Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report http://1.a79ab95c1589a13f8a4cab612bc71f9f7.com

Overview

General Information

Sample URL:http://1.a79ab95c1589a13f8a4cab612bc71f9f7.com
Analysis ID:320652

Most interesting Screenshot:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

Startup

  • System is w10x64
  • iexplore.exe (PID: 6120 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 4060 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6120 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: 1.a79ab95c1589a13f8a4cab612bc71f9f7.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 1.a79ab95c1589a13f8a4cab612bc71f9f7.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1User-Agent: AutoItHost: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xf8d903dc,0x01d6bed3</date><accdate>0xf8d903dc,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xf8d903dc,0x01d6bed3</date><accdate>0xf8db6600,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xf8ddc83a,0x01d6bed3</date><accdate>0xf8ddc83a,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xf8ddc83a,0x01d6bed3</date><accdate>0xf8ddc83a,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xf8e02aa4,0x01d6bed3</date><accdate>0xf8e02aa4,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xf8e02aa4,0x01d6bed3</date><accdate>0xf8e02aa4,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: unknownDNS traffic detected: queries for: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: application/xmlTransfer-Encoding: chunkedConnection: keep-aliveDate: Thu, 19 Nov 2020 15:27:17 GMTServer: AmazonS3X-Cache: Error from cloudfrontVia: 1.1 c3ee0b759208fdcbade39e3e283300c7.cloudfront.net (CloudFront)X-Amz-Cf-Pop: ZAG50-C1X-Amz-Cf-Id: barkH5gDgEpYO6dxbKI5Lpnl2mPcN6F8wSzCKFe0RWjjEJkq7LZbFw==Data Raw: 31 31 61 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 4b 65 79 3e 66 61 76 69 63 6f 6e 2e 69 63 6f 3c 2f 4b 65 79 3e 3c 52 65 71 75 65 73 74 49 64 3e 30 4b 42 53 41 59 30 4b 45 47 46 51 39 4e 35 54 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 42 69 43 51 6c 64 64 75 6d 56 61 63 63 2b 77 73 57 4a 39 38 42 4e 5a 42 6e 44 4c 4c 33 62 45 41 74 35 4a 78 55 4d 54 42 31 6e 32 4f 35 63 61 59 6d 79 79 2f 6f 4e 6d 62 70 74 39 57 66 52 46 6f 4c 58 55 76 66 55 73 52 5a 4a 67 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e 0d 0a Data Ascii: 11a<?xml version="1.0" encoding="UTF-8"?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>favicon.ico</Key><RequestId>0KBSAY0KEGFQ9N5T</RequestId><HostId>BiCQlddumVacc+wsWJ98BNZBnDLL3bEAt5JxUMTB1n2O5caYmyy/oNmbpt9WfRFoLXUvfUsRZJg=</HostId></Error>
Source: ~DF47CA723523EFC965.TMP.1.drString found in binary or memory: http://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/
Source: {2328D968-2AC7-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: http://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/13f8a4cab612bc71f9f7.com/Root
Source: {2328D968-2AC7-11EB-90E4-ECF4BB862DED}.dat.1.drString found in binary or memory: http://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/Root
Source: msapplication.xml.1.drString found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.1.drString found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.drString found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.drString found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.drString found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.drString found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.drString found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.drString found in binary or memory: http://www.youtube.com/
Source: classification engineClassification label: clean0.win@3/17@3/1
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF036172F0B21E1F86.TMPJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6120 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6120 CREDAT:17410 /prefetch:2Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Masquerading1OS Credential DumpingFile and Directory Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumNon-Application Layer Protocol3Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothApplication Layer Protocol3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationIngress Tool Transfer3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://1.a79ab95c1589a13f8a4cab612bc71f9f7.com0%VirustotalBrowse
http://1.a79ab95c1589a13f8a4cab612bc71f9f7.com0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
1.a79ab95c1589a13f8a4cab612bc71f9f7.com0%VirustotalBrowse
cdn.onenote.net1%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/0%VirustotalBrowse
http://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/13f8a4cab612bc71f9f7.com/Root0%Avira URL Cloudsafe
http://www.wikipedia.com/0%URL Reputationsafe
http://www.wikipedia.com/0%URL Reputationsafe
http://www.wikipedia.com/0%URL Reputationsafe
http://www.wikipedia.com/0%URL Reputationsafe
http://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/favicon.ico0%Avira URL Cloudsafe
http://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/Root0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
d3lyk6mjwds9ox.cloudfront.net
65.9.190.112
truefalse
    		high
    1.a79ab95c1589a13f8a4cab612bc71f9f7.com
    		unknown
    		unknownfalseunknown
    cdn.onenote.net
    		unknown
    		unknownfalseunknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/falseunknown
    http://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/favicon.icofalse
    • Avira URL Cloud: safe
    		unknown
    http://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/falseunknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/13f8a4cab612bc71f9f7.com/Root{2328D968-2AC7-11EB-90E4-ECF4BB862DED}.dat.1.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.wikipedia.com/msapplication.xml6.1.drfalse
    • URL Reputation: safe
    • URL Reputation: safe
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    http://www.amazon.com/msapplication.xml.1.drfalse
      		high
      http://www.nytimes.com/msapplication.xml3.1.drfalse
        		high
        http://www.live.com/msapplication.xml2.1.drfalse
          		high
          http://www.reddit.com/msapplication.xml4.1.drfalse
            		high
            http://www.twitter.com/msapplication.xml5.1.drfalse
              		high
              http://www.youtube.com/msapplication.xml7.1.drfalse
                		high
                http://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/Root{2328D968-2AC7-11EB-90E4-ECF4BB862DED}.dat.1.drfalse
                • Avira URL Cloud: safe
                		unknown

                Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public

                IPDomainCountryFlagASNASN NameMalicious
                65.9.190.112
                		unknownUnited States
                		16509AMAZON-02USfalse

                General Information

                Joe Sandbox Version:31.0.0 Red Diamond
                Analysis ID:320652
                Start date:19.11.2020
                Start time:16:26:25
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 3m 26s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:browseurl.jbs
                Sample URL:http://1.a79ab95c1589a13f8a4cab612bc71f9f7.com
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:16
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:CLEAN
                Classification:clean0.win@3/17@3/1
                Cookbook Comments:
                • Adjust boot time
                • Enable AMSI
                Warnings:
                Show All
                • Exclude process from analysis (whitelisted): ielowutil.exe, RuntimeBroker.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 104.42.151.234, 104.108.39.131, 52.255.188.83, 84.53.167.113, 104.108.60.202, 40.90.137.125, 13.104.215.72, 40.90.23.247, 40.90.137.126, 40.90.23.208, 40.90.137.127, 40.90.137.124, 40.90.23.154, 93.184.220.29, 13.107.42.23, 13.107.5.88, 152.199.19.161, 13.88.21.125, 23.210.248.85, 2.20.142.210, 2.20.142.209, 23.210.249.50, 51.11.168.160, 204.79.197.200, 13.107.21.200, 92.122.145.220
                • Excluded domains from analysis (whitelisted): cs9.wac.phicdn.net, arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, cdn.onenote.net.edgekey.net, e11290.dspg.akamaiedge.net, ocsp.digicert.com, wildcard.weather.microsoft.com.edgekey.net, login.live.com, audownload.windowsupdate.nsatc.net, watson.telemetry.microsoft.com, au-bg-shim.trafficmanager.net, www.bing.com, afdo-tas-offload.trafficmanager.net, fs.microsoft.com, dual-a-0001.a-msedge.net, storeedgefd.dsx.mp.microsoft.com.edgekey.net, umwatsonrouting.trafficmanager.net, store-images.s-microsoft.com, e1553.dspg.akamaiedge.net, www.tm.lg.prod.aadmsa.trafficmanager.net, cs9.wpc.v0cdn.net, storeedgefd.dsx.mp.microsoft.com.edgekey.net.globalredir.akadns.net, au.download.windowsupdate.com.edgesuite.net, client-office365-tas.msedge.net, ocos-office365-s2s.msedge.net, config.edge.skype.com.trafficmanager.net, store-images.s-microsoft.com-c.edgekey.net, e-0009.e-msedge.net, config-edge-skype.l-0014.l-msedge.net, e15275.g.akamaiedge.net, l-0014.config.skype.com, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, storeedgefd.xbetservices.akadns.net, arc.msn.com, iecvlist.microsoft.com, e12564.dspb.akamaiedge.net, blu-main-ips-v4only.a.lg.prod.aadmsa.trafficmanager.net, go.microsoft.com, prod.fs.microsoft.com.akadns.net, config.edge.skype.com, storeedgefd.dsx.mp.microsoft.com, ie9comview.vo.msecnd.net, tile-service.weather.microsoft.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, login.msa.msidentity.com, ocos-office365-s2s-msedge-net.e-0009.e-msedge.net, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, go.microsoft.com.edgekey.net, l-0014.l-msedge.net, e16646.dscg.akamaiedge.net, skypedataprdcolwus16.cloudapp.net, skypedataprdcolwus15.cloudapp.net

