Play interactive tour

Edit tour

Windows Analysis Report Quotation.jar

Overview

General Information

Sample Name:	Quotation.jar
Analysis ID:	492179
MD5:	8eab8f1a928fa55303b7558536079a2a
SHA1:	491e913225a8c8d144c538fe27cf62f5a8465b38
SHA256:	20351665df8b2d441524a21163e0aa95ea3d3805a873032eb6f55fa1001f3941
Tags:	jarSTRRAT
Infos:
Most interesting Screenshot:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected AllatoriJARObfuscator

Queries the volume information (name, serial number etc) of a device

Uses cacls to modify the permissions of files

Sample execution stops while process was sleeping (likely an evasion)

JA3 SSL client fingerprint seen in connection with other malware

Creates a process in suspended mode (likely to inject code)

IP address seen in connection with other malware

Java Jar is obfuscated using Allatori

Abnormal high CPU Usage

Classification

Process Tree

System is w10x64

cmd.exe (PID: 6312 cmdline: C:\Windows\system32\cmd.exe /c ''C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\Quotation.jar'' >> C:\cmdlinestart.log 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

java.exe (PID: 6376 cmdline: 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\Quotation.jar' MD5: 28733BA8C383E865338638DF5196E6FE)

icacls.exe (PID: 6484 cmdline: C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M MD5: FF0D1D4317A44C951240FAE75075D501)

conhost.exe (PID: 6532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\cmdlinestart.log	JoeSecurity_Allatori_JAR_Obfuscator	Yara detected Allatori_JAR_Obfuscator	Joe Security

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: Quotation.jar

Virustotal: Detection: 26%

Perma Link

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49796 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49829 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49833 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49840 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49847 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49850 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49856 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49858 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49859 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49860 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49861 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49864 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49866 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49868 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49870 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49871 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49872 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49873 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49874 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49876 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49877 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49878 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49879 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49881 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49882 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49883 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49886 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49887 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49888 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49889 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49890 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49892 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49896 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49897 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49898 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49899 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49900 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49901 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49902 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49904 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49903 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49905 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49906 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49907 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49908 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49909 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49910 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49911 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49912 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49913 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49914 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49915 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49917 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49916 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49918 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49919 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49920 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49921 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49922 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49923 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49924 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49925 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49926 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49927 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49929 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49928 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49930 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49931 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49932 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49933 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49934 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49935 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49936 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49937 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49938 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49939 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49940 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49941 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49942 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49943 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49944 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49945 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49946 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49947 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49948 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49949 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49951 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49950 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49952 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49953 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49955 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49954 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49956 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49957 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49959 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49958 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49960 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49961 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49962 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49963 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49964 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49965 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49967 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49966 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49968 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49969 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49970 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49971 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49972 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49973 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49974 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49975 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49977 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49978 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49979 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49980 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49982 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49983 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49984 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49985 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49986 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49987 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49988 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49989 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49990 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49991 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49992 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49993 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49994 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49995 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49997 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49998 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49999 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50000 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50001 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50002 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50003 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50004 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50005 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50006 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50008 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50009 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50010 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50011 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50012 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50013 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50014 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50015 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50016 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50017 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50018 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50019 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50021 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50020 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50022 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50023 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50024 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50026 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50025 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50027 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50028 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50029 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50030 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50031 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50032 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50033 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50034 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50035 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50036 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50037 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50038 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50039 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50040 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50041 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50042 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50043 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50044 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50046 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50045 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50047 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50048 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50049 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50050 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50051 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50052 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50053 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50055 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50054 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50056 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50057 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50058 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50059 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50060 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50063 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50062 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50065 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50066 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50067 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50068 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50069 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50070 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50071 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50072 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50073 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50075 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50076 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50077 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50078 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50080 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50082 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50083 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50085 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50086 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50087 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50088 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50090 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50089 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50092 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50091 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50093 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50094 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50095 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50097 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50098 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50099 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50100 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50102 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50103 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50104 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50105 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50106 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50107 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50108 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50109 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50110 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50111 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50112 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50114 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50113 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50115 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50116 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50118 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50119 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50120 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50121 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50122 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50123 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50124 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50126 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50125 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50127 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50128 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50129 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50130 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50131 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50132 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50133 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50135 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50134 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50136 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50137 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50139 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50138 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50140 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50141 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50142 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50143 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50144 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50145 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50146 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50147 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50148 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50149 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50150 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50151 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50152 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50154 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50155 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50153 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50157 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50158 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50156 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50159 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50160 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50161 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50162 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50163 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50164 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50165 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50167 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50168 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50169 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50170 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50171 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50172 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50174 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50176 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50177 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50179 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50180 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50182 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50183 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50184 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50186 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50187 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50188 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50189 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50190 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50191 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50192 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50193 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50194 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50195 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50196 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50197 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50198 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50199 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50200 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50201 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50202 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50203 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50204 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50205 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50206 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50207 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50209 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50210 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50211 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50212 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50213 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50214 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50215 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50216 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50217 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50218 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50219 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50220 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50221 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50222 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50223 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50224 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50225 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50226 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50227 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50228 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50230 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50231 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50232 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50233 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50234 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50235 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50236 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50237 version: TLS 1.2

Source: Joe Sandbox View

JA3 fingerprint: d2935c58fe676744fecc8614ee5356c7

Source: Joe Sandbox View	IP Address: 199.232.192.209 199.232.192.209
Source: Joe Sandbox View	IP Address: 140.82.121.3 140.82.121.3

