ID: Cookbook: browseurl.jbs Time: 17:13:23 Date: 27/08/2018 Version:

Size: px
Start display at page:

Download "ID: Cookbook: browseurl.jbs Time: 17:13:23 Date: 27/08/2018 Version:"

Transcription

1 ID: Cookbook: browseurl.jbs Time: 17:13:23 Date: 27/08/2018 Version:

2 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature Overview AV Detection: Networking: System Summary: Behavior Graph Simulations Behavior and APIs Antivirus Detection Initial Sample Dropped Files Unpacked PE Files Domains URLs Yara Overview Initial Sample PCAP (Network Traffic) Dropped Files Memory Dumps Unpacked PEs Joe Sandbox View / Context IPs Domains ASN Dropped Files Screenshots Startup Created / dropped Files Contacted Domains/Contacted IPs Contacted Domains Contacted URLs Contacted IPs Public Static File Info No static file info Network Behavior Network Port Distribution TCP Packets UDP Packets DNS Queries DNS Answers HTTP Request Dependency Graph HTTP Packets Code Manipulations Table of Contents Copyright Joe Security LLC 2018 Page 2 of

3 Statistics Behavior System Behavior Analysis iexplore.exe PID: 2160 Parent PID: 548 General File Activities Registry Activities Analysis iexplore.exe PID: 908 Parent PID: 2160 General File Activities Registry Activities Disassembly Copyright Joe Security LLC 2018 Page 3 of 35

4 Analysis Report Overview General Information Joe Sandbox Version: Analysis ID: Start date: Start time: 17:13:23 Joe Sandbox Product: Overall analysis duration: Hypervisor based Inspection enabled: Report type: Cookbook file name: Sample URL: CloudBasic 0h 5m 13s light browseurl.jbs Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java ) Number of analysed new started processes analysed: 22 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies Analysis stop reason: Detection: Classification: Cookbook Comments: Warnings: Timeout MAL EGA enabled mal56.win@3/31@2/1 Adjust boot time Correcting counters for adjusted boot time Browsing link: Show All Exclude process from analysis (whitelisted): dllhost.exe, WmiPrvSE.exe HTTP Packets have been reduced TCP Packets have been reduced to 100 Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Detection Strategy Score Range Reporting Detection Threshold Report FP / FN Confidence Strategy Score Range Further Analysis Required? Confidence Copyright Joe Security LLC 2018 Page 4 of 35

5 Strategy Score Range Further Analysis Required? Threshold Confidence Classification Ransomware Miner Spreading malicious malicious malicious Evader Phishing suspicious suspicious suspicious clean clean clean Exploiter Banker Spyware Trojan / Bot Adware Analysis Advice Sample HTTP request are all non existing, likely the sample is no longer working Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior Copyright Joe Security LLC 2018 Page 5 of 35

6 Signature Overview AV Detection Networking System Summary Click to jump to signature section AV Detection: Antivirus detection for URL or domain Antivirus detection for dropped file Networking: Downloads files Downloads files from webservers via HTTP Found strings which match to known social media urls Performs DNS lookups Tries to download non-existing http data (HTTP/ Not Found) Urls found in memory or binary data System Summary: Classification label Creates files inside the user directory Creates temporary files Reads ini files Spawns processes Found graphical window changes (likely an installer) Uses new MSVCR Dlls Behavior Graph Copyright Joe Security LLC 2018 Page 6 of 35

7 Behavior Graph ID: URL: Startdate: 27/08/2018 Architecture: WINDOWS Score: 56 Legend: Process Signature Created File DNS/IP Info Is Dropped Hide Legend Is Windows Process Antivirus detection for URL or domain Antivirus detection for dropped file started Number of created Registry Values Number of created Files Visual Basic iexplore.exe Delphi Java 7 39.Net C# or VB.NET C, C++ or other language started Is malicious iexplore.exe 1 30 win-system-currupt1338.club , 49169, 49170, CLOUDFLARENET-CloudFlareIncUS ie9comview.vo.msecnd.net dropped dropped United States C:\Users\user\AppData\Local\...\ie[1].htm, HTML C:\Users\user\AppData\...\error-6555[1].htm, HTML Simulations Behavior and APIs No simulations Antivirus Detection Initial Sample Source Detection Scanner Label Link 6% virustotal Browse Dropped Files Source Detection Scanner Label Link C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59K Z\ie[1].htm C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59K Z\error-6555[1].htm 100% Avira HTML/Infected.WebPage. Gen2 100% Avira HTML/Infected.WebPage. Gen2 Unpacked PE Files No Antivirus matches Domains Copyright Joe Security LLC 2018 Page 7 of 35

8 Source Detection Scanner Label Link win-system-currupt1338.club 0% virustotal Browse URLs Source Detection Scanner Label Link 100% Avira URL Cloud malware 100% Avira URL Cloud malware 100% Avira URL Cloud malware 100% Avira URL Cloud malware 100% Avira URL Cloud malware 100% Avira URL Cloud malware 100% Avira URL Cloud malware 100% Avira URL Cloud malware 100% Avira URL Cloud malware 100% Avira URL Cloud malware 100% Avira URL Cloud malware 100% Avira URL Cloud malware 100% Avira URL Cloud malware 100% Avira URL Cloud malware 100% Avira URL Cloud malware 0% Avira URL Cloud safe 100% Avira URL Cloud malware 100% Avira URL Cloud malware 6% virustotal Browse 100% Avira URL Cloud malware 100% Avira URL Cloud malware 100% Avira URL Cloud malware 100% Avira URL Cloud malware 100% Avira URL Cloud malware 100% Avira URL Cloud malware 100% Avira URL Cloud malware 100% Avira URL Cloud malware Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Memory Dumps No yara matches Unpacked PEs No yara matches Joe Sandbox View / Context Copyright Joe Security LLC 2018 Page 8 of 35

9 IPs No context Domains No context ASN No context Dropped Files No context Screenshots Startup System is w7 iexplore.exe (PID: 2160 cmdline: '' -Embedding CA1F703CD665867E8132D2946FB55750) iexplore.exe (PID: 908 cmdline: '' SCODEF:2160 CREDAT: /prefetch:2 CA1F703CD665867E8132D2946FB55750) cleanup Copyright Joe Security LLC 2018 Page 9 of 35

10 Created / dropped Files C:\Users\SAMTAR~1\AppData\Local\Temp\Cab8755.tmp Size (bytes): Entropy (8bit): Microsoft Cabinet archive data, bytes, 1 file true B1B3B838B2DE0599D0E76D1C76 C56B126F E8ABCF F0B9466A C0F FB93ECB0CFA3C2BD6D91CC77F254F0A6CA41EDEFF47FDA0E409CC BACDD86B37E70FE36274C6AE9076F0AC89E FE575A69EF15FD50DE1D40C89EF454BDD69C4B2A841F048 8E082DFA6D7EDB477566C13D578C286E04FEE6 C:\Users\SAMTAR~1\AppData\Local\Temp\Tar876A.tmp data Size (bytes): Entropy (8bit): CC52CF1CC2739C564325B8DD55A D6D8EA05343C5629B7446F6B3F036D8CCE168FD5 D97A11D07B DEF454680D2DB5E5D0252B568EEF0B9D2E52D056D8241BF DC552F81847FEDC7DB48C EACCF8AB8FD33B77C388317FD067A20DF8EFE9FB263AD607920FA76AB C36AEF4FB55C9C22C51D20B B1A796 C:\Users\SAMTAR~1\AppData\Local\Temp\~DF01550BB6E5CF239E.TMP FoxPro FPT, blocks size 258, next free block index Size (bytes): Entropy (8bit): BD1F2F4C0A068ADCDDC BCD82 BFFBECD65A795E30D9F95847A38871BDF23914FE 5D87EDDA554380E950BB385B DE2CD0B515BB F622BF3 C5B69D541CFFFA88053A30098E6D72009EFECAD9EA92FEB20369C39664C752C498A474B3A16A843CD9501D53EA 995C3488B6492DC8DB067D187CB40DB5694C2C C:\Users\SAMTAR~1\AppData\Local\Temp\~DF545DDF88508E7995.TMP FoxPro FPT, blocks size 258, next free block index Size (bytes): Entropy (8bit): FE3B321F740CA247B3E84F8AEA2C E52C5637BBCDDAA8FD41002EE B59E5DA732B13DDA72200DE5E4328E22C513AC7F54C7ACE713 56BB5E5F6E7B92EFF9331C7017B9FC55EBC9D230AEFE782BC974CC1CBCE6BF1488C E41000C5D99E279 7BB2D0C693A EB2043F2C51869A8070 C:\Users\SAMTAR~1\AppData\Local\Temp\~DF7D9E20762B594F36.TMP FoxPro FPT, blocks size 258, next free block index Size (bytes): Entropy (8bit): Copyright Joe Security LLC 2018 Page 10 of 35