                Simulations

                Behavior and APIs

                No simulations

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASN

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2328D966-2AC7-11EB-90E4-ECF4BB862DED}.dat
                Process:C:\Program Files\internet explorer\iexplore.exe
                File Type:Microsoft Word Document
                Category:dropped
                Size (bytes):30296
                Entropy (8bit):1.858734680628366
                Encrypted:false
                SSDEEP:48:IwaGcprXGwpLgG/ap8arGIpcI/GvnZpvIfGooqp9IqGo4hpmI+GW2G9I6GWAGvIR:reZBZa2a9WIQtI1fI9hMIYIwIVfIpMX
                MD5:DAEFC1DBE0A01DF8280F6224D599DCDD
                SHA1:0F033465596A3733E85273B035D0B031ACE64145
                SHA-256:44D66CA2BC36F4FD67B68B10E9B3C4A905838706C3CC818BD3D9EB4890CB772D
                SHA-512:3B8A881157A2465122D295C8C9E5AD71E5951A37A058A2382B23C9D2256AE6055F034D911C6E444DB3B330539E7585937059C15A768BE3011B420AB00AFDF3C5
                Malicious:false
                Reputation:low
                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2328D968-2AC7-11EB-90E4-ECF4BB862DED}.dat
                Process:C:\Program Files\internet explorer\iexplore.exe
                File Type:Microsoft Word Document
                Category:dropped
                Size (bytes):26304
                Entropy (8bit):1.678537816981751
                Encrypted:false
                SSDEEP:48:Iw8GcprFGwpaBG4pQdGrapbSLrGQpBmGHHpc4wsTGUp846GzYpm4NzYGopZ2NjGm:rgZPQT69BSLFjl2vkWzMmYva0DXtA
                MD5:34823F79851F0EF4AFDCC7D3D9843364
                SHA1:4659F2842B1EC4CF98A18CC07F4BA135015EAC15
                SHA-256:42AB634AB69E8D0E87A629B7B7FEE6DF613018055B48B7F4399C50479556727A
                SHA-512:8137487C79AA900616872573031EF8C961CE5CF0CAEC74E2CBDDE5684CB05105D8864FA026D0E7323B17EF55FD621E6820AD0BBE2CF33BB53207DC4B91170500
                Malicious:false
                Reputation:low
                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2328D969-2AC7-11EB-90E4-ECF4BB862DED}.dat
                Process:C:\Program Files\internet explorer\iexplore.exe
                File Type:Microsoft Word Document
                Category:dropped
                Size (bytes):16984
                Entropy (8bit):1.5647429551997143
                Encrypted:false
                SSDEEP:48:IwuGcprTGwpavG4pQ3GrapbSirGQpKcG7HpRnsTGIpG:ryZNQh6LBSiFA3Tn4A
                MD5:F7C7EBA54C235682EF0516FB59957D00
                SHA1:7D8A3A16C4886AD04F89A2A4537445F60A7FDF12
                SHA-256:68B99F3264A09D93642CA7D7DD080B6E672E28C045EEBCC51B5DE98DCD79E89F
                SHA-512:EFC48BC0F9D6481257C95A65130468655AB2712AF0FAFB25F2907BF7640496D04EBDAE27AEF4E26DECC56643CEFB3E4B0B2238EA8273F6478039EFD3AE585811
                Malicious:false
                Reputation:low
                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
                Process:C:\Program Files\internet explorer\iexplore.exe
                File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                Category:dropped
                Size (bytes):656
                Entropy (8bit):5.051025430503748
                Encrypted:false
                SSDEEP:12:TMHdNMNxOE7HHnWimI002EtM3MHdNMNxOE7HHnWimI00ObVbkEtMb:2d6NxOiSZHKd6NxOiSZ76b
                MD5:8BA833405CB38D6CF2EDADB9ED7605CE
                SHA1:6B20139074106EC6655911C7EB8D2CC529137E94
                SHA-256:9BE4E98E3B6964C0BE0740CB23442FDFA9ED0BBAC9D50A043757C6071262A6CA
                SHA-512:F6948BE356A3ED2C328F11B18FD3B87526402E12F1AB7AABA6821EB2E642B4815C4A8DE4FD2199B5BA841D755C11C6205236C26FFC05F64C44DAFE2060CD5A39
                Malicious:false
                Reputation:low
                Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xf8ddc83a,0x01d6bed3</date><accdate>0xf8ddc83a,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xf8ddc83a,0x01d6bed3</date><accdate>0xf8ddc83a,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
                Process:C:\Program Files\internet explorer\iexplore.exe
                File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                Category:dropped
                Size (bytes):653
                Entropy (8bit):5.092573668206952
                Encrypted:false
                SSDEEP:12:TMHdNMNxe2kTnWimI002EtM3MHdNMNxe2kTnWimI00Obkak6EtMb:2d6Nxr+SZHKd6Nxr+SZ7Aa7b
                MD5:103EF68482432BB3E85D505401CE5A45
                SHA1:9BDBC2075B2C4244B29784ED295321DCC47E77DC
                SHA-256:EB81E6E7A95F937C6F18223DBBE1B732D96D092AEA0B1C87EF036D1449F781CE
                SHA-512:B55B95192017829E51D3B17DF4EBDDBA077F1BCC3CF3588FA3287615825D97C810A8BF647436F61C1AC5C6506A8523C91D089205340812225D634A3F1526D4CF
                Malicious:false
                Reputation:low
                Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xf8d43ed1,0x01d6bed3</date><accdate>0xf8d43ed1,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xf8d43ed1,0x01d6bed3</date><accdate>0xf8d43ed1,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
                Process:C:\Program Files\internet explorer\iexplore.exe
                File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                Category:dropped
                Size (bytes):662
                Entropy (8bit):5.067290072764572
                Encrypted:false
                SSDEEP:12:TMHdNMNxvL7HHnWimI002EtM3MHdNMNxvL7HHnWimI00ObmZEtMb:2d6Nxv3SZHKd6Nxv3SZ7mb
                MD5:AB4347EE17F0E90DE98A8DF5BEB14C27
                SHA1:4FAB7B80B0EB60F13F0B9FF065E116CB219C118A
                SHA-256:2269D0E22293C1252C34E06EBFCD205D8027C95B7E6EFAD0CAEFACC699138BCF
                SHA-512:D2F5148F9F12753C6D3F0494113C701184F954823AC5400F07020577FA5AA35D22E4DE94FC4DE172AD4199930DD301A20BFD6FE15C72E08BE3D9864A6851DF06
                Malicious:false
                Reputation:low
                Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xf8ddc83a,0x01d6bed3</date><accdate>0xf8ddc83a,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xf8ddc83a,0x01d6bed3</date><accdate>0xf8ddc83a,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
                Process:C:\Program Files\internet explorer\iexplore.exe
                File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                Category:dropped
                Size (bytes):647
                Entropy (8bit):5.07881422140658
                Encrypted:false
                SSDEEP:12:TMHdNMNxi5nWimI002EtM3MHdNMNxi5nWimI00Obd5EtMb:2d6NxWSZHKd6NxWSZ7Jjb
                MD5:76DC4FDD4C640B0C8298FC1EAAE45D6B
                SHA1:B653E60023095BA34F41C1BAB6806CF0F155825A
                SHA-256:294FA2EE05FDFCA49A55731CAE0F6938A9DB087177603943739B55369A7688B7
                SHA-512:7F3E863388257451F5C66F103CB35B6A1714B4C644E04D164C5BCB0784BBE0333393BCB1F7B68D5E6E4CC74B2596979C0167AEB038F5F9642E2C1B217A20B971
                Malicious:false
                Reputation:low
                Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xf8db6600,0x01d6bed3</date><accdate>0xf8db6600,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xf8db6600,0x01d6bed3</date><accdate>0xf8db6600,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
                Process:C:\Program Files\internet explorer\iexplore.exe
                File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                Category:dropped
                Size (bytes):656
                Entropy (8bit):5.109012985746044
                Encrypted:false
                SSDEEP:12:TMHdNMNxhGwSj+nWimI002EtM3MHdNMNxhGwSj+nWimI00Ob8K075EtMb:2d6NxQvj+SZHKd6NxQvj+SZ7YKajb
                MD5:C83391EA076674A4D3B11C77AB0909BE
                SHA1:FD6D8DA4A974C5F54A9A2812EDE39593DCFD2E20
                SHA-256:4ECAFFE8C1F35DB2841173024CC99E46D846D24C372483879091943C9D81DE8C
                SHA-512:304C51836E2775E703D46AB60A62D3D930258905AF37D0640840B189F49400E23572B48EF8BFAACCC22E7E125500D7670C6D11293EAE775C514885BD9E943910
                Malicious:false
                Reputation:low
                Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xf8e02aa4,0x01d6bed3</date><accdate>0xf8e02aa4,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xf8e02aa4,0x01d6bed3</date><accdate>0xf8e02aa4,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
                Process:C:\Program Files\internet explorer\iexplore.exe
                File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                Category:dropped
                Size (bytes):653
                Entropy (8bit):5.0477362903411755
                Encrypted:false
                SSDEEP:12:TMHdNMNx0n7HHnWimI002EtM3MHdNMNx0n7HHnWimI00ObxEtMb:2d6Nx0bSZHKd6Nx0bSZ7nb
                MD5:405FA2C64FB46F1EEED71C29B293F770
                SHA1:1537B61F070E80216B0639C5146002EF4782D8FF
                SHA-256:517806B4CE135539284EA6C3CEC26856CB8913E2231154440483BC124B6E6735
                SHA-512:D2C6112BD30EC2D784E5DBD7CF6D54AEA2CB80B4EDFB62B3E86CCE5807682B62AFE1267BDE1063DB24B34D941645435282FF00B93D5909CB8FBA28DB7FB2DD00
                Malicious:false
                Reputation:low
                Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xf8ddc83a,0x01d6bed3</date><accdate>0xf8ddc83a,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xf8ddc83a,0x01d6bed3</date><accdate>0xf8ddc83a,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
                Process:C:\Program Files\internet explorer\iexplore.exe