Source: unknown	Network traffic detected: HTTP traffic on port 57084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52633 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50452 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51548 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50440 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59253 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51524 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52645 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50464 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51319 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50439 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52608 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51320 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52416 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51512 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50656 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51561 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54609 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51307 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51500 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51573 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52621 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52428 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50644 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52516
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52517
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53847
Source: unknown	Network traffic detected: HTTP traffic on port 51115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52514
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52515
Source: unknown	Network traffic detected: HTTP traffic on port 56803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52518
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52519
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53840
Source: unknown	Network traffic detected: HTTP traffic on port 50632 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52512
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53844
Source: unknown	Network traffic detected: HTTP traffic on port 50873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52513
Source: unknown	Network traffic detected: HTTP traffic on port 53537 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52510
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52511
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53841
Source: unknown	Network traffic detected: HTTP traffic on port 57023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52527
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52528
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52525
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52526
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53856
Source: unknown	Network traffic detected: HTTP traffic on port 57276 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52529
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52520
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53850
Source: unknown	Network traffic detected: HTTP traffic on port 52453 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52523
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52524
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52521
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52522
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53852
Source: unknown	Network traffic detected: HTTP traffic on port 58590 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51207
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52538
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51208
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52539
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51205
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52536
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53868
Source: unknown	Network traffic detected: HTTP traffic on port 57011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52537
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51209
Source: unknown	Network traffic detected: HTTP traffic on port 58348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52530
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51200
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52531
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52534
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51204
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52535
Source: unknown	Network traffic detected: HTTP traffic on port 54851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52532
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53864
Source: unknown	Network traffic detected: HTTP traffic on port 59097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51202
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52533
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53863
Source: unknown	Network traffic detected: HTTP traffic on port 57252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 59228 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50620 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53525 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51218
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52549
Source: unknown	Network traffic detected: HTTP traffic on port 53922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51219
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51216
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52547
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51217
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52548
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51210
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52541
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51211
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52542
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53871
Source: unknown	Network traffic detected: HTTP traffic on port 58336 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52540
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51214
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52545
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53877
Source: unknown	Network traffic detected: HTTP traffic on port 50897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51215
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52546
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52543
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51212
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51213
Source: unknown	Network traffic detected: HTTP traffic on port 52212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52544
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53874
Source: unknown	Network traffic detected: HTTP traffic on port 56827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53880
Source: unknown	Network traffic detected: HTTP traffic on port 57288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52441 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53803
Source: unknown	Network traffic detected: HTTP traffic on port 51140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53805
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53800
Source: unknown	Network traffic detected: HTTP traffic on port 52477 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55299 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53809
Source: unknown	Network traffic detected: HTTP traffic on port 50607 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53810
Source: unknown	Network traffic detected: HTTP traffic on port 58577 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53501 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50476 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53823
Source: unknown	Network traffic detected: HTTP traffic on port 51790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53827
Source: unknown	Network traffic detected: HTTP traffic on port 55287 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53822
Source: unknown	Network traffic detected: HTTP traffic on port 50619 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53820
Source: unknown	Network traffic detected: HTTP traffic on port 58312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52465 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52505
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52506
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53836
Source: unknown	Network traffic detected: HTTP traffic on port 54430 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52503
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52504
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52509
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52507
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52508
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52501
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52502
Source: unknown	Network traffic detected: HTTP traffic on port 53513 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53832
Source: unknown	Network traffic detected: HTTP traffic on port 50488 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52500
Source: unknown	Network traffic detected: HTTP traffic on port 59241 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58589 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51536 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52475
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52476
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52473
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51143
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52474
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51148
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52479
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51149
Source: unknown	Network traffic detected: HTTP traffic on port 57215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52477
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51147
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52478
Source: unknown	Network traffic detected: HTTP traffic on port 54201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56623 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51151
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52482
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52483
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52480
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51150
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52481
Source: unknown	Network traffic detected: HTTP traffic on port 53598 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53357 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53345 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52486
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51156
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52487
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52484
Source: unknown	Network traffic detected: HTTP traffic on port 57685 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52485
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51159
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51157
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52488
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51158
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52489
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52490
Source: unknown	Network traffic detected: HTTP traffic on port 54442 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51162
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52493
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51163
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52494
Source: unknown	Network traffic detected: HTTP traffic on port 57456 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51160
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52491
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52492
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51161
Source: unknown	Network traffic detected: HTTP traffic on port 50812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56635 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52497
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52498
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52495
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52496
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51165
Source: unknown	Network traffic detected: HTTP traffic on port 53369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52499
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51170
Source: unknown	Network traffic detected: HTTP traffic on port 54191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51171
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51172
Source: unknown	Network traffic detected: HTTP traffic on port 57673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57444 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51175
Source: unknown	Network traffic detected: HTTP traffic on port 53104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51179
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51180
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51181
Source: unknown	Network traffic detected: HTTP traffic on port 54225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51183
Source: unknown	Network traffic detected: HTTP traffic on port 53333 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53562 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54454 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52439
Source: unknown	Network traffic detected: HTTP traffic on port 56576 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51109
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52437
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52438
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53768
Source: unknown	Network traffic detected: HTTP traffic on port 55984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54395 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52431
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52432
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52430
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53760
Source: unknown	Network traffic detected: HTTP traffic on port 57420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52435
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52436
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52433
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52434
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53764
Source: unknown	Network traffic detected: HTTP traffic on port 56839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53770
Source: unknown	Network traffic detected: HTTP traffic on port 55058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57503 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51119
Source: unknown	Network traffic detected: HTTP traffic on port 56659 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52448
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52449
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52442
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52440
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52441
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52446
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52447
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52444
Source: unknown	Network traffic detected: HTTP traffic on port 54466 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52445
Source: unknown	Network traffic detected: HTTP traffic on port 53550 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56564 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56588 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53781
Source: unknown	Network traffic detected: HTTP traffic on port 55996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53780
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52450
Source: unknown	Network traffic detected: HTTP traffic on port 54142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51128
Source: unknown	Network traffic detected: HTTP traffic on port 51188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52459
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52453
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52454
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52451
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52452
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53782
Source: unknown	Network traffic detected: HTTP traffic on port 57493 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52457
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52458
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53788

Source: java.exe, 00000002.00000003.313651469.000000001586F000.00000004.00000001.sdmp	String found in binary or memory: http://null.oracle.com/
Source: cmdlinestart.log.2.dr	String found in binary or memory: http://www.allatori.com
Source: cmdlinestart.log.2.dr	String found in binary or memory: https://github.com/krist
Source: cmdlinestart.log.2.dr	String found in binary or memory: https://github.com/kristian/system-hook/releases/download/3.5/system-hook-3.5.jar
Source: cmdlinestart.log.2.dr	String found in binary or memory: https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jar
Source: cmdlinestart.log.2.dr	String found in binary or memory: https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jar
Source: cmdlinestart.log.2.dr	String found in binary or memory: https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jar