11 C:\Users\SAMTAR~1\AppData\Local\Temp\~DF7D9E20762B594F36.TMP 26E595BFD CBF682D0C7E00BD9 253D8216FDED588197D3C2004CC7DDFC003BE31A 096D54400B86ED4EF504D8D1464F0FDB D71D692BC7DAEDC545C45B 55E7621B6CAE0D82AB647242CB63272CD2C2AE8C8F2BB145C1A4C1770ED963AC779F C8AE2DB53DED2 AF8ADC8EC9BE2D88D3AD93AD A877B967 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F Size (bytes): Entropy (8bit): Microsoft Cabinet archive data, bytes, 1 file true 1D44E50A3D E9E35E5DD4DD70 C9DE64435AE3A411680E949AC5F7401B30DCC2D8 9456A5221CB9F02CF19CA87DB1C3847CC28B70C8AC45F90EE8AB4A3476CBCA8F 5BC6B4384BA E1A1781CAF35CF26117F7CB318A90E4AAE C43A705B1F4A2AEBD9692B93776FB D495BD478AE3AD6DB87EA20CF5468E90BE C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F data Size (bytes): 984 Entropy (8bit): D35654F3B3B05D D6397 BE9B945AD816808CAB94A4241FDD42F991519F95 6A37535F8719C D7D6117B498B8A3B016CEB554CB2A3CF99F0884CD5AB 11D6723B93CABC4B83C45107F9AC C87C8DF7E62AE5F48712E9395B2FEB27E6E15EF173318D6CCD0E6 485ACCB18F2C7D54664A0FDC73977FB35310D6 C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D f-A0FF-E1416B8B2E3A}.ico Size (bytes): 237 Entropy (8bit): PNG image data, 16 x 16, 4-bit colormap, non-interlaced 9FB559A E77D F6541 EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31 6D8A01DC7647BC218D003B58FE04049E24A B7E0CEBAE76EDF85B8B914 0E CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCF B74437DE D0009D452FB96A8ECE236B C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BCF36701-AA0B-11E8-B3E3-CCDA62336E41}.dat Size (bytes): Microsoft Word Document Entropy (8bit): CC821FA64D2B649764F84D65BAB6CB5 97A6D35BC9E236DEFA46E88F638D99DDE7A64A9D A17AAFBD DDC17E04B31B4211D3B19B69E1501A7E094A4C022C5B9A B42BED9CAD BD3618DEE19DFB7BA0F83D98AC6381C2675F132D385099D1912CEBE2278A67F AB1 DD461DB71DFAC D96F4C572C686560D3 Copyright Joe Security LLC 2018 Page 11 of 35

12 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BCF36703-AA0B-11E8-B3E3-CCDA62336E41}.dat Size (bytes): Microsoft Word Document Entropy (8bit): F23C46426A79DE5BC6CA9D4862B5 77D30B09CB C350A16C50BB05CD3C4CB C4BB90AEAFC5D71BB8F5BFB6A819462C36F737F6482A347EB00DAF0A A AB73CEFD91ED5B77A6F34A6A0F513CDC9E28E918AB53ED20A2F2B194CC265749DB55F3317ACCB6237D7E37206 A8EF58B8100AA7FCEBA F765E5F9D19DE C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C74D8DC0-AA0B-11E8-B3E3-CCDA62336E41}.dat Size (bytes): Microsoft Word Document Entropy (8bit): B8886F6CB225A5ABADA E EE8CB3A691DE82008CD52F3710E2CC119F AA18FFD64DF8685CEC138465DC94B86AE83C90BBCBE786A165A4156A8C5 891C0925F1720BBBBDA0AF23CBB5E5CBEDDBA50BC4A052A6E8D6F4FA608EFCE0155C5DBFC4DBB8B03719BFF E22BDD096F0035F E4BF915282C C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CMFZC4R\alert[1].css Size (bytes): 2981 Entropy (8bit): HTML document, ASCII text, with very long lines 5196CCFEE9569B0BE1FB4A4FB0189F70 D0D701A487759E10831C7BA2C503855AB856CCEA B A88B0B8F35C8947EC3A BFFCC752C2E96F946626D990502BA6 DEA869C0C6764B E0A9996F3FD005EAB68FF B56EA81880C86BFBB04D269741E6A4E51FC E84F D8C3929C8344F3DF183A5A6 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CMFZC4R\retreaver[1].js Size (bytes): Entropy (8bit): exported SGML document, ASCII text, with very long lines C7F736410D8FD53B1FCBEB B4 75F9041B398604E62C6DE C8EA8413EF 5E944017E7E53E4654AD11FB20FCA627E5E7C49FB9AAB62FBDE3AEF3B51F2FFF E77D643D3BA3DA60FE0B02306F8202BDCC3B482A59AD95161BA20D2FB1CA FB90B71B4EAC31C5BBA4D F99BD2681C7DC222CB41FA368ABA6 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CMFZC4R\style[1].css Size (bytes): ASCII text, with very long lines Entropy (8bit): E74FA9C2311B591291E28B68EAF6D0C7 6F BBE9B8C4CD6524E8E0490A541F86F3 8E E FBB8BF4DF98A8454C75A2B288FD54DBA9BBCA8E9E3C F41C E D80F142E14ADA632C4E0B0E95B9155E5A602E8192A85C7365B6AA914A2F77 576B3BF151FF48CE09B0E4C234BDD08B621 Copyright Joe Security LLC 2018 Page 12 of 35

13 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CMFZC4R\style[1].css C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CMFZC4R\translator[1].css Size (bytes): ASCII text, with very long lines Entropy (8bit): C0245F59B273D110D73A343CA33FC1 AC49C860727F5F16196A338128BB5A909E53D3CE 8E518D27455B893E291BF603D02B9C3D7F417CA2E6CD3C9F9833C3C16A18633D 88ABF0A1FB5907E50D9F680FD05ECF99AF2615D97F05A DB9599E995B5F8E3127D578FEA3A903129D686 7F616A84FD C1D2C995FAA C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CMFZC4R\urlblockindex[2].bin Size (bytes): 16 Entropy (8bit): data FA518E3DFAE8CA3A0E495460FD60C791 E4F30E D37267C0162FD4A C C4B4E5F883F9FD5A278E61C471B3EE B6D129499AA7 D21667F3FB081D39B579178E74E9BB1B6E9A97F C165729A58F1787DC0ADADD980CD026C7A601D416665A 81AC13A69E49A6A2FE2FDD AA645C07 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59KZ\alert[1].css Size (bytes): 3038 Entropy (8bit): ASCII text, with very long lines, with CRLF line terminators FEC3A4215CD9A7F C2620DA78 0FFBC554FF69BBD6C75984D67E2F5FEB1F61A00D D DC643D8B8C574F5B5B98A1CD88F4E46AB561E529188D8C3D700CF170 D8AD9E97A8C5E3C F192512F FA409A93CDA7F0E D936355F4E678D1F2E8F073367A689 C1BEB23F68D7474A0FCCC5CD4825CC4284D C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59KZ\bootstrap[1].css Size (bytes): Entropy (8bit): ASCII text, with very long lines, with CRLF line terminators A1CE56D0E8C4E4E1E31A0206DA27E06C 5CDAAB2F02F BB7575ADE769CAE56DC CDBC71A8D00370FC1F83791B11DF7228B8CC462C569C8F B93CBB5490 C1CD9AF8E56E110F4ABD C8C0E7A1364EF F4601B F24E385DE46D792DB26F0FD1 F69B55C857349B106A2464AAFCE C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59KZ\error-6555[1].htm HTML document, ASCII text, with very long lines, with CRLF line terminators Size (bytes): Entropy (8bit): D836B3FDA8E1C38EAFCA0F2A00B3178E Copyright Joe Security LLC 2018 Page 13 of 35

