DDC5312521911943A6A4A7C37692
SHA1: D5A13020415B50A5E37B944DE43B8900D0394331
SHA-256: 3129756FE23168DC6BE1DABF73EAE546279D7731D3EC7D602D42650C78992B15
SHA-512: D910458DE43AF187A5142D0029B1C846FB1273B0B71F9FBF8E6D106A848218D412CE83AFFA784EBDBB303B4C7E99C0DF095499993447AE3096EEF951A70E3522
Malicious: false
Reputation: low
IE Cache URL: https://s.btstatic.com/lib/35396449d4c62aaa8d3087ef954e60e52c5576b3.js?v=2
Preview:if (!Sephora.configurationSettings.isCCPABannerEnabled || bt_cookie('ccpaConsentCookie') == 1) {. const script = document.createElement('script');.. script.src = 'https://www.googletagmanager.com/gtag/js?id=UA-165841114-1';. script.async = true;.. const firstScript = document.getElementsByTagName('script')[0];. firstScript.parentNode.insertBefore(script, firstScript); .}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\Cat_Banner_Hair[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Category: downloaded
Size (bytes): 9610
Entropy (8bit): 7.763860932970067
Encrypted: false
SSDEEP: 192:E9Imn3/1/o6iaX1ADEAZEll+793qOcSxe+nTWTE+LNm7K:E2WN0iulh938mTr+LNm7K
MD5: D997A10E722EE95280C4F97E6F4316E8
SHA1: 95ABC7F5B071785815AE40A6D8A57BBD95366C12
SHA-256: 6EFD434CFD997F2B2D702312FDD69D2F53B3D6C8832FBABDF74BE6C901F03314
SHA-512: 97DB7E09C142D67F2FA02B27E84E98176911DBDF6E4775CCDE4888C3E08CF42B9B200949834075A645236ADA7A6AE9CD32FB2EF59DF225E220357BF450BAE09B
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/contentimages/categories/banners/category_banners/Cat_Banner_Hair.jpg?imwidth=777
Preview:II.. ...$..o.N.K..=wv.........................................................m..............B...........B.....................%......WMPHOTO..E.q...l0..$$.BBL.DD........-!.......@0...........@@...]UP.).jZ....0.y.....:.(.d......B..H(...c.....&r.2...G..Pz8........(...oR%...M.7..v.d.D....S>.:5.d..<.,....UP.....t.|.:...T..M.....K.....U.VGj.XFm4M...D.!....+......D.....A...`.,.=.w.........dK.aA..b..#+P.......'..%.P!.-Ue..I=.?...;[email protected]...:-..n....`.....9..e.....#&J;..<..p...o.t^M+.S.>..'.}k ..<....ZB0..L!.g.C.X>.eE.~..... .{...ft.a..=.o..LS._m..G#N...$,%.lo.&7M.@...........&....9y'....=A.F."2pQ.v.a..!.~8..J.....0S..2.fe3..?.................................ap.~.(.,[email protected]........~..!..QBG..(....J...g.d.(.D....g.a.G..... .9....AB....J.Z.1"..ABE....J%....j...)I...TdU.?........X..0...........V.[,X 0")...a.....E...4ps..$......F'L....Z..][email protected]!..(..+./p.....O{.2.....^R...-r.....9.j-q..,5....0.D,...$..c..2.'.\..6....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\FS9BD-W3YYU-T5EYF-DZEKW-5ERXU[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: C source, ASCII text, with very long lines
Category: downloaded
Size (bytes): 201593
Entropy (8bit): 5.3656174430030115
Encrypted: false
SSDEEP: 3072:GU6fLbm0iCx+Qhx2GWkvdWQKBdpIGT434i3oG6i:GxLbhLFvdSdph434igi
MD5: EABF4D3196759E4E8D591AB368D5BAFD
SHA1: 3D0E1D8C31320FE25FC3B7BA0F17A1E1D555016D
SHA-256: 50D9B6A7252BFC4709DA205EBF62E48CDAC0AC29EDCF6C5B8E213A91275979D6
SHA-512: B793B2DE3BDE886C5560DB4DAF6631920E7288C77D29701AD796B3B8C719EF211B99D05AD15BB319C34F7828876EDA155A49C7EBFD02C28EE9A74FBDD6A1033C
Malicious: false
Reputation: low
IE Cache URL: https://s.go-mpulse.net/boomerang/FS9BD-W3YYU-T5EYF-DZEKW-5ERXU
Copyright null 2020 Page 33 of 73
Preview:/*. * Copyright (c) 2011, Yahoo! Inc. All rights reserved.. * Copyright (c) 2011-2012, Log-Normal, Inc. All rights reserved.. * Copyright (c) 2012-2017, SOASTA, Inc. All rights reserved.. * Copyright (c) 2017, Akamai Technologies, Inc. All rights reserved.. * Copyrights licensed under the BSD License. See the accompanying LICENSE.txt file for terms.. */./* Boomerang Version: 1.687.0 0d1b46422dda1e3eb52dcea619466df6f41b53f1 */..BOOMR_start=(new Date).getTime();function BOOMR_check_doc_domain(e){if(window){if(!e){if(window.parent===window||!document.getElementById("boomr-if-as"))return;if(window.BOOMR&&BOOMR.boomerang_frame&&BOOMR.window)try{BOOMR.boomerang_frame.document.domain!==BOOMR.window.document.domain&&(BOOMR.boomerang_frame.document.domain=BOOMR.window.document.domain)}catch(t){BOOMR.isCrossOriginError(t)||BOOMR.addError(t,"BOOMR_check_doc_domain.domainFix")}e=document.domain}if(e&&-1!==e.indexOf(".")&&window.parent){try{window.parent.document;return}catch(t){try{document.doma
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\FS9BD-W3YYU-T5EYF-DZEKW-5ERXU[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\Resonance[2].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 89233
Entropy (8bit): 5.252323533644183
Encrypted: false
SSDEEP: 768:GfZzX+g4VCJpHr3vVcRAxohNF5dms5LMr378c3yOk5e2bw6kgl0tLYJZ4y4V148q:GlX9YdNC85OfLXLk
MD5: 2B6BC8CE2123634F9AA1F2AD11EC1CF1
SHA1: 30950890A53E7579F92D304BCDE219733E2B2628
SHA-256: 22AB61818CAA97ACE7CD0335A87BC4ABF3346E209F1BDA1A9EF1D6B1CF8E1082
SHA-512: 2C96EF695BEA35AF752A4E8D756738668506EFB1A242EE8EE813487077C927F52E0D4AEB052DBA918FB94416333EB46F5D0DB49EF09B8FCBA30134272C64CD00
Malicious: false
Reputation: low
IE Cache URL: https://www.res-x.com/ws/r2/Resonance.aspx?appid=sephora01&tk=225132365597353&ss=311603776979577&sg=1&pg=103424241317183&vr=5.10x&bx=true&sc=home1_rr&sc=home2_rr&sc=home3_rr&sc=home4_rr&ev=&ei=&no=20&language=ENGLISH&ccb=Sephora.certona&ur=https%3A%2F%2Fwww.sephora.com%2F&plk=&rf=
Preview:Sephora.certona({"resonance":{"schemes":[{"scheme":"home1_rr","explanation":"Just Arrived","display":"yes","items":[{"id":"P461170","display_name":"Cologne Collection Mini Set","variation_type":"None","product_type":"standard","product_url":"\/product\/jo-malone-london-cologne-collection-mini-set-P461170","brand_name":"Jo Malone London","default_sku_id":"2363323","reviews":1,"rating":5.000,"heroImageAltText":"","certona_algorithm_id":"11n","certona_experience_id":"3860","certona_audience_id":"451","certona_strategy_id":"84483","skus":[{"sku_number":"2363323","sku_size":"","sku_type":"Standard","list_price":115.00,"primary_product_id":"P461170","additional_sku_desc":"Cologne Collection Mini Set","grid_images":"\/productimages\/sku\/s2363323-main-zoom.jpg?imwidth=135","hero_images":"\/productimages\/sku\/s2363323-main-zoom.jpg?imwidth=270","large_hero_images":"\/productimages\/sku\/s2363323-main-zoom.jpg?imwidth=450","is_sephora_exclusive":false,"is_online_only":false,"is_limited_edition
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\basket[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Category: dropped
Size (bytes): 188627
Entropy (8bit): 5.245144075111417
Encrypted: false
SSDEEP: 1536:oWo9lKUM7y0OJ1l7rT4WAyimGPbIP8L1C6ILTwAnVz:oWo9lCeLl7gx2z
MD5: 6F8CE4F5986433A70FCE8F8D3B3124B4
SHA1: 29745339FC658118FA412E688FA5EE1F6948B5AC
SHA-256: 54AF7FECC939E621C913ADE66D4067EA0761899AA0464BFE9854E2ECD59FF313
SHA-512: 1CACE2195759F5D76762FB40BCDCFF7F91D0D75A2EAC0315A3E68D8E96B186F7897B15A311971869BFA560C77AB8BCEB4CB92219D63F51C42B5F9E6FF361DC11
Malicious: false
Reputation: low
Preview:<!DOCTYPE html>.<html lang="en" class="css-mao3d8"><head data-comp="Head "><title>Basket | Sephora</title><script>(function(){(function(a){"use strict";function b(c,d){if({}.hasOwnProperty.call(b.cache,c))return b.cache[c];var e=b.resolve(c);if(!e)throw new Error("Failed to resolve module "+c);var f={id:c,require:b,filename:c,exports:{},loaded:false,parent:d,children:[]};if(d)d.children.push(f);var g=c.slice(0,c.lastIndexOf("/")+1);b.cache[c]=f.exports;e.call(void 0,f,f.exports,g,c);f.loaded=true;return b.cache[c]=f.exports}b.modules={};b.cache={};b.resolve=function(h){return{}.hasOwnProperty.call(b.modules,h)?b.modules[h]:void 0};b.define=function(i,j){b.modules[i]=j};b.define("1",function(k,l,m,n){var o=b("2",k);var p=o["default"];var q=String.fromCharCode.bind(String);function r(s){return q(8238)+s+q(8237)}var t=r("OTWHHWJgj");var u=r("rBCUgmpuw");var v="";var w="";var x=void 0;var y=Object.defineProperty.bind(Object);(function(){var z=XMLHttpRequest.prototype;var A=z.open;var B=z.s
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\cat_fragrance_botnav_hed_030116_image[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 777x30, frames 3
Category: downloaded
Size (bytes): 3151
Entropy (8bit): 7.698503852210864
Encrypted: false
SSDEEP: 96:CkmkCIHeYk4a5rLYUL2fpbpgUZwb4wh2k5ka:nTCI+5Bk42fpbZZwbR
MD5: C5CA483D1FDCB431385C7CE678722636
SHA1: BD1E85382C08874791B1D629656912B8A3244D31
SHA-256: 35D4ECF99041D2D34B1298E4BF937C3ECF30A062B1A9CEFA306AF4457152091D
SHA-512: 7E943ABAF367F735E5FB7155879FC7A893D2DCBF572893C2880F3DA1A38732FF76713A79A951642862B0EE67BE4668FF03E35E0CC9738726E63A7D03ACB4CCBA
Malicious: false
Copyright null 2020 Page 34 of 73
Reputation: low
IE Cache URL: https://www.sephora.com/contentimages/categories/fragrance/03.01.16/cat_fragrance_botnav_hed_030116_image.jpg?imwidth=777
Preview:......JFIF.........................................................................&$&22C...........................................................&$&22C...........".................................................R........o[zR.5.]...|.B.7....l=.. ....*....,.o.8.E...K.K.......:..=E.p^[email protected]..}/..^.m......Nq..BN....R.......DC-0..................................................?............................................?...&.............................1P...!"............q.q.B.^.O.}`7[P].g.n.J.D.".W..P.|...6...<...._..g..>{a.Ny).`-...9(...q~...B..;..B..J7...<p,y.A.Z.....k`!.6(...j.a.)\L......b....R......|...n....[?......1.....E.T...h.$........M....e[..`..D..#!w.B4uq.9.>x...2li.\....J.[...q`.?..8.].+..A...k..M..y.ePT2$I..A.5|...,-q.N.(....3..,..(.9..Z{......$....).X...$..H..O.m*R.-hm.Z..)..X4..l.h..e<.j<..6.'...W..h1....^.6[uL)......ul. ...q..8.|...F.|......Q5..Z!..!*W.......ZD.TM.8..;".~$5*.*.'X.....S..J.;.....*..mg...5...X..........