Source: unknown

DNS traffic detected: queries for: repo1.maven.org

Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49796 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49829 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49833 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49840 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49844 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49847 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49850 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49853 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49856 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49858 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49859 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49860 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49861 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49864 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49865 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49866 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49868 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49869 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49870 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49871 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49872 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49873 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49874 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49876 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49877 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49878 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49879 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49881 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49882 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49883 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49886 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49887 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49888 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49889 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49890 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49892 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49896 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49897 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49898 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49899 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49900 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49901 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49902 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49904 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49903 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49905 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49906 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49907 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49908 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49909 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49910 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49911 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49912 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49913 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49914 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49915 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49917 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49916 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49918 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49919 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49920 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49921 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49922 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49923 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49924 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49925 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49926 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49927 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49929 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49928 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49930 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49931 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49932 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49933 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49934 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49935 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49936 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49937 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49938 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49939 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49940 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49941 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49942 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49943 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49944 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49945 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49946 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49947 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49948 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49949 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49951 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49950 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49952 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49953 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49955 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49954 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49956 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49957 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49959 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49958 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49960 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49961 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49962 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49963 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49964 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49965 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49967 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49966 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49968 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49969 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49970 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49971 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49972 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49973 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49974 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49975 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49977 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49978 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49979 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49980 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49982 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49983 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49984 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49985 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49986 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49987 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49988 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49989 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49990 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49991 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49992 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49993 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49994 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49995 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49997 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:49998 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:49999 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50000 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50001 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50002 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50003 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50004 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50005 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50006 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50008 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50009 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50010 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50011 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50012 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50013 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50014 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50015 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50016 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50017 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50018 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50019 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50021 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50020 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50022 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50023 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50024 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50026 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50025 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50027 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50028 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50029 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50030 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50031 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50032 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50033 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50034 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50035 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50036 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50037 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50038 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50039 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50040 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50041 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50042 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50043 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50044 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50046 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50045 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50047 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50048 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50049 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50050 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50051 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50052 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50053 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50055 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50054 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50056 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50057 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50058 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50059 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50060 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50063 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50062 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50065 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50066 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50067 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50068 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50069 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50070 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50071 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50072 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50073 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50075 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50076 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50077 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50078 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50080 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50082 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50083 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50085 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50086 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50087 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50088 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50090 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50089 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50092 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50091 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50093 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50094 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50095 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50097 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50098 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50099 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50100 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50102 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50103 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50104 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50105 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50106 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50107 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50108 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50109 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50110 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50111 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50112 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50114 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50113 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50115 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50116 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50118 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50119 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50120 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50121 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50122 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50123 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50124 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50126 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50125 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50127 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50128 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50129 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50130 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50131 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50132 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50133 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50135 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50134 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50136 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50137 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50139 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50138 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50140 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50141 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50142 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50143 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50144 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50145 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50146 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50147 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50148 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50149 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50150 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50151 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50152 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50154 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50155 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50153 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50157 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50158 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50156 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50159 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50160 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50161 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50162 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50163 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50164 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50165 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50167 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50168 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50169 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50170 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50171 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50172 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50174 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50176 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50177 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50179 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50180 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50182 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50183 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50184 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50186 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50187 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50188 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50189 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50190 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50191 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50192 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50193 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50194 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50195 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50196 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50197 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50198 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50199 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50200 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50201 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50202 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50203 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50204 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50205 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50206 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50207 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50209 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50210 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50211 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50212 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50213 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50214 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50215 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50216 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50217 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50218 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50219 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50220 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50221 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50222 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50223 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50224 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50225 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50226 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50227 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50228 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50230 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50231 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50232 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50233 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50234 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50235 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.5:50236 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.5:50237 version: TLS 1.2

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Process Stats: CPU usage > 98%

Source: Quotation.jar

Virustotal: Detection: 26%

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\Quotation.jar'' >> C:\cmdlinestart.log 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\Quotation.jar'
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M
Source: C:\Windows\SysWOW64\icacls.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\Quotation.jar'
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6328:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6532:120:WilError_01

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

File created: C:\Users\user\2664lock.file

Jump to behavior

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

File created: C:\Users\user\AppData\Local\Temp\hsperfdata_user

Jump to behavior

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Section loaded: C:\Program Files (x86)\Java\jre1.8.0_211\bin\client\jvm.dll

Source: classification engine

Classification label: mal52.evad.winJAR@7/3@12/4

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Data Obfuscation:

Yara detected AllatoriJARObfuscator

Show sources

Source: Yara match

File source: C:\cmdlinestart.log, type: DROPPED

Source: Java tracing

Executes: java.io.Writer.write(java.lang.String) on Obfuscation by Allatori Obfuscator v7.3 DEMO ## ## http://www.allatori.com

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Memory protected: page read and write | page guard

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\Quotation.jar'
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Queries volume information: C:\Users\user\2664lock.file VolumeInformation