14 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59KZ\error-6555[1].htm Antivirus: 3C DEA7C565CC9E7D4EF4E36A70F CA05ABEED9C92C7CB286DDFB7FEAE0DC9D23B5AAECF5A2E4736B0A07BC9443A7 6F58CCC7745F75E5923F6E954B00F1B2B07281C3C3F8B79EB3A103F F2FC412E E1FD06941A 7AA0CB9E82E71FBB34A61BE732D833860FDF true Antivirus: Avira, Detection: 100%, Browse C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59KZ\ie[1].htm Size (bytes): Entropy (8bit): Antivirus: HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators 57D8106A308A233A813F9E2E8EB080DF FE15DCDF6339BC29CC22FB59D C5CC43 471A0BE B99B5A6215F848D2AEED623D19D4E59E50E23FD33061E 6FBF0B48B091BBC32A8C4E36EDB5820D43EFA3D9C7E7BC5B943CBF2CBE9A36AB67BE174BF24FE331D4455CA2 A432C29B48DBD93F D1D0BC1E73CE56 true Antivirus: Avira, Detection: 100%, Browse C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59KZ\jquery-1[1].js Size (bytes): Entropy (8bit): ASCII text, with very long lines, with CRLF line terminators 00F66EADA2C54B64A3F632747CE1FE2D A AC13CCD72E08FD25D7BCF A135D8E7D5EBF1FE83B0B16DA1D8D8B2321ACDC4D5C24A1F9A7DF53B23CF E328A367F1086D D09206BADFD2CCE18CDBC7420B4ACA AD7576F156B F762F6A46A 58AC7CEFDC0F2BF031F215F59A8D6AE8E254D C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59KZ\retreaver[1].js Size (bytes): Entropy (8bit): exported SGML document, ASCII text, with very long lines, with CRLF line terminators 68EC33788ED08F7C0FDD73CBD52C2050 8E05B9EB DD41B115DFE9F1D57A2860FC8 71A861100E206EEEE88876CD E0FDC07046CCE33A1A96B96D E1 2BFD61E5AA56D37F7778BE5DB6BBCEC88DD3683CC364317B058FAC3AE4C018BA156B16344A6FBE94B41933B42 CE059D53AFA82AA F45DFF3E24E0A3 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59KZ\style[1].css Size (bytes): Entropy (8bit): ASCII text, with very long lines, with CRLF line terminators F38DBE23961B107D851FC508F7 B3CDA4F74E2F0812A46986BD DC A7FDD2397E0F7290CBF6C599AF043BF91D351D755E5FCBCF7CEF9F5BF8FC252F DC5D0E E A8B526567D118851BBDAF944CD1F27CA0EC551777AC238FEFFA F3F088A6FB 7E360569A8AB52E25CF08CEF7108E15F62C26 Copyright Joe Security LLC 2018 Page 14 of 35

15 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59KZ\translator[1].css Size (bytes): Entropy (8bit): ASCII text, with very long lines, with CRLF line terminators 00C7719F627DCF52ED26D09F5F460E6B 0ABD02B3C2D53038C9DCEB D3209C51E5F 25D2D73C6C16C53A E079EBF265F1A70E1DF0E5D F0ACF12510D FA6A544D8F3EBBA4408ADDA645113E5F66C2AD5E30CBCDC8D DB2F0200F88A347D05365A6AB0569A241 0E6CC C5AA07A34A DF55CD6 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3GRP7RI\iframe[1].js Size (bytes): 721 Entropy (8bit): ASCII text, with very long lines, with CRLF line terminators 4C43440BD293650BBDD1C2FABF717D0B 96F72D2B F C4BB379B7D0 69DB1A94309E88008BBADACF301526EDCE C83F888EC866AD6B2D8E CB064B247FF45033FB7280F73D828D95189BBB5FB73FEC92BAD8A4600F11EDD84CEE2678BBB0C78DEE19D 4671FA9ADAB AEE0B2D709E3BEB7 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3GRP7RI\microsoft[1].png Size (bytes): 977 Entropy (8bit): PNG image data, 216 x 46, 8-bit colormap, non-interlaced AB563722EBC08AB73E4C72A3FA0D28C7 3E09D6B DD01360BF11E8EF1E61FC2FAD6 844A92EE435552F7F26B4EC467220C537841F8245A16BBB265975CE4B3081F C41B84C5E502A03254E232E3E247120A84B C69C752C875D6CD9A2969AD1FD B397049F BFD547569AB6C11C11FC906E9D8FA98F0B83 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULEAKRVD\bootstrap[1].css Size (bytes): ASCII text, with very long lines Entropy (8bit): A FE2BEDDC7ED1F1E7E A995DF4C3A89C7C012AF30857B61BEF6021AB608 CBBD6C980D02125FE27E5752E9F47DFA B0D4FC0444A BEE6E5 E323E8D6D4A C30B B077FFEBC5F4D034AE56F49BA9948BAFAA787D9C3D3C818F2EF2E6B8B A59FAE888A869705B0857A278549A1250 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULEAKRVD\favicon[2].ico Size (bytes): 237 Entropy (8bit): PNG image data, 16 x 16, 4-bit colormap, non-interlaced 9FB559A E77D F6541 EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31 6D8A01DC7647BC218D003B58FE04049E24A B7E0CEBAE76EDF85B8B914 0E CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCF B74437DE D0009D452FB96A8ECE236B Copyright Joe Security LLC 2018 Page 15 of 35

16 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULEAKRVD\favicon[2].ico C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULEAKRVD\jquery-1[1].js Size (bytes): ASCII text, with very long lines Entropy (8bit): C5FB7C DC65E1096C A33096A BC286C5F190D37B070DB2D23 C8963B6BD2CA BF9ADCBFF7A3EA55C9C3EDEF3D5A992405EE256A EAFB6CA5F609E95495CB05F D CE342C4D4FB6B CCF84A70EF49B7C8AD166B55 D67457E5757E14EE7AFC6CEEF86F29BC9C597 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULEAKRVD\js[2].js Size (bytes): ASCII text, with very long lines Entropy (8bit): C869FC77754B47F2A84BB13EECC81 E5C98D736D1A11547B7C44BB3FA070810E8F2000 F33888E1A91A8D1864CA5B968343FF5723F3F4787CF624459FD73FCC0DF71B A9EF E8086E E5EF512E CB5FB24424A6E8C4331FDDD10162BC940672EFE06CF5 5A8749DAA5BFE2CCACA75CB B4FDC C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\RRZJM8MI.txt Size (bytes): 128 ASCII text Entropy (8bit): A9A016EDFDE133B83D75A4466DD7768E A242F2B4674E4DE38AC870F420091ED69DCD2A53 763C F4781EAE98C126A49FE718382E9C051EAD24EA3D0F4E59F8EB80C BC8167FC18A51BD99D7AEBC7404C528C726344C8F4B3B77E1B549A4A4987AA90EBAC B921B8D566F04C4 AEB09C520B795B79599D47FF4BC5B46D4285F1 Contacted Domains/Contacted IPs Contacted Domains Name IP Active Malicious Antivirus Detection Reputation win-system-currupt1338.club true 0%, virustotal, Browse unknown Contacted URLs Name Process unknown Copyright Joe Security LLC 2018 Page 16 of 35

17 Name Process unknown unknown unknown unknown unknown unknown unknown Contacted IPs No. of IPs < 25% 25% < No. of IPs < 50% 50% < No. of IPs < 75% 75% < No. of IPs Public IP Country Flag ASN ASN Name Malicious United States CLOUDFLARENET- CloudFlareIncUS Static File Info No static file info Copyright Joe Security LLC 2018 Page 17 of 35

18 Network Behavior Network Port Distribution Total Packets: (HTTP) 53 (DNS) TCP Packets Source Port Dest Port Source IP Dest IP 17:14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST Copyright Joe Security LLC 2018 Page 18 of 35

19 Source Port Dest Port Source IP Dest IP 17:14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST UDP Packets Copyright Joe Security LLC 2018 Page 19 of 35