                File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                Category:dropped
                Size (bytes):656
                Entropy (8bit):5.104213969140059
                Encrypted:false
                SSDEEP:12:TMHdNMNxx5nWimI002EtM3MHdNMNxxSHnWimI00Ob6Kq5EtMb:2d6Nx7SZHKd6NxSSZ7ob
                MD5:931A2D57C292D176E1951FF6717E3C9E
                SHA1:E46AD3AE7090E5FB27FEE23EA4A4BF20BB5EF91B
                SHA-256:95891427965BCCAE17E612E051544A4D3D809BAE90A7653D39859C3936F9A18F
                SHA-512:B22D2C26FB0A51A1ED9728C3F5278A5EC8B3492C89E9BCCB571366DD58B6CB45291B0E297CEE80D5A05E74C5872A319FE241FAB7DFC4D9219802D8E82400BFC4
                Malicious:false
                Reputation:low
                Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xf8db6600,0x01d6bed3</date><accdate>0xf8db6600,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xf8db6600,0x01d6bed3</date><accdate>0xf8ddc83a,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
                Process:C:\Program Files\internet explorer\iexplore.exe
                File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                Category:dropped
                Size (bytes):659
                Entropy (8bit):5.085729951515179
                Encrypted:false
                SSDEEP:12:TMHdNMNxcbVtVRnWimI002EtM3MHdNMNxcbVwnWimI00ObVEtMb:2d6Nx6VtVRSZHKd6Nx6VwSZ7Db
                MD5:528DCE8EEE384FB9A69F63AD2D7A2151
                SHA1:86B8CB80D9BB6C1D148FF8D2881D0FF39505C2C4
                SHA-256:0DA04338D5A188348833EE64A2D84FE9DAB0CF5E14CB4AC4FCC6B5BAE8E6E8CA
                SHA-512:D04DB66F8498098CEC2B9902395C66920D9884759895613FAF03CF27AFD2CEF2CDD4A78A65E8C8DBE0B3150FC9A357F7F1FABEFDB55B67EF03A85A7BCE9A8203
                Malicious:false
                Reputation:low
                Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xf8d903dc,0x01d6bed3</date><accdate>0xf8d903dc,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xf8d903dc,0x01d6bed3</date><accdate>0xf8db6600,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
                Process:C:\Program Files\internet explorer\iexplore.exe
                File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                Category:dropped
                Size (bytes):653
                Entropy (8bit):5.064774658514921
                Encrypted:false
                SSDEEP:12:TMHdNMNxfn5nWimI002EtM3MHdNMNxfn5nWimI00Obe5EtMb:2d6NxBSZHKd6NxBSZ7ijb
                MD5:747F7F8DA3D26F01C2937452FABA8D73
                SHA1:605E6A6C30D134F90949120FA7570A8FCE472454
                SHA-256:174A1847C70C0CA2E201E407B165D7862FD75A59CA3B222248EE23A6DD94BC95
                SHA-512:24DB29CB979FD4F630DFF80550C6B16E0D8484F96866E126F492F001F23BB9998937369E3C067F4B134FAEC60C1949D17370F9FFF8B2B69D8663E17B8EC366AC
                Malicious:false
                Reputation:low
                Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xf8db6600,0x01d6bed3</date><accdate>0xf8db6600,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xf8db6600,0x01d6bed3</date><accdate>0xf8db6600,0x01d6bed3</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\xmltreeview[1]
                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                File Type:ASCII text, with CRLF line terminators
                Category:downloaded
                Size (bytes):17524
                Entropy (8bit):4.340063035506032
                Encrypted:false
                SSDEEP:192:wiuFhk5un5EpDdblzKaz+OJGbiIBJofNbr5/dn82/jqmo3qAi:rq25unWZd9dvJGiIBJoh387oAi
                MD5:03710426AB25AD1280E197F61249F9DE
                SHA1:F5E7A6FD42503AE4758BC36C8DD78D98EFB35047
                SHA-256:21E63F7C77896ED2B5F115957F2448E0A9E2DD738D7D487E471217421F6A93E1
                SHA-512:213CB55B8573335D1384AE704FF4267F224376056F71548660F9B2FDAA1203D8ABDDB787900AAF5D1E0AC6E5BE261F713BDBEFB67643D08E8D3672512A1AF588
                Malicious:false
                Reputation:low
                IE Cache URL:res://mshtml.dll/xmltreeview.js
                Preview: (function()..{.. var XHTML = "http://www.w3.org/1999/xhtml";.. .. // Time slicing constants.. var LIMIT = 10; // Maximum number of nodes to process before checking time.. var DURATION = 200; // Maximum amount of time (ms) to process before unblocking UI.. var DELAY = 15; // Amount of time (ms) to unblock UI.... // Tree building state.. var iterator;.. var nextNode;.. var root;.. var rootFirstChild;.. var time;.. .. // Template References.. var attrTemplate, attrName, attrValue;.. var elmStartTemplate, elmStartName;.. var elmEndTemplate, elmEndName;.. var cdataTemplate, cdataValue;.. var commentTemplate, commentValue;.. var style; .. .. // Only invoke this script if it was injected by our parser. Test for a condition that is.. // impossible for a markup to create - two direct children of the document... var secondRootElement = document.documentElement.nextElementSibling;.. if (secondRootElement == null
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\B1LPSEAC.xml
                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                File Type:XML 1.0 document, ASCII text, with very long lines
                Category:downloaded
                Size (bytes):244262
                Entropy (8bit):5.358780860213862
                Encrypted:false
                SSDEEP:1536:tX5F2hG2k4354i/iYoP3YrsJB86dx9xP9q:hm3qYo6678
                MD5:ADF3E8AF729400FAB12FF1414EABC43D
                SHA1:57590E78DA2BCBC965DF979ED805FBF61B0FF042
                SHA-256:DBE8AF158F6F4075DF075F6E0644062D0FE174D2E7F8C22F3ABAFB175C80B7F4
                SHA-512:4330F5C92BBF99050BFA5481B141F10AAEB81A9E46F6DADFAFAE34B10552F2BAFC80BEF35679C294E14EA0D4B21CEC4FB8C172C491FBCDFAEA44CA7CFEE90E29
                Malicious:false
                Reputation:low
                IE Cache URL:http://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/
                Preview: <?xml version="1.0" encoding="UTF-8"?>.<ListBucketResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Name>bcdn-god</Name><Prefix></Prefix><Marker></Marker><MaxKeys>1000</MaxKeys><IsTruncated>true</IsTruncated><Contents><Key>BioCatchSDKV2.13.1.6510_dynamic.zip</Key><LastModified>2020-10-26T15:18:18.000Z</LastModified><ETag>&quot;84b3d7fc5df1653c67e96075fa933487-8&quot;</ETag><Size>63218970</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>System Volume Information/</Key><LastModified>2020-09-12T01:03:03.000Z</LastModified><ETag>&quot;d41d8cd98f00b204e9800998ecf8427e&quot;</ETag><Size>0</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>System Volume Information/IndexerVolumeGuid</Key><LastModified>2020-09-12T01:03:10.000Z</LastModified><ETag>&quot;e89dcea7e5c0eb471f9760ecbd036c04&quot;</ETag><Size>76</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>android-native-sample-app-3_6.zip</Key><LastModified>2020-06-22T09:47:48.000Z<
                C:\Users\user\AppData\Local\Temp\~DF036172F0B21E1F86.TMP
                Process:C:\Program Files\internet explorer\iexplore.exe
                File Type:data
                Category:dropped
                Size (bytes):13029
                Entropy (8bit):0.4792841981885105
                Encrypted:false
                SSDEEP:24:c9lLh9lLh9lIn9lIn9loQkF9loQk9lWQNFt79:kBqoIicoFt9
                MD5:E122FC0A64A68A51CDF18AC78D4CE480
                SHA1:6D5A5FD45330068CCCFDF253B6E20431CB5E9CFB
                SHA-256:7D637FFB057D703F38A9ABF64507A5B4DF7F5FDF56BDD57AB542A3510E866AF0
                SHA-512:33CF1660268AB8D574A448191D452BB90E7EE76DE1281680964F5CEE6CE92E8CD268FD1BC1E1AE5D4F138B8A2DEEC5599B0C45A51F5B71F3C96C6CA6BC155FFF
                Malicious:false
                Reputation:low
                Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                C:\Users\user\AppData\Local\Temp\~DF2E8FA94765ACAF22.TMP
                Process:C:\Program Files\internet explorer\iexplore.exe
                File Type:data
                Category:dropped
                Size (bytes):25441
                Entropy (8bit):0.27918767598683664
                Encrypted:false
                SSDEEP:24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
                MD5:AB889A32AB9ACD33E816C2422337C69A
                SHA1:1190C6B34DED2D295827C2A88310D10A8B90B59B
                SHA-256:4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
                SHA-512:BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
                Malicious:false
                Reputation:low
                Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                C:\Users\user\AppData\Local\Temp\~DF47CA723523EFC965.TMP
                Process:C:\Program Files\internet explorer\iexplore.exe
                File Type:data
                Category:dropped
                Size (bytes):38493
                Entropy (8bit):0.3572882002485053
                Encrypted:false
                SSDEEP:24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwo9lwY9l24V9l24V9lM:kBqoxKAuvScS+bV4A4h4NI4NT2NbrN
                MD5:11246C77CACA0A5DEE6F3D7DAC6919A0
                SHA1:1A893F27AC9F42A7472C6AE13485A14EF79E3D50
                SHA-256:35CC328C03934CBDC70C034920AEE3B0F0ED5FB1F3A4FCA5C1CA6247682AC05D
                SHA-512:F5DDEE2CA8DA064546080B925862911DF6FA39947FC8EC92D31380819B35059BD2091DAA00FF1B39FA312747E9685B7681BA365854E48905CCD3F30B0B18A10A
                Malicious:false
                Reputation:low
                Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                Static File Info