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Services File Permissions Weakness1	Services File Permissions Weakness1	Masquerading1	OS Credential Dumping	System Information Discovery12	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Process Injection11	Services File Permissions Weakness1	LSASS Memory	Remote System Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Disable or Modify Tools1	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection11	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Obfuscated Files or Information1	LSA Secrets	Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Quotation.jar	27%	Virustotal		Browse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
sonatype.map.fastly.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://www.allatori.com	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
sonatype.map.fastly.net	199.232.192.209	true	false	0%, Virustotal, Browse	unknown
github.com	140.82.121.3	true	false		high
repo1.maven.org	unknown	unknown	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://null.oracle.com/	java.exe, 00000002.00000003.313651469.000000001586F000.00000004.00000001.sdmp	false		high
https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jar	cmdlinestart.log.2.dr	false		high
https://github.com/krist	cmdlinestart.log.2.dr	false		high
https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jar	cmdlinestart.log.2.dr	false		high
http://www.allatori.com	cmdlinestart.log.2.dr	false	URL Reputation: safe	unknown
https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jar	cmdlinestart.log.2.dr	false		high
https://github.com/kristian/system-hook/releases/download/3.5/system-hook-3.5.jar	cmdlinestart.log.2.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
199.232.192.209	sonatype.map.fastly.net	United States	54113	FASTLYUS	false
140.82.121.3	github.com	United States	36459	GITHUBUS	false
140.82.121.4	unknown	United States	36459	GITHUBUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	492179
Start date:	28.09.2021
Start time:	12:51:05
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 39s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	Quotation.jar
Cookbook file name:	defaultwindowsfilecookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled GSI enabled (Java) AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.evad.winJAR@7/3@12/4
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .jar
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 23.211.6.115, 23.211.4.86, 13.107.5.88, 13.107.42.16, 20.199.120.182, 20.82.209.183, 20.199.120.85, 40.112.88.60, 80.67.82.235, 80.67.82.211, 20.82.210.154, 20.54.110.249 Excluded domains from analysis (whitelisted): client-office365-tas.msedge.net, ocos-office365-s2s.msedge.net, config.edge.skype.com.trafficmanager.net, store-images.s-microsoft.com-c.edgekey.net, e-0009.e-msedge.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, config-edge-skype.l-0007.l-msedge.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, l-0007.l-msedge.net, config.edge.skype.com, client.wns.windows.com, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, afdo-tas-offload.trafficmanager.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ocos-office365-s2s-msedge-net.e-0009.e-msedge.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, l-0007.config.skype.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing network information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
199.232.192.209	NRB-RTGS 28-Sept 2021.jar	Get hash	malicious	Browse
	INQUIRY________535262623.jpg.jar	Get hash	malicious	Browse
	Quotation sheet.jar	Get hash	malicious	Browse
	RFQ_40ft Container.jar	Get hash	malicious	Browse
	INQUIRY________535262623.jpg.jar	Get hash	malicious	Browse
	Quotation sheet.jar	Get hash	malicious	Browse
	RFQ_40ft Container.jar	Get hash	malicious	Browse
	Quotation.jar	Get hash	malicious	Browse
	02_extracted.jar	Get hash	malicious	Browse
	02_extracted.jar	Get hash	malicious	Browse
	dhl paket.jar	Get hash	malicious	Browse
	dhl paket.jar	Get hash	malicious	Browse
	RQF 10020213.jar	Get hash	malicious	Browse
	Quotation.jar	Get hash	malicious	Browse
	Quotation Sheet.jar	Get hash	malicious	Browse
	Quotation Sheet.jar	Get hash	malicious	Browse
	SWIFT_DETAILS.jar	Get hash	malicious	Browse
	Quotation Sheet.jar	Get hash	malicious	Browse
	Quotation Sheet.jar	Get hash	malicious	Browse
	USpstracKER.jar	Get hash	malicious	Browse
140.82.121.3	INQUIRY________535262623.jpg.jar	Get hash	malicious	Browse
	Quotation sheet.jar	Get hash	malicious	Browse
	RFQ_40ft Container.jar	Get hash	malicious	Browse
	INQUIRY________535262623.jpg.jar	Get hash	malicious	Browse
	Quotation sheet.jar	Get hash	malicious	Browse
	RFQ_40ft Container.jar	Get hash	malicious	Browse
	02_extracted.jar	Get hash	malicious	Browse
	02_extracted.jar	Get hash	malicious	Browse
	dhl paket.jar	Get hash	malicious	Browse
	dhl paket.jar	Get hash	malicious	Browse
	CxarNMwOrM.exe	Get hash	malicious	Browse
	ZamCfP5Dev.exe	Get hash	malicious	Browse
	AsvL372I1U.exe	Get hash	malicious	Browse
	RQF 10020213.jar	Get hash	malicious	Browse
	Quotation Sheet.jar	Get hash	malicious	Browse
	Quotation Sheet.jar	Get hash	malicious	Browse
	Quotation Sheet.jar	Get hash	malicious	Browse
	Quotation Sheet.jar	Get hash	malicious	Browse
	W2FDqQa9Da.exe	Get hash	malicious	Browse
	USpstracKER.jar	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
sonatype.map.fastly.net	NRB-RTGS 28-Sept 2021.jar	Get hash	malicious	Browse	199.232.192.209
	INQUIRY________535262623.jpg.jar	Get hash	malicious	Browse	199.232.192.209
	Quotation sheet.jar	Get hash	malicious	Browse	199.232.192.209
	RFQ_40ft Container.jar	Get hash	malicious	Browse	199.232.192.209
	INQUIRY________535262623.jpg.jar	Get hash	malicious	Browse	199.232.192.209
	Quotation sheet.jar	Get hash	malicious	Browse	199.232.192.209
	RFQ_40ft Container.jar	Get hash	malicious	Browse	199.232.192.209
	Quotation.jar	Get hash	malicious	Browse	199.232.192.209
	02_extracted.jar	Get hash	malicious	Browse	199.232.192.209
	02_extracted.jar	Get hash	malicious	Browse	199.232.192.209
	dhl paket.jar	Get hash	malicious	Browse	199.232.192.209
	dhl paket.jar	Get hash	malicious	Browse	199.232.192.209
	RQF 10020213.jar	Get hash	malicious	Browse	199.232.192.209
	Quotation.jar	Get hash	malicious	Browse	199.232.192.209
	Quotation Sheet.jar	Get hash	malicious	Browse	199.232.192.209
	Quotation Sheet.jar	Get hash	malicious	Browse	199.232.192.209
	SWIFT_DETAILS.jar	Get hash	malicious	Browse	199.232.192.209
	Quotation Sheet.jar	Get hash	malicious	Browse	199.232.192.209
	Quotation Sheet.jar	Get hash	malicious	Browse	199.232.192.209
	USpstracKER.jar	Get hash	malicious	Browse	199.232.192.209