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\cat_fragrance_botnav_hed_030116_image[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\cat_makeup_navbar_more_030316_image[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 777x30, frames 3
Category: downloaded
Size (bytes): 2657
Entropy (8bit): 7.61807684038965
Encrypted: false
SSDEEP: 48:JaskxskCGmzccWnJlt9mLJNcalrep+mqK/sN3uVGRckq8ka:7kmkCGETWJMN1NQq+sN3Yk5ka
MD5: 1B13C7D675FD64257716AF8DB8EB48CC
SHA1: 9377A7C61BCEA6509C5225905E4C69B4840C80A1
SHA-256: 649B4F79886526EDC369B52A6F1A1CE2DE06A31E767CF160C9DC7DEF2FCCD501
SHA-512: F9FC33B39F6EF867D9986EB4E9CF3146D4DCCCC2FF53E30B11BB2317C9E2361E4BA1DA1F9C524630AAEA3506F7B1A61D9AE073E962E1979DC28F6042EA4A5F43
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/contentimages/categories/bottomnavs/makeup/cat_makeup_navbar_more_030316_image.jpg?imwidth=777
Preview:......JFIF.....................................................................&""&0-0>>T.......................................................&""&0-0>>T...........".......................................................$.5J.az.7...S+..N......U...........(..?".{......_......{{e.........9.X.6..\T...y.s...<vI....,...............>..................................................?............................................?...!............................P`1............C.B?a[Z.b..,.[..M.d.,.Y.R..=..x...~.r.+].Np..~,..3B.{P..[...<..\3Cb..4yb)..J..R/sX..kW}...7.y.:...?...m...f.x..-D:..^.F........%..R....OL........$........E/....=....7.q...,.{.oy.\.Y....%.8....|/(.Rn........:.e...kH.j...........sJ../.r..5.`nq+{+.'....c....C..\.......s...Nu# ;....Nt9j..[.IT......t............5.x..a..XhHX9?..+&.*....JN......+..,.}E~...h. ..s}...f.5....S....V.7s..B.?.....P.l.......m.....W._..D.}O.>9O..N...z.g....{.l(k....._..lP...........Y....]...B.Z6S.?3.....Z.[
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\cat_skincare_more_030316_image[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 777x30, frames 3
Category: downloaded
Size (bytes): 1803
Entropy (8bit): 7.353156372190239
Encrypted: false
SSDEEP: 48:RFeWFSTX+RskxskCLxSZCJir0Ig1b1of0UrCwNAqelbq67ujkq8ka:6LX+GkmkCLUZCJir0Ig1b1oc/bJ7ujkb
MD5: 636524570EAE55778D3CACEF2E32F5BF
SHA1: 2E338E64FD7EC231F13246FFCD744A4E8AB0B801
SHA-256: 73B0BFA7525376A1F8A1780763C9D4CDEC11A68B493CCDDC874012912CCE5D3E
SHA-512: D70A1231E03209716690F310A730755A20E0BC76A354422C0FAD3581803FB3F283CBBB4E9F78C3E01EBC452989E5147805DD8F5FCDDAEA80EDCBAF998A86B851
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/contentimages/categories/bottomnavs/skincare/cat_skincare_more_030316_image.jpg?imwidth=777
Preview:......JFIF...........................................%......%!(!.!(!;/))/;E:7:ESJJSici................................%......%!(!.!(!;/))/;E:7:ESJJSici.............."................................................".....6.E.....................Y...O..ym...Nm....h./..........:.....\...........n...B..............................................................?............................................?...#...........................`.. Pp...........6q..8.hlm....j+m.....u........_..|......'p.72....\.....m!.|_4.B.Q.hL:1.X6...e...M.....8&jGB.D.........]I..yu.L.*.........e.S.![.d.....m..+X.r.?2.|...7;.R...#P... .X.w.k R...,.ZF...Rxv.^....?.WE.S....\].....C.._.....m...Y.......W.h...o.h...aCj.\.+.?. e1......t..V..l.]..1cOJ..Po..........X..q..l2..6......sQL...%?....D...:......8Xo.P.`.r..9PL...4......F...}......M......6..........................!"A.12B..Q`abq. $CPRpr............?...H.Ov....D.#.W..@]/9...q.T.f...G..T_:..8@?~.3....X..u9...5..yg.X......(G....e^[..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\config[1].jsonProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 11091
Entropy (8bit): 4.95344991463875
Encrypted: false
SSDEEP: 192:+VXVnsnLyajeCQ4Cq+lzlRXVnsnLyajeCQ4Cq+lbp:0Rs2PfRs2Pbp
MD5: DB543738E4A90C67C69935543C190758
SHA1: 278F699C50E8661CABEE5764AE46D5C957954EA8
SHA-256: 28AEFE43ECF8C4F1FAE8B83996A002C24C2F0B42686A5A7136037E1337B7990D
SHA-512: B55C5365285EB1AC6D536C05E2EF63BB5177F831222E6866E951617EBB0FCDF99951647D7455F137B260FEF32D9001B93784C61A95A9F196B1DD91E66D290948
Malicious: false
Reputation: low
Copyright null 2020 Page 35 of 73
Preview:{"h.key":"FS9BD-W3YYU-T5EYF-DZEKW-5ERXU","h.d":"www.sephora.com","h.t":1603485151119,"h.cr":"1dff1850bc245e68ac139236cc54990d4de43833","session_id":"29c2a876-fc11-4821-9a89-9f556ee42726","site_domain":"www.sephora.com","beacon_url":"//684dd30d.akstat.io/","autorun":true,"instrument_xhr":true,"beacon_interval":5,"BW":{"enabled":false},"RT":{"session_exp":1800},"ResourceTiming":{"enabled":true,"splitAtPath":true},"Errors":{"enabled":true,"monitorTimeout":true,"monitorEvents":true,"maxErrors":5,"sendAfterOnload":true,"sendInterval":1000},"Continuity":{"enabled":true,"waitAfterOnload":1000},"PageParams":{"xhr":"match","pageGroups":[{"type":"Regexp","parameter1":"/checkout/confirmation","parameter2":"order confirmation","on":["navigation"]},{"type":"Custom","parameter1":"wa.pageType","on":["navigation"]},{"type":"Custom","parameter1":"window.digitalData.page.category.pageType","on":["navigation"]},{"type":"Custom","parameter1":"Sephora.analytics.backendData.pageType","on":["navigation"]},{"
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\config[1].json
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\dc[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: downloaded
Size (bytes): 187
Entropy (8bit): 5.603784670007943
Encrypted: false
SSDEEP: 3:YBG/9mHoOjKoSHxod5dYw9Q8nA0WiVVS3XRNm7NBMET8GTGUM8V6vkNQN4Hnjn:YMoDOxWDYQlnA0W843XG+EvGUMfv8Qkj
MD5: 3E0DD99BC6C4A293FB8198B26385B9A9
SHA1: AA5DE7B1F3473C78EC5790EAD9BE7591F280911A
SHA-256: 384E5A2266FDE2A18442880B160FACEB06EF689CC19AD6CF470BBC759B2B372E
SHA-512: B41EF02650897ADA35C957FCD797110ED626722FDD494EB7680297B8B7E281DFBBBD332C11C4368D8C140634201898177DA1341A54D56F857FBB147D04FE0241
Malicious: false
Reputation: low
IE Cache URL: https://api.zeronaught.com/sephora/dc?key=AIzaSyAaDUq6-hRN7J5DbGb-rFI_i5CjNHTK0tk&sc=AFAIKVd1AQAAsoHrw6fQBD4WFfp34eawCMEDlXkuW_Je7IwecRxdU79B1eoy%7C1%7C0%7C28a80abe48f848c4873611d4066013e270bd70a2&si=%7B%22uuid%22%3A%223b178e08440876b1%22%2C%22pid%22%3A%220836b5049e45ff67%22%2C%22ts%22%3A1603517528%2C%22p%22%3A0%2C%22v%22%3A%7B%7D%2C%22c%22%3A%7B%22sc%22%3A1%7D%2C%22cv%22%3A%7B%7D%2C%22tp%22%3A133%2C%22ut%22%3A%7B%22ts%22%3A1603517527%2C%22sc%22%3A1%7D%7D
Preview:{"dc": "{\"c\": \"N2xJUXdFN3g2M0gwbTR5Sw==HDtOCUUR8dxYPsUUwhg-DQ4aBMDi-LeQNsPA3hV5VmMCGweVUrOOTwL17A3D3kURcTndBKfbPKvqsX3xc1qd2saqS6D4TN7YEQ6_VDA7Lsqsqww=\", \"dc\": \"000\", \"mf\": 0}"}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\dc[2].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: downloaded
Size (bytes): 187
Entropy (8bit): 5.705802886155664
Encrypted: false
SSDEEP: 3:YBG/9mHoXYmZW0+3BdLlHGdXkuQhXqq9wwWGfeCxhK+uOV9TLKdM0qZQN4Hnjn:YMoGY2+3YV4L9wyfg+usJL0qZQkjn
MD5: F186E2733DB8CD1FFDC4F363BB7A9408
SHA1: EF8EC880DDC8B228B44B33F8ED7336553A1AE96C
SHA-256: 1D884F0D82B09FCC6D78B18D17BC219A4018BC6B79E40F71C08EE0DDBF165AEE
SHA-512: E91D5EEABEF468214F09C535CBA25E36E61D856A9903D66DA39D2D256E3FC9796218D410C6034AB8F111B0CC350D3DC71CB03EF811DC9286519866747F7B60E4
Malicious: false
Reputation: low
IE Cache URL: https://api.zeronaught.com/sephora/dc?key=AIzaSyAaDUq6-hRN7J5DbGb-rFI_i5CjNHTK0tk&sc=AFAIKVd1AQAAsoHrw6fQBD4WFfp34eawCMEDlXkuW_Je7IwecRxdU79B1eoy%7C1%7C0%7C28a80abe48f848c4873611d4066013e270bd70a2&si=%7B%22uuid%22%3A%22a6c8689dd72a5abe%22%2C%22pid%22%3A%22d1cb398dcc1dc248%22%2C%22ts%22%3A1603517553%2C%22p%22%3A0%2C%22v%22%3A%7B%7D%2C%22c%22%3A%7B%22sc%22%3A1%7D%2C%22cv%22%3A%7B%7D%2C%22tp%22%3A237%2C%22ut%22%3A%7B%22ts%22%3A1603517552%2C%22sc%22%3A1%7D%7D
Preview:{"dc": "{\"c\": \"OEVwbktDUXExTU5KcFNtUQ==QRWwxgCjD_xgbOX9IrCvKAs1ihRZUDP5pHz3NWrJAFzHBZUUB_XpIzP1gTBKTqR8oY5-K5xVKy4rGTkYjwdznuU5xS_kwcmDU82hVxs580RaXX4=\", \"dc\": \"000\", \"mf\": 0}"}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\dc[3].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: downloaded
Size (bytes): 187
Entropy (8bit): 5.703629774088463
Encrypted: false
SSDEEP: 3:YBG/9mHoON2lS2IJmO64pdoiW8FB1RqZUuia3J4noHYFON4Hnjn:YMokSBX6oR2quiWOXckjn
MD5: A450E4E9A07521C38C60EFAFD9B179B2
SHA1: 49AA64F29D3CA196A967346C8610CAA6D45FAEA2
SHA-256: 213763FCBF0B24DFB0993069CA6548F6572CB80E5BC09B2E3BED240713808F25
SHA-512: F98FBA0C68396C3F7211D0F45C09BFDBED485C03B8FBDDA3F0EA753A49F7989F580C8CE16B76A80ED7FDEBE434DEF6C056C416158C614B342CACDB30FF1BE485
Malicious: false
Reputation: low
Copyright null 2020 Page 36 of 73
IE Cache URL: https://api.zeronaught.com/sephora/dc?key=AIzaSyAaDUq6-hRN7J5DbGb-rFI_i5CjNHTK0tk&sc=AFAIKVd1AQAAsoHrw6fQBD4WFfp34eawCMEDlXkuW_Je7IwecRxdU79B1eoy%7C1%7C0%7C28a80abe48f848c4873611d4066013e270bd70a2&si=%7B%22uuid%22%3A%220768ee3f1841f686%22%2C%22pid%22%3A%22c475ac9efc6f4d3f%22%2C%22ts%22%3A1603517587%2C%22p%22%3A0%2C%22v%22%3A%7B%7D%2C%22c%22%3A%7B%22sc%22%3A1%7D%2C%22cv%22%3A%7B%7D%2C%22tp%22%3A109%2C%22ut%22%3A%7B%22ts%22%3A1603517585%2C%22sc%22%3A1%7D%7D
Preview:{"dc": "{\"c\": \"VHNRWDJGZWtWZ2hDMG4zVw==242NRgW7jKiLn3w0wgQ-YzphCq1y_WmH8tc4IsN_vMyIMGsO_fMMxX6tGUV7FXP4Nn6nl4puoUrsgq2ouoHVqp6afNo7pjjf9630CyQL9W68kb0=\", \"dc\": \"000\", \"mf\": 0}"}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\dc[3].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\favicon[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: MS Windows icon resource - 3 icons, 16x16, 8 bits/pixel, 32x32, 8 bits/pixel
Category: dropped
Size (bytes): 7406
Entropy (8bit): 2.83820851036548
Encrypted: false
SSDEEP: 24:u9NhBZqhSHv/161+XZ1n7UidXQ35xiGbTJoeO3Cf4K3/70eoaYBrVO2yiSQlKtYK:IiSMQ7ZGXXpOSft/70eOHOpiSJY3M
MD5: 0950D4C583446302F71BAA6B9259FCBF
SHA1: FDB1A01CAE7CF98A6E4D7178E4CB34D3BCF41F34
SHA-256: 0DE77535D019861BC9E6B0E22084A3CF7BD4389E666AAACA3FED54A936E0209D
SHA-512: DA7904D91F65A32F251BDFF6143C785CD563EA0676AA11479D7074AF2C118D24B183C0E52930CE27E579EF1720F3B35B7D54A5129B63767AC9160599235EBBC4
Malicious: false
Reputation: low
Preview:..............h...6... ..............00..........F...(....... .................................~.IIG.....('%.....:97.............,+*.....>=<.....765.....................%$".....--+.....KJI.eed.........SSQ.432.................................ZYX.##!.........nml...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\favicon[2].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: MS Windows icon resource - 3 icons, 16x16, 8 bits/pixel, 32x32, 8 bits/pixel
Category: dropped
Size (bytes): 14812
Entropy (8bit): 2.83820851036548
Encrypted: false
SSDEEP: 96:IiKVG5OSx7PC85G3piKVG5OSx7PC85G3:IYJP3G3pYJP3G3
MD5: BAB355C1A56B81E8C27238C8A6E3C9F4
SHA1: CDF2B5582422CD7EF7807BE4A1B0CFE429B25DFF
SHA-256: 607F574F32CB0FFE285C8F352D98A6862C9A5C002383500E569CF970865D11A9
SHA-512: E033C1E27D2282A7C10BA85AB170DB7BBB6C13A5E9E76646670D5C1BC6AFBB282B01ADCB46AEFDEC97895F130B83BB6C809C893895708592AE929641908A3969
Malicious: false
Reputation: low
Preview:..............h...6... ..............00..........F...(....... .................................~.IIG.....('%.....:97.............,+*.....>=<.....765.....................%$".....--+.....KJI.eed.........SSQ.432.................................ZYX.##!.........nml...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\favicon[3].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: MS Windows icon resource - 3 icons, 16x16, 8 bits/pixel, 32x32, 8 bits/pixel
Category: dropped
Size (bytes): 7406
Entropy (8bit): 2.83820851036548
Encrypted: false
SSDEEP: 24:u9NhBZqhSHv/161+XZ1n7UidXQ35xiGbTJoeO3Cf4K3/70eoaYBrVO2yiSQlKtYK:IiSMQ7ZGXXpOSft/70eOHOpiSJY3M
MD5: 0950D4C583446302F71BAA6B9259FCBF
SHA1: FDB1A01CAE7CF98A6E4D7178E4CB34D3BCF41F34
SHA-256: 0DE77535D019861BC9E6B0E22084A3CF7BD4389E666AAACA3FED54A936E0209D
SHA-512: DA7904D91F65A32F251BDFF6143C785CD563EA0676AA11479D7074AF2C118D24B183C0E52930CE27E579EF1720F3B35B7D54A5129B63767AC9160599235EBBC4
Malicious: false
Reputation: low
Preview:..............h...6... ..............00..........F...(....... .................................~.IIG.....('%.....:97.............,+*.....>=<.....765.....................%$".....--+.....KJI.eed.........SSQ.432.................................ZYX.##!.........nml...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Copyright null 2020 Page 37 of 73
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\fbevents[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: dropped
Size (bytes): 270819
Entropy (8bit): 5.394714747594753
Encrypted: false
SSDEEP: 3072:wOFSFnSZqYDGtOFSFnSZqYDGtOFSFnSZqYDGI:wOURSLDGtOURSLDGtOURSLDGI
MD5: C2F4A6B621273B7E5B0887CD8C8D2CDD
SHA1: A580E8A94341B18D3000492908D33F4C4DEAD56C
SHA-256: AFD6514E83F2ACF3A8E9F5554D91BE705E923C0790417C0993292B226ADF2E92
SHA-512: FAF05BB42968631C17189BA23201E6364A3CDA02F3F5DF96FC8A99B63B16A891BC54D0E4E109005D69CAA49BAAC3E184A17B7C5BDE40E9B0DAC9D0BF26BD8BF4
Malicious: false
Reputation: low
Preview:/**.* Copyright (c) 2017-present, Facebook, Inc. All rights reserved..*.* You are hereby granted a non-exclusive, worldwide, royalty-free license to use,.* copy, modify, and distribute this software in source code or binary form for use.* in connection with the web services and APIs provided by Facebook..*.* As with any software that integrates with the Facebook platform, your use of.* this software is subject to the Facebook Platform Policy.* [http://developers.facebook.com/policy/]. This copyright notice shall be.* included in all copies or substantial portions of the software..*.* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS.* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR.* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER.* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN.* CONNECTION WI
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\forex[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 3276
Entropy (8bit): 5.2749545301012875
Encrypted: false
SSDEEP: 96:KgB6hwgPboDgb65vtY0kH9qvAr/PN0qgLq5gQ+XITq:LB64G6sL9Vr/V05qeQIITq
MD5: D9E43ED59B965AA094BB48FF4C7F68D3
SHA1: C5FD69F654E3E64EA9CD9142BAE8FC81A585C2EA
SHA-256: B96B1902A59C2377148BEF4E46296AF045F5190FD3358C2C2294114E302564B6
SHA-512: D6E178B4FBACE102949088F379C5196C753DFD70775889732943A446C5A5BB2AA23CF4F2EBDED291A185C6F4AEA3300E075D415D7A8CEAF9FB4227CCCE8E579F
Malicious: false
Reputation: low
IE Cache URL: https://s.btstatic.com/forex.js
Preview:(function (Bt) {. var RATES = {"AED":3.673,"AFN":76.885883,"ALL":104.838194,"AMD":481.616228,"ANG":1.795477,"AOA":657.018,"ARS":77.9924,"AUD":1.403115,"AWG":1.8,"AZN":1.7025,"BAM":1.653748,"BBD":2,"BDT":84.817934,"BGN":1.6544,"BHD":0.37703,"BIF":1935.119981,"BMD":1,"BND":1.35743,"BOB":6.916846,"BRL":5.5928,"BSD":1,"BTC":7.6963759e-05,"BTN":73.695453,"BWP":11.386176,"BYN":2.543905,"BZD":2.016233,"CAD":1.31365,"CDF":1962.758426,"CHF":0.907673,"CLF":0.028224,"CLP":778.800691,"CNH":6.67047,"CNY":6.6846,"COP":3771.284764,"CRC":603.339557,"CUC":1.000211,"CUP":25.75,"CVE":94.065,"CZK":23.030001,"DJF":178.066253,"DKK":6.298053,"DOP":58.429511,"DZD":128.765652,"EGP":15.7092,"ERN":14.999917,"ETB":37.371404,"EUR":0.84631,"FJD":2.12905,"FKP":0.764643,"GBP":0.764643,"GEL":3.23,"GGP":0.764643,"GHS":5.820876,"GIP":0.764643,"GMD":51.76,"GNF":9772.509914,"GTQ":7.77713,"GYD":209.258131,"HKD":7.75415,"HNL":24.551552,"HRK":6.4159,"HTG":62.417254,"HUF":308.417,"IDR":14655.279236,"ILS":3.38287,"IMP":0.7646
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\hair-products[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Category: dropped
Size (bytes): 295739
Entropy (8bit): 5.324581630548467
Encrypted: false
SSDEEP: 1536:nOorlqUm7bnOml7rT47IAH4mGPbIP8L1C6ILTwiUefvHWcx/2JVe:nOorlcHO67gT00fR/Ae
MD5: 7871D965B9B966C9590DC85BC0800BED
SHA1: 76E74D1CF4C87FEB03F02A65C1C85A2EC20A312E
SHA-256: 32CBA96A6AC56357949172A0A28CE7CCEB7FC177B409D48807EE6C9097465E87
SHA-512: B483DA290724900653A6C20414CF375489A0DCAC78BE534DC8879D3A1DD7631449FD27EFAF6F98919E52D7626B419CCC0DFCA925B4A802EB42A805BBB7D5D0C7
Malicious: false
Reputation: low
Preview:<!DOCTYPE html>.<html lang="en" class="css-mao3d8"><head data-comp="Head "><title>Hair Care Products | Sephora</title><script>(function(){(function(a){"use strict";function b(c,d){if({}.hasOwnProperty.call(b.cache,c))return b.cache[c];var e=b.resolve(c);if(!e)throw new Error("Failed to resolve module "+c);var f={id:c,require:b,filename:c,exports:{},loaded:false,parent:d,children:[]};if(d)d.children.push(f);var g=c.slice(0,c.lastIndexOf("/")+1);b.cache[c]=f.exports;e.call(void 0,f,f.exports,g,c);f.loaded=true;return b.cache[c]=f.exports}b.modules={};b.cache={};b.resolve=function(h){return{}.hasOwnProperty.call(b.modules,h)?b.modules[h]:void 0};b.define=function(i,j){b.modules[i]=j};b.define("1",function(k,l,m,n){var o=b("2",k);var p=o["default"];var q=String.fromCharCode.bind(String);function r(s){return q(8238)+s+q(8237)}var t=r("OTWHHWJgj");var u=r("rBCUgmpuw");var v="";var w="";var x=void 0;var y=Object.defineProperty.bind(Object);(function(){var z=XMLHttpRequest.prototype;var A=z.op