                No static file info

                Network Behavior

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Nov 19, 2020 16:27:16.475944042 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.476164103 CET4969580192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.507684946 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.507716894 CET804969565.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.507930994 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.507978916 CET4969580192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.513480902 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.545114040 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.813971043 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.814008951 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.814027071 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.814043045 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.814071894 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.814095020 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.814104080 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.814116955 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.814140081 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.814141035 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.814194918 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.814343929 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.814413071 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.829246998 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.829277992 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.829293013 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.829309940 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.829422951 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.829427004 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.829444885 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.829464912 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.829468966 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.829498053 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.830336094 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.830354929 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.830416918 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.830434084 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.831243992 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.831260920 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.831336021 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.832138062 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.832154989 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.832195997 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.832216978 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.833044052 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.833065987 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.833112955 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.833129883 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.833995104 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.834012032 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.834072113 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.845705986 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.845742941 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.845861912 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.846045017 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.846072912 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.846112967 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.846143007 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.847009897 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.847032070 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.847137928 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.847912073 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.847942114 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.847991943 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.848016024 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.848732948 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.848757982 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.848798990 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.848865032 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.849631071 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.849656105 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.849711895 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.850547075 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.850565910 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.850634098 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.851439953 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.851460934 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.851526022 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.851555109 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.857358932 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.857434988 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.861074924 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.861110926 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.861228943 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.861432076 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.861460924 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.861510992 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.861602068 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.862312078 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.862340927 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.862401962 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.862482071 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.863246918 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.863284111 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.863338947 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.863408089 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.864276886 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.864310026 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.864377022 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.864413977 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.865391970 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.865421057 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.865478039 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.865525961 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.866446018 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.866476059 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.866530895 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.866559029 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.867070913 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.867162943 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.867166042 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.867218971 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.867821932 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.867841959 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.867893934 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.867949009 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.869062901 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.869090080 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.869158983 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.869184017 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.869405985 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.869425058 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.869467974 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.869492054 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.870310068 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.870330095 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.870388985 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.870405912 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.871304035 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.871345997 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.871402025 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.871423960 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.872158051 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.872201920 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.872267962 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.872291088 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.877434969 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.877470970 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.877587080 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.877624989 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.877934933 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.878007889 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.878189087 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.878248930 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.878278017 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.878370047 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.879106998 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.879139900 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.879194975 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.879210949 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.879916906 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.880021095 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.880023003 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.880111933 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.880808115 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.880839109 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.880934954 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.880953074 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.881623983 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.881654978 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.881704092 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.881724119 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.882471085 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.882503033 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.882572889 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.882591963 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.883359909 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.883389950 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.883441925 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.883476019 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.884181023 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.884211063 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.884258986 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.884332895 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.885009050 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.885040045 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.885080099 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.885113955 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.885919094 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.885951042 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.886004925 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.886066914 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.886653900 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.886684895 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.886735916 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.886754036 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.887475967 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.887507915 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.887558937 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.887579918 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.888341904 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.888372898 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.888434887 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.888453007 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.889107943 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.889138937 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.889199972 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.889218092 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.890019894 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.890069962 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.890086889 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.890136957 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.892864943 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.892894983 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.893018961 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.893153906 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.893176079 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.893270969 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.893299103 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.893847942 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.893866062 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.893954992 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.893978119 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.894520044 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.894536972 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.894608974 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.894629002 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.895210028 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.895229101 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.895314932 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.895344019 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.895966053 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.895983934 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.896064043 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.896090031 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.896612883 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.896631002 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.896696091 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.896716118 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.897317886 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.897344112 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.897417068 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.897440910 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.898055077 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.898078918 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.898185968 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.898209095 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.898674965 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.898700953 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.898788929 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.898824930 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.899347067 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.899373055 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.899419069 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.899441957 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.900021076 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.900038958 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.900084972 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.900110006 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.900757074 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.900780916 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.900820971 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.900844097 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.901387930 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.901412010 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.901459932 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.901480913 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.902056932 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.902074099 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.902117014 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.902920961 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.902941942 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.902997971 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.903448105 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.903465033 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.903476954 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.903521061 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.903537035 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.904352903 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.904372931 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.904388905 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.904433012 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.904458046 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.905303001 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.905323982 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.905335903 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.905400038 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.905430079 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.906234980 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.906264067 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.906285048 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.906363964 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.906394958 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.907125950 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.907159090 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.907180071 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.907258987 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.907285929 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.907290936 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.907993078 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.908019066 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.908041000 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.908077002 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.908107042 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.908895969 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.908921003 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.908941984 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.908970118 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.908984900 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.908987999 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.909766912 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.909791946 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.909813881 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.909854889 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.909893036 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.910706043 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.910733938 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.910753965 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.910801888 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.910840988 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.911552906 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.911604881 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.911627054 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.911650896 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.911689997 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.912153959 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.912179947 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.912201881 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.912235022 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.912261963 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.912898064 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.912971973 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.913110018 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.913132906 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.913153887 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.913168907 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.913175106 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.913233995 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.913275003 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.914179087 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.914205074 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.914226055 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.914248943 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.914262056 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.914300919 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.915071964 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.915096998 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.915117979 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.915139914 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.915175915 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.915230989 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.916026115 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.916050911 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.916068077 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:16.916085005 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:16.916116953 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:17.582052946 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:17.613823891 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:17.657071114 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:17.657120943 CET804969465.9.190.112192.168.2.3
                Nov 19, 2020 16:27:17.657226086 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:17.657263041 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:17.659082890 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:17.659132004 CET4969480192.168.2.365.9.190.112
                Nov 19, 2020 16:27:46.540273905 CET804969565.9.190.112192.168.2.3
                Nov 19, 2020 16:27:46.540446997 CET4969580192.168.2.365.9.190.112
                Nov 19, 2020 16:28:05.913635015 CET4971580192.168.2.365.9.190.112
                Nov 19, 2020 16:28:05.945199013 CET804971565.9.190.112192.168.2.3
                Nov 19, 2020 16:28:05.945348024 CET4971580192.168.2.365.9.190.112
                Nov 19, 2020 16:28:05.945481062 CET4971580192.168.2.365.9.190.112
                Nov 19, 2020 16:28:05.976927996 CET804971565.9.190.112192.168.2.3
                Nov 19, 2020 16:28:06.017652035 CET804971565.9.190.112192.168.2.3
                Nov 19, 2020 16:28:06.017666101 CET804971565.9.190.112192.168.2.3
                Nov 19, 2020 16:28:06.017784119 CET4971580192.168.2.365.9.190.112
                Nov 19, 2020 16:28:06.018095970 CET4971580192.168.2.365.9.190.112
                Nov 19, 2020 16:28:06.018117905 CET4971580192.168.2.365.9.190.112