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
FASTLYUS	ova9jpkxjW.dll	Get hash	malicious	Browse	151.101.1.44
	6fRcd4Q1n1.dll	Get hash	malicious	Browse	151.101.1.44
	M76Vc463EI.dll	Get hash	malicious	Browse	151.101.1.44
	FROqdaZTXE.dll	Get hash	malicious	Browse	151.101.1.108
	FmtpSM8PqG.dll	Get hash	malicious	Browse	151.101.1.44
	jl9fLPhFtU.dll	Get hash	malicious	Browse	151.101.1.44
	amm4Lw6xgJ.dll	Get hash	malicious	Browse	151.101.1.44
	bT2842KdOz.dll	Get hash	malicious	Browse	151.101.1.44
	6SYurvkD8X.dll	Get hash	malicious	Browse	151.101.1.44
	ZXRYejz88D.dll	Get hash	malicious	Browse	151.101.1.44
	NRB-RTGS 28-Sept 2021.jar	Get hash	malicious	Browse	199.232.192.209
	INQUIRY________535262623.jpg.jar	Get hash	malicious	Browse	199.232.192.209
	Quotation sheet.jar	Get hash	malicious	Browse	199.232.192.209
	RFQ_40ft Container.jar	Get hash	malicious	Browse	199.232.192.209
	INQUIRY________535262623.jpg.jar	Get hash	malicious	Browse	199.232.192.209
	Quotation sheet.jar	Get hash	malicious	Browse	199.232.192.209
	RFQ_40ft Container.jar	Get hash	malicious	Browse	199.232.192.209
	Quotation.jar	Get hash	malicious	Browse	199.232.192.209
	02_extracted.jar	Get hash	malicious	Browse	199.232.192.209
	02_extracted.jar	Get hash	malicious	Browse	199.232.192.209
GITHUBUS	NRB-RTGS 28-Sept 2021.jar	Get hash	malicious	Browse	140.82.121.4
	INQUIRY________535262623.jpg.jar	Get hash	malicious	Browse	140.82.121.4
	Quotation sheet.jar	Get hash	malicious	Browse	140.82.121.4
	RFQ_40ft Container.jar	Get hash	malicious	Browse	140.82.121.4
	INQUIRY________535262623.jpg.jar	Get hash	malicious	Browse	140.82.121.4
	Quotation sheet.jar	Get hash	malicious	Browse	140.82.121.4
	RFQ_40ft Container.jar	Get hash	malicious	Browse	140.82.121.4
	Quotation.jar	Get hash	malicious	Browse	140.82.121.4
	02_extracted.jar	Get hash	malicious	Browse	140.82.121.4
	02_extracted.jar	Get hash	malicious	Browse	140.82.121.4
	dhl paket.jar	Get hash	malicious	Browse	140.82.121.4
	dhl paket.jar	Get hash	malicious	Browse	140.82.121.4
	CxarNMwOrM.exe	Get hash	malicious	Browse	140.82.121.3
	ZamCfP5Dev.exe	Get hash	malicious	Browse	140.82.121.3
	AsvL372I1U.exe	Get hash	malicious	Browse	140.82.121.3
	RQF 10020213.jar	Get hash	malicious	Browse	140.82.121.3
	AW QUOTE 21505 HQ1-Scan-068703_PDF.exe	Get hash	malicious	Browse	140.82.121.4
	DHL QA-Tracker.doc	Get hash	malicious	Browse	140.82.121.4
	Quotation.jar	Get hash	malicious	Browse	140.82.121.4
	Quotation Sheet.jar	Get hash	malicious	Browse	140.82.121.4

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
d2935c58fe676744fecc8614ee5356c7	INQUIRY________535262623.jpg.jar	Get hash	malicious	Browse	199.232.192.209 140.82.121.3 140.82.121.4
	Quotation sheet.jar	Get hash	malicious	Browse	199.232.192.209 140.82.121.3 140.82.121.4
	RFQ_40ft Container.jar	Get hash	malicious	Browse	199.232.192.209 140.82.121.3 140.82.121.4
	INQUIRY________535262623.jpg.jar	Get hash	malicious	Browse	199.232.192.209 140.82.121.3 140.82.121.4
	Quotation sheet.jar	Get hash	malicious	Browse	199.232.192.209 140.82.121.3 140.82.121.4
	RFQ_40ft Container.jar	Get hash	malicious	Browse	199.232.192.209 140.82.121.3 140.82.121.4
	02_extracted.jar	Get hash	malicious	Browse	199.232.192.209 140.82.121.3 140.82.121.4
	02_extracted.jar	Get hash	malicious	Browse	199.232.192.209 140.82.121.3 140.82.121.4
	dhl paket.jar	Get hash	malicious	Browse	199.232.192.209 140.82.121.3 140.82.121.4
	dhl paket.jar	Get hash	malicious	Browse	199.232.192.209 140.82.121.3 140.82.121.4
	Quotation Sheet.jar	Get hash	malicious	Browse	199.232.192.209 140.82.121.3 140.82.121.4
	Quotation Sheet.jar	Get hash	malicious	Browse	199.232.192.209 140.82.121.3 140.82.121.4
	Quotation Sheet.jar	Get hash	malicious	Browse	199.232.192.209 140.82.121.3 140.82.121.4
	Quotation Sheet.jar	Get hash	malicious	Browse	199.232.192.209 140.82.121.3 140.82.121.4
	USpstracKER.jar	Get hash	malicious	Browse	199.232.192.209 140.82.121.3 140.82.121.4
	USpstracKER.jar	Get hash	malicious	Browse	199.232.192.209 140.82.121.3 140.82.121.4
	Invoice.jar	Get hash	malicious	Browse	199.232.192.209 140.82.121.3 140.82.121.4
	payment slip.jar	Get hash	malicious	Browse	199.232.192.209 140.82.121.3 140.82.121.4
	Invoice.jar	Get hash	malicious	Browse	199.232.192.209 140.82.121.3 140.82.121.4
	payment slip.jar	Get hash	malicious	Browse	199.232.192.209 140.82.121.3 140.82.121.4

Dropped Files

No context

Created / dropped Files

C:\ProgramData\Oracle\Java\.oracle_jre_usage\cce3fe3b0d8d83e2.timestamp Download File
Process:	C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.852639084674789
Encrypted:	false
SSDEEP:	3:oFj4I5vpN6yUaekpov:oJ5X6yIv
MD5:	2E1C86353094522C49619B36DEF4D335
SHA1:	73E4B01FF53B455F03ACC9BB3FEB6F90B0882C7E
SHA-256:	94F67278D64327ED7AC762B230BED4FB51878871A5295E79F6F29E08285FCD64
SHA-512:	33B5FE79B500EB3CCCA761351B2AA6DE11119CAF0D950F650357D3F5AC42F3564A025D819D33B1DB1065F07272F1C3A6BF5373E2E5F5C3BEEFBC7ED32362CAB6
Malicious:	false
Reputation:	low
Preview:	C:\Program Files (x86)\Java\jre1.8.0_211..1632858722398..