20 Source Port Dest Port Source IP Dest IP 17:14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :14: CEST :15: CEST :15: CEST DNS Queries Source IP Dest IP Trans ID OP Code Name Type Class 17:14: CEST xd204 Standard query (0) win-systemcurrupt1338.club A (IP address) IN (0x0001) 17:15: CEST xf551 Standard query (0) win-systemcurrupt1338.club A (IP address) IN (0x0001) DNS Answers Source IP Dest IP Trans ID Replay Code Name CName Address Type Class xd204 No error (0) win-systemcurrupt1338.club 17:14: CEST xd204 No error (0) win-systemcurrupt1338.club 17:14: CEST A (IP address) IN (0x0001) A (IP address) IN (0x0001) x1096 No error (0) ie9comview 17:14: vo.msecnd.net CEST xf551 No error (0) win-systemcurrupt1338.club 17:15: CEST xf551 No error (0) win-systemcurrupt1338.club 17:15: CEST cs9.wpc.v0cdn.net CNAME (Canonical name) IN (0x0001) A (IP address) IN (0x0001) A (IP address) IN (0x0001) HTTP Request Dependency Graph win-system-currupt1338.club HTTP Packets Session ID Source IP Source Port Destination IP Destination Port Process Copyright Joe Security LLC 2018 Page 20 of 35

21 17:14: CEST 0 OUT GET /error-6555/ HTTP/1.1 Accept: text/html, application/xhtml+xml, */* 17:14: CEST 2 IN HTTP/ OK Date: Mon, 27 Aug :14:02 GMT Content-Type: text/html; charset=utf-8 Set-; expires=tue, 27-Aug-19 15:14:01 GMT; path=/; domain=.win-system-currupt1338.club; HttpOnly CF-RAY: 450f7c49278b3e50-ZRH Content-Encoding: gzip Data Raw: d 0a 1f 8b a4 57 eb 73 a2 c8 16 ff 9c a9 9a ff 81 f1 c3 dd 49 cd 24 3c d4 8c ec c4 d9 ea e e5 cb 2d 1e 2d a2 3c 1c 40 d1 ec ee ff 7e ab 01 1f d9 d9 bd 9d b2 e1 9c 3e cf df e9 3e 4d ee c 11 bb 38 4a f2 7e 6b eb 5f c9 b2 2c 6f cb f6 6d 9a cd b2 2c b9 c3 22 ad 6f ef df dd 2f 90 e3 7f bb 8f 51 e f4 06 7d df 84 db 7e 8b 4b c5 cd 78 bf 46 2d c2 ab a9 7e ab 40 bb 82 c4 ba 5f 09 6f e a fa f df d0 4c fd ba f f8 68 f e a5 25 0e e0 ea be 08 8b 08 7d 7b 9c cf 43 2f b4 59 af d3 ac ee c9 7a 1d 4b b a f7 5b de 22 4b e3 e4 39 ca 8b 9c 74 d3 b4 c8 8b cc 59 df 7a 79 de f5 5b 79 b1 8f 50 be 40 a e4 df e8 57 b2 ff 52 b7 c8 9c 24 8f 9c 22 cd 6a 03 a1 df 6f 8d 1e fe 3b c2 26 5e ec d7 a8 01 b2 12 ff 3b f3 4e 84 b2 e2 8d d0 b0 76 ee 65 e1 ba bd 74 b6 4e cd ad 40 de 3a e6 1c b6 1c 6e 62 a2 4f d4 55 bb ad 7d 7d 7e ff 8e b 12 3f cd c4 d b bd da f9 e3 1a 65 ce 6b 72 9b 1c b 15 fb 71 fe b1 f5 f8 64 b4 ae 89 6f c4 0d 7d e4 07 e8 27 f5 05 3f 40 8d 81 af ef df 5d 85 f3 8f 67 b9 7c e8 f c4 7f fe 43 5c b f e c bc 76 9e 5d bf 4f b4 a4 34 0d c db aa 75 9b 94 fa c4 dc f3 0e cc 6b e2 ea f7 2a 85 2b c2 9c 68 8c d4 30 be 7f 77 d a5 9e b 2b 4a f4 89 d6 2d e9 2d c8 2a 9f 5b 7c 7a 7e 4b fa f4 4d af db bd e b bb 6e b7 db c2 79 fd 59 e7 f a1 79 ba 6b 5d 13 1f fa c4 0d 4d 5c d7 80 d6 41 d5 e3 c7 31 cc c3 8c c4 9e b0 54 e3 ec 1f c0 ff 2f 1c 22 3f b8 74 f8 76 7a ea e ae 88 3f fe 20 3e 7e f8 e0 a7 de 26 c f5 ab d d7 d ca b c a6 2e c2 fb 71 6c 21 3a 0f ed fd bb 7b b2 3e 2f 2f 8f 54 9e 79 7f a 32 e4 6c bb cc 5b 3f 3a f 59 5a 7e df a0 6c 7f 43 ff df 86 c2 79 e6 c4 e8 a7 cc e0 f4 ea bf 9f e8 1b 87 0d 9d 26 2b b4 f7 d fa c4 7c cb 8f 68 5b 5c df f1 84 6b 8b b6 c5 ed 0a ed b9 a6 3c cc 17 5c Data Ascii: a72wsi$<%h@a--<@~q3>>me8j~kq_,om$,"o/qx}~k%xf-~@_od9*eili5'fvii'ih9ii%}{c/t"by 8"zKFa"[" Kct9tYzy"2[yP@hWR$"jo;&^1W;Nve87tN@:nbOU}}~ dec\7a v]o4"dwurtq6k*+$h0wdsir+j- -*[ z~kmtnyy&byk]m\a1t/"?tvzhn? >~&b5i"!7.ql!:{>//ty9*2lqv[?:tgsoyz~lcy&+2! xh[\ck<\ 17:14: CEST 13 OUT GET /error-6555/chrome-assests/bootstrap.css HTTP/1.1 Accept: text/css, */* Referer: 17:14: CEST 57 IN HTTP/ OK Date: Mon, 27 Aug :14:02 GMT Content-Type: text/css Last-Modified: Thu, 23 Aug :05:15 GMT ETag: W/"1d9cb-5741fc707189b" Content-Encoding: gzip CF-Cache-Status: MISS Expires: Mon, 27 Aug :14:02 GMT Cache-Control: public, max-age=14400 CF-RAY: 450f7c4c100e3e50-ZRH Data Raw: d 0a 1f 8b ed 7d 6b 8f e3 c8 91 e0 e7 f5 af 90 7b ee d 51 af 92 0a 53 d8 3d ef 62 d7 c0 7a 3f dc fa c6 7d 07 4a a4 4a f4 50 a2 4c 52 fd 18 9d f6 b7 5f be 1f a5 aa 19 fb c3 b6 2a f9 e1 fb df fe 66 f0 fd e0 bf a 7c 9a 8e a7 e3 c5 e0 ed be 69 4e eb 0f 1f 9e b3 66 a3 eb c6 db f2 f0 8e 43 ff ae 3c 7d ad f2 e7 7d a3 c9 64 c4 fe 67 3e f8 e3 e7 bc 69 b2 6a 38 f8 fd 71 3b e6 40 ff 9e 6f b3 63 9d a5 83 f3 31 cd aa c1 1f 7e ff b4 e6 58 f3 66 7f de 70 7c 1f 9a cf 9b fa 83 e9 e2 c3 a f 0e 49 cd 50 7d f8 f7 df ff ee 5f fe e3 3f ff f9 e1 c3 f7 bf 1d 1c cb ea f9 cf d9 78 5b d7 9c d0 68 3c 1d fc 1f c6 fe f b3 6d f5 07 bf dd f7 1f f6 cd a1 b8 ec ca da bc f8 ba ae d aa b3 2a df 3d 8e 3e 67 9b 9f f2 66 d4 64 5f 9a 51 cd da 8c 92 f4 cf e7 ba 59 4f a2 e8 db c7 d1 a1 c6 6b ae 9b 32 fd 7a d5 73 7e 5c 47 d7 a4 6a f2 6d 91 0d 93 3a 4f b3 61 9a e d4 c3 5d fe bc 4d 4e 4d 5e 1e f9 cf d 77 6c dc 8c 67 fb 2c 49 f9 ff 3d 57 e5 f9 34 3c 24 f c8 8e e7 e1 31 f9 34 ac b3 ad f 0f 0c fd d7 4b 9a d7 a7 22 f9 ba 66 8c da fe 74 4d ce 69 5e 0e b7 c9 f f 4f 55 f9 5c d fc c4 7a 2d 0d 64 7e 2c f d 1e 3f 65 9c b4 a c 1f d7 9b a4 ce 78 ad 44 b4 3e 96 cd db 1f b7 8c d4 1f df c7 f2 98 3d ee 33 2e ba 1f f7 79 9a 66 c7 8f c3 26 3b b0 ea 26 f3 e0 ae c c 7f e a b2 5a 33 d1 1e eb c7 e6 9a ac a2 4f 8c 39 eb 7d c9 c8 b9 94 e c0 d9 b6 d9 54 3f f 2f 9b b2 62 3c 19 6d ca a6 29 0f eb c9 e9 cb f b3 f4 ba d 29 8f cf f cb 28 ba a6 bb a3 2c ab 9b af 45 b6 ce 1b 36 c4 ed 75 3f d f 96 d d 4a c0 75 9c 1d ae ac f2 a7 8b a4 f2 9b 28 8a 1e 2d ed eb 6f 76 bb e8 5a 33 d5 51 da 22 da 3c d c4 f ce 85 b3 ae 32 c f7 72 fe ed a3 e0 bb 66 1b c9 7a 8e a9 29 4f eb d1 78 ce e8 61 b8 2f 6a d0 a3 71 cc 4b f2 c3 b3 e fd e d 31 d e1 0c dc 15 e5 e7 b5 14 c9 55 ea 95 1e f1 84 Data Ascii: 3aee}k{0iIMQS=bz?}JJPLR_$pv*3222"2"3feS7Ur infc<}}3dg>ij8q;@oc1~gxfp (7IP}_?wx[h<YurPmY$ c3%c=*=>gfd_qyok2z9$s~\gjm:oa5i^]mnm^swlg,i=w4<$qx14hqk"ftmi^srou\eu=z-d~,c6?e1<xd>3uy=3.r6yf&;&elc9 #&Z3SRe6O9}T?6ySd/b<m) e?2m)r%q(,e6u?b/a=j&u(-ovz3q"<0agft9u26&rfz)oxa/jqkcqyhi]1ywu Copyright Joe Security LLC 2018 Page 21 of 35