Copyright null 2020 Page 38 of 73
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\id[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: downloaded
Size (bytes): 123
Entropy (8bit): 4.897102078075946
Encrypted: false
SSDEEP: 3:ByeTWhi9SEjXptHQBJHnz2iNWRkpNBKKxH+3emR8Lyn:Biiw6PHQBJHnz2iNWR69pob
MD5: 980718011F7AB406F21DD7F7477717DC
SHA1: D7E2B626C2D345239096D433F07F262F14CFCDD6
SHA-256: A7CAD95D1C42B253EDC1F4BD86F9DDB932C28015A6862BAA3CEE03F751999339
SHA-512: CC95CCBB3DA2CD0F30C15D2641321833A931870DF7705E381126EBDE2DD24C6BF78875CD1F7ED802A1437AEE1B43A8BF6563B5A6B4DD8615D41AABDF84DEBA4D
Malicious: false
Reputation: low
IE Cache URL: https://network.bazaarvoice.com/id.json?_=qmmwnc&callback=_bvajsonp1
Preview:_bvajsonp1({"BVID":"1e6670e7-e7a4-42bc-b362-199ee85d42e5","BVSID":"03490cd7-e094-42b8-aae2-9b427aa25be0","NoCookie":false})
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\id[2].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: downloaded
Size (bytes): 123
Entropy (8bit): 4.897102078075946
Encrypted: false
SSDEEP: 3:ByeTWhi9SEjXptHQBJHnz2iNWRkpNBKKxH+3emR8Lyn:Biiw6PHQBJHnz2iNWR69pob
MD5: 980718011F7AB406F21DD7F7477717DC
SHA1: D7E2B626C2D345239096D433F07F262F14CFCDD6
SHA-256: A7CAD95D1C42B253EDC1F4BD86F9DDB932C28015A6862BAA3CEE03F751999339
SHA-512: CC95CCBB3DA2CD0F30C15D2641321833A931870DF7705E381126EBDE2DD24C6BF78875CD1F7ED802A1437AEE1B43A8BF6563B5A6B4DD8615D41AABDF84DEBA4D
Malicious: false
Reputation: low
IE Cache URL: https://network.bazaarvoice.com/id.json?_=ntw2dm&callback=_bvajsonp1
Preview:_bvajsonp1({"BVID":"1e6670e7-e7a4-42bc-b362-199ee85d42e5","BVSID":"03490cd7-e094-42b8-aae2-9b427aa25be0","NoCookie":false})
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\id[3].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: downloaded
Size (bytes): 123
Entropy (8bit): 4.897102078075946
Encrypted: false
SSDEEP: 3:ByeTWhi9SEjXptHQBJHnz2iNWRkpNBKKxH+3emR8Lyn:Biiw6PHQBJHnz2iNWR69pob
MD5: 980718011F7AB406F21DD7F7477717DC
SHA1: D7E2B626C2D345239096D433F07F262F14CFCDD6
SHA-256: A7CAD95D1C42B253EDC1F4BD86F9DDB932C28015A6862BAA3CEE03F751999339
SHA-512: CC95CCBB3DA2CD0F30C15D2641321833A931870DF7705E381126EBDE2DD24C6BF78875CD1F7ED802A1437AEE1B43A8BF6563B5A6B4DD8615D41AABDF84DEBA4D
Malicious: false
Reputation: low
IE Cache URL: https://network.bazaarvoice.com/id.json?_=8p1k81&callback=_bvajsonp1
Preview:_bvajsonp1({"BVID":"1e6670e7-e7a4-42bc-b362-199ee85d42e5","BVSID":"03490cd7-e094-42b8-aae2-9b427aa25be0","NoCookie":false})
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jo-malone-logo[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Category: downloaded
Size (bytes): 1102
Entropy (8bit): 7.337971609049349
Encrypted: false
SSDEEP: 24:jmZXLN/omYCJONzVTb0PY3tnxwF23PR6F05WQ3VU/WprD4UCAW:ji5YxVv4utnxB6FdGrEF
MD5: F4DB8FE173DCA4C3C9DD32CAD7FCD5A6
SHA1: 9EE8042A1783B71566209234FCD07E796BDCD402
Copyright null 2020 Page 39 of 73
SHA-256: ED4B93C4C7A3EC9CE2C6C6AC767312B05CEA72DEC527EFE9F26C691DF2814B7E
SHA-512: FB2ACB1B63FA36F8653B402BD4DE1A9823572A7B9BC6287941ED8ABCF7E147AB4DDFBF8324C203700B1CE70915050861A1A7B75753CB29459E3BAF633BB839C4
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/contentimages/brands/brands_az/jo-malone-logo.jpg?imwidth=144
Preview:II.. ...$..o.N.K..=wv.........................................................Z..............B...........B............................WMPHOTO..F.q...Y0..&..b`l.g......0.0............ .........UUk.......KKG......3....*..................................D...:R.....~...U.M).K.b.....b.8'Z..1#...@O.:h#=.}[email protected].."......J.3*.GSvO.4..-..D.#[email protected]. ;n.s./M*.h.....k{.....+.....:.....B.`p...J.b.pu.:.V,..Bp...E..`.K.............F..=.<x.)t ....G?...Oyz<.q...G.~Eg<....T.f.j7....."......k...(.&.=..(6..e..Z...a...e..[..W.e..X........lPN..YV.0..V.%..rQ.c.t5.,.b.....!....E@>J%.....7.]..n.,..*.t.....|.).4....... #.."!{.Oz'......:..7Hnu. .^$.z.F.<.5.}..2.......X.H..0..!..^.6.\bA..q$.11..=...>....D.."......'.....I4.iUY.....bG.F.zV...(.{\.%.H.....&..z.y..{........a".a.h.....Z^.n.e...D..j.....v.#,.4]|..s.....yM'3n..m?x......Z.&.QG.4x)j...:....W..E..K..%Y..lX[.88...FtQ....CF.(.<<...\,.fy.H....h&D.$E.7.H!h.D..i....>(.v."....6L.{Ei..g.I.c
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jo-malone-logo[1].wdp
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\js[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 96281
Entropy (8bit): 5.5122896915870445
Encrypted: false
SSDEEP: 1536:JDNX6JiwnoP0dAOxvkAM64ViFA5+4uvj16wPvOPdBPHKz4k1c9sKP4K4FiG0KrUZ:JDNX6Jbn40K0LFbj16PdByE4O
MD5: 1C39B1DB5A8D3FEB09D664953452A18B
SHA1: 37450E8A3B8519606CC2A9C3474840EFF58542F3
SHA-256: D905F8D30BA4E062A1505E4726A5BDC6B86BA9BFE870579BC47EC1BD16A887F8
SHA-512: 45486EBDF9A901A342E74DCF16BEC519C99B3DBD3C37A5AA1F5DBE042D2C53F812BDEFF9D0982C439DA59DDE4C5CC73202CAC06A82E508F0FE8E224C5E14B3B8
Malicious: false
Reputation: low
IE Cache URL: https://www.googletagmanager.com/gtag/js?id=UA-165841114-1
Preview:.// Copyright 2012 Google Inc. All rights reserved..(function(){..var data = {."resource": {. "version":"1",. . "macros":[{. "function":"__e". },{. "function":"__cid". }],. "tags":[{. "function":"__rep",. "once_per_event":true,. "vtp_containerId":["macro",1],. "tag_id":1. }],. "predicates":[{. "function":"_eq",. "arg0":["macro",0],. "arg1":"gtm.js". }],. "rules":[. [["if",0],["add",0]]].},."runtime":[].....};./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var aa,ba="function"==typeof Object.create?Object.create:function(a){var b=function(){};b.prototype=a;return new b},da;if("function"==typeof Object.setPrototypeOf)da=Object.setPrototypeOf;else{var ea;a:{var fa={jg:!0},ia={};try{ia.__proto__=fa;ea=ia.jg;break a}catch(a){}ea=!1}da=ea?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new TypeError(a+" is not extensible");return a}:null}.var ja=da,la=function(a,b){a.prototype=ba(b.pro
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\loader[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 155 x 155
Category: downloaded
Size (bytes): 4377
Entropy (8bit): 7.761361304432271
Encrypted: false
SSDEEP: 96:HsJ2Sf33Pf3TUPgDk845ylyz5sCTrxZaeESJTSn8xHsyPpMmhsn85REsAh3:HlSnoPgDk8iylyz5NTrXaeESJTSn8Fsv
MD5: AADDAD5BC1E1659B0C7716B4CF00A961
SHA1: 5DAC179DFA291BC85FE0953686F786658A8209F7
SHA-256: 1EC8BD360736395F61B2A0994D4B3511521926252FB97BD97F9610D40F01D55E
SHA-512: AC5250F33E52B930DECBF59A81F5877695706FA779CB44D0F2AD88D9D65ADA2ACFAE2E85AF4AA986338212BBDDC0FF42613A8B7F46D260FA90992AF5E003CBD0
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/img/ufe/loader.gif
Preview:GIF89a.....'................fff..............................rrr......\\\|||................uuu..............LLL...........jjj......ZZZ.........---...................XXX.................!!!............)))HHH...$$$......nnn......>>>QQQ...NNNccc'''ooo.........:::...xxx..................888444.........TTT...zzzAAA..................VVV...lll...```^^^......EEE.........222...hhhddd.........!..NETSCAPE2.0.....!.....'.,............'..................................................................................................................................H......*\....#J.H....3j.... C..I...(S.\...0c.t....?...."..@. .(....C)b........H..."..X1X\..k..%.^........A.g...D4..H.....3.X......#..KwB..H`..!...-.L....3k.....C..M....S.~...!.......,I.[...!............k..................v.....Sg..gS.S8..8..4..4... .. ].;a..a..2......i7..#..%..l..`....U}.}...U'.'..\...>.6...k..G.3..G|....H...%.Q.."D......1#...9^..!.....(.bq... .(Qf...........Lk3...!.......,H.M.../........
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\new-beauty-products[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Category: dropped
Size (bytes): 218907
Entropy (8bit): 5.277172616519308
Encrypted: false
SSDEEP: 1536:8korlmUO7lWOxl7rT4mAKQmGPbIP8L1C6ILTwt8RVJA4VO:8korlARFz7ghMRVjO
MD5: 500B99B543DB001BFC7E2DF42E226C8C
SHA1: 41CCFA4D02B8E5630C6471763956ABF57BFCCC97
Copyright null 2020 Page 40 of 73
SHA-256: E850F026B740143EE37C4BADAF5084603869EFCADBFC84AF4A29A97F60290050
SHA-512: 6A560B035449B82943AC338D126D47D63AA2AB98130D28ADAFABAE95D2C0F5D8C77833AB1B4A1D71A49EC6D261F38B8D5A70D462C16823C383C52DC231A915DE
Malicious: false
Reputation: low
Preview:<!DOCTYPE html>.<html lang="en" class="css-mao3d8"><head data-comp="Head "><title>New Beauty Products | Sephora</title><script>(function(){(function(a){"use strict";function b(c,d){if({}.hasOwnProperty.call(b.cache,c))return b.cache[c];var e=b.resolve(c);if(!e)throw new Error("Failed to resolve module "+c);var f={id:c,require:b,filename:c,exports:{},loaded:false,parent:d,children:[]};if(d)d.children.push(f);var g=c.slice(0,c.lastIndexOf("/")+1);b.cache[c]=f.exports;e.call(void 0,f,f.exports,g,c);f.loaded=true;return b.cache[c]=f.exports}b.modules={};b.cache={};b.resolve=function(h){return{}.hasOwnProperty.call(b.modules,h)?b.modules[h]:void 0};b.define=function(i,j){b.modules[i]=j};b.define("1",function(k,l,m,n){var o=b("2",k);var p=o["default"];var q=String.fromCharCode.bind(String);function r(s){return q(8238)+s+q(8237)}var t=r("OTWHHWJgj");var u=r("rBCUgmpuw");var v="";var w="";var x=void 0;var y=Object.defineProperty.bind(Object);(function(){var z=XMLHttpRequest.prototype;var A=z.o
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\new-beauty-products[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\offers[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 1122
Entropy (8bit): 4.573398309038434
Encrypted: false
SSDEEP: 24:t4TStxMa1VQNhllUfmHti4FyoQyWXUPVeW7L/DQwBA0b39PjGtzWLsfxQ9CzODDM:N7mHtE/UPV/7LcmPjGkYfsCzODMZv
MD5: 0DECA9B33C148137D3291882CF015DCC
SHA1: D297B6BA83633D427F2AC77FED564CCBCBC27B29
SHA-256: 92BAD5C3338DE16635C5B030BEDAB5EC2E6E12C10C437EAA30FA13A059DBD21B
SHA-512: 06B32E901EA5F08E62164022221270DDA9A5972EF6E18A47318DA7030FBDDB7C11CE8911AA3C0C54DB59CED97157AC143DF08ABB291019CE5B3B15773943A4E4
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/img/ufe/icons/offers.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><g fill="none" fill-rule="evenodd" opacity=".6"><g stroke="#000" stroke-linecap="round" stroke-linejoin="round"><path d="M16.84 5.868a1.457 1.457 0 102.913.075 1.457 1.457 0 00-2.912-.075z"/><path d="M22.536 10.953l.216-8.332a.969.969 0 00-.945-.995l-8.332-.216a.97.97 0 00-.695.267L.833 13.021a.97.97 0 00-.036 1.372l8.118 8.55a.972.972 0 001.373.034l11.947-11.345a.969.969 0 00.301-.679z"/></g><path fill="#000" fill-rule="nonzero" d="M14.009 9a.504.504 0 00-.354.146l-.35.35a2.579 2.579 0 00-1.286-.457 2.105 2.105 0 00-1.666.603c-1.047 1.046-.282 2.511.092 3.224.729 1.332.499 1.801.261 2.038a1.38 1.38 0 01-1.925-.176 3.434 3.434 0 01-.782-1.936.498.498 0 00-.778-.381.502.502 0 00-.22.45 4.59 4.59 0 00.763 2.177l-.36.36a.5.5 0 10.707.707l.351-.351c.423.296.927.458 1.443.463a2.107 2.107 0 001.508-.606c1.082-1.082.198-2.695-.087-3.217-.57-1.092-.646-1.666-.266-2.045.237-.23.563-.345.892-.313a1.63 1.63 0 011.033.488c.374.356.549.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\postload.chunk.B60CoriginmasterD20201019155832[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 19794
Entropy (8bit): 5.3127768814994765
Encrypted: false
SSDEEP: 384:ZDTdRzDxf8McMWc32Gmbpo1DiprKK+twFWE1JLNnOKgfYHp:198Q32Gmbpo1Dip2K+tmWEZnOKgfQ
MD5: 9EB769E404AF2A2D3F6CF82D7849C9DB
SHA1: 02DB86029BC12E0A7D1A6891765558AF07B403A5
SHA-256: 56E7EB67D4CF3BE2196F2439599C1A68D8D04928ECFC9B7447CD22EBBE23B5B1
SHA-512: 52491D87E46EC2D9D686736072B97CC1135880355D40CE30CDE6DB36851BCEFBC6FEF33888D70027C532E93BCF620E804AFD311F3E6CC94370454D1905107461
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/js/ufe/isomorphic/postload.chunk.B60CoriginmasterD20201019155832.js
Preview:(window.webpackJsonp=window.webpackJsonp||[]).push([[2],{2724:function(e,t,a){e.exports={SmartChat:{getReactClass:function(){return a(2725)}},Footer:{getReactClass:function(){return a(2727)}},BccTabsList:{getReactClass:function(){return a(1637)}}}},2725:function(e,t,a){function r(){this.state={}}var n,o=a(19),i=a(51),s=a(52),l=i.wrapComponentRender;a(1);r.prototype.renderOnLoadEvent="PostLoad",r.prototype.render=function(){return o.createElement("div",null)},Sephora.Util.InflatorComps.Comps.SmartChat.class=r,Object.assign(r.prototype,a(2726));var c=r.prototype.componentDidMount;r.prototype.componentDidMount=function(){c&&c.apply(this),this.ctrlr&&this.ctrlr(this.props.ctrlrArgs)},r.prototype.hasCtrlr="true",r.prototype.class=r.prototype.displayName="SmartChat",r.prototype.render=l(r),r.prototype.getInitialState=function(){return r.apply(this,this.props.constructorArgs),this.state},(n=s((r.prototype.originClass=r).prototype)).prototype.classRef=n,Object.assign(n,r),e.exports=n},2726:fun
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ppage_kopari_freshface_062317_video[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Category: downloaded
Size (bytes): 12306
Entropy (8bit): 7.941044646560519
Encrypted: false
SSDEEP: 192:zUYqJJZw3Kcpkez5hubjPwUN+nbo2GSDQ11VA+jQjER4cnhUrADoWnTXUTwds32I:zUYNH5EbjFwb3i9RfiADoWnTXDdq
MD5: 1EC22468722F9BE46B99CAA6D17A3123
Copyright null 2020 Page 41 of 73
SHA1: 2E40F83788E7BB342073C135D9CB74C07564D683
SHA-256: 200B5B2A9E1BC14C8A9520A49BE0007E1D2C146D83C0F64135E28C691ECE0E76
SHA-512: A7DA3BC51AC24B1FBDD2F6384AF4C2F5AFDF2A8478A600D91C3532224BD81E1EE3A14D7127128D3482976797361413675A882BAC560FDC9158D1268CF64236AD
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/contentimages/VideoImagesNEW/062317/ppage_kopari_freshface_062317_video.jpg
Preview:II.. ...$..o.N.K..=wv.........................................................h..............B...........B...................../......WMPHOTO..E.q...g0..$$.BBL.DD......S..........0......$...B....W.....y..Q.{&.'.a\.kG.UA.w*d.....|...1...t...4.......J.....[.RC5...^_.h...FJH.h....du..4.$.....L-['.....v..._.. ..E...|7.).>..../[email protected]..=...}@_.=.y.B}0.Y_.....*Kb.(6.$Z#.L...&...!..c..v.[\.T...V......:..Q.L.*#.".eJ..(.Q....r.FGh........Z..?AJ.e"....T../..k.e..p...j.F....O.M.......r..iMV.I.87.jS+..."F.&[email protected].+...E.$.Q...f-m.N.g.t......v.`/. ..c......2I...i ..*.pk<...-..............;.....%Ds...S.f*...t...Z..Q(7....o|.`[email protected][[email protected]%3........W.7Iwh.E.AQ..".Ei^.."3.....I;3.l..^.....'.da7nl.&[email protected]...........$i..b_Cwz`[email protected]/.....40'.C"."....}......[[email protected]..&.3.r..o..cJ.3.A..PM..m..h8......`.*....I.6.x}.......e:....%s....b..[......E.Z.Q
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ppage_kopari_freshface_062317_video[1].wdp
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\resonance[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with CRLF line terminators
Category: downloaded
Size (bytes): 14345
Entropy (8bit): 5.2419329983020875
Encrypted: false
SSDEEP: 192:elNlqZgmKQV5DkahV5nHDFNDbgdBS9vYK3o5f5KUVZQU5QSFB3DJV9zniItUn:amK+5D7FNDbgbS9QK3o5hbDZ7TJDifn
MD5: F3F3DF9F68DCAACF8D17C606920308AD
SHA1: EF0587B145E7E62A2DC0862FBBF0D6FFA33165DA
SHA-256: D0672D6785F29D071549793990E5D7BBAD7E034B7875B6A92E9C8382729C173D
SHA-512: 2BF44EC29A9A42300F8D2B2C26588F71A3093A044BE775ED91627C73A58EF56C842C1711FAD01E59B219763CD2D8D812EC1CEAB0A3FEF53BC26922F8E640500D
Malicious: false
Reputation: low
IE Cache URL: https://edge1.certona.net/cd/1e15a405/sephora.com/scripts/resonance.js
Preview://resxclsx.js v5.10 Copyright 2004-2019 Certona Corporation www.certona.com. All rights reserved...//sephora.com..var certonaResx=function(){"use strict";var e,n="certonaResx.showResponse",r="",t,i,s=false,c,o,f,a,l,u,d;function x(e){try{return parseInt(e,10)}catch(n){}}function p(e){try{var n;if(e!==undefined&&e!==null&&e!=="null"&&e!==""){n=true;return n}}catch(r){}return false}function m(){try{return resx.rrelem}catch(e){}return""}function h(e){try{var n=null,r,t;if(p(e)){n=[];if(p(document.getElementById(e))){n[0]=e}else{t=e.replace(/[,;]/g,".").split(".");for(r=0;r<t.length;r+=1){if(t[r]!==""&&p(document.getElementById(t[r]))){n[r]=t[r]}else{n[r]=""}}}}return n}catch(i){}return null}function g(){try{var e,n,r;if(resx.rrelem!==undefined){r=h(m());if(r!==undefined&&r!==null){for(e=0;e<r.length;e+=1){if(r[e]!==""){n=document.getElementById(r[e])}else{n=null}if(p(n)){n.style.visibility="visible"}}}}}catch(t){}}function y(e,n){try{if(!s){s=true;r=e+"|"+(n.number!==undefined?n.number:"u
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\s1396399-main-zoom[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Category: downloaded
Size (bytes): 3301
Entropy (8bit): 7.777870921934918
Encrypted: false
SSDEEP: 48:ZYOCE3kIBOuZJSTytMB0zO5dWulRytjY/1uJE/2ymW13f+TQrxzAgk:kIFOJyaBSodWulRyy/UJEOVWJfXxzVk
MD5: 4BC5622F936DE6E1568F792D789DE693
SHA1: BE889CA4B283A2DB0E48E2D53A8490D3040FB30D
SHA-256: D5CA2EA65BEEB6F00501392490F7A0EB7EB8EB7E2B35CA28C3F4DFD97DCDCD42
SHA-512: F5035F47691E6432D2636774F36694970407A1797ED9ADA6D4BB20E8661EDC4CAF0FE238B2770DB09E44E85CD82AD09313BEE608C9505912E1125502D472DF4E
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/productimages/sku/s1396399-main-zoom.jpg?imwidth=162