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\83aa4cc77f591dfc2374580bbd95f6ba_d06ed635-68f6-4e9a-955c-4899f5f57b9a Download File
Process:	C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
File Type:	data
Category:	dropped
Size (bytes):	45
Entropy (8bit):	0.9111711733157262
Encrypted:	false
SSDEEP:	3:/lwlt7n:WNn
MD5:	C8366AE350E7019AEFC9D1E6E6A498C6
SHA1:	5731D8A3E6568A5F2DFBBC87E3DB9637DF280B61
SHA-256:	11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238
SHA-512:	33C980D5A638BFC791DE291EBF4B6D263B384247AB27F261A54025108F2F85374B579A026E545F81395736DD40FA4696F2163CA17640DD47F1C42BC9971B18CD
Malicious:	false
Reputation:	high, very likely benign file
Preview:	........................................J2SE.

C:\cmdlinestart.log Download File
Process:	C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
File Type:	ASCII text, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	635900
Entropy (8bit):	5.037897156829055
Encrypted:	false
SSDEEP:	192:EmMYrvGGGgOOOe3Or3OeOO3wfwfee3OOOee7mmvp3OOOOre3reeeeOeHOOYrOee8:M0
MD5:	08923501DF2652C5C94152A85F19602D
SHA1:	A0698F85DE2E1FB811B41ABED6ED5709E34B9D58
SHA-256:	4AF5DE3F723274F515E5789C63F58A97D9B54798A3FE4E15A2111FBF1B19E455
SHA-512:	B64B72D00A2748D739680A1F543ADF9715708EDF0790C352F9878992F51BF639AEE8874CAB809B2A4F6ED99C3E8954810C3EF099D440C539858F0A506D1E8607
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Allatori_JAR_Obfuscator, Description: Yara detected Allatori_JAR_Obfuscator, Source: C:\cmdlinestart.log, Author: Joe Security
Reputation:	low
Preview:	.################################################.# #.# ## # # ## ### ### ## ### #.# # # # # # # # # # # # # #.# ### # # ### # # # ## # #.# # # ### ### # # # ### # # ### #.# #.# Obfuscation by Allatori Obfuscator v7.3 DEMO #.# #.# http://www.allatori.com #.# #.################################################...Inside main method..Inside constructor..Executing else..Inside InitLib..Inside completeJob..returned false..C:\Users\user\lib\jna-5.5.0.jar..EXCEPTION: https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jar..EXCEPTION: https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jar..EXCEPTION: https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite

Static File Info

General
File type:	Zip archive data, at least v2.0 to extract
Entropy (8bit):	7.970588409725289
TrID:	Java Archive (13504/1) 62.80% ZIP compressed archive (8000/1) 37.20%
File name:	Quotation.jar
File size:	188977
MD5:	8eab8f1a928fa55303b7558536079a2a
SHA1:	491e913225a8c8d144c538fe27cf62f5a8465b38
SHA256:	20351665df8b2d441524a21163e0aa95ea3d3805a873032eb6f55fa1001f3941
SHA512:	886928d68f14c012186872429739d1317350f329e5afa4ec820779e7f312d776433e8926000f522a3393e2ad454779eee1245ba266226bd0c8421f1fb97ba4a0
SSDEEP:	3072:vCcBIJZi3Kd1+Fv2CmQMKMh4BoRAnm8KELI09Cu/qinGVexOvwGyJ5e/wWR5inCw:6jc3Kd1xDQMKoTAnmEL6enGVZdyy/QCw
File Content Preview:	PK........5V<S................META-INF/MANIFEST.MFU..N.0..wK~...p&......&B.B.....S...#...e.J....~....'.2~..l..HQqv...a.~0PX..Br.FC.h\|X.....B%%l..zg..q..r9...#..u.R.=.g.T.O6.....u1.Jyh.Yu.....C.g....).....e....(.B.....l.r6....K........'...{\|yo..7....2@Z...