22 17:14: CEST 103 OUT GET /error-6555/ie/ HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Referer: 17:14: CEST 104 IN HTTP/ OK Date: Mon, 27 Aug :14:03 GMT Content-Type: text/html Last-Modified: Thu, 23 Aug :05:24 GMT CF-RAY: 450f7c e50-ZRH Content-Encoding: gzip Data Raw: d 0a 1f 8b ec bd d9 ae e4 c f8 ac 02 fa 1f f c 89 5b 90 0c b6 54 6a 70 0f f7 6d b ee 4b ef ed 2f bb 0f f3 49 f3 0b e e6 c d cd f c 98 c7 83 e1 b6 b9 99 b9 d3 dc 69 ee 81 fc 3f ff e7 ff f1 a7 7c 6a ea 2f 5b 53 b7 e3 cf 3f e6 d3 d4 ff 1b b8 ae eb 1f 56 f4 0f dd e0 f6 24 f9 f1 cf 3f fc 29 4f c3 e4 cf 7f 6a d2 29 fc f2 a4 fc 7d fa 98 8b e5 e7 1f 99 ae 9d d2 76 fa bd b5 f7 e9 8f 5f e2 57 ed e7 1f a7 74 9b c0 27 eb 1f bf c c e9 f4 f3 5a b4 49 b7 8e bf c f9 f1 cf 3f fc f0 92 d5 86 4d fa f3 8f d3 f8 89 bf ed 8a b7 7f 6d bb 7b 57 d7 dd fa d4 60 2a a6 3a fd b3 52 c f7 e9 cb ed 7e 2f e2 22 ac bf df 77 c3 f4 27 f0 45 f1 c3 9f ea a2 ad be e4 43 7a ff f9 c7 a8 eb a6 71 1a c2 fe 0f f1 38 fe f eb 9f 7f 1c a7 bd 4e c7 3c 4d a7 1f bf 27 7e 43 fc 3d 84 d3 10 b6 63 1d 4e dd f0 a2 2e 92 9f 7f 34 e5 ff dd 7c d2 ff f8 65 da fb f4 dd 05 7f 87 ac b0 4e 87 e9 af 34 fa 2f 3f 3c ff fd f0 a7 ff f6 fb df 7f 11 ea 2e 0a eb 2f a5 5f a6 30 fb f2 db 6c 0a b3 3f 94 e3 ef be fc fe 8b d d 7e a1 da b0 de a7 22 1e bf fc fe f7 7f fe 97 1f fe 34 c6 43 d1 4f 5f c2 71 6f e3 2f e3 10 bf 3a 79 fc 37 f0 ad 9b b3 37 a6 29 cc 9a b0 0d b3 74 f8 43 dc 35 e e ff 5e 24 3f db d4 ef c b 9f 7e 0f ff f8 e7 3f 81 2f 79 df 24 ff f9 5f 7e f8 f2 e5 d5 af 7f 48 c c3 3d 1d be fc fc 97 a0 ff f1 3f be fc af ff db 1f 9f d4 f7 b9 8d a7 a2 6b bf 3c 1b fa ed ef fe fb 57 9a 3f f4 f3 98 ff 36 1c b2 b9 49 db 69 fc dd 1f ff e3 49 fe 46 f fe f4 af 5f da 74 fd c fa db df fd ee 8f 4f af 7c 20 e3 ae bd 17 d9 4f ff fa e5 a7 ef 15 fe e9 49 f6 49 e7 8f 7f 5f dd f2 e d c d2 e1 0f e5 f8 5d cf 95 e1 12 be 08 3f 59 fe 3d 6f f9 98 d3 61 ff 3d fc 7f 83 b5 b8 0f fe 63 8c 7f 85 f0 87 df fc e6 dd df 5d 5b a5 7b d2 ad ed 97 9f bf fa f9 b7 e9 32 fd ee 87 df fc e6 bf ff f0 9b df fc a6 b8 3f ab 7f a8 d2 9d e9 92 f4 cb cf 3f 7f df fc f 7f 0d 88 a0 bf 02 3d 63 bf f 8d 1d c6 7e 15 8a ff 2a 14 f9 55 e8 e9 d7 a0 c4 d3 ba bf 19 d2 69 1e da 2f f7 b0 1e d3 3f fe f0 04 fd c7 f3 f3 3f fe f8 0b 1f f5 43 3a 8e df 3b a9 fd de 49 ed af 9a fe 3d e f7 e5 2f 5a 7c b6 f5 8f 74 5d d7 46 e9 bd 1b d2 b9 ad bb 30 f9 f9 ab 46 5f d5 79 0b 0f 5f 7e fb e3 bf bf ae 2f 9c c9 fc eb 97 d7 d7 0f d0 fb fd df ff db 8f bf 7b 5a fa e1 86 bf 8f e5 a5 f5 3f a6 f4 12 0e 5f c6 69 e8 aa f0 cb cf 5f 7e fc d3 34 fc f9 4f 53 f eb 22 6b 7f fe 69 ea fa 9f fe fc a7 29 Data Ascii: 653d(0(l[Tjp2Hm0pKp'/I8qNRI-i? j/[s?v0i$?)oj)}v_wt'y8zi?mcu6im{w`*:rc7v~/"sw'eczq8ehn<m' ~C=cN.4 en4/?<./c1_0l?uy~"4co_qo/:y77)tc5s(x^$?a ;~?/y$_~h)=?k<w?6iiifs9_tso OII_!4\]?Y=oa=ac][{2?? Ag=c$~*Uyi/??C:;I=&~/Z t]f0f_y_~/{z?_i_~4ose"ki) 17:14: CEST 182 OUT GET /error-6555/ie/bootstrap.css HTTP/1.1 Accept: text/css, */* Referer: Copyright Joe Security LLC 2018 Page 22 of 35