Preview:II.. ...$..o.N.K..=wv........................................................................B...........B...................._.......WMPHOTO..F.q....0..&..b`l.g........S............ ..O.' ..B.O.t......c.S.)bU`.. .g.....+...."...S..S9U...$.%U......UW2...u5..J..u...m.....q....jy.."U..2.!....{...g.....E.............................[...i....U..M%..2.p..&[email protected]"...l...Q....D.~j..4....B....$.#Q..nl.^.jA...zi0BH.........`o.....H..J......=-.hx.j~..D.Bz"..%y..MB..p.........2s [email protected]).}..^.cR...........y6.........i........I.`....T.....W.:2.....;aa ...OIt#.....2E...Q;.j.j$....$....LF.a........^X....3=.<.h..>.<.f.C......'.d...[.V.e.............,......GdG...........^........Wk.....O.....;C.....6..K!...R.._..]...?..._....3.I..?$H..-.d.......<.......n.%S...+..hzK....:.....4.N.$."[email protected].../....D..~S....RH....y....2..\6(......E..hq4....1.T....*[email protected] ......FMe.|...w..A./.`n`._4....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\s1855709-main-zoom[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Category: downloaded
Size (bytes): 4083
Entropy (8bit): 7.718745237859331
Encrypted: false
SSDEEP: 96:xXnZR2WVWV6EsFN0ZBvzQdfdQzoADrU37ZQg:xXXDUVwFN0ZB7CeXrGv
MD5: 062181ABACABEC18D627A3762B4D7FE5
SHA1: 688DC99342B07586DBDCBBC8B708D233E0865181
SHA-256: 8645538FEF9DB0782D2E7A2BCC18FC6541D14678E87C035CC438D588817C4111
Copyright null 2020 Page 42 of 73
SHA-512: B86CFEA2E16BC6C02E4BAF4982FC7E3738793AFFD635462590BC6C5BB28398D349040D1060C6600F2F078EB43AC614EC5BDF184F05F5875EC8322F76A4E10CD0
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/productimages/sku/s1855709-main-zoom.jpg?imwidth=162
Preview:II.. ...$..o.N.K..=wv........................................................................C...........C....................m.......WMPHOTO..F.q....0...,XZb...@..................... ........QUW.....K..'....4..~5..[..{h......F...h.....8... .e3...H4B...Q.i..E=Gs..........1)...O.Hi.J.8..ziiS..-)...m.......K....|].#..m..6.8.`.4... A>.......E.K.Y..X..................................*|.Y.R.R..9p...D..+.Z..jnQ.d......R.......RjR"7....FA#F...EYit(.X..(.I.i..B.8[...W.....p........@$HFDv.......o.G.H...D.J.X.F..8...~..9..)....g.....?...Wg.DZ...Li..(.>.Pw.Hj.u.|+....]...X#..&[email protected]^g.<...........C}..l!....`H.g.^+.^.Q1..6..c.I..d...vF..w^1.}@.Y.}|....+......!..\.....^-...."..a..L....."(.+...-.........H.d.J.mm.~...`p.o...2o...hC.VgFH....r.S..&.u.6.:Zt=....O.n.n.8Z............... ....}..S.4...F..R^|[email protected].>@C.S}.....y.5..._.M.on.....`...=...J..1._.\...A.....1k....J...<u.......Nl..}.h.iA.K...F..F..=.$......u[..k...&.u
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\s1855709-main-zoom[1].wdp
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\s2324705-main-zoom[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Category: downloaded
Size (bytes): 2988
Entropy (8bit): 7.7540488696538805
Encrypted: false
SSDEEP: 48:59OtpqZzjTRQStCxfSf93FdBAeqaSbQkqBKwxu8ksUQMZP51FaY:59ObQ3TCStCxfSf93F8nnqBPx1Cp5Pd
MD5: 4737498E812B3BAE475080F60A8F0802
SHA1: 5F8B74993CCB00859DABC61A85D5E0EDB7EC373E
SHA-256: AC21D76BC129928BBE0093AB168E84C4F81712144377BAD920E134E2A60D118A
SHA-512: 7EA7F7D95D0C5A7084F16A117AC27C93E49BFB3A0C29103CB8DB99F7884D485B553D6F90A41B06F31D3C94E0176D5EE2CC5C2C77AF5CE9F581A3595BC718CD09
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/productimages/sku/s2324705-main-zoom.jpg?imwidth=162
Preview:II.. ...$..o.N.K..=wv........................................................................C...........C....................&.......WMPHOTO..F.q....0..&..b`l.g..................... ..d...X,[email protected].$...Y....."~.BKp"_0.K-.=}..zDl.dd.."[email protected].$..p.P.U.UU[.D..m^.T.....I....l....'UR[U...UT...;.U.*....Um..R....Y.k.Kl ..%.8.....".............................X.0..3..a.(.q.~Zf....R&...D..D..F.-.Rny...\.1..3.|. K.....@e..|..../..._l.4w5.s....T>`............,.............AZ....5..y.*..."...(...xve...(....^..........k...............y.U....p.......s..mV^Q&.......k]X.{V....o.p.m|.{.s...%..P.YF...V.....e..Z..CBx...0........"..8..~.E....JV.......L..b.!..b...z...V.6.bM..Hs~.k..`"b.$...W.i.F.h......y..},9*........%3.&W..*..QN....u(..1m.O....a..u...9.....#.$..FI6...V..T....0..........TUz.......}U........"..#Z..y...C....#.I........K..a....6.0:EH..... 8B7..No0.....`..!...-/,A...._.u.z\"~..ho.....M*Wss..g.MYU.i...D......e..!.K...P...u....#r....sCR.......1.!.z..)...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\sephora_common[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: dropped
Size (bytes): 355260
Entropy (8bit): 6.077506756942537
Encrypted: false
SSDEEP: 6144:JlEwdrPuLf8lzcYG2RHAkCqyerWPUl/qGub8D4J3vizi55qGiDG5uK0hSZ5S25MV:JcHujhS625OJWcHujhS625OJw
MD5: 4B23478949A485ECFFA0297C4264F5E1
SHA1: ECE4DEF5A2A1EC75E0295D293A492B901BD0D447
SHA-256: F9859E2BA3F32DE64890F87D4EAC107CA68011B8D0C507113208742B0DEB42F0
SHA-512: 5C98814AA431D81C3127F25B6C0D2A0999DC9189932D05CB424719F1ECE3086EAAF2FB3ACA34DEFF6825511614F79FC861D145DE6B285341BA12E94B6265F5AF
Malicious: false
Reputation: low
Preview:(function V(l){var Y={},g={};var O=ReferenceError,Q=TypeError,y=Object,v=RegExp,r=Number,x=String,H=Array,U=y.bind,E=y.call,J=E.bind(U,E),j=y.apply,p=J(j),F=[].push,w=[].pop,k=[].slice,n=[].splice,o=[].join,T=[].map,B=J(F),b=J(k),c=J(o),P=J(T),M={}.hasOwnProperty,d=J(M),a=JSON.stringify,m=y.getOwnPropertyDescriptor,q=y.defineProperty,i=x.fromCharCode,A=Math.min,t=Math.floor,G=y.create,L="".indexOf,K="".charAt,W=J(L),u=J(K),I=typeof Uint8Array==="function"?Uint8Array:H;var R=[O,Q,y,v,r,x,H,U,E,j,F,w,k,n,o,T,M,a,m,q,i,A,t,G,L,K,I];var S=["jSpz3AAUvA","KfKXcdTQCVUJ","5z94tSAb9YaVVAMw","FPi0APztVUo3","l9SnSeTJew","AcGUGvTuXEVX84O5nw","mXJOzyEr0ZbDI1p_FXFctztbUGlIerD9WA","assign","QeyBHdjxABEu85WDqOzKHbE","cntl4xkW56CfBHM","dLL8DIWyAg","jr_7HKi9ISQGyZWn6KU","kfvTBZU","R1wxvw","method","WM6dSNc","complete","fkU-iFhQ88PkLQ","_Dcx_k9DisA","l4zBFZLm","QmB_6RMIkbTSDAZ-eT4","2aU","zxc27EUKrfPFai98Bm0","ZqDYCLikDQBxpLTz3uDOOPS-veXk9ylovtzydfTQWzc","HM7EA7OsMwM1przh","zp_0K4OAJw","b-mYYf3bXFwR__aiw
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\sephora_common[2].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 355260
Entropy (8bit): 6.077506756942537
Encrypted: false
SSDEEP: 6144:JlEwdrPuLf8lzcYG2RHAkCqyerWPUl/qGub8D4J3vizi55qGiDG5uK0hSZ5S25MV:JcHujhS625OJWcHujhS625OJw
MD5: 4B23478949A485ECFFA0297C4264F5E1
SHA1: ECE4DEF5A2A1EC75E0295D293A492B901BD0D447
SHA-256: F9859E2BA3F32DE64890F87D4EAC107CA68011B8D0C507113208742B0DEB42F0
SHA-512: 5C98814AA431D81C3127F25B6C0D2A0999DC9189932D05CB424719F1ECE3086EAAF2FB3ACA34DEFF6825511614F79FC861D145DE6B285341BA12E94B6265F5AF
Copyright null 2020 Page 43 of 73
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/js/ufe/isomorphic/thirdparty/sephora_common.js?seed=AADsmk11AQAAcIucUsmheJQAh1mDCok3wvLOPP87wdjxtJOijBxuc_brKNtU&x-o1na2nub--z=q
Preview:(function V(l){var Y={},g={};var O=ReferenceError,Q=TypeError,y=Object,v=RegExp,r=Number,x=String,H=Array,U=y.bind,E=y.call,J=E.bind(U,E),j=y.apply,p=J(j),F=[].push,w=[].pop,k=[].slice,n=[].splice,o=[].join,T=[].map,B=J(F),b=J(k),c=J(o),P=J(T),M={}.hasOwnProperty,d=J(M),a=JSON.stringify,m=y.getOwnPropertyDescriptor,q=y.defineProperty,i=x.fromCharCode,A=Math.min,t=Math.floor,G=y.create,L="".indexOf,K="".charAt,W=J(L),u=J(K),I=typeof Uint8Array==="function"?Uint8Array:H;var R=[O,Q,y,v,r,x,H,U,E,j,F,w,k,n,o,T,M,a,m,q,i,A,t,G,L,K,I];var S=["jSpz3AAUvA","KfKXcdTQCVUJ","5z94tSAb9YaVVAMw","FPi0APztVUo3","l9SnSeTJew","AcGUGvTuXEVX84O5nw","mXJOzyEr0ZbDI1p_FXFctztbUGlIerD9WA","assign","QeyBHdjxABEu85WDqOzKHbE","cntl4xkW56CfBHM","dLL8DIWyAg","jr_7HKi9ISQGyZWn6KU","kfvTBZU","R1wxvw","method","WM6dSNc","complete","fkU-iFhQ88PkLQ","_Dcx_k9DisA","l4zBFZLm","QmB_6RMIkbTSDAZ-eT4","2aU","zxc27EUKrfPFai98Bm0","ZqDYCLikDQBxpLTz3uDOOPS-veXk9ylovtzydfTQWzc","HM7EA7OsMwM1przh","zp_0K4OAJw","b-mYYf3bXFwR__aiw
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\sephora_common[2].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\sid[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Category: downloaded
Size (bytes): 43
Entropy (8bit): 3.2226627197680635
Encrypted: false
SSDEEP: 3:CUzRtwv+L1pse:1/se
MD5: F837AA60B6FE83458F790DB60D529FC9
SHA1: 14AF87CCEC7F81BB28D53C84DA2FD5A9D5925CDA
SHA-256: DCECAB1355B5C2B9ECEF281322BF265AC5840B4688748586E9632B473A5FE56B
SHA-512: A85E09C3B5DBB560F4E03BA880047DBC8B4999A64C1F54FBFBCA17EE0BCBED3BC6708D699190B56668E464A59358D6B534C3963A1329BA01DB21075EF5BEDACE
Malicious: false
Reputation: low
IE Cache URL: https://network.bazaarvoice.com/sid.gif?_=p1xmcr
Preview:GIF89a.............!.......,...........L..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\sid[2].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Category: downloaded
Size (bytes): 43
Entropy (8bit): 3.2226627197680635
Encrypted: false
SSDEEP: 3:CUzRtwv+L1pse:1/se
MD5: F837AA60B6FE83458F790DB60D529FC9
SHA1: 14AF87CCEC7F81BB28D53C84DA2FD5A9D5925CDA
SHA-256: DCECAB1355B5C2B9ECEF281322BF265AC5840B4688748586E9632B473A5FE56B
SHA-512: A85E09C3B5DBB560F4E03BA880047DBC8B4999A64C1F54FBFBCA17EE0BCBED3BC6708D699190B56668E464A59358D6B534C3963A1329BA01DB21075EF5BEDACE
Malicious: false
Reputation: low
IE Cache URL: https://network.bazaarvoice.com/sid.gif?_=cgztnv
Preview:GIF89a.............!.......,...........L..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\sid[3].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Category: downloaded
Size (bytes): 43
Entropy (8bit): 3.2226627197680635
Encrypted: false
SSDEEP: 3:CUzRtwv+L1pse:1/se
MD5: F837AA60B6FE83458F790DB60D529FC9
SHA1: 14AF87CCEC7F81BB28D53C84DA2FD5A9D5925CDA
SHA-256: DCECAB1355B5C2B9ECEF281322BF265AC5840B4688748586E9632B473A5FE56B
SHA-512: A85E09C3B5DBB560F4E03BA880047DBC8B4999A64C1F54FBFBCA17EE0BCBED3BC6708D699190B56668E464A59358D6B534C3963A1329BA01DB21075EF5BEDACE
Malicious: false
Reputation: low
IE Cache URL: https://network.bazaarvoice.com/sid.gif?_=8u969a
Copyright null 2020 Page 44 of 73
Preview:GIF89a.............!.......,...........L..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\sid[3].gif
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\skincare[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Category: dropped
Size (bytes): 303209
Entropy (8bit): 5.325064884976275
Encrypted: false
SSDEEP: 1536:2borlmUm7XeOfl7rT47Ojn5GAocmGPbIP8L1C6ILTwFdMxYJTYXdawjWnpJmptVe:2borl4r997geDiYJTYXdhWke
MD5: D56823E101621AEB18CDAD32CAE1C578
SHA1: 130881049E762115BAC3C376FD39FD47F606A241
SHA-256: 7DFC4260A27F4341E6FB9EDE481C934B2ACB11B617BA94BF171CA5CD1AA27BAD
SHA-512: FAFE69E153746DE0AE9520D2AF7B39773EB5626839AC1BC50AF798B9707D7FD65E556E49DEF64B0BBBA969628369D0E2BA5139E0A4B4277D4B90345BF9E219F1
Malicious: false
Reputation: low
Preview:<!DOCTYPE html>.<html lang="en" class="css-mao3d8"><head data-comp="Head "><title>Skincare Products | Sephora</title><script>(function(){(function(a){"use strict";function b(c,d){if({}.hasOwnProperty.call(b.cache,c))return b.cache[c];var e=b.resolve(c);if(!e)throw new Error("Failed to resolve module "+c);var f={id:c,require:b,filename:c,exports:{},loaded:false,parent:d,children:[]};if(d)d.children.push(f);var g=c.slice(0,c.lastIndexOf("/")+1);b.cache[c]=f.exports;e.call(void 0,f,f.exports,g,c);f.loaded=true;return b.cache[c]=f.exports}b.modules={};b.cache={};b.resolve=function(h){return{}.hasOwnProperty.call(b.modules,h)?b.modules[h]:void 0};b.define=function(i,j){b.modules[i]=j};b.define("1",function(k,l,m,n){var o=b("2",k);var p=o["default"];var q=String.fromCharCode.bind(String);function r(s){return q(8238)+s+q(8237)}var t=r("OTWHHWJgj");var u=r("rBCUgmpuw");var v="";var w="";var x=void 0;var y=Object.defineProperty.bind(Object);(function(){var z=XMLHttpRequest.prototype;var A=z.ope
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\st[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Category: dropped
Size (bytes): 43
Entropy (8bit): 3.2226627197680635
Encrypted: false
SSDEEP: 3:CUzRtwv+L1pse:1/se
MD5: F837AA60B6FE83458F790DB60D529FC9
SHA1: 14AF87CCEC7F81BB28D53C84DA2FD5A9D5925CDA
SHA-256: DCECAB1355B5C2B9ECEF281322BF265AC5840B4688748586E9632B473A5FE56B
SHA-512: A85E09C3B5DBB560F4E03BA880047DBC8B4999A64C1F54FBFBCA17EE0BCBED3BC6708D699190B56668E464A59358D6B534C3963A1329BA01DB21075EF5BEDACE
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........L..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\star[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 431
Entropy (8bit): 4.434474988022436
Encrypted: false
SSDEEP: 6:tI9mc4sl3OfPbuO+dVlxruDwR99zF0OuhLRaFNPViUqoNw5lFRLP+rci9lVNU6oi:t418L8xpLFFShgXtiUqoy7LAcMVNgr2
MD5: FAEEFEDC36CEACA56EAB3E056BB583FA
SHA1: DA1F5D6DBD2559684A9729851E9EEFA72C1A0C8A
SHA-256: F9EBA9ADCBC423917EC023233736D9023C5A9631522C76B89A0A3E42BAB34E72
SHA-512: E8BB12BAC2FF7C2880092CB0468937D5A202EEE5BC54867998EE02ED7EFE558A881EB9273A0C522C1145FAAE1BA548D0B4CC83DDF5B916E031C0BF7B9FF39922
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/img/ufe/icons/star.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d='M4.5 24a.735.735 0 01-.466-.168.79.79 0 01-.23-.896l3.188-8.158L.317 9.924a.788.788 0 01-.283-.868.752.752 0 01.715-.54h7.758L11.294.513A.733.733 0 0112.03 0a.754.754 0 01.694.57l2.1 7.945h8.427c.327 0 .616.218.715.54a.788.788 0 01-.283.868l-6.673 4.854 3.187 8.158a.791.791 0 01-.23.896.732.732 0 01-.896.028L12 18.752 4.93 23.86a.735.735 0 01-.43.14z'/></svg>.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\sun-lotion[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Copyright null 2020 Page 45 of 73
Category: dropped
Size (bytes): 410690
Entropy (8bit): 5.423590127230028
Encrypted: false
SSDEEP: 1536:NjorltUu7/8YOJl7rT4D4daIapaDQg1bCI2ARqmGPbIP8L1C6ILTw2iiAJuTv1nV:NjorlLr8Pr7gIKJMNXcX4E1C
MD5: F6EA9EDFFE617190DA88C6999A125D6C
SHA1: 523F14E7EAD4315D89EFE48A217C3BD7A0DB5288
SHA-256: A53BDF957C32B22ED9989D14281A834C0CE2566F882855E8E9B2406D08B48933
SHA-512: 5893D31579BF42D6BE8DC203AEB312734FB2F134B33C84D0E0037670D09A05DED204222141BB83866678E87729DC8C2CF5B4E7B4768585E26EF5603F213EE1E1
Malicious: false
Reputation: low
Preview:<!DOCTYPE html>.<html lang="en" class="css-mao3d8"><head data-comp="Head "><title>Sun Lotion | Sephora</title><script>(function(){(function(a){"use strict";function b(c,d){if({}.hasOwnProperty.call(b.cache,c))return b.cache[c];var e=b.resolve(c);if(!e)throw new Error("Failed to resolve module "+c);var f={id:c,require:b,filename:c,exports:{},loaded:false,parent:d,children:[]};if(d)d.children.push(f);var g=c.slice(0,c.lastIndexOf("/")+1);b.cache[c]=f.exports;e.call(void 0,f,f.exports,g,c);f.loaded=true;return b.cache[c]=f.exports}b.modules={};b.cache={};b.resolve=function(h){return{}.hasOwnProperty.call(b.modules,h)?b.modules[h]:void 0};b.define=function(i,j){b.modules[i]=j};b.define("1",function(k,l,m,n){var o=b("2",k);var p=o["default"];var q=String.fromCharCode.bind(String);function r(s){return q(8238)+s+q(8237)}var t=r("OTWHHWJgj");var u=r("rBCUgmpuw");var v="";var w="";var x=void 0;var y=Object.defineProperty.bind(Object);(function(){var z=XMLHttpRequest.prototype;var A=z.open;var B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\sun-lotion[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\tag[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: dropped
Size (bytes): 104941
Entropy (8bit): 5.124654695248387
Encrypted: false
SSDEEP: 3072:pNvEgCZ0BwejQ2LPFNTyUAJ0boTr90mik595g36:ppEgCZ0BHjQ2LPFNTyUAJ0boT50mi2zH
MD5: 8500F74A41188AEEFBF7ECC25821C440
SHA1: A72957ED57C50CB77ED7C763F37E2049C27AFE5D
SHA-256: CCE24F1C610A0237F25B7B267F63FFB9C57A7071E3DCEE495D6AAE4A52EB42EE
SHA-512: 88CC7D04A55622D358DCB8DA9C4EE2F3B99883A9318B6CB491A00DF3379C5AE4DB962A5E42D66EA390810D4B9220E5D2936DCD78D037375C2A34E6D1910C9672
Malicious: false
Reputation: low
Preview:BrightTag.site('N5k3uAH',function(s){.s.script('//s.btstatic.com/lib/32cbe8765a6a41d0553df50d1cff9556f184d138.js?v\x3d2').script('//s.btstatic.com/lib/75f5ddb198f7bc466a45081bd722f04984b8b24c.js?v\x3d2').script('//s.btstatic.com/forex.js').script('//s.btstatic.com/lib/b08d27c0e961566e2db56eefcece4b22642eee13.js?v\x3d2').script('//s.btstatic.com/lib/79676213ec9fde90c38c3c4bf096b87855980e05.js?v\x3d2').script('//s.btstatic.com/lib/35396449d4c62aaa8d3087ef954e60e52c5576b3.js?v\x3d2').script('//s.btstatic.com/lib/52d74dad66c012a37a3c8e6c7d3ea4a4d87708d5.js?v\x3d2').script('//s.btstatic.com/lib/a8690a7205f632257b83009d90ceb4f6da291ff7.js?v\x3d2').wait(function(){.s.dbe('async :: certona audience id', 'null;',{pageId:4045760});.s.dbe('page :: certona audience id', 'digitalData.page.attributes.externalRecommendations.audienceId ? \x27certona_\x27 + digitalData.page.attributes.externalRecommendations.audienceId : null;',{pageId:4045760});.s.dbe('link :: validation error messages', '(function (
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\2019-09-05-global-nav-lg-hao-next-level-us-d-slice[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Category: downloaded