File Icon


Icon Hash:	d28c8e8ea2868ad6

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2021 12:52:07.078725100 CEST	49734	443	192.168.2.5	140.82.121.3
Sep 28, 2021 12:52:07.078789949 CEST	443	49734	140.82.121.3	192.168.2.5
Sep 28, 2021 12:52:07.078870058 CEST	49734	443	192.168.2.5	140.82.121.3
Sep 28, 2021 12:52:07.079385042 CEST	49735	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.079425097 CEST	443	49735	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.079498053 CEST	49735	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.082746983 CEST	49736	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.082782984 CEST	443	49736	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.082854986 CEST	49736	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.084618092 CEST	49737	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.084681034 CEST	443	49737	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.084754944 CEST	49737	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.191730022 CEST	49734	443	192.168.2.5	140.82.121.3
Sep 28, 2021 12:52:07.191764116 CEST	443	49734	140.82.121.3	192.168.2.5
Sep 28, 2021 12:52:07.192188978 CEST	49736	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.192214966 CEST	443	49736	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.192919016 CEST	49737	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.192950010 CEST	443	49737	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.193367958 CEST	49735	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.193389893 CEST	443	49735	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.234050035 CEST	443	49734	140.82.121.3	192.168.2.5
Sep 28, 2021 12:52:07.234189034 CEST	49734	443	192.168.2.5	140.82.121.3
Sep 28, 2021 12:52:07.252729893 CEST	443	49735	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.252820015 CEST	49735	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.254791021 CEST	443	49737	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.254893064 CEST	49737	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.256146908 CEST	443	49736	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.256252050 CEST	49736	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.518126965 CEST	49736	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.518146038 CEST	443	49736	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.518484116 CEST	443	49736	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.518573999 CEST	49736	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.518663883 CEST	49734	443	192.168.2.5	140.82.121.3
Sep 28, 2021 12:52:07.518695116 CEST	443	49734	140.82.121.3	192.168.2.5
Sep 28, 2021 12:52:07.518846035 CEST	49735	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.518867970 CEST	443	49735	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.518882990 CEST	49737	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.518907070 CEST	443	49737	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.518924952 CEST	443	49734	140.82.121.3	192.168.2.5
Sep 28, 2021 12:52:07.518980026 CEST	49734	443	192.168.2.5	140.82.121.3
Sep 28, 2021 12:52:07.519084930 CEST	443	49735	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.519144058 CEST	49735	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.519325972 CEST	443	49737	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.519413948 CEST	49737	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.520206928 CEST	49736	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.520235062 CEST	443	49736	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.520263910 CEST	49734	443	192.168.2.5	140.82.121.3
Sep 28, 2021 12:52:07.520286083 CEST	443	49734	140.82.121.3	192.168.2.5
Sep 28, 2021 12:52:07.520361900 CEST	49737	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.520384073 CEST	443	49737	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.520390034 CEST	49735	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.520405054 CEST	443	49735	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.534396887 CEST	49738	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.534431934 CEST	443	49738	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.534512997 CEST	49738	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.536267042 CEST	49738	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.536292076 CEST	443	49738	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.536778927 CEST	49739	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.536817074 CEST	443	49739	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.536901951 CEST	49739	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.538320065 CEST	49739	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.538343906 CEST	443	49739	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.542220116 CEST	49740	443	192.168.2.5	140.82.121.3
Sep 28, 2021 12:52:07.542262077 CEST	443	49740	140.82.121.3	192.168.2.5
Sep 28, 2021 12:52:07.542331934 CEST	49740	443	192.168.2.5	140.82.121.3
Sep 28, 2021 12:52:07.543520927 CEST	49741	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.543553114 CEST	443	49741	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.543636084 CEST	49741	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.544382095 CEST	49740	443	192.168.2.5	140.82.121.3
Sep 28, 2021 12:52:07.544405937 CEST	443	49740	140.82.121.3	192.168.2.5
Sep 28, 2021 12:52:07.545156956 CEST	49741	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.545177937 CEST	443	49741	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.573421001 CEST	443	49738	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.573533058 CEST	49738	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.575546026 CEST	49738	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.575592995 CEST	49738	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.575799942 CEST	443	49738	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.575885057 CEST	49738	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.578488111 CEST	443	49739	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.578583002 CEST	49739	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.580636024 CEST	49739	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.580655098 CEST	443	49739	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.580744028 CEST	49739	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.580914021 CEST	443	49739	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.580987930 CEST	49739	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.581458092 CEST	49742	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.581490993 CEST	443	49742	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.581595898 CEST	49742	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.583410025 CEST	49742	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.583427906 CEST	443	49742	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.587757111 CEST	49743	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.587776899 CEST	443	49740	140.82.121.3	192.168.2.5
Sep 28, 2021 12:52:07.587793112 CEST	443	49743	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.587877989 CEST	49740	443	192.168.2.5	140.82.121.3
Sep 28, 2021 12:52:07.587913036 CEST	49743	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.588774920 CEST	443	49741	199.232.192.209	192.168.2.5
Sep 28, 2021 12:52:07.588876963 CEST	49741	443	192.168.2.5	199.232.192.209
Sep 28, 2021 12:52:07.593956947 CEST	49740	443	192.168.2.5	140.82.121.3
Sep 28, 2021 12:52:07.593976974 CEST	443	49740	140.82.121.3	192.168.2.5
Sep 28, 2021 12:52:07.594058990 CEST	49740	443	192.168.2.5	140.82.121.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Sep 28, 2021 12:52:07.047632933 CEST	192.168.2.5	8.8.8.8	0x8995	Standard query (0)	repo1.maven.org	A (IP address)	IN (0x0001)
Sep 28, 2021 12:52:07.047760963 CEST	192.168.2.5	8.8.8.8	0x6fb8	Standard query (0)	github.com	A (IP address)	IN (0x0001)
Sep 28, 2021 12:52:37.174921989 CEST	192.168.2.5	8.8.8.8	0xb45f	Standard query (0)	repo1.maven.org	A (IP address)	IN (0x0001)
Sep 28, 2021 12:52:37.176800013 CEST	192.168.2.5	8.8.8.8	0x14b3	Standard query (0)	github.com	A (IP address)	IN (0x0001)
Sep 28, 2021 12:53:08.076505899 CEST	192.168.2.5	8.8.8.8	0xd97b	Standard query (0)	github.com	A (IP address)	IN (0x0001)
Sep 28, 2021 12:53:08.080358028 CEST	192.168.2.5	8.8.8.8	0x9ea0	Standard query (0)	repo1.maven.org	A (IP address)	IN (0x0001)
Sep 28, 2021 12:53:38.290983915 CEST	192.168.2.5	8.8.8.8	0x557d	Standard query (0)	github.com	A (IP address)	IN (0x0001)
Sep 28, 2021 12:53:38.295867920 CEST	192.168.2.5	8.8.8.8	0xdd50	Standard query (0)	repo1.maven.org	A (IP address)	IN (0x0001)
Sep 28, 2021 12:54:08.354011059 CEST	192.168.2.5	8.8.8.8	0x4d3c	Standard query (0)	github.com	A (IP address)	IN (0x0001)
Sep 28, 2021 12:54:08.354984999 CEST	192.168.2.5	8.8.8.8	0x2775	Standard query (0)	repo1.maven.org	A (IP address)	IN (0x0001)
Sep 28, 2021 12:54:38.467590094 CEST	192.168.2.5	8.8.8.8	0x2c98	Standard query (0)	github.com	A (IP address)	IN (0x0001)
Sep 28, 2021 12:54:38.474905014 CEST	192.168.2.5	8.8.8.8	0x76bc	Standard query (0)	repo1.maven.org	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Sep 28, 2021 12:52:07.068727016 CEST	8.8.8.8	192.168.2.5	0x8995	No error (0)	repo1.maven.org	sonatype.map.fastly.net		CNAME (Canonical name)	IN (0x0001)
Sep 28, 2021 12:52:07.068727016 CEST	8.8.8.8	192.168.2.5	0x8995	No error (0)	sonatype.map.fastly.net		199.232.192.209	A (IP address)	IN (0x0001)
Sep 28, 2021 12:52:07.068727016 CEST	8.8.8.8	192.168.2.5	0x8995	No error (0)	sonatype.map.fastly.net		199.232.196.209	A (IP address)	IN (0x0001)
Sep 28, 2021 12:52:07.068867922 CEST	8.8.8.8	192.168.2.5	0x6fb8	No error (0)	github.com		140.82.121.3	A (IP address)	IN (0x0001)
Sep 28, 2021 12:52:37.195182085 CEST	8.8.8.8	192.168.2.5	0xb45f	No error (0)	repo1.maven.org	sonatype.map.fastly.net		CNAME (Canonical name)	IN (0x0001)
Sep 28, 2021 12:52:37.195182085 CEST	8.8.8.8	192.168.2.5	0xb45f	No error (0)	sonatype.map.fastly.net		199.232.192.209	A (IP address)	IN (0x0001)
Sep 28, 2021 12:52:37.195182085 CEST	8.8.8.8	192.168.2.5	0xb45f	No error (0)	sonatype.map.fastly.net		199.232.196.209	A (IP address)	IN (0x0001)
Sep 28, 2021 12:52:37.204977989 CEST	8.8.8.8	192.168.2.5	0x14b3	No error (0)	github.com		140.82.121.3	A (IP address)	IN (0x0001)
Sep 28, 2021 12:53:08.097497940 CEST	8.8.8.8	192.168.2.5	0xd97b	No error (0)	github.com		140.82.121.4	A (IP address)	IN (0x0001)
Sep 28, 2021 12:53:08.099559069 CEST	8.8.8.8	192.168.2.5	0x9ea0	No error (0)	repo1.maven.org	sonatype.map.fastly.net		CNAME (Canonical name)	IN (0x0001)
Sep 28, 2021 12:53:08.099559069 CEST	8.8.8.8	192.168.2.5	0x9ea0	No error (0)	sonatype.map.fastly.net		199.232.192.209	A (IP address)	IN (0x0001)
Sep 28, 2021 12:53:08.099559069 CEST	8.8.8.8	192.168.2.5	0x9ea0	No error (0)	sonatype.map.fastly.net		199.232.196.209	A (IP address)	IN (0x0001)
Sep 28, 2021 12:53:38.312550068 CEST	8.8.8.8	192.168.2.5	0x557d	No error (0)	github.com		140.82.121.4	A (IP address)	IN (0x0001)
Sep 28, 2021 12:53:38.316076040 CEST	8.8.8.8	192.168.2.5	0xdd50	No error (0)	repo1.maven.org	sonatype.map.fastly.net		CNAME (Canonical name)	IN (0x0001)
Sep 28, 2021 12:53:38.316076040 CEST	8.8.8.8	192.168.2.5	0xdd50	No error (0)	sonatype.map.fastly.net		199.232.192.209	A (IP address)	IN (0x0001)
Sep 28, 2021 12:53:38.316076040 CEST	8.8.8.8	192.168.2.5	0xdd50	No error (0)	sonatype.map.fastly.net		199.232.196.209	A (IP address)	IN (0x0001)
Sep 28, 2021 12:54:08.374155998 CEST	8.8.8.8	192.168.2.5	0x2775	No error (0)	repo1.maven.org	sonatype.map.fastly.net		CNAME (Canonical name)	IN (0x0001)
Sep 28, 2021 12:54:08.374155998 CEST	8.8.8.8	192.168.2.5	0x2775	No error (0)	sonatype.map.fastly.net		199.232.192.209	A (IP address)	IN (0x0001)
Sep 28, 2021 12:54:08.374155998 CEST	8.8.8.8	192.168.2.5	0x2775	No error (0)	sonatype.map.fastly.net		199.232.196.209	A (IP address)	IN (0x0001)
Sep 28, 2021 12:54:08.375171900 CEST	8.8.8.8	192.168.2.5	0x4d3c	No error (0)	github.com		140.82.121.4	A (IP address)	IN (0x0001)
Sep 28, 2021 12:54:38.499931097 CEST	8.8.8.8	192.168.2.5	0x2c98	No error (0)	github.com		140.82.121.3	A (IP address)	IN (0x0001)
Sep 28, 2021 12:54:38.499957085 CEST	8.8.8.8	192.168.2.5	0x76bc	No error (0)	repo1.maven.org	sonatype.map.fastly.net		CNAME (Canonical name)	IN (0x0001)
Sep 28, 2021 12:54:38.499957085 CEST	8.8.8.8	192.168.2.5	0x76bc	No error (0)	sonatype.map.fastly.net		199.232.192.209	A (IP address)	IN (0x0001)
Sep 28, 2021 12:54:38.499957085 CEST	8.8.8.8	192.168.2.5	0x76bc	No error (0)	sonatype.map.fastly.net		199.232.196.209	A (IP address)	IN (0x0001)