23 17:14: CEST 320 IN HTTP/ OK Date: Mon, 27 Aug :14:04 GMT Content-Type: text/css Last-Modified: Thu, 23 Aug :05:23 GMT ETag: W/"1d9d7-5741fc77ded9a" Content-Encoding: gzip CF-Cache-Status: MISS Expires: Mon, 27 Aug :14:04 GMT Cache-Control: public, max-age=14400 CF-RAY: 450f7c5551cb3e50-ZRH Data Raw: d 0a 1f 8b ed 7d 6b 8f e3 c8 91 e0 e7 5b 60 ff 83 dc 83 c1 74 4f 4b 6a 8a 7a c2 ee bb 06 d6 fb e1 d6 07 2c 30 ee 3b a ea c7 e8 b4 bf fd f2 fd 88 8c cd d8 87 b3 1b b c1 cc c8 0f df ff e6 ef ff 6e f0 fd e0 bf a 7c 9a 8e a7 e3 c5 e0 ed be 69 4e eb 0f 1f 9e b3 66 a3 eb c6 db f2 f0 4e 80 ff b6 3c 7d ad f2 e7 7d a3 c9 64 c4 fe 67 3e f8 c3 e7 bc 69 b2 6a 38 f8 dd 71 3b ff 96 6f b3 63 9d a5 83 f3 31 cd aa c1 ef 7f f b6 e6 78 f3 66 7f de 70 8c 1f 9a cf 9b fa 83 e9 e4 c3 a f 0e 49 cd 70 7d f8 b7 df fd f6 9f ff fd 3f fe fa e1 c3 f7 bf 19 1c cb ea f9 cf d9 78 5b d7 9c d6 68 3c 1d fc 1f 81 5a f5 c6 fe f b3 6d f5 07 bf dd f7 1f f6 cd a1 b8 ec ca da bc f8 ba ae d aa b3 2a df 3d 8e 3e 67 9b 9f f2 66 d4 64 5f 9a 51 cd da 8c 92 f4 4f e7 ba 59 4f a2 e8 db c7 d1 a1 c6 6b ae 9b 32 fd 7a d5 73 7e 5c 47 d7 a4 6a f2 6d 91 0d 93 3a 4f b3 61 9a e d4 c3 5d fe bc 4d 4e 4d 5e 1e f9 cf d 77 6c e0 8c 6b fb 2c 49 f9 ff 3d 57 e5 f9 34 3c 24 f c8 8e e7 e1 31 f9 34 ac b3 ad f 0f 0c fd d7 4b 9a d7 a7 22 f9 ba 66 9c da fe 74 4d ce 69 5e 0e b7 c9 f f 4f 55 f9 5c d fc c4 7a 2d 0d 64 7e 2c f d 1e 3f 65 9c b4 a c 1f d7 9b a4 ce 78 ad 44 b4 3e 96 cd db 1f b7 8c d4 1f df c7 f2 98 3d ee 33 2e ba 1f f7 79 9a 66 c7 8f c3 26 3b b0 ea 26 f3 e0 ae c c 7f e a b2 5a 33 d9 1e eb c7 e6 9a ac a2 4f 8c 39 eb 7d c9 c8 b9 94 e c0 d9 b6 d9 54 3f f 2f 9b b2 62 3c 19 6d ca a6 29 0f eb c9 e9 cb f b3 f4 ba f cf f cb 28 ba a6 bb a3 2c ab 9b af 45 b6 ce 1b 36 c4 ed 75 3f d f 96 d d 4a c0 75 9c 1d ae ac f2 a7 8b a4 f2 9b 28 8a 1e 2d ed eb 6f 76 bb e8 5a 33 d5 51 da 22 da 3c d c4 f ce 85 b3 ae 32 c f7 72 fe ed a3 e0 bb 66 1b c9 7a 8e a9 29 4f eb d1 78 ce e8 61 b8 2f 6a d 0 a3 71 cc 4b f2 c3 b3 e fd e d 31 d e1 0c dc 15 e5 e7 b5 14 c9 55 ea 95 Data Ascii: 4d4a}k[`tOKjzTy,0;P"Ue )UUneS7Ur infn<}}3dg>ij8q;poc1xfp(7ip}?ytx[h<zrpmy$c3%c=*=>gfd_qo YOk2z9$s~\Gjm:Oa5I^]MNM^swlk,I=W4<$qx14hQK"ftMi^SROU\eu=z-d~,c6?e1<xD>3UY=3.t6yf&;&elc9#&Z3SRe6O9}T? 6ySd/b<m) e?2u)r%q(,e6u?b/a=j&u(-ovz3q"<0agft9u26&rfz)oxa/jqkcqyhi]1ywu Session ID Source IP Source Port Destination IP Destination Port Process :14: CEST 14 OUT GET /error-6555/chrome-assests/style.css HTTP/1.1 Accept: text/css, */* Referer: Copyright Joe Security LLC 2018 Page 23 of 35

24 17:14: CEST 26 IN HTTP/ OK Date: Mon, 27 Aug :14:02 GMT Content-Type: text/css Last-Modified: Thu, 23 Aug :05:17 GMT ETag: W/"5ac6-5741fc71e598f" Content-Encoding: gzip CF-Cache-Status: MISS Expires: Mon, 27 Aug :14:02 GMT Cache-Control: public, max-age=14400 CF-RAY: 450f7c4bd2a63e74-ZRH Data Raw: d 0a 1f 8b b5 3c 6b 8f e f a7 7f a 83 9d ce 58 6e 49 7e b4 1f c bd f9 70 9b c5 1d 90 cb 01 b4 44 db 4a cb 92 4e 92 fb 11 a3 ff fb 15 1f a2 f8 94 3d d9 bb dd a2 aa 8a c5 62 b1 aa 58 2c ea f6 bb bf 5c a1 ef d0 d7 cf e 33 f b f db b2 46 7f 3f d6 5b 9c 90 db f 6d 59 a1 ff c8 8a b4 7c 6a d0 02 6d 8e 3b 8a 77 5f 56 2f 75 b6 db b7 28 0e a ff cc d0 2f 4f 59 db 92 7a 84 be 16 c fd a a 8e 45 4a 6a f4 d3 d7 5f d0 fb 7d db 56 cd ea f b5 fb e3 66 9c db f6 69 d3 dc 6e ca b2 6d da 1a 57 b7 9b bc dc dc 1e a4 6e 7f fc 7a ff f9 e7 bf 7f be 01 6a b7 3f e8 58 3d 3d bb 5f a5 e4 11 fa 08 d8 c3 eb 0f fc 7e e8 e5 78 9f e7 a7 0d 8c 7f c0 6e af ae b7 db e4 75 9c 9c c4 d3 72 b9 7c 1d 93 ba ee 9e 3f 85 e1 da c6 f9 f2 e9 d3 eb f8 a e f b3 d9 0c e8 1d d9 63 a4 bf 6d b4 c7 5d ea e0 f2 cb fd fd 7a 53 d6 20 e d a3 a6 cc b3 14 5d df c0 93 d3 b6 2c da a0 69 5f 72 b2 ca 5a 9c a2 5d a a4 f0 b4 97 0c 4c 28 4a e6 e8 e2 fe 8b ab 8b f0 9e c2 cb d1 7d a2 23 df f5 c c d 78 2b f a 9c 1e 52 fd b1 d0 1f 2b fd b1 d6 1f 25 e5 f0 6e f1 3a fe e a5 10 d3 e d d3 ed 72 9b 6c a1 65 d3 b5 4c e6 c0 59 d1 73 f6 09 c ff 96 a2 a7 fd ac 7c 81 c7 4c 9b a f 6c 0e 8a 6d ff d b7 1f e4 3d 7d 94 c3 88 b d 5a 1e 7b 09 4e e 7a f f9 b4 d9 6c 60 d4 5b 6d d8 87 bd fe 98 e9 8f a5 2e b 3a 53 4d a2 3f a6 ca e3 da a1 53 4d ac c3 13 fd 71 af 3f 4a 4e 3e d cf fa 5b 39 b3 13 aa 51 4d a4 bf f9 e5 1e e4 b1 a9 b4 79 7b 4c d ee f4 c7 4c 7b cc 72 4d d f f0 ff 88 3f 94 dd ef 0f ca c4 d0 39 be e5 f6 f3 5f 3a b3 85 fe d 37 6f d4 ba a 34 6a e3 6e 2c 9b 19 5d db 3d 41 f7 35 c1 6d f6 08 7f e8 53 db d6 d9 e6 d e3 10 fd a3 a0 56 0d f2 18 7d 29 6b 4a 2c 25 2d ce f a e e1 d4 c6 65 bd bb cd e1 97 5b a0 78 4b c be 9c aa b2 c Data Ascii: 15ea<k6wXnI~ s3w$pdjn=42bx,\q3tu8y@f?[4my jm;w_v/u(i/oyz%hhejj_}vvfinmwpnzj?&x==ei_a9~xw nyyur?svo4i%acm]zs UT=]!,i_rZg0]7L(J}#)Gx+s?1%R+%n:22nt9w-rleLYse LtlmHs=}s`Z{N@zql`[m.#){:SM?SMq?J N>A4[9QMy{L4i=L{rMI?9_:V&7oV4jn,]f3=A5mCY4Sfe&Vp})kJ,%-fBPgyA.e9"[xKYhG` 17:14: CEST 102 OUT GET /error-6555/chrome-assests/iframe.js HTTP/1.1 Accept: application/javascript, */*;q=0.8 Referer: Session ID Source IP Source Port Destination IP Destination Port Process :14: CEST 15 OUT GET /error-6555/chrome-assests/translator.css HTTP/1.1 Accept: text/css, */* Referer: Copyright Joe Security LLC 2018 Page 24 of 35