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                Nov 19, 2020 16:27:10.601897955 CET5677753192.168.2.38.8.8.8
                Nov 19, 2020 16:27:10.629072905 CET53567778.8.8.8192.168.2.3
                Nov 19, 2020 16:27:11.725600958 CET5864353192.168.2.38.8.8.8
                Nov 19, 2020 16:27:11.752650023 CET53586438.8.8.8192.168.2.3
                Nov 19, 2020 16:27:12.769681931 CET6098553192.168.2.38.8.8.8
                Nov 19, 2020 16:27:12.796961069 CET53609858.8.8.8192.168.2.3
                Nov 19, 2020 16:27:13.954371929 CET5020053192.168.2.38.8.8.8
                Nov 19, 2020 16:27:13.981667042 CET53502008.8.8.8192.168.2.3
                Nov 19, 2020 16:27:15.404921055 CET5128153192.168.2.38.8.8.8
                Nov 19, 2020 16:27:15.441982985 CET53512818.8.8.8192.168.2.3
                Nov 19, 2020 16:27:16.427908897 CET4919953192.168.2.38.8.8.8
                Nov 19, 2020 16:27:16.465409040 CET53491998.8.8.8192.168.2.3
                Nov 19, 2020 16:27:16.724369049 CET5062053192.168.2.38.8.8.8
                Nov 19, 2020 16:27:16.751466036 CET53506208.8.8.8192.168.2.3
                Nov 19, 2020 16:27:20.231225967 CET6493853192.168.2.38.8.8.8
                Nov 19, 2020 16:27:20.258395910 CET53649388.8.8.8192.168.2.3
                Nov 19, 2020 16:27:21.426491022 CET6015253192.168.2.38.8.8.8
                Nov 19, 2020 16:27:21.453694105 CET53601528.8.8.8192.168.2.3
                Nov 19, 2020 16:27:22.419749022 CET5754453192.168.2.38.8.8.8
                Nov 19, 2020 16:27:22.446922064 CET53575448.8.8.8192.168.2.3
                Nov 19, 2020 16:27:34.063095093 CET5598453192.168.2.38.8.8.8
                Nov 19, 2020 16:27:34.064681053 CET6418553192.168.2.38.8.8.8
                Nov 19, 2020 16:27:34.100137949 CET53641858.8.8.8192.168.2.3
                Nov 19, 2020 16:27:34.109082937 CET53559848.8.8.8192.168.2.3
                Nov 19, 2020 16:27:34.493742943 CET6511053192.168.2.38.8.8.8
                Nov 19, 2020 16:27:34.520804882 CET53651108.8.8.8192.168.2.3
                Nov 19, 2020 16:27:34.757857084 CET5836153192.168.2.38.8.8.8
                Nov 19, 2020 16:27:34.793616056 CET53583618.8.8.8192.168.2.3
                Nov 19, 2020 16:27:34.877073050 CET5872253192.168.2.38.8.8.8
                Nov 19, 2020 16:27:34.877557993 CET5659653192.168.2.38.8.8.8
                Nov 19, 2020 16:27:34.877959967 CET6410153192.168.2.38.8.8.8
                Nov 19, 2020 16:27:34.904145002 CET53587228.8.8.8192.168.2.3
                Nov 19, 2020 16:27:34.904556036 CET53565968.8.8.8192.168.2.3
                Nov 19, 2020 16:27:34.904866934 CET53641018.8.8.8192.168.2.3
                Nov 19, 2020 16:27:46.246788979 CET6349253192.168.2.38.8.8.8
                Nov 19, 2020 16:27:46.273945093 CET53634928.8.8.8192.168.2.3
                Nov 19, 2020 16:27:46.343010902 CET6083153192.168.2.38.8.8.8
                Nov 19, 2020 16:27:46.370229006 CET53608318.8.8.8192.168.2.3
                Nov 19, 2020 16:27:47.116199970 CET6010053192.168.2.38.8.8.8
                Nov 19, 2020 16:27:47.143388033 CET53601008.8.8.8192.168.2.3
                Nov 19, 2020 16:27:47.253232956 CET6349253192.168.2.38.8.8.8
                Nov 19, 2020 16:27:47.280325890 CET53634928.8.8.8192.168.2.3
                Nov 19, 2020 16:27:47.362407923 CET6083153192.168.2.38.8.8.8
                Nov 19, 2020 16:27:47.389573097 CET53608318.8.8.8192.168.2.3
                Nov 19, 2020 16:27:48.120881081 CET5319553192.168.2.38.8.8.8
                Nov 19, 2020 16:27:48.148164034 CET53531958.8.8.8192.168.2.3
                Nov 19, 2020 16:27:48.268588066 CET6349253192.168.2.38.8.8.8
                Nov 19, 2020 16:27:48.304423094 CET53634928.8.8.8192.168.2.3
                Nov 19, 2020 16:27:48.362366915 CET6083153192.168.2.38.8.8.8
                Nov 19, 2020 16:27:48.398073912 CET53608318.8.8.8192.168.2.3
                Nov 19, 2020 16:27:50.605036020 CET6349253192.168.2.38.8.8.8
                Nov 19, 2020 16:27:50.632287025 CET53634928.8.8.8192.168.2.3
                Nov 19, 2020 16:27:52.367719889 CET6083153192.168.2.38.8.8.8
                Nov 19, 2020 16:27:52.403139114 CET53608318.8.8.8192.168.2.3
                Nov 19, 2020 16:27:55.122121096 CET6349253192.168.2.38.8.8.8
                Nov 19, 2020 16:27:55.149339914 CET53634928.8.8.8192.168.2.3
                Nov 19, 2020 16:27:57.789478064 CET6083153192.168.2.38.8.8.8
                Nov 19, 2020 16:27:57.816713095 CET53608318.8.8.8192.168.2.3
                Nov 19, 2020 16:27:58.576011896 CET5014153192.168.2.38.8.8.8
                Nov 19, 2020 16:27:58.622246027 CET53501418.8.8.8192.168.2.3
                Nov 19, 2020 16:28:02.582237959 CET5302353192.168.2.38.8.8.8
                Nov 19, 2020 16:28:02.619875908 CET53530238.8.8.8192.168.2.3
                Nov 19, 2020 16:28:04.315115929 CET4956353192.168.2.38.8.8.8
                Nov 19, 2020 16:28:04.342436075 CET53495638.8.8.8192.168.2.3
                Nov 19, 2020 16:28:05.620615959 CET5135253192.168.2.38.8.8.8
                Nov 19, 2020 16:28:05.647830009 CET53513528.8.8.8192.168.2.3
                Nov 19, 2020 16:28:05.873894930 CET5934953192.168.2.38.8.8.8
                Nov 19, 2020 16:28:05.909527063 CET53593498.8.8.8192.168.2.3
                Nov 19, 2020 16:28:16.632230997 CET5708453192.168.2.38.8.8.8
                Nov 19, 2020 16:28:16.659343004 CET53570848.8.8.8192.168.2.3
                Nov 19, 2020 16:28:17.785648108 CET5882353192.168.2.38.8.8.8
                Nov 19, 2020 16:28:17.821068048 CET53588238.8.8.8192.168.2.3
                Nov 19, 2020 16:28:19.307837963 CET5756853192.168.2.38.8.8.8
                Nov 19, 2020 16:28:20.349376917 CET5756853192.168.2.38.8.8.8
                Nov 19, 2020 16:28:21.367805004 CET5756853192.168.2.38.8.8.8
                Nov 19, 2020 16:28:21.408646107 CET53575688.8.8.8192.168.2.3
                Nov 19, 2020 16:28:21.990993023 CET5054053192.168.2.38.8.8.8
                Nov 19, 2020 16:28:22.003895044 CET5436653192.168.2.38.8.8.8
                Nov 19, 2020 16:28:22.018135071 CET53505408.8.8.8192.168.2.3
                Nov 19, 2020 16:28:22.030940056 CET53543668.8.8.8192.168.2.3
                Nov 19, 2020 16:28:26.421483994 CET5303453192.168.2.38.8.8.8
                Nov 19, 2020 16:28:26.458806038 CET53530348.8.8.8192.168.2.3