Size (bytes): 30769
Entropy (8bit): 7.765320939824895
Encrypted: false
SSDEEP: 768:dpshykic7xlyP8tEPubYEAn+sHHA5Qoqcr5wsDPUam:DshAIxlyIEPAA+kZopUam
MD5: D7D820556EB1BBB55C7C6E7149557A5D
SHA1: E2D6C26742CE36A4D0A1EB6059FBE60099233275
SHA-256: 1DAA1BE5215681FEB11359BCE2CE020FFA780A3BDFD4ED536BDA61C696AEB951
SHA-512: D00A05D4B8B3D4E4BA1BA7AE451071D338974B538ED75D1921B5C0D421E3726FC803A6AEB6DB271F42BAC519B96719A688E4CC2FD14A86B79AE7CF079B943DE3
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/contentimages/meganav/large/2019-09-05-global-nav-lg-hao-next-level-us-d-slice.jpg?imwidth=221
Preview:II.. ...$..o.N.K..=wv........................................................................B...........B.....................w......WMPHOTO..E.q....0..$$.BBL.DD........._...............@. ............G. V..;4qA...s....b/..F9.q...xf.z.......W..J..................z...........{.....)l.Q(....3Ht.'.y.*....x..x..r..;..9..Y..z.!X....(w.9S|./..L.......at.=)...:[email protected] ..r....9Y.).j..-.pu$.SK\b.....VS.....Jv.....S......cNAF.H\...o.......!a....i.w;a..Q.+...^[email protected]$=.}|.*..U.Acq~.....W0.....f~.....>..,.H.4....6..3...-..EDzO..;.'.E...N=....m...\.U.].Vf...j...U#._ZD.+yA.<t?.. .M.O[.ED.......=...$.%...d..,..H.J...F...a+N9F....n.FG..%.......o.lH...VcH.tA..../JJc.?2..mE.z........#*.....nS\.eR..h.X. [email protected]*..,.......?......$?[d.Km8......fbI.+.j.My....r.<...:...~"lu.1.".4..0Y.n..4..>t.>.b.QG.#:P..!.....I@...!T....%$."%".....W.{....Z............@ [email protected].. .Q.A....a.......(...<7.. .0...1Fa.0......x..<7..G.E.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\2020-10-01-global-nav-lg-makeup-by-mario-us-ca-d-slice[1].wdpProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG-XR
Category: downloaded
Copyright null 2020 Page 46 of 73
Static File Info
No static file info
Network Port Distribution
Total Packets: 114
• 53 (DNS)
• 443 (HTTPS)
Size (bytes): 24958
Entropy (8bit): 7.764769214241732
Encrypted: false
SSDEEP: 384:7TwGBvFeMl3jPsf/9lmKZPNmUSOSug99UWlKTGRsoYBwsOBT648zPu+R9ls/BDad:A0nBsLmaPMUtng99pUTesv8T8rHApDa
MD5: 2CE73EBD88F3B9CD14B0CBC4C6F36962
SHA1: 149E6E93EB0EA3CEF555C0085E97D576B67E7DD1
SHA-256: 7F4D67A18571665E5D04A6BC3F60AFD6F936681F5FB6E6660967096959B7AC7A
SHA-512: 87BEE266DD6300BE7238EE5078BBDB8CAE0938A7B6DB2A5F28CB1E7F9834C6D381EB4632055896A98450C9A00978EC9BCA9CB0F65DFCA26F1AD308D1AA7F08C3
Malicious: false
Reputation: low
IE Cache URL: https://www.sephora.com/contentimages/meganav/large/2020-10-01-global-nav-lg-makeup-by-mario-us-ca-d-slice.png?imwidth=221
Preview:II.. ...$..o.N.K..=wv........................................................................B...........B.....................`......WMPHOTO..F.q....0...LJJT...`.....?.vKh...... [email protected]>.J......"..v.%.M5PP.....y..d!..@@..P...{NR..z.......V.~...={..P.r.]...sT...L.. ..6...o.^iQhxr...i....6.BgL........K..3.MK...*.=.u.<g...R..;....([email protected]..],A..i...t..D....H....a_$M}...S..q.BV..:..S.V...*)N.@...$..Ux4.R-s5#$...3.,....V.i?H.t.%.........v.....$......mAJ/....rXh./|..#.....Ct..E4.l....H..*zg..sA....<.:......O...J.v\...][email protected].|nj[...H..yu..N7R0..M.A.*.*`.-...:....bd...Sp.........SM...!gF....0 Go....V.G...{.7.me..D.....E..3,v...).........Tco.....;k.....+.(.....HZ.P.t..C9...."j...............I...J.....n.K.,.5.../H.X.J.U`.%Q1..(..a.......4..D...:..'.X.@.<Q.`.0..#a..A..P..0cD.Q..P..B)[email protected] C..Ho...hC`...Cg...6#..|.h.:.)....L....~$P...<.Z'.....KE.L...........V...}..t.R..c....u..6LxIOV...G.tJ.F.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\2020-10-01-global-nav-lg-makeup-by-mario-us-ca-d-slice[1].wdp
Network Behavior
Timestamp Source Port Dest Port Source IP Dest IP
Oct 23, 2020 22:31:48.214888096 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.215138912 CEST 49718 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.230830908 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.230918884 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.231089115 CEST 443 49718 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.231158018 CEST 49718 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.231997013 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.233053923 CEST 49718 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.247884035 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.248545885 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.248588085 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.248610020 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.248631954 CEST 49717 443 192.168.2.3 99.86.2.122
TCP Packets
Copyright null 2020 Page 47 of 73
Oct 23, 2020 22:31:48.248960018 CEST 443 49718 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.250802040 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.250858068 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.254930973 CEST 49721 443 192.168.2.3 208.74.204.225
Oct 23, 2020 22:31:48.254946947 CEST 49722 443 192.168.2.3 208.74.204.225
Oct 23, 2020 22:31:48.263397932 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.265925884 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.267066956 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.279715061 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.279743910 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.279834986 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.279920101 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.281892061 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.282018900 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.284796953 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.284840107 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.284853935 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.284878969 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.284894943 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.284917116 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.284933090 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.284956932 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.284971952 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.284996033 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.285010099 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.285048008 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.285176992 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.285214901 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.285232067 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.285269022 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.286179066 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.286221981 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.286242962 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.286269903 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.287378073 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.287416935 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.287436962 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.287453890 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.287478924 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.287502050 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.287511110 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.287556887 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.288177967 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.289796114 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.289834976 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.289932013 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.289948940 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.290271044 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.290309906 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.290321112 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.290364027 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.291238070 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.291276932 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.291291952 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.291333914 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.292454958 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.292481899 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.292511940 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.292526960 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.293612957 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.293642998 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.293754101 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.293771982 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.295905113 CEST 443 49717 99.86.2.122 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Copyright null 2020 Page 48 of 73
Oct 23, 2020 22:31:48.295941114 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.295957088 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.295989037 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.296530008 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.296559095 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.296593904 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.296618938 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.297971964 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.298002958 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.298060894 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.298080921 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.300949097 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.300980091 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.301399946 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.301544905 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.301580906 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.301673889 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.301700115 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.302793980 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.302831888 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.302865028 CEST 443 49717 99.86.2.122 192.168.2.3
Oct 23, 2020 22:31:48.302870035 CEST 49717 443 192.168.2.3 99.86.2.122
Oct 23, 2020 22:31:48.302879095 CEST 49717 443 192.168.2.3 99.86.2.122
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source Port Dest Port Source IP Dest IP
Oct 23, 2020 22:31:46.561992884 CEST 64185 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:46.596330881 CEST 53 64185 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:47.621675968 CEST 65110 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:47.656153917 CEST 53 65110 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:48.165616989 CEST 58361 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:48.179825068 CEST 63492 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:48.207916021 CEST 60831 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:48.209502935 CEST 53 58361 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:48.215868950 CEST 53 63492 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:48.240443945 CEST 53 60831 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:48.439838886 CEST 60100 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:48.474220037 CEST 53 60100 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:48.602931976 CEST 53195 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:48.637167931 CEST 53 53195 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:48.843502045 CEST 50141 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:48.858845949 CEST 53023 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:48.878433943 CEST 53 50141 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:48.891196966 CEST 53 53023 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:50.288305044 CEST 49563 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:50.322942019 CEST 53 49563 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:50.335957050 CEST 51352 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:50.368592024 CEST 53 51352 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:50.421595097 CEST 59349 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:50.454229116 CEST 53 59349 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:50.462637901 CEST 57084 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:50.467300892 CEST 58823 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:50.472913027 CEST 57568 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:50.495191097 CEST 53 57084 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:50.501502991 CEST 53 58823 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:50.515397072 CEST 53 57568 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:50.912348032 CEST 50540 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:50.936511040 CEST 53 50540 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:51.018882990 CEST 54366 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:51.051549911 CEST 53 54366 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:51.109673977 CEST 53034 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:51.143666029 CEST 53 53034 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:51.258614063 CEST 57762 53 192.168.2.3 8.8.8.8
UDP Packets
Copyright null 2020 Page 49 of 73
Oct 23, 2020 22:31:51.287357092 CEST 55435 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:51.299086094 CEST 53 57762 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:51.321362972 CEST 53 55435 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:51.559381008 CEST 50713 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:51.583560944 CEST 53 50713 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:51.616019964 CEST 56132 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:51.656236887 CEST 53 56132 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:51.698772907 CEST 58987 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:51.744874001 CEST 53 58987 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:51.860429049 CEST 56579 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:51.860634089 CEST 60633 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:51.860953093 CEST 61292 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:51.895073891 CEST 53 61292 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:51.895126104 CEST 53 60633 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:51.902376890 CEST 53 56579 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:52.255713940 CEST 63619 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:52.269923925 CEST 64938 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:52.277398109 CEST 61946 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:52.292897940 CEST 53 63619 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:52.294322968 CEST 53 64938 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:52.301666021 CEST 53 61946 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:52.448554039 CEST 64910 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:52.481334925 CEST 53 64910 8.8.8.8 192.168.2.3
Oct 23, 2020 22:31:52.847676992 CEST 52123 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:31:52.881934881 CEST 53 52123 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:04.409321070 CEST 56130 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:04.443330050 CEST 53 56130 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:05.607809067 CEST 56338 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:05.642930984 CEST 53 56338 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:05.739393950 CEST 59420 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:05.763622046 CEST 53 59420 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:07.477705002 CEST 58784 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:07.514429092 CEST 53 58784 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:07.857732058 CEST 63978 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:07.899524927 CEST 53 63978 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:08.241919041 CEST 62938 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:08.276835918 CEST 53 62938 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:08.283916950 CEST 55708 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:08.318067074 CEST 53 55708 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:08.686871052 CEST 56803 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:08.719700098 CEST 53 56803 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:08.828674078 CEST 57145 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:08.862673998 CEST 53 57145 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:08.869199991 CEST 55359 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:08.903542042 CEST 53 55359 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:08.982839108 CEST 58306 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:08.996870995 CEST 64124 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:09.019525051 CEST 53 58306 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:09.034109116 CEST 53 64124 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:09.175024986 CEST 49361 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:09.207747936 CEST 53 49361 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:16.983952045 CEST 63150 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:17.008414030 CEST 53 63150 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:17.253079891 CEST 53279 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:17.277395964 CEST 53 53279 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:17.984793901 CEST 63150 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:18.009430885 CEST 53 63150 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:18.253635883 CEST 53279 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:18.286178112 CEST 53 53279 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:18.988990068 CEST 63150 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:19.013261080 CEST 53 63150 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:19.736553907 CEST 53279 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:19.772205114 CEST 53 53279 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:21.808653116 CEST 53279 53 192.168.2.3 8.8.8.8