ID: Cookbook: browseurl.jbs Time: 22:02:15 Date: 20/08/2018 Version:

ID: Cookbook: browseurl.jbs Time: 22:02:15 Date: 20/08/2018 Version: ID: 73271 Cookbook: browseurl.jbs Time: 22:02:15 Date: 20/08/2018 Version: 23.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Cookbook: browseurl.jbs Time: 16:09:48 Date: 05/02/2018 Version:

ID: Cookbook: browseurl.jbs Time: 16:09:48 Date: 05/02/2018 Version: ID: 45097 Cookbook: browseurl.jbs Time: 16:09:48 Date: 05/02/2018 Version: 20.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Cookbook: browseurl.jbs Time: 15:01:22 Date: 30/11/2017 Version:

ID: Cookbook: browseurl.jbs Time: 15:01:22 Date: 30/11/2017 Version: ID: 38725 Cookbook: browseurl.jbs Time: 15:01:22 Date: 30/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Cookbook: browseurl.jbs Time: 03:47:54 Date: 05/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 03:47:54 Date: 05/05/2018 Version: ID: 58045 Cookbook: browseurl.jbs Time: 03:47:54 Date: 05/05/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature

More information

ID: Cookbook: browseurl.jbs Time: 23:25:27 Date: 29/08/2018 Version:

ID: Cookbook: browseurl.jbs Time: 23:25:27 Date: 29/08/2018 Version: ID: 74712 Cookbook: browseurl.jbs Time: 23:25:27 Date: 29/08/2018 Version: 23.0.0 Table of Contents Table of Contents Analysis Report https://protectus.mimecast.com/s/jhjecoyjw5spr4a9skzh0f Overview General

More information

ID: Cookbook: browseurl.jbs Time: 16:29:51 Date: 17/11/2018 Version: Fire Opal

ID: Cookbook: browseurl.jbs Time: 16:29:51 Date: 17/11/2018 Version: Fire Opal ID: 91265 Cookbook: browseurl.jbs Time: 16:29:51 Date: 17/11/2018 Version: 24.0.0 Fire Opal Table of Contents Table of Contents Analysis Report https://mulhervaidosa.info/za-labour/ Overview General Information

More information

ID: Cookbook: browseurl.jbs Time: 17:28:58 Date: 31/08/2018 Version:

ID: Cookbook: browseurl.jbs Time: 17:28:58 Date: 31/08/2018 Version: ID: 74933 Cookbook: browseurl.jbs Time: 17:28:58 Date: 31/08/2018 Version: 23.0.0 Table of Contents Table of Contents 2 Analysis Report http://community.bvp.com/links? lid=uhj1pgvvabulmrxn7vqmvw&token=k1dx7i_dls8_shdjgf97kg&url=https%3a%2f%2flinks6.mixmaxusercontent.com%

More information

ID: Cookbook: browseurl.jbs Time: 01:36:57 Date: 12/11/2018 Version: Fire Opal

ID: Cookbook: browseurl.jbs Time: 01:36:57 Date: 12/11/2018 Version: Fire Opal ID: 89635 Cookbook: browseurl.jbs Time: 01:36:57 Date: 12/11/2018 Version: 24.0.0 Fire Opal Table of Contents Table of Contents 2 Analysis Report https://click.mail.onedrive.com/? qs=4340ab88585a9d7b70ae09cba6b643e833dcc84b2567b03df56308f1adbebeeabe1befb8b40a9e95787880f2324a031c4d83

More information

ID: Cookbook: browseurl.jbs Time: 13:58:58 Date: 09/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 13:58:58 Date: 09/05/2018 Version: ID: 58705 Cookbook: browseurl.jbs Time: 13:58:58 Date: 09/05/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis

More information

ID: Sample Name: OVERDUE_INVOICES qrypted.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 11:58:04 Date: 14/05/2018 Version: 22.0.

ID: Sample Name: OVERDUE_INVOICES qrypted.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 11:58:04 Date: 14/05/2018 Version: 22.0. ID: 59483 Sample Name: OVERDUE_INVOICES20180511.qrypted.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 11:58:04 Date: 14/05/2018 Version: 22.0.0 Table of Contents Table of Contents Analysis Report

More information

ID: Cookbook: browseurl.jbs Time: 21:43:32 Date: 28/11/2018 Version: Fire Opal

ID: Cookbook: browseurl.jbs Time: 21:43:32 Date: 28/11/2018 Version: Fire Opal ID: 94091 Cookbook: browseurl.jbs Time: 21:43:32 Date: 28/11/2018 Version: 24.0.0 Fire Opal Table of Contents Table of Contents Analysis Report https://tvaction.info/chuyen-muc/bratislava-slovakiachristmas-market.html

More information

ID: Sample Name: CCS Projects.pdf Cookbook: defaultwindowspdfcookbook.jbs Time: 19:48:41 Date: 14/06/2018 Version:

ID: Sample Name: CCS Projects.pdf Cookbook: defaultwindowspdfcookbook.jbs Time: 19:48:41 Date: 14/06/2018 Version: ID: 64084 Sample Name: CCS Projects.pdf Cookbook: defaultwindowspdfcookbook.jbs Time: 19:48:41 Date: 14/06/2018 Version: 22.0.0 Table of Contents Analysis Report Overview General Information Detection

More information

Visa Smart Debit/Credit Certificate Authority Public Keys

Visa Smart Debit/Credit Certificate Authority Public Keys CHIP AND NEW TECHNOLOGIES Visa Smart Debit/Credit Certificate Authority Public Keys Overview The EMV standard calls for the use of Public Key technology for offline authentication, for aspects of online

More information

Secret Key Systems (block encoding) Encrypting a small block of text (say 128 bits) General considerations for cipher design:

Secret Key Systems (block encoding) Encrypting a small block of text (say 128 bits) General considerations for cipher design: Secret Key Systems (block encoding) Encrypting a small block of text (say 128 bits) General considerations for cipher design: Secret Key Systems (block encoding) Encrypting a small block of text (say 128

More information

ID: Sample Name: xnyjv5cbuw Cookbook: default.jbs Time: 07:26:31 Date: 02/07/2018 Version:

ID: Sample Name: xnyjv5cbuw Cookbook: default.jbs Time: 07:26:31 Date: 02/07/2018 Version: ID: 66387 Sample Name: xnyjv5cbuw Cookbook: default.jbs Time: 07:26:31 Date: 02/07/2018 Version: 23.0.0 Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence

More information

C Mono Camera Module with UART Interface. User Manual

C Mono Camera Module with UART Interface. User Manual C328-7221 Mono Camera Module with UART Interface User Manual Release Note: 1. 16 Mar, 2009 official released v1.0 C328-7221 Mono Camera Module 1 V1.0 General Description The C328-7221 is VGA camera module

More information

8WD4 Signaling Columns

8WD4 Signaling Columns Siemens AG 200 General data Overview The 8WD4 signaling columns are flexible in design and versatile in use. 1 1 2 2 3 3 4 5 4 6 8 5 6 10 11 8 12 15 13 14 10 NSC0_002 11 12 NSC0_0026 1 Acoustic element

More information

ETSI TS V ( )

ETSI TS V ( ) TS 135 232 V12.1.0 (2014-10) TECHNICAL SPECIFICATION Universal Mobile Telecommunications System (UMTS); LTE; Specification of the TUAK algorithm set: A second example algorithm set for the 3GPP authentication

More information

Function Block DIGITAL PLL. Within +/- 5ppm / 10 years (Internal TCXO Stability) 1 External Reference Frequency Range: 10MHz +/- 100Hz

Function Block DIGITAL PLL. Within +/- 5ppm / 10 years (Internal TCXO Stability) 1 External Reference Frequency Range: 10MHz +/- 100Hz Features * Best Suited for Local Oscillator of Microwave Equipment with Low Phase Noise and Low Spurious Emission * Programmable Selection by Rotary Switch or Serial Control Signal * Built-in PLL Circuit

More information

A Wrench in the Cogwheels of P2P Botnets. Werner, Senior Virus Analyst, Kaspersky Lab 23 Annual FIRST Conference Vienna, 13th June 2011

A Wrench in the Cogwheels of P2P Botnets. Werner, Senior Virus Analyst, Kaspersky Lab 23 Annual FIRST Conference Vienna, 13th June 2011 A Wrench in the Cogwheels of P2P Botnets Tillmann Werner, Senior Virus Analyst, Kaspersky Lab rd 23 Annual FIRST Conference Vienna, 13th June 2011 The Story Slide 2 23rd Annual FIRST Conference Vienna,

More information

CSci 127: Introduction to Computer Science

CSci 127: Introduction to Computer Science CSci 127: Introduction to Computer Science hunter.cuny.edu/csci CSci 127 (Hunter) Lecture 4 27 February 2018 1 / 25 Announcements Welcome back! Lectures are back on a normal schedule until Spring Break.