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: cmd.exe PID: 6312 Parent PID: 4660

General

Start time:	12:51:58
Start date:	28/09/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c ''C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\Quotation.jar'' >> C:\cmdlinestart.log 2>&1
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: conhost.exe PID: 6328 Parent PID: 6312

General

Start time:	12:51:58
Start date:	28/09/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: java.exe PID: 6376 Parent PID: 6312

General

Start time:	12:51:59
Start date:	28/09/2021
Path:	C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\Quotation.jar'
Imagebase:	0xed0000
File size:	192376 bytes
MD5 hash:	28733BA8C383E865338638DF5196E6FE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Java
Reputation:	high

Analysis Process: icacls.exe PID: 6484 Parent PID: 6376

General

Start time:	12:52:02
Start date:	28/09/2021
Path:	C:\Windows\SysWOW64\icacls.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M
Imagebase:	0xc30000
File size:	29696 bytes
MD5 hash:	FF0D1D4317A44C951240FAE75075D501
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: conhost.exe PID: 6532 Parent PID: 6484

General

Start time:	12:52:03
Start date:	28/09/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may execute their own malicious payloads by hijacking the binaries used by services. Adversaries may use flaws in the permissions of Windows services to replace the binary that is executed upon service start. These service processes may automatically execute specific binaries as part of their functionality or to perform other actions. If the permissions on the file system directory containing a target binary, or permissions on the binary itself are improperly set, then the target binary may be overwritten with another binary using user-level permissions and executed by the original process. If the original process and thread are running under a higher permissions level, then the replaced binary will also execute under higher-level permissions, which could include SYSTEM.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Services
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system. Functionality could exist within remote access tools to enable this, but utilities available on the operating system could also be used such as Ping or `net view` using Net . Adversaries may also use local host files (ex: `C:\Windows\System32\Drivers\etc\hosts` or `/etc/hosts` ) in order to discover the hostname to IP address mappings of remote systems.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report Quotation.jar

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Networking:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Network Behavior

Network Port Distribution

TCP Packets

DNS Queries

DNS Answers

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: cmd.exe PID: 6312 Parent PID: 4660

General

Analysis Process: conhost.exe PID: 6328 Parent PID: 6312

General

Analysis Process: java.exe PID: 6376 Parent PID: 6312

General

Analysis Process: icacls.exe PID: 6484 Parent PID: 6376

General

Analysis Process: conhost.exe PID: 6532 Parent PID: 6484

General

Disassembly

Code Analysis