Timestamp Source Port Dest Port Source IP Dest IP
Copyright null 2020 Page 50 of 73
Oct 23, 2020 22:32:21.833074093 CEST 53 53279 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:22.284323931 CEST 63150 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:22.308630943 CEST 53 63150 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:25.809251070 CEST 53279 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:25.833528042 CEST 53 53279 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:26.328341007 CEST 63150 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:26.364099026 CEST 53 63150 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:28.156713009 CEST 56881 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:28.202275038 CEST 53 56881 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:32.581244946 CEST 53642 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:32.617696047 CEST 53 53642 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:32.652935982 CEST 55667 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:32.677030087 CEST 53 55667 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:32.736443996 CEST 54833 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:32.760603905 CEST 53 54833 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:34.462721109 CEST 62476 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:34.486979008 CEST 53 62476 8.8.8.8 192.168.2.3
Oct 23, 2020 22:32:48.359299898 CEST 49705 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:32:48.393515110 CEST 53 49705 8.8.8.8 192.168.2.3
Oct 23, 2020 22:33:03.886986017 CEST 61477 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:33:03.919863939 CEST 53 61477 8.8.8.8 192.168.2.3
Oct 23, 2020 22:33:04.972968102 CEST 61633 53 192.168.2.3 8.8.8.8
Oct 23, 2020 22:33:05.005932093 CEST 53 61633 8.8.8.8 192.168.2.3
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Oct 23, 2020 22:31:47.621675968 CEST 192.168.2.3 8.8.8.8 0xbf47 Standard query (0)
www.sephora.com
A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.165616989 CEST 192.168.2.3 8.8.8.8 0xe9ff Standard query (0)
cnstrc.com A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.179825068 CEST 192.168.2.3 8.8.8.8 0xadaa Standard query (0)
edge1.certona.net
A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.207916021 CEST 192.168.2.3 8.8.8.8 0xb196 Standard query (0)
community.sephora.com
A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.439838886 CEST 192.168.2.3 8.8.8.8 0x8b8 Standard query (0)
s.go-mpulse.net A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.602931976 CEST 192.168.2.3 8.8.8.8 0xdb9e Standard query (0)
dpm.demdex.net A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.843502045 CEST 192.168.2.3 8.8.8.8 0x8c03 Standard query (0)
pdp.api.htap.io A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.858845949 CEST 192.168.2.3 8.8.8.8 0x1857 Standard query (0)
content.zeronaught.com
A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.288305044 CEST 192.168.2.3 8.8.8.8 0xb622 Standard query (0)
s.btstatic.com A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.335957050 CEST 192.168.2.3 8.8.8.8 0x9573 Standard query (0)
sephora.cnstrc.com
A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.421595097 CEST 192.168.2.3 8.8.8.8 0x9f36 Standard query (0)
www.res-x.com A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.462637901 CEST 192.168.2.3 8.8.8.8 0xbb3b Standard query (0)
sephora.demdex.net
A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.467300892 CEST 192.168.2.3 8.8.8.8 0x2cec Standard query (0)
cm.everesttech.net
A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.472913027 CEST 192.168.2.3 8.8.8.8 0x41d5 Standard query (0)
smetrics.sephora.com
A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.912348032 CEST 192.168.2.3 8.8.8.8 0x91f7 Standard query (0)
s.thebrighttag.com
A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.018882990 CEST 192.168.2.3 8.8.8.8 0x5a29 Standard query (0)
api.zeronaught.com
A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.109673977 CEST 192.168.2.3 8.8.8.8 0x2274 Standard query (0)
sephora.tt.omtrdc.net
A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.258614063 CEST 192.168.2.3 8.8.8.8 0x7da3 Standard query (0)
api.bluecore.com A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.287357092 CEST 192.168.2.3 8.8.8.8 0x4066 Standard query (0)
c.go-mpulse.net A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.698772907 CEST 192.168.2.3 8.8.8.8 0x151f Standard query (0)
apps.bazaarvoice.com
A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.860429049 CEST 192.168.2.3 8.8.8.8 0x7a94 Standard query (0)
cdn.attn.tv A (IP address) IN (0x0001)
DNS Queries
Copyright null 2020 Page 51 of 73
Oct 23, 2020 22:31:51.860634089 CEST 192.168.2.3 8.8.8.8 0xd7b3 Standard query (0)
static.ads-twitter.com
A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.860953093 CEST 192.168.2.3 8.8.8.8 0xd507 Standard query (0)
connect.facebook.net
A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.255713940 CEST 192.168.2.3 8.8.8.8 0x8d4c Standard query (0)
analytics-static.ugc.bazaarvoice.com
A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.269923925 CEST 192.168.2.3 8.8.8.8 0x70a Standard query (0)
analytics.twitter.com
A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.277398109 CEST 192.168.2.3 8.8.8.8 0x5c7 Standard query (0)
t.co A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.448554039 CEST 192.168.2.3 8.8.8.8 0xad82 Standard query (0)
network.bazaarvoice.com
A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.847676992 CEST 192.168.2.3 8.8.8.8 0x7972 Standard query (0)
6852bd0f.akstat.io
A (IP address) IN (0x0001)
Oct 23, 2020 22:32:04.409321070 CEST 192.168.2.3 8.8.8.8 0x7b85 Standard query (0)
www.sephora.com
A (IP address) IN (0x0001)
Oct 23, 2020 22:32:07.477705002 CEST 192.168.2.3 8.8.8.8 0x4ab0 Standard query (0)
mboxedge37.tt.omtrdc.net
A (IP address) IN (0x0001)
Oct 23, 2020 22:32:07.857732058 CEST 192.168.2.3 8.8.8.8 0x310e Standard query (0)
e309da9b9aaf.cdn4.forter.com
A (IP address) IN (0x0001)
Oct 23, 2020 22:32:08.241919041 CEST 192.168.2.3 8.8.8.8 0x5630 Standard query (0)
cdn9.forter.com A (IP address) IN (0x0001)
Oct 23, 2020 22:32:08.283916950 CEST 192.168.2.3 8.8.8.8 0x2f41 Standard query (0)
905be570e97f4ef089c185a9efc9a022-e309da9b9aaf.cdn.forter.com
A (IP address) IN (0x0001)
Oct 23, 2020 22:32:08.686871052 CEST 192.168.2.3 8.8.8.8 0x375 Standard query (0)
cdn3.forter.com A (IP address) IN (0x0001)
Oct 23, 2020 22:32:08.828674078 CEST 192.168.2.3 8.8.8.8 0xf569 Standard query (0)
trial-eum-clientnsv4-s.akamaihd.net
A (IP address) IN (0x0001)
Oct 23, 2020 22:32:08.869199991 CEST 192.168.2.3 8.8.8.8 0x3df7 Standard query (0)
trial-eum-clienttons-s.akamaihd.net
A (IP address) IN (0x0001)
Oct 23, 2020 22:32:08.982839108 CEST 192.168.2.3 8.8.8.8 0x8688 Standard query (0)
kqitikcq56kbwx4thxea-pbxs01-df277e29b-clientnsv4-s.akamaihd.net
A (IP address) IN (0x0001)
Oct 23, 2020 22:32:08.996870995 CEST 192.168.2.3 8.8.8.8 0xd43f Standard query (0)
84-17-52-40_s-80-239-148-16_ts-1603485128-clienttons-s.akamaihd.net
A (IP address) IN (0x0001)
Oct 23, 2020 22:32:09.175024986 CEST 192.168.2.3 8.8.8.8 0xb73d Standard query (0)
cdn0.forter.com A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Oct 23, 2020 22:31:47.656153917 CEST
8.8.8.8 192.168.2.3 0xbf47 No error (0) www.sephora.com
www.sephora.com.edgekey.net
CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:48.209502935 CEST
8.8.8.8 192.168.2.3 0xe9ff No error (0) cnstrc.com 99.86.2.122 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.209502935 CEST
8.8.8.8 192.168.2.3 0xe9ff No error (0) cnstrc.com 99.86.2.19 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.209502935 CEST
8.8.8.8 192.168.2.3 0xe9ff No error (0) cnstrc.com 99.86.2.99 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.209502935 CEST
8.8.8.8 192.168.2.3 0xe9ff No error (0) cnstrc.com 99.86.2.117 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.215868950 CEST
8.8.8.8 192.168.2.3 0xadaa No error (0) edge1.certona.net
domains2.kibocommerce.com.edgekey.net
CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:48.240443945 CEST
8.8.8.8 192.168.2.3 0xb196 No error (0) community.sephora.com
sephora.lithium.com CNAME (Canonical name)
IN (0x0001)
DNS Answers
Copyright null 2020 Page 52 of 73
Oct 23, 2020 22:31:48.240443945 CEST
8.8.8.8 192.168.2.3 0xb196 No error (0) sephora.lithium.com
208.74.204.225 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.474220037 CEST
8.8.8.8 192.168.2.3 0x8b8 No error (0) s.go-mpulse.net ip46.go-mpulse.net.edgekey.net
CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:48.637167931 CEST
8.8.8.8 192.168.2.3 0xdb9e No error (0) dpm.demdex.net gslb-2.demdex.net CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:48.637167931 CEST
8.8.8.8 192.168.2.3 0xdb9e No error (0) gslb-2.demdex.net
edge-irl1.demdex.net CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:48.637167931 CEST
8.8.8.8 192.168.2.3 0xdb9e No error (0) edge-irl1.demdex.net
dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:48.637167931 CEST
8.8.8.8 192.168.2.3 0xdb9e No error (0) dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
34.248.119.134 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.637167931 CEST
8.8.8.8 192.168.2.3 0xdb9e No error (0) dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
52.210.217.12 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.637167931 CEST
8.8.8.8 192.168.2.3 0xdb9e No error (0) dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
34.248.49.247 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.637167931 CEST
8.8.8.8 192.168.2.3 0xdb9e No error (0) dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
52.208.235.219 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.637167931 CEST
8.8.8.8 192.168.2.3 0xdb9e No error (0) dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
54.76.175.152 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.637167931 CEST
8.8.8.8 192.168.2.3 0xdb9e No error (0) dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
34.243.136.226 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.637167931 CEST
8.8.8.8 192.168.2.3 0xdb9e No error (0) dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
3.250.252.43 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.637167931 CEST
8.8.8.8 192.168.2.3 0xdb9e No error (0) dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
63.32.152.233 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.878433943 CEST
8.8.8.8 192.168.2.3 0x8c03 No error (0) pdp.api.htap.io d6kvlftt98j8x.cloudfront.net
CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:48.878433943 CEST
8.8.8.8 192.168.2.3 0x8c03 No error (0) d6kvlftt98j8x.cloudfront.net
99.86.2.80 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.878433943 CEST
8.8.8.8 192.168.2.3 0x8c03 No error (0) d6kvlftt98j8x.cloudfront.net
99.86.2.85 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.878433943 CEST
8.8.8.8 192.168.2.3 0x8c03 No error (0) d6kvlftt98j8x.cloudfront.net
99.86.2.93 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.878433943 CEST
8.8.8.8 192.168.2.3 0x8c03 No error (0) d6kvlftt98j8x.cloudfront.net
99.86.2.74 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.891196966 CEST
8.8.8.8 192.168.2.3 0x1857 No error (0) content.zeronaught.com
zeronaught.com CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:48.891196966 CEST
8.8.8.8 192.168.2.3 0x1857 No error (0) zeronaught.com 216.239.32.21 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.891196966 CEST
8.8.8.8 192.168.2.3 0x1857 No error (0) zeronaught.com 216.239.34.21 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.891196966 CEST
8.8.8.8 192.168.2.3 0x1857 No error (0) zeronaught.com 216.239.36.21 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:48.891196966 CEST
8.8.8.8 192.168.2.3 0x1857 No error (0) zeronaught.com 216.239.38.21 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.322942019 CEST
8.8.8.8 192.168.2.3 0xb622 No error (0) s.btstatic.com s.btstatic.edgekey.net CNAME (Canonical name)
IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright null 2020 Page 53 of 73
Oct 23, 2020 22:31:50.368592024 CEST
8.8.8.8 192.168.2.3 0x9573 No error (0) sephora.cnstrc.com
34.193.180.122 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.368592024 CEST
8.8.8.8 192.168.2.3 0x9573 No error (0) sephora.cnstrc.com
18.235.107.64 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.454229116 CEST
8.8.8.8 192.168.2.3 0x9f36 No error (0) www.res-x.com 69.43.132.198 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.495191097 CEST
8.8.8.8 192.168.2.3 0xbb3b No error (0) sephora.demdex.net
gslb-2.demdex.net CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:50.495191097 CEST
8.8.8.8 192.168.2.3 0xbb3b No error (0) gslb-2.demdex.net
edge-irl1.demdex.net CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:50.495191097 CEST
8.8.8.8 192.168.2.3 0xbb3b No error (0) edge-irl1.demdex.net
dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:50.495191097 CEST
8.8.8.8 192.168.2.3 0xbb3b No error (0) dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
54.76.175.152 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.495191097 CEST
8.8.8.8 192.168.2.3 0xbb3b No error (0) dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
34.250.65.236 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.495191097 CEST
8.8.8.8 192.168.2.3 0xbb3b No error (0) dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
34.249.46.6 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.495191097 CEST
8.8.8.8 192.168.2.3 0xbb3b No error (0) dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
3.250.252.43 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.495191097 CEST
8.8.8.8 192.168.2.3 0xbb3b No error (0) dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
34.252.102.139 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.495191097 CEST
8.8.8.8 192.168.2.3 0xbb3b No error (0) dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
52.30.191.169 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.495191097 CEST
8.8.8.8 192.168.2.3 0xbb3b No error (0) dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
52.49.59.93 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.495191097 CEST
8.8.8.8 192.168.2.3 0xbb3b No error (0) dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
3.248.78.233 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.501502991 CEST
8.8.8.8 192.168.2.3 0x2cec No error (0) cm.everesttech.net
cm.everesttech.net.akadns.net
CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:50.515397072 CEST
8.8.8.8 192.168.2.3 0x41d5 No error (0) smetrics.sephora.com
sephora.com.ssl.d1.sc.omtrdc.net
CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:50.515397072 CEST
8.8.8.8 192.168.2.3 0x41d5 No error (0) sephora.com.ssl.d1.sc.omtrdc.net
15.237.136.106 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.515397072 CEST
8.8.8.8 192.168.2.3 0x41d5 No error (0) sephora.com.ssl.d1.sc.omtrdc.net
35.181.18.61 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.515397072 CEST
8.8.8.8 192.168.2.3 0x41d5 No error (0) sephora.com.ssl.d1.sc.omtrdc.net
15.237.76.117 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.936511040 CEST
8.8.8.8 192.168.2.3 0x91f7 No error (0) s.thebrighttag.com
34.248.248.83 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.936511040 CEST