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                Nov 19, 2020 16:27:16.427908897 CET192.168.2.38.8.8.80x6379Standard query (0)1.a79ab95c1589a13f8a4cab612bc71f9f7.comA (IP address)IN (0x0001)
                Nov 19, 2020 16:27:34.063095093 CET192.168.2.38.8.8.80x1cf0Standard query (0)cdn.onenote.netA (IP address)IN (0x0001)
                Nov 19, 2020 16:28:05.873894930 CET192.168.2.38.8.8.80x60dStandard query (0)1.a79ab95c1589a13f8a4cab612bc71f9f7.comA (IP address)IN (0x0001)

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                Nov 19, 2020 16:27:16.465409040 CET8.8.8.8192.168.2.30x6379No error (0)1.a79ab95c1589a13f8a4cab612bc71f9f7.comd3lyk6mjwds9ox.cloudfront.netCNAME (Canonical name)IN (0x0001)
                Nov 19, 2020 16:27:16.465409040 CET8.8.8.8192.168.2.30x6379No error (0)d3lyk6mjwds9ox.cloudfront.net65.9.190.112A (IP address)IN (0x0001)
                Nov 19, 2020 16:27:16.465409040 CET8.8.8.8192.168.2.30x6379No error (0)d3lyk6mjwds9ox.cloudfront.net65.9.190.18A (IP address)IN (0x0001)
                Nov 19, 2020 16:27:16.465409040 CET8.8.8.8192.168.2.30x6379No error (0)d3lyk6mjwds9ox.cloudfront.net65.9.190.7A (IP address)IN (0x0001)
                Nov 19, 2020 16:27:16.465409040 CET8.8.8.8192.168.2.30x6379No error (0)d3lyk6mjwds9ox.cloudfront.net65.9.190.102A (IP address)IN (0x0001)
                Nov 19, 2020 16:27:34.109082937 CET8.8.8.8192.168.2.30x1cf0No error (0)cdn.onenote.netcdn.onenote.net.edgekey.netCNAME (Canonical name)IN (0x0001)
                Nov 19, 2020 16:28:05.909527063 CET8.8.8.8192.168.2.30x60dNo error (0)1.a79ab95c1589a13f8a4cab612bc71f9f7.comd3lyk6mjwds9ox.cloudfront.netCNAME (Canonical name)IN (0x0001)
                Nov 19, 2020 16:28:05.909527063 CET8.8.8.8192.168.2.30x60dNo error (0)d3lyk6mjwds9ox.cloudfront.net65.9.190.112A (IP address)IN (0x0001)
                Nov 19, 2020 16:28:05.909527063 CET8.8.8.8192.168.2.30x60dNo error (0)d3lyk6mjwds9ox.cloudfront.net65.9.190.18A (IP address)IN (0x0001)
                Nov 19, 2020 16:28:05.909527063 CET8.8.8.8192.168.2.30x60dNo error (0)d3lyk6mjwds9ox.cloudfront.net65.9.190.7A (IP address)IN (0x0001)
                Nov 19, 2020 16:28:05.909527063 CET8.8.8.8192.168.2.30x60dNo error (0)d3lyk6mjwds9ox.cloudfront.net65.9.190.102A (IP address)IN (0x0001)