8.8.8.8 192.168.2.3 0x91f7 No error (0) s.thebrighttag.com
79.125.117.125 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.936511040 CEST
8.8.8.8 192.168.2.3 0x91f7 No error (0) s.thebrighttag.com
46.137.81.30 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:50.936511040 CEST
8.8.8.8 192.168.2.3 0x91f7 No error (0) s.thebrighttag.com
54.228.243.156 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.051549911 CEST
8.8.8.8 192.168.2.3 0x5a29 No error (0) api.zeronaught.com
zeronaught.com CNAME (Canonical name)
IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright null 2020 Page 54 of 73
Oct 23, 2020 22:31:51.051549911 CEST
8.8.8.8 192.168.2.3 0x5a29 No error (0) zeronaught.com 216.239.32.21 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.051549911 CEST
8.8.8.8 192.168.2.3 0x5a29 No error (0) zeronaught.com 216.239.34.21 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.051549911 CEST
8.8.8.8 192.168.2.3 0x5a29 No error (0) zeronaught.com 216.239.36.21 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.051549911 CEST
8.8.8.8 192.168.2.3 0x5a29 No error (0) zeronaught.com 216.239.38.21 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.143666029 CEST
8.8.8.8 192.168.2.3 0x2274 No error (0) sephora.tt.omtrdc.net
52.212.193.208 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.143666029 CEST
8.8.8.8 192.168.2.3 0x2274 No error (0) sephora.tt.omtrdc.net
18.203.205.32 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.143666029 CEST
8.8.8.8 192.168.2.3 0x2274 No error (0) sephora.tt.omtrdc.net
34.252.166.160 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.143666029 CEST
8.8.8.8 192.168.2.3 0x2274 No error (0) sephora.tt.omtrdc.net
52.18.150.20 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.143666029 CEST
8.8.8.8 192.168.2.3 0x2274 No error (0) sephora.tt.omtrdc.net
52.211.149.89 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.143666029 CEST
8.8.8.8 192.168.2.3 0x2274 No error (0) sephora.tt.omtrdc.net
34.241.211.108 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.143666029 CEST
8.8.8.8 192.168.2.3 0x2274 No error (0) sephora.tt.omtrdc.net
52.213.168.74 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.143666029 CEST
8.8.8.8 192.168.2.3 0x2274 No error (0) sephora.tt.omtrdc.net
54.75.9.158 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.299086094 CEST
8.8.8.8 192.168.2.3 0x7da3 No error (0) api.bluecore.com
ghs.googlehosted.com CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:51.299086094 CEST
8.8.8.8 192.168.2.3 0x7da3 No error (0) ghs.googlehosted.com
172.217.168.83 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.321362972 CEST
8.8.8.8 192.168.2.3 0x4066 No error (0) c.go-mpulse.net wildcard46.go-mpulse.net.edgekey.net
CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:51.744874001 CEST
8.8.8.8 192.168.2.3 0x151f No error (0) apps.bazaarvoice.com
d3rpajgr3c5p5n.cloudfront.net
CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:51.744874001 CEST
8.8.8.8 192.168.2.3 0x151f No error (0) d3rpajgr3c5p5n.cloudfront.net
99.86.2.27 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.744874001 CEST
8.8.8.8 192.168.2.3 0x151f No error (0) d3rpajgr3c5p5n.cloudfront.net
99.86.2.24 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.744874001 CEST
8.8.8.8 192.168.2.3 0x151f No error (0) d3rpajgr3c5p5n.cloudfront.net
99.86.2.110 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.744874001 CEST
8.8.8.8 192.168.2.3 0x151f No error (0) d3rpajgr3c5p5n.cloudfront.net
99.86.2.2 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.895073891 CEST
8.8.8.8 192.168.2.3 0xd507 No error (0) connect.facebook.net
scontent.xx.fbcdn.net CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:51.895073891 CEST
8.8.8.8 192.168.2.3 0xd507 No error (0) scontent.xx.fbcdn.net
31.13.92.14 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.895126104 CEST
8.8.8.8 192.168.2.3 0xd7b3 No error (0) static.ads-twitter.com
platform.twitter.map.fastly.net
CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:51.895126104 CEST
8.8.8.8 192.168.2.3 0xd7b3 No error (0) platform.twitter.map.fastly.net
151.101.12.157 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.902376890 CEST
8.8.8.8 192.168.2.3 0x7a94 No error (0) cdn.attn.tv duihxgfnjg37f.cloudfront.net
CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:51.902376890 CEST
8.8.8.8 192.168.2.3 0x7a94 No error (0) duihxgfnjg37f.cloudfront.net
99.86.2.4 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright null 2020 Page 55 of 73
Oct 23, 2020 22:31:51.902376890 CEST
8.8.8.8 192.168.2.3 0x7a94 No error (0) duihxgfnjg37f.cloudfront.net
99.86.2.95 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.902376890 CEST
8.8.8.8 192.168.2.3 0x7a94 No error (0) duihxgfnjg37f.cloudfront.net
99.86.2.21 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:51.902376890 CEST
8.8.8.8 192.168.2.3 0x7a94 No error (0) duihxgfnjg37f.cloudfront.net
99.86.2.45 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.292897940 CEST
8.8.8.8 192.168.2.3 0x8d4c No error (0) analytics-static.ugc.bazaarvoice.com
dkc22lxchcg0u.cloudfront.net
CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:52.292897940 CEST
8.8.8.8 192.168.2.3 0x8d4c No error (0) dkc22lxchcg0u.cloudfront.net
99.86.2.32 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.292897940 CEST
8.8.8.8 192.168.2.3 0x8d4c No error (0) dkc22lxchcg0u.cloudfront.net
99.86.2.110 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.292897940 CEST
8.8.8.8 192.168.2.3 0x8d4c No error (0) dkc22lxchcg0u.cloudfront.net
99.86.2.70 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.292897940 CEST
8.8.8.8 192.168.2.3 0x8d4c No error (0) dkc22lxchcg0u.cloudfront.net
99.86.2.35 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.294322968 CEST
8.8.8.8 192.168.2.3 0x70a No error (0) analytics.twitter.com
ads.twitter.com CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:52.294322968 CEST
8.8.8.8 192.168.2.3 0x70a No error (0) ads.twitter.com s.twitter.com CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:31:52.294322968 CEST
8.8.8.8 192.168.2.3 0x70a No error (0) s.twitter.com 104.244.42.195 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.294322968 CEST
8.8.8.8 192.168.2.3 0x70a No error (0) s.twitter.com 104.244.42.131 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.294322968 CEST
8.8.8.8 192.168.2.3 0x70a No error (0) s.twitter.com 104.244.42.3 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.294322968 CEST
8.8.8.8 192.168.2.3 0x70a No error (0) s.twitter.com 104.244.42.67 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.301666021 CEST
8.8.8.8 192.168.2.3 0x5c7 No error (0) t.co 104.244.42.133 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.301666021 CEST
8.8.8.8 192.168.2.3 0x5c7 No error (0) t.co 104.244.42.69 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.301666021 CEST
8.8.8.8 192.168.2.3 0x5c7 No error (0) t.co 104.244.42.5 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.301666021 CEST
8.8.8.8 192.168.2.3 0x5c7 No error (0) t.co 104.244.42.197 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.481334925 CEST
8.8.8.8 192.168.2.3 0xad82 No error (0) network.bazaarvoice.com
3.228.27.111 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.481334925 CEST
8.8.8.8 192.168.2.3 0xad82 No error (0) network.bazaarvoice.com
34.235.62.213 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.481334925 CEST
8.8.8.8 192.168.2.3 0xad82 No error (0) network.bazaarvoice.com
54.172.149.51 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.481334925 CEST
8.8.8.8 192.168.2.3 0xad82 No error (0) network.bazaarvoice.com
50.16.152.254 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.481334925 CEST
8.8.8.8 192.168.2.3 0xad82 No error (0) network.bazaarvoice.com
52.3.11.239 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.481334925 CEST
8.8.8.8 192.168.2.3 0xad82 No error (0) network.bazaarvoice.com
52.20.9.31 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.481334925 CEST
8.8.8.8 192.168.2.3 0xad82 No error (0) network.bazaarvoice.com
50.16.151.37 A (IP address) IN (0x0001)
Oct 23, 2020 22:31:52.481334925 CEST
8.8.8.8 192.168.2.3 0xad82 No error (0) network.bazaarvoice.com
54.227.200.61 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright null 2020 Page 56 of 73
Oct 23, 2020 22:31:52.881934881 CEST
8.8.8.8 192.168.2.3 0x7972 No error (0) 6852bd0f.akstat.io
wildcard46.akstat.io.edgekey.net
CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:32:04.443330050 CEST
8.8.8.8 192.168.2.3 0x7b85 No error (0) www.sephora.com
www.sephora.com.edgekey.net
CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:32:07.514429092 CEST
8.8.8.8 192.168.2.3 0x4ab0 No error (0) mboxedge37.tt.omtrdc.net
34.252.156.174 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:07.514429092 CEST
8.8.8.8 192.168.2.3 0x4ab0 No error (0) mboxedge37.tt.omtrdc.net
34.252.166.160 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:07.514429092 CEST
8.8.8.8 192.168.2.3 0x4ab0 No error (0) mboxedge37.tt.omtrdc.net
54.76.90.77 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:07.514429092 CEST
8.8.8.8 192.168.2.3 0x4ab0 No error (0) mboxedge37.tt.omtrdc.net
52.211.149.89 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:07.514429092 CEST
8.8.8.8 192.168.2.3 0x4ab0 No error (0) mboxedge37.tt.omtrdc.net
52.18.150.20 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:07.514429092 CEST
8.8.8.8 192.168.2.3 0x4ab0 No error (0) mboxedge37.tt.omtrdc.net
52.213.168.74 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:07.514429092 CEST
8.8.8.8 192.168.2.3 0x4ab0 No error (0) mboxedge37.tt.omtrdc.net
34.241.211.108 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:07.514429092 CEST
8.8.8.8 192.168.2.3 0x4ab0 No error (0) mboxedge37.tt.omtrdc.net
54.194.111.119 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:07.899524927 CEST
8.8.8.8 192.168.2.3 0x310e No error (0) e309da9b9aaf.cdn4.forter.com
99.86.2.87 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:07.899524927 CEST
8.8.8.8 192.168.2.3 0x310e No error (0) e309da9b9aaf.cdn4.forter.com
99.86.2.90 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:07.899524927 CEST
8.8.8.8 192.168.2.3 0x310e No error (0) e309da9b9aaf.cdn4.forter.com
99.86.2.10 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:07.899524927 CEST
8.8.8.8 192.168.2.3 0x310e No error (0) e309da9b9aaf.cdn4.forter.com
99.86.2.68 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:08.276835918 CEST
8.8.8.8 192.168.2.3 0x5630 No error (0) cdn9.forter.com 99.86.2.126 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:08.276835918 CEST
8.8.8.8 192.168.2.3 0x5630 No error (0) cdn9.forter.com 99.86.2.17 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:08.276835918 CEST
8.8.8.8 192.168.2.3 0x5630 No error (0) cdn9.forter.com 99.86.2.113 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:08.276835918 CEST
8.8.8.8 192.168.2.3 0x5630 No error (0) cdn9.forter.com 99.86.2.62 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:08.318067074 CEST
8.8.8.8 192.168.2.3 0x2f41 No error (0) 905be570e97f4ef089c185a9efc9a022-e309da9b9aaf.cdn.forter.com
54.234.37.95 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:08.318067074 CEST
8.8.8.8 192.168.2.3 0x2f41 No error (0) 905be570e97f4ef089c185a9efc9a022-e309da9b9aaf.cdn.forter.com
100.26.73.59 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:08.318067074 CEST
8.8.8.8 192.168.2.3 0x2f41 No error (0) 905be570e97f4ef089c185a9efc9a022-e309da9b9aaf.cdn.forter.com
52.5.0.90 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:08.318067074 CEST
8.8.8.8 192.168.2.3 0x2f41 No error (0) 905be570e97f4ef089c185a9efc9a022-e309da9b9aaf.cdn.forter.com
54.91.24.155 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright null 2020 Page 57 of 73
Oct 23, 2020 22:32:08.719700098 CEST
8.8.8.8 192.168.2.3 0x375 No error (0) cdn3.forter.com 3.222.142.14 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:08.719700098 CEST
8.8.8.8 192.168.2.3 0x375 No error (0) cdn3.forter.com 34.197.14.79 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:08.719700098 CEST
8.8.8.8 192.168.2.3 0x375 No error (0) cdn3.forter.com 18.211.172.152 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:08.719700098 CEST
8.8.8.8 192.168.2.3 0x375 No error (0) cdn3.forter.com 18.215.35.124 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:08.862673998 CEST
8.8.8.8 192.168.2.3 0xf569 No error (0) trial-eum-clientnsv4-s.akamaihd.net
a248.b.akamai.net CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:32:08.903542042 CEST
8.8.8.8 192.168.2.3 0x3df7 No error (0) trial-eum-clienttons-s.akamaihd.net
trial-eum.cname.clienttons.com
CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:32:08.903542042 CEST
8.8.8.8 192.168.2.3 0x3df7 No error (0) trial-eum.cname.clienttons.com
a1024.dscg.akamai.net CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:32:09.019525051 CEST
8.8.8.8 192.168.2.3 0x8688 No error (0) kqitikcq56kbwx4thxea-pbxs01-df277e29b-clientnsv4-s.akamaihd.net
kqitikcq56kbwx4thxea-pbxs01-df277e29b.ipv4-only.cname.clienttons.com
CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:32:09.019525051 CEST
8.8.8.8 192.168.2.3 0x8688 No error (0) kqitikcq56kbwx4thxea-pbxs01-df277e29b.ipv4-only.cname.clienttons.com
a248.b.akamai.net CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:32:09.034109116 CEST
8.8.8.8 192.168.2.3 0xd43f No error (0) 84-17-52-40_s-80-239-148-16_ts-1603485128-clienttons-s.akamaihd.net
84.17.52.40_s-80.239.148.16_ts-1603485128.cname.clienttons.com
CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:32:09.034109116 CEST
8.8.8.8 192.168.2.3 0xd43f No error (0) 84.17.52.40_s-80.239.148.16_ts-1603485128.cname.clienttons.com
a1024.dscg.akamai.net CNAME (Canonical name)
IN (0x0001)
Oct 23, 2020 22:32:09.207747936 CEST
8.8.8.8 192.168.2.3 0xb73d No error (0) cdn0.forter.com 100.24.81.90 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:09.207747936 CEST
8.8.8.8 192.168.2.3 0xb73d No error (0) cdn0.forter.com 18.213.255.128 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:09.207747936 CEST
8.8.8.8 192.168.2.3 0xb73d No error (0) cdn0.forter.com 54.91.31.243 A (IP address) IN (0x0001)
Oct 23, 2020 22:32:09.207747936 CEST
8.8.8.8 192.168.2.3 0xb73d No error (0) cdn0.forter.com 54.86.4.81 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Oct 23, 2020 22:31:48.250802040 CEST
99.86.2.122 443 192.168.2.3 49717 CN=*.cnstrc.com CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Tue Feb 25 01:00:00 CET 2020 Fri Nov 02 01:00:00 CET 2018
Fri Feb 25 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2031
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Fri Nov 02 01:00:00 CET 2018
Wed Jan 01 00:59:59 CET 2031
HTTPS Packets
Copyright null 2020 Page 58 of 73
Oct 23, 2020 22:31:48.320087910 CEST
99.86.2.122 443 192.168.2.3 49718 CN=*.cnstrc.com CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Tue Feb 25 01:00:00 CET 2020 Fri Nov 02 01:00:00 CET 2018
Fri Feb 25 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2031
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Fri Nov 02 01:00:00 CET 2018
Wed Jan 01 00:59:59 CET 2031
Oct 23, 2020 22:31:48.721328974 CEST
34.248.119.134 443 192.168.2.3 49726 CN=*.demdex.net, OU=Digital Marketing, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Jan 09 01:00:00 CET 2018 Tue Oct 22 14:00:00 CEST 2013
Fri Feb 12 13:00:00 CET 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Oct 23, 2020 22:31:48.723042011 CEST
34.248.119.134 443 192.168.2.3 49725 CN=*.demdex.net, OU=Digital Marketing, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Jan 09 01:00:00 CET 2018 Tue Oct 22 14:00:00 CEST 2013
Fri Feb 12 13:00:00 CET 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Oct 23, 2020 22:31:48.779845953 CEST
208.74.204.225 443 192.168.2.3 49722 CN=secure06.lithium.com, O="Khoros, LLC", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Feb 27 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013
Wed Apr 07 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Oct 23, 2020 22:31:48.779953957 CEST
208.74.204.225 443 192.168.2.3 49721 CN=secure06.lithium.com, O="Khoros, LLC", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Feb 27 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013
Wed Apr 07 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 59 of 73
Oct 23, 2020 22:31:48.959435940 CEST
99.86.2.80 443 192.168.2.3 49727 CN=pdp.api.htap.io CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Sun Sep 13 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Fri Oct 15 02:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Oct 23, 2020 22:31:48.980431080 CEST
99.86.2.80 443 192.168.2.3 49728 CN=pdp.api.htap.io CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Sun Sep 13 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Fri Oct 15 02:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 60 of 73