                HTTP Request Dependency Graph

                • 1.a79ab95c1589a13f8a4cab612bc71f9f7.com

                HTTP Packets

                Session IDSource IPSource PortDestination IPDestination PortProcess
                0192.168.2.34969465.9.190.11280C:\Program Files (x86)\Internet Explorer\iexplore.exe
                TimestampkBytes transferredDirectionData
                Nov 19, 2020 16:27:16.513480902 CET52OUTGET / HTTP/1.1
                Accept: text/html, application/xhtml+xml, image/jxr, */*
                Accept-Language: en-US
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                Accept-Encoding: gzip, deflate
                Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
                Connection: Keep-Alive
                Nov 19, 2020 16:27:16.813971043 CET54INHTTP/1.1 200 OK
                Content-Type: application/xml
                Transfer-Encoding: chunked
                Connection: keep-alive
                Date: Thu, 19 Nov 2020 15:27:17 GMT
                x-amz-bucket-region: eu-central-1
                Server: AmazonS3
                X-Cache: Miss from cloudfront
                Via: 1.1 c3ee0b759208fdcbade39e3e283300c7.cloudfront.net (CloudFront)
                X-Amz-Cf-Pop: ZAG50-C1
                X-Amz-Cf-Id: zMAkT4bqrsVnWRQuz5PdanZRu6D_pI8rwhSTQLBiA_jP3vQpbchnEg==
                Data Raw: 32 64 31 65 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 4c 69 73 74 42 75 63 6b 65 74 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 64 6f 63 2f 32 30 30 36 2d 30 33 2d 30 31 2f 22 3e 3c 4e 61 6d 65 3e 62 63 64 6e 2d 67 6f 64 3c 2f 4e 61 6d 65 3e 3c 50 72 65 66 69 78 3e 3c 2f 50 72 65 66 69 78 3e 3c 4d 61 72 6b 65 72 3e 3c 2f 4d 61 72 6b 65 72 3e 3c 4d 61 78 4b 65 79 73 3e 31 30 30 30 3c 2f 4d 61 78 4b 65 79 73 3e 3c 49 73 54 72 75 6e 63 61 74 65 64 3e 74 72 75 65 3c 2f 49 73 54 72 75 6e 63 61 74 65 64 3e 3c 43 6f 6e 74 65 6e 74 73 3e 3c 4b 65 79 3e 42 69 6f 43 61 74 63 68 53 44 4b 56 32 2e 31 33 2e 31 2e 36 35 31 30 5f 64 79 6e 61 6d 69 63 2e 7a 69 70 3c 2f 4b 65 79 3e 3c 4c 61 73 74 4d 6f 64 69 66 69 65 64 3e 32 30 32 30 2d 31 30 2d 32 36 54 31 35 3a 31 38 3a 31 38 2e 30 30 30 5a 3c 2f 4c 61 73 74 4d 6f 64 69 66 69 65 64 3e 3c 45 54 61 67 3e 26 71 75 6f 74 3b 38 34 62 33 64 37 66 63 35 64 66 31 36 35 33 63 36 37 65 39 36 30 37 35 66 61 39 33 33 34 38 37 2d 38 26 71 75 6f 74 3b 3c 2f 45 54 61 67 3e 3c 53 69 7a 65 3e 36 33 32 31 38 39 37 30 3c 2f 53 69 7a 65 3e 3c 53 74 6f 72 61 67 65 43 6c 61 73 73 3e 53 54 41 4e 44 41 52 44 3c 2f 53 74 6f 72 61 67 65 43 6c 61 73 73 3e 3c 2f 43 6f 6e 74 65 6e 74 73 3e 3c 43 6f 6e 74 65 6e 74 73 3e 3c 4b 65 79 3e 53 79 73 74 65 6d 20 56 6f 6c 75 6d 65 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2f 3c 2f 4b 65 79 3e 3c 4c 61 73 74 4d 6f 64 69 66 69 65 64 3e 32 30 32 30 2d 30 39 2d 31 32 54 30 31 3a 30 33 3a 30 33 2e 30 30 30 5a 3c 2f 4c 61 73 74 4d 6f 64 69 66 69 65 64 3e 3c 45 54 61 67 3e 26 71 75 6f 74 3b 64 34 31 64 38 63 64 39 38 66 30 30 62 32 30 34 65 39 38 30 30 39 39 38 65 63 66 38 34 32 37 65 26 71 75 6f 74 3b 3c 2f 45 54 61 67 3e 3c 53 69 7a 65 3e 30 3c 2f 53 69 7a 65 3e 3c 53 74 6f 72 61 67 65 43 6c 61 73 73 3e 53 54 41 4e 44 41 52 44 3c 2f 53 74 6f 72 61 67 65 43 6c 61 73 73 3e 3c 2f 43 6f 6e 74 65 6e 74 73 3e 3c 43 6f 6e 74 65 6e 74 73 3e 3c 4b 65 79 3e 53 79 73 74 65 6d 20 56 6f 6c 75 6d 65 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2f 49 6e 64 65 78 65 72 56 6f 6c 75 6d 65 47 75 69 64 3c 2f 4b 65 79 3e 3c 4c 61 73 74 4d 6f 64 69 66 69 65 64 3e 32 30 32 30 2d 30 39 2d 31 32 54 30 31 3a 30 33 3a 31 30 2e 30 30 30 5a 3c 2f 4c 61 73 74 4d 6f 64 69 66 69 65 64 3e 3c 45 54 61 67 3e 26 71 75 6f 74 3b 65 38 39 64 63 65 61 37 65 35 63 30 65 62 34 37 31 66 39 37 36 30 65 63 62 64 30 33 36 63 30 34 26 71 75 6f 74 3b 3c 2f 45 54 61 67 3e 3c 53 69 7a 65 3e 37 36 3c 2f 53 69 7a 65 3e 3c 53 74 6f 72 61 67 65 43 6c 61 73 73 3e 53 54 41 4e 44 41 52 44 3c 2f 53 74 6f 72 61 67 65 43 6c 61 73 73 3e 3c 2f 43 6f 6e 74 65 6e 74 73 3e 3c 43 6f 6e 74 65 6e 74 73 3e 3c 4b 65 79 3e 61 6e 64 72 6f 69 64 2d 6e 61 74 69 76 65 2d 73 61 6d 70 6c 65
                Data Ascii: 2d1e<?xml version="1.0" encoding="UTF-8"?><ListBucketResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Name>bcdn-god</Name><Prefix></Prefix><Marker></Marker><MaxKeys>1000</MaxKeys><IsTruncated>true</IsTruncated><Contents><Key>BioCatchSDKV2.13.1.6510_dynamic.zip</Key><LastModified>2020-10-26T15:18:18.000Z</LastModified><ETag>&quot;84b3d7fc5df1653c67e96075fa933487-8&quot;</ETag><Size>63218970</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>System Volume Information/</Key><LastModified>2020-09-12T01:03:03.000Z</LastModified><ETag>&quot;d41d8cd98f00b204e9800998ecf8427e&quot;</ETag><Size>0</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>System Volume Information/IndexerVolumeGuid</Key><LastModified>2020-09-12T01:03:10.000Z</LastModified><ETag>&quot;e89dcea7e5c0eb471f9760ecbd036c04&quot;</ETag><Size>76</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>android-native-sample
                Nov 19, 2020 16:27:16.814008951 CET55INData Raw: 2d 61 70 70 2d 33 5f 36 2e 7a 69 70 3c 2f 4b 65 79 3e 3c 4c 61 73 74 4d 6f 64 69 66 69 65 64 3e 32 30 32 30 2d 30 36 2d 32 32 54 30 39 3a 34 37 3a 34 38 2e 30 30 30 5a 3c 2f 4c 61 73 74 4d 6f 64 69 66 69 65 64 3e 3c 45 54 61 67 3e 26 71 75 6f 74
                Data Ascii: -app-3_6.zip</Key><LastModified>2020-06-22T09:47:48.000Z</LastModified><ETag>&quot;94e21e0ef7d90b8ddd6a986d7f9f517e-32&quot;</ETag><Size>261091283</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>cert/</Key><LastModified>20
                Nov 19, 2020 16:27:16.814027071 CET57INData Raw: 74 61 72 5f 75 73 5f 76 32 5f 77 65 2d 73 74 61 74 73 5f 63 6f 6d 5f 63 65 72 5f 66 75 6c 6c 63 68 61 69 6e 2e 70 65 6d 3c 2f 4b 65 79 3e 3c 4c 61 73 74 4d 6f 64 69 66 69 65 64 3e 32 30 32 30 2d 30 39 2d 30 31 54 31 31 3a 33 35 3a 30 30 2e 30 30
                Data Ascii: tar_us_v2_we-stats_com_cer_fullchain.pem</Key><LastModified>2020-09-01T11:35:00.000Z</LastModified><ETag>&quot;5f4e043a4efa0429000cb72f7593e89b&quot;</ETag><Size>7039</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>cert/cu
                Nov 19, 2020 16:27:16.814043045 CET58INData Raw: 61 73 73 3e 53 54 41 4e 44 41 52 44 3c 2f 53 74 6f 72 61 67 65 43 6c 61 73 73 3e 3c 2f 43 6f 6e 74 65 6e 74 73 3e 3c 43 6f 6e 74 65 6e 74 73 3e 3c 4b 65 79 3e 63 65 72 74 2f 77 65 75 2f 66 75 6c 6c 63 68 61 69 6e 5f 61 70 69 2d 6b 61 72 6d 61 2e
                Data Ascii: ass>STANDARD</StorageClass></Contents><Contents><Key>cert/weu/fullchain_api-karma.eu.v2.customers.biocatch.com.pem</Key><LastModified>2020-10-01T12:00:38.000Z</LastModified><ETag>&quot;9bcd8f80d95c92c64a45cd2c387a44f3&quot;</ETag><Size>7116</S
                Nov 19, 2020 16:27:16.814071894 CET59INData Raw: 74 3b 3c 2f 45 54 61 67 3e 3c 53 69 7a 65 3e 36 37 38 31 31 3c 2f 53 69 7a 65 3e 3c 53 74 6f 72 61 67 65 43 6c 61 73 73 3e 53 54 41 4e 44 41 52 44 3c 2f 53 74 6f 72 61 67 65 43 6c 61 73 73 3e 3c 2f 43 6f 6e 74 65 6e 74 73 3e 3c 43 6f 6e 74 65 6e
                Data Ascii: t;</ETag><Size>67811</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>scripts/03f73f6a/03daaffc_cc.js</Key><LastModified>2018-04-03T11:30:54.000Z</LastModified><ETag>&quot;687e0a9f97e7e4ddc4ee2d3aebdf1af1&quot;</ETag><Size>
                Nov 19, 2020 16:27:16.814095020 CET61INData Raw: 34 61 62 38 36 33 30 35 34 65 36 31 34 31 64 65 62 30 37 63 32 26 71 75 6f 74 3b 3c 2f 45 54 61 67 3e 3c 53 69 7a 65 3e 39 32 36 38 3c 2f 53 69 7a 65 3e 3c 53 74 6f 72 61 67 65 43 6c 61 73 73 3e 53 54 41 4e 44 41 52 44 3c 2f 53 74 6f 72 61 67 65
                Data Ascii: 4ab863054e6141deb07c2&quot;</ETag><Size>9268</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>scripts/04e01638/04e01638_cc_old.js</Key><LastModified>2019-12-08T16:16:52.000Z</LastModified><ETag>&quot;3e3310d0b36c17455f5dbd2
                Nov 19, 2020 16:27:16.814116955 CET62INData Raw: 4b 65 79 3e 3c 4c 61 73 74 4d 6f 64 69 66 69 65 64 3e 32 30 32 30 2d 30 36 2d 32 33 54 30 38 3a 31 37 3a 32 38 2e 30 30 30 5a 3c 2f 4c 61 73 74 4d 6f 64 69 66 69 65 64 3e 3c 45 54 61 67 3e 26 71 75 6f 74 3b 34 38 34 38 37 34 32 37 33 65 35 65 34
                Data Ascii: Key><LastModified>2020-06-23T08:17:28.000Z</LastModified><ETag>&quot;484874273e5e4a97a02e3bb75f3e3ab1&quot;</ETag><Size>144109</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>scripts/04e01638/ac584675_cc.js</Key><LastModif
                Nov 19, 2020 16:27:16.814141035 CET64INData Raw: 72 61 67 65 43 6c 61 73 73 3e 3c 2f 43 6f 6e 74 65 6e 74 73 3e 3c 43 6f 6e 74 65 6e 74 73 3e 3c 4b 65 79 3e 73 63 72 69 70 74 73 2f 30 34 65 30 31 36 33 38 2f 62 61 63 6b 75 70 32 30 31 39 30 31 32 34 2f 61 63 35 38 34 36 37 35 2e 6a 73 3c 2f 4b
                Data Ascii: rageClass></Contents><Contents><Key>scripts/04e01638/backup20190124/ac584675.js</Key><LastModified>2019-01-24T08:32:04.000Z</LastModified><ETag>&quot;85182de1357d0b416c267d2943238240&quot;</ETag><Size>91976</Size><StorageClass>STANDARD</Storag
                Nov 19, 2020 16:27:16.814343929 CET65INData Raw: 3c 2f 4c 61 73 74 4d 6f 64 69 66 69 65 64 3e 3c 45 54 61 67 3e 26 71 75 6f 74 3b 66 32 39 63 65 37 31 32 32 63 64 33 64 32 34 30 38 36 64 36 62 63 32 62 61 65 62 65 33 32 32 65 26 71 75 6f 74 3b 3c 2f 45 54 61 67 3e 3c 53 69 7a 65 3e 31 30 30 36
                Data Ascii: </LastModified><ETag>&quot;f29ce7122cd3d24086d6bc2baebe322e&quot;</ETag><Size>100687</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>scripts/04e01638/backup_2019-06-10__10-32-03/ac584675.js</Key><LastModified>2019-06-10T10
                Nov 19, 2020 16:27:16.829246998 CET66INData Raw: 32 31 62 61 0d 0a 66 69 65 64 3e 32 30 31 39 2d 30 36 2d 32 35 54 30 36 3a 30 36 3a 34 34 2e 30 30 30 5a 3c 2f 4c 61 73 74 4d 6f 64 69 66 69 65 64 3e 3c 45 54 61 67 3e 26 71 75 6f 74 3b 39 31 39 61 30 34 36 61 61 66 66 34 64 33 38 63 62 62 36 35
                Data Ascii: 21bafied>2019-06-25T06:06:44.000Z</LastModified><ETag>&quot;919a046aaff4d38cbb65c6af4eeabced&quot;</ETag><Size>100314</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>scripts/04e01638/backup_2019-07-01__09-22-52/04e01638.
                Nov 19, 2020 16:27:16.829277992 CET68INData Raw: 65 36 36 33 31 64 65 63 33 32 34 37 61 64 38 30 38 30 38 62 33 62 61 39 62 37 26 71 75 6f 74 3b 3c 2f 45 54 61 67 3e 3c 53 69 7a 65 3e 31 30 33 39 35 34 3c 2f 53 69 7a 65 3e 3c 53 74 6f 72 61 67 65 43 6c 61 73 73 3e 53 54 41 4e 44 41 52 44 3c 2f
                Data Ascii: e6631dec3247ad80808b3ba9b7&quot;</ETag><Size>103954</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>scripts/04e01638/backup_2019-12-08__16-06-00/ac584675.js</Key><LastModified>2019-12-08T16:06:01.000Z</LastModified><ETag>&
                Nov 19, 2020 16:27:17.582052946 CET322OUTGET /favicon.ico HTTP/1.1
                Accept: */*
                Accept-Encoding: gzip, deflate
                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
                Connection: Keep-Alive
                Nov 19, 2020 16:27:17.657071114 CET323INHTTP/1.1 404 Not Found
                Content-Type: application/xml
                Transfer-Encoding: chunked
                Connection: keep-alive
                Date: Thu, 19 Nov 2020 15:27:17 GMT
                Server: AmazonS3
                X-Cache: Error from cloudfront
                Via: 1.1 c3ee0b759208fdcbade39e3e283300c7.cloudfront.net (CloudFront)
                X-Amz-Cf-Pop: ZAG50-C1
                X-Amz-Cf-Id: barkH5gDgEpYO6dxbKI5Lpnl2mPcN6F8wSzCKFe0RWjjEJkq7LZbFw==
                Data Raw: 31 31 61 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 4b 65 79 3e 66 61 76 69 63 6f 6e 2e 69 63 6f 3c 2f 4b 65 79 3e 3c 52 65 71 75 65 73 74 49 64 3e 30 4b 42 53 41 59 30 4b 45 47 46 51 39 4e 35 54 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 42 69 43 51 6c 64 64 75 6d 56 61 63 63 2b 77 73 57 4a 39 38 42 4e 5a 42 6e 44 4c 4c 33 62 45 41 74 35 4a 78 55 4d 54 42 31 6e 32 4f 35 63 61 59 6d 79 79 2f 6f 4e 6d 62 70 74 39 57 66 52 46 6f 4c 58 55 76 66 55 73 52 5a 4a 67 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e 0d 0a
                Data Ascii: 11a<?xml version="1.0" encoding="UTF-8"?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>favicon.ico</Key><RequestId>0KBSAY0KEGFQ9N5T</RequestId><HostId>BiCQlddumVacc+wsWJ98BNZBnDLL3bEAt5JxUMTB1n2O5caYmyy/oNmbpt9WfRFoLXUvfUsRZJg=</HostId></Error>


                Session IDSource IPSource PortDestination IPDestination PortProcess
                1192.168.2.34971565.9.190.11280C:\Program Files (x86)\Internet Explorer\iexplore.exe
                TimestampkBytes transferredDirectionData
                Nov 19, 2020 16:28:05.945481062 CET532OUTGET /favicon.ico HTTP/1.1
                User-Agent: AutoIt
                Host: 1.a79ab95c1589a13f8a4cab612bc71f9f7.com
                Nov 19, 2020 16:28:06.017652035 CET538INHTTP/1.1 404 Not Found
                Content-Type: application/xml
                Transfer-Encoding: chunked
                Connection: keep-alive
                Date: Thu, 19 Nov 2020 15:28:05 GMT
                Server: AmazonS3
                X-Cache: Error from cloudfront
                Via: 1.1 168a24ef858eb187119582fbc6ac0718.cloudfront.net (CloudFront)
                X-Amz-Cf-Pop: ZAG50-C1
                X-Amz-Cf-Id: 5uoFzKnlqTZyCiIphKXGeTExFuRTfzv4c81hcmCUOWCTw4QxdcjuAw==
                Data Raw: 31 31 61 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 3c 4b 65 79 3e 66 61 76 69 63 6f 6e 2e 69 63 6f 3c 2f 4b 65 79 3e 3c 52 65 71 75 65 73 74 49 64 3e 43 39 46 33 34 39 39 30 41 35 45 39 32 38 46 38 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 64 62 56 79 67 4a 30 56 35 45 4c 53 4d 55 37 61 70 6e 53 52 38 32 64 49 6d 2b 43 31 69 62 75 52 4e 47 2b 52 39 50 33 78 53 32 36 4f 45 77 34 57 63 38 37 6b 6c 36 71 2f 54 4b 68 79 47 76 65 78 70 45 2b 75 2b 34 6b 59 35 65 38 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e 0d 0a
                Data Ascii: 11a<?xml version="1.0" encoding="UTF-8"?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>favicon.ico</Key><RequestId>C9F34990A5E928F8</RequestId><HostId>dbVygJ0V5ELSMU7apnSR82dIm+C1ibuRNG+R9P3xS26OEw4Wc87kl6q/TKhyGvexpE+u+4kY5e8=</HostId></Error>
                Nov 19, 2020 16:28:06.017666101 CET538INData Raw: 30 0d 0a 0d 0a
                Data Ascii: 0


                Code Manipulations

                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                Behavior

                Click to jump to process

                System Behavior

                Analysis Process: iexplore.exe PID: 6120 Parent PID: 792

                General

                Start time:16:27:14
                Start date:19/11/2020
                Path:C:\Program Files\internet explorer\iexplore.exe
                Wow64 process (32bit):false
                Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                Imagebase:0x7ff769f50000
                File size:823560 bytes
                MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                Chronological Activities

                Analysis Process: iexplore.exe PID: 4060 Parent PID: 6120

                General

                Start time:16:27:15
                Start date:19/11/2020
                Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                Wow64 process (32bit):true
                Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6120 CREDAT:17410 /prefetch:2
                Imagebase:0x1290000
                File size:822536 bytes
                MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                Chronological Activities

                Disassembly

                Reset < >