Oct 23, 2020 22:31:48.981724024 CEST
216.239.32.21 443 192.168.2.3 49729 CN=content.zeronaught.com CN=GTS CA 1D2, O=Google Trust Services, C=US
CN=GTS CA 1D2, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Sun Aug 30 09:36:54 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Sat Nov 28 08:36:54 CET 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1D2, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Oct 23, 2020 22:31:49.000932932 CEST
216.239.32.21 443 192.168.2.3 49730 CN=content.zeronaught.com CN=GTS CA 1D2, O=Google Trust Services, C=US
CN=GTS CA 1D2, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Sun Aug 30 09:36:54 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Sat Nov 28 08:36:54 CET 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1D2, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Oct 23, 2020 22:31:50.608021975 CEST
15.237.136.106 443 192.168.2.3 49741 CN=smetrics.sephora.com, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Sat Jul 11 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Thu Oct 14 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Oct 23, 2020 22:31:50.608803988 CEST
15.237.136.106 443 192.168.2.3 49742 CN=smetrics.sephora.com, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Sat Jul 11 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Thu Oct 14 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Oct 23, 2020 22:31:50.622385979 CEST
54.76.175.152 443 192.168.2.3 49737 CN=*.demdex.net, OU=Digital Marketing, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Jan 09 01:00:00 CET 2018 Tue Oct 22 14:00:00 CEST 2013
Fri Feb 12 13:00:00 CET 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 61 of 73
Oct 23, 2020 22:31:50.622648954 CEST
54.76.175.152 443 192.168.2.3 49738 CN=*.demdex.net, OU=Digital Marketing, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Jan 09 01:00:00 CET 2018 Tue Oct 22 14:00:00 CEST 2013
Fri Feb 12 13:00:00 CET 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Oct 23, 2020 22:31:50.626918077 CEST
34.193.180.122 443 192.168.2.3 49733 CN=*.cnstrc.com CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Tue Feb 25 01:00:00 CET 2020 Fri Nov 02 01:00:00 CET 2018
Fri Feb 25 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2031
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Fri Nov 02 01:00:00 CET 2018
Wed Jan 01 00:59:59 CET 2031
Oct 23, 2020 22:31:50.633882046 CEST
34.193.180.122 443 192.168.2.3 49734 CN=*.cnstrc.com CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Tue Feb 25 01:00:00 CET 2020 Fri Nov 02 01:00:00 CET 2018
Fri Feb 25 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2031
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Fri Nov 02 01:00:00 CET 2018
Wed Jan 01 00:59:59 CET 2031
Oct 23, 2020 22:31:51.019274950 CEST
34.248.248.83 443 192.168.2.3 49743 CN=*.thebrighttag.com, O="Signal Digital, Inc", L=Chicago, ST=Illinois, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Mar 16 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013
Wed Mar 24 13:00:00 CET 2021 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
Oct 23, 2020 22:31:51.020642996 CEST
34.248.248.83 443 192.168.2.3 49744 CN=*.thebrighttag.com, O="Signal Digital, Inc", L=Chicago, ST=Illinois, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Mar 16 01:00:00 CET 2020 Fri Mar 08 13:00:00 CET 2013
Wed Mar 24 13:00:00 CET 2021 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 62 of 73
Oct 23, 2020 22:31:51.109050035 CEST
216.239.32.21 443 192.168.2.3 49745 CN=api.zeronaught.com CN=GTS CA 1D2, O=Google Trust Services, C=US
CN=GTS CA 1D2, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Mon Aug 31 18:48:13 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Sun Nov 29 17:48:13 CET 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1D2, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Oct 23, 2020 22:31:51.123600006 CEST
216.239.32.21 443 192.168.2.3 49746 CN=api.zeronaught.com CN=GTS CA 1D2, O=Google Trust Services, C=US
CN=GTS CA 1D2, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Mon Aug 31 18:48:13 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Sun Nov 29 17:48:13 CET 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1D2, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Oct 23, 2020 22:31:51.242770910 CEST
52.212.193.208 443 192.168.2.3 49747 CN=*.tt.omtrdc.net, OU=Adobe Marketing Cloud, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Oct 19 02:00:00 CEST 2017 Tue Oct 22 14:00:00 CEST 2013
Wed Nov 25 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Oct 23, 2020 22:31:51.385240078 CEST
172.217.168.83 443 192.168.2.3 49749 CN=api.bluecore.com CN=GTS CA 1D2, O=Google Trust Services, C=US
CN=GTS CA 1D2, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Wed Sep 23 05:41:39 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Tue Dec 22 04:41:39 CET 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1D2, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Oct 23, 2020 22:31:51.394026995 CEST
172.217.168.83 443 192.168.2.3 49748 CN=api.bluecore.com CN=GTS CA 1D2, O=Google Trust Services, C=US
CN=GTS CA 1D2, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Wed Sep 23 05:41:39 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Tue Dec 22 04:41:39 CET 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1D2, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 63 of 73
Oct 23, 2020 22:31:51.781105042 CEST
99.86.2.27 443 192.168.2.3 49756 CN=*.bazaarvoice.com, OU=Business Technology, O="Bazaarvoice, Inc.", L=Austin, ST=Texas, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Apr 14 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013
Fri May 06 14:00:00 CEST 2022 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
Oct 23, 2020 22:31:51.786379099 CEST
99.86.2.27 443 192.168.2.3 49757 CN=*.bazaarvoice.com, OU=Business Technology, O="Bazaarvoice, Inc.", L=Austin, ST=Texas, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Apr 14 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013
Fri May 06 14:00:00 CEST 2022 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
Oct 23, 2020 22:31:51.932971001 CEST
31.13.92.14 443 192.168.2.3 49758 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Sep 11 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Thu Dec 10 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Oct 23, 2020 22:31:51.934885979 CEST
31.13.92.14 443 192.168.2.3 49760 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Sep 11 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Thu Dec 10 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Oct 23, 2020 22:31:51.946518898 CEST
151.101.12.157 443 192.168.2.3 49759 CN=ads-twitter.com, OU=Twitter Security, O="Twitter, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Aug 14 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Thu Aug 19 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 64 of 73
Oct 23, 2020 22:31:51.947911978 CEST
151.101.12.157 443 192.168.2.3 49761 CN=ads-twitter.com, OU=Twitter Security, O="Twitter, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Aug 14 02:00:00 CEST 2020 Tue Oct 22 14:00:00 CEST 2013
Thu Aug 19 14:00:00 CEST 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Oct 23, 2020 22:31:51.948273897 CEST
99.86.2.4 443 192.168.2.3 49763 CN=*.attn.tv CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Mon Mar 02 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Fri Apr 02 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Oct 23, 2020 22:31:51.951215029 CEST
99.86.2.4 443 192.168.2.3 49762 CN=*.attn.tv CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Mon Mar 02 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Fri Apr 02 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 65 of 73
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Oct 23, 2020 22:31:52.335047007 CEST
104.244.42.195 443 192.168.2.3 49766 CN=*.twitter.com, OU=fra2, O="Twitter, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Mar 05 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013
Tue Mar 02 13:00:00 CET 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Oct 23, 2020 22:31:52.335164070 CEST
104.244.42.195 443 192.168.2.3 49767 CN=*.twitter.com, OU=fra2, O="Twitter, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Mar 05 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013
Tue Mar 02 13:00:00 CET 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Oct 23, 2020 22:31:52.340013981 CEST
104.244.42.133 443 192.168.2.3 49768 CN=t.co, OU=fra2, O="Twitter, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Mar 05 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013
Tue Mar 02 13:00:00 CET 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Oct 23, 2020 22:31:52.340245962 CEST
104.244.42.133 443 192.168.2.3 49769 CN=t.co, OU=fra2, O="Twitter, Inc.", L=San Francisco, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Mar 05 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013
Tue Mar 02 13:00:00 CET 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 66 of 73
Oct 23, 2020 22:31:52.347590923 CEST
99.86.2.32 443 192.168.2.3 49764 CN=analytics-static.ugc.bazaarvoice.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Oct 21 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Sun Nov 21 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Oct 23, 2020 22:31:52.350148916 CEST
99.86.2.32 443 192.168.2.3 49765 CN=analytics-static.ugc.bazaarvoice.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Oct 21 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Sun Nov 21 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 67 of 73
Oct 23, 2020 22:31:52.691818953 CEST
3.228.27.111 443 192.168.2.3 49771 CN=*.bazaarvoice.com, OU=Business Technology, O="Bazaarvoice, Inc.", L=Austin, ST=Texas, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Apr 14 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013
Fri May 06 14:00:00 CEST 2022 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
Oct 23, 2020 22:31:52.692385912 CEST
3.228.27.111 443 192.168.2.3 49770 CN=*.bazaarvoice.com, OU=Business Technology, O="Bazaarvoice, Inc.", L=Austin, ST=Texas, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Apr 14 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013
Fri May 06 14:00:00 CEST 2022 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
Oct 23, 2020 22:32:07.601211071 CEST
34.252.156.174 443 192.168.2.3 49781 CN=*.tt.omtrdc.net, OU=Adobe Marketing Cloud, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Thu Oct 19 02:00:00 CEST 2017 Tue Oct 22 14:00:00 CEST 2013
Wed Nov 25 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Oct 23, 2020 22:32:07.941447020 CEST
99.86.2.87 443 192.168.2.3 49782 CN=*.cdn4.forter.com, O=Forter Inc., L=San Francisco, ST=CA, C=US CN=*.cdn4.forter.com, O=Forter Inc., L=San Francisco, ST=CA, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Sun Sep 20 02:00:00 CEST 2020 Sun Sep 20 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013
Sun Nov 29 13:00:00 CET 2020 Sun Nov 29 13:00:00 CET 2020 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=*.cdn4.forter.com, O=Forter Inc., L=San Francisco, ST=CA, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
Sun Sep 20 02:00:00 CEST 2020
Sun Nov 29 13:00:00 CET 2020
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 68 of 73
Oct 23, 2020 22:32:07.943469048 CEST
99.86.2.87 443 192.168.2.3 49783 CN=*.cdn4.forter.com, O=Forter Inc., L=San Francisco, ST=CA, C=US CN=*.cdn4.forter.com, O=Forter Inc., L=San Francisco, ST=CA, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Sun Sep 20 02:00:00 CEST 2020 Sun Sep 20 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013
Sun Nov 29 13:00:00 CET 2020 Sun Nov 29 13:00:00 CET 2020 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=*.cdn4.forter.com, O=Forter Inc., L=San Francisco, ST=CA, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
Sun Sep 20 02:00:00 CEST 2020
Sun Nov 29 13:00:00 CET 2020
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
Oct 23, 2020 22:32:08.314265013 CEST
99.86.2.126 443 192.168.2.3 49785 CN=cdn9.forter.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed May 27 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Sun Jun 27 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Oct 23, 2020 22:32:08.316823959 CEST
99.86.2.126 443 192.168.2.3 49784 CN=cdn9.forter.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed May 27 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Sun Jun 27 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 69 of 73
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Oct 23, 2020 22:32:08.533994913 CEST
54.234.37.95 443 192.168.2.3 49787 CN=*.cdn.forter.com, O=Forter Inc., L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Sep 18 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013
Wed Jul 07 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
Oct 23, 2020 22:32:08.534295082 CEST
54.234.37.95 443 192.168.2.3 49786 CN=*.cdn.forter.com, O=Forter Inc., L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Sep 18 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013
Wed Jul 07 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
Oct 23, 2020 22:32:08.933414936 CEST
3.222.142.14 443 192.168.2.3 49788 CN=cdn3.forter.com, O=Forter Inc., L=San Francisco, ST=California, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Sun Mar 24 01:00:00 CET 2019 Fri Nov 10 01:00:00 CET 2006 Fri Mar 08 13:00:00 CET 2013
Wed Jun 16 14:00:00 CEST 2021 Mon Nov 10 01:00:00 CET 2031 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Nov 10 01:00:00 CET 2006
Mon Nov 10 01:00:00 CET 2031
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
Oct 23, 2020 22:32:09.433619976 CEST
100.24.81.90 443 192.168.2.3 49798 CN=cdn0.forter.com, O=Forter Inc., L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Sun Sep 20 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013
Sun Jun 13 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 70 of 73
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
Oct 23, 2020 22:32:09.434521914 CEST
100.24.81.90 443 192.168.2.3 49797 CN=cdn0.forter.com, O=Forter Inc., L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Sun Sep 20 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013
Sun Jun 13 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
Oct 23, 2020 22:32:20.959569931 CEST
54.234.37.95 443 192.168.2.3 49802 CN=*.cdn.forter.com, O=Forter Inc., L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Sep 18 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013
Wed Jul 07 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
Oct 23, 2020 22:32:20.960164070 CEST
54.234.37.95 443 192.168.2.3 49801 CN=*.cdn.forter.com, O=Forter Inc., L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Sep 18 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013
Wed Jul 07 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
Oct 23, 2020 22:32:23.015422106 CEST
100.24.81.90 443 192.168.2.3 49804 CN=cdn0.forter.com, O=Forter Inc., L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Sun Sep 20 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013
Sun Jun 13 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
Oct 23, 2020 22:32:23.023984909 CEST
100.24.81.90 443 192.168.2.3 49803 CN=cdn0.forter.com, O=Forter Inc., L=San Francisco, ST=California, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Sun Sep 20 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013
Sun Jun 13 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Mar 08 13:00:00 CET 2013
Wed Mar 08 13:00:00 CET 2023
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright null 2020 Page 71 of 73
Code Manipulations
Statistics
Behavior
• iexplore.exe
• iexplore.exe
Click to jump to process
System Behavior
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 22:31:46
Start date: 23/10/2020
Path: C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit): false
Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase: 0x7ff7cbae0000
File size: 823560 bytes
MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges: true
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Analysis Process: iexplore.exe PID: 6804 Parent PID: 792Analysis Process: iexplore.exe PID: 6804 Parent PID: 792
General
Copyright null 2020 Page 72 of 73
Disassembly
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 22:31:46
Start date: 23/10/2020
Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit): true
Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6804 CREDAT:17410 /prefetch:2
Imagebase: 0xae0000
File size: 822536 bytes
MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges: true
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
Analysis Process: iexplore.exe PID: 6852 Parent PID: 6804Analysis Process: iexplore.exe PID: 6852 Parent PID: 6804
General
Copyright null 2020 Page 73 of 73