More information

Audit Attestation Microsec ETSI Assessment 2017 No. AA

Audit Attestation Microsec ETSI Assessment 2017 No. AA Audit Attestation ETSI Assessment 2017 No. AA2017121402 Identification of the conformity assessment body (CAB): Identification of the trust service provider (TSP): Identification of the audited Root-CA:

More information

Digital Lighting Systems, Inc. PD804-DMX. Eight Channel DMX Pack. (includes information for PD804-DMX-S) USER'S MANUAL. PD804-DMX-UM Rev.

Digital Lighting Systems, Inc. PD804-DMX. Eight Channel DMX Pack. (includes information for PD804-DMX-S) USER'S MANUAL. PD804-DMX-UM Rev. , Inc. Eight Channel DMX Pack (includes information for -S) S S S S 4 8 USER'S MANUAL -UM User's Manual - Page GENERAL DESCRIPTION The is an 8-channel DMX- compatible dimmer pack. It contains three printed

More information

ID: Cookbook: browseurl.jbs Time: 02:09:04 Date: 29/06/2018 Version:

ID: Cookbook: browseurl.jbs Time: 02:09:04 Date: 29/06/2018 Version: ID: 66102 Cookbook: browseurl.jbs Time: 02:09:04 Date: 29/06/2018 Version: 23.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Classification Analysis Advice Signature

More information

Computer Simulation and DSP Implementation of Data Mappers of V.90 Digital Modem in Theaid of IT

Computer Simulation and DSP Implementation of Data Mappers of V.90 Digital Modem in Theaid of IT Asian Journal of Information Technology 4 (6): 600-606, 2005 Grace Publications, 2005 Computer Simulation and DSP Implementation of Data Mappers of V.90 Digital Modem in Theaid of IT Jasvir Singh and Davinderpal

More information

showtech 9th May.txt

showtech 9th May.txt . Date: 05-09-2006 Time: 09:12:31 TimeZone: AEST: +10:+00:+00 Uptime: CSS5-SCM-2GE F0 : 878 days 18:14:54 CSS5-IOM-2GE D0 : 878 days 18:14:51 CSS503-SM-INT : 878 days 18:14:51 PCMCIA Slot: 0 total # of

More information

Figure 2. Another example from Teun Spaans Domino Plaza web site.

Figure 2. Another example from Teun Spaans Domino Plaza web site. ISO/IEC JTC1/SC2/WG2 N2760 L2/04-163 2004-05-18 Universal Multiple-Octet Coded Character Set International Organization for Standardization Organisation internationale de normalisation еждународная организация

More information

MOBY-D Family Matrix

MOBY-D Family Matrix MOBY-D Family Matrix MOBY-D 13.56 MHz Passive Tags D100 6GT2600-0AD10 112 Bytes Min order of 50 D124 6GT2600-0AC00 112 Bytes D139 6GT2600-0AA00 44 Bytes D160 6GT2600-0AB00 44 Bytes D165 6GT2600-1AB00-0AX0

More information

DEGEN DE1103 FM / MW / SW RECEIVER FM / AM / SSB / CW MODES OPERATING MANUAL

DEGEN DE1103 FM / MW / SW RECEIVER FM / AM / SSB / CW MODES OPERATING MANUAL DEGEN DE1103 FM / MW / SW RECEIVER FM / AM / SSB / CW MODES OPERATING MANUAL (1) Power/Sleep (2) Reset (3) Lock Key (4) Time/Delete (5) St./Mono/SSB LED (6) Stereo/Mono/SSB (7) FM Band/Station Search Backward

More information

Audit Attestation for SwissSign AG. This is to confirm that TUV AUSTRIA CERT has successfully audited the CAs of SwissSign without critical findings.

Audit Attestation for SwissSign AG. This is to confirm that TUV AUSTRIA CERT has successfully audited the CAs of SwissSign without critical findings. TUV AUSTRIA CERT GMBHLKJIHGFEDCB TUV AUSTRIA Audit Attestation for SwissSign AG Office: TUV AUSTRIA-Platz 1 2345 Brunn am Gebirge www.tuv.at Business Area Life, Training & Certification Austria Certification

More information

! 1F8B0 " 1F8B1 ARROW POINTING UPWARDS THEN NORTH WEST ARROW POINTING RIGHTWARDS THEN CURVING SOUTH WEST. 18 (M4b)

! 1F8B0  1F8B1 ARROW POINTING UPWARDS THEN NORTH WEST ARROW POINTING RIGHTWARDS THEN CURVING SOUTH WEST. 18 (M4b) ! 1F8B0 " 1F8B1 ARROW POINTING UPWARDS THEN NORTH WEST ARROW POINTING WARDS THEN CURVING SOUTH WEST 7D # 1FB00 SEXTANT-1 A1 A0, E0 21 (G1) 21 (G1) 21 (G1) 81 $ 1FB01 SEXTANT-2 A2 90, D0 22 (G1) 22 (G1)

More information

Internet Engineering Task Force (IETF) ISSN: May 2013

Internet Engineering Task Force (IETF) ISSN: May 2013 Internet Engineering Task Force (IETF) J. Schaad Request for Comments: 6955 Soaring Hawk Consulting Obsoletes: 2875 H. Prafullchandra Category: Standards Track HyTrust, Inc. ISSN: 2070-1721 May 2013 Abstract

More information

Installation and configuration manual DXCa Modbus RTU CAN Gateway V1.2

Installation and configuration manual DXCa Modbus RTU CAN Gateway V1.2 Installation and configuration manual DXCa Modbus RTU CAN Gateway V1.2 A1241 These operating instructions are only valid in conjunction with the complete operating instructions DULCOMARIN II Please carefully

More information

Rotel RSX-1056 RS232 HEX Protocol

Rotel RSX-1056 RS232 HEX Protocol Rotel RSX-1056 RS232 HEX Protocol Date Version Update Description February 2, 2012 1.00 Original Specification The RS232 protocol structure for the RSX-1056 is detailed below. This is a HEX based communication

More information

N4115 an alternative encoding for geometric shapes

N4115 an alternative encoding for geometric shapes P R Chastney for geometric shapes This document proposes alternative encodings for some of the geometric shapes in ISO/IEC JTC1/SC2/WG2 N 4115, Proposal to add Wingdings and Webdings Symbols. Only graduated

More information

Recommendation ITU-R BT.1577 (06/2002)

Recommendation ITU-R BT.1577 (06/2002) Recommendation ITU-R BT.1577 (06/2002) Serial digital interface-based transport interface for compressed television signals in networked television production based on Recommendation ITU-R BT.1120 BT Series

More information

POWER ANALYZER CVM-MINI SERIES INSTRUCTION MANUAL M A CIRCUTOR, SA

POWER ANALYZER CVM-MINI SERIES INSTRUCTION MANUAL M A CIRCUTOR, SA POWER ANALYZER CVM-MINI SERIES INSTRUCTION MANUAL M98174001-03-15A CIRCUTOR, SA CONTENTS 1 BASIC INSTRUCTIONS... 3 1.1 Checks on receipt.... 3 1.2 Main features... 3 1.3 Electrical parameters... 3 1.4

More information

Document # Logos: Purch-11B Purchasing Use ONLY: How to Change a Vendor in Logos Original Author Karrie Revolinski Date 5/10/13 Updated Author Date

Document # Logos: Purch-11B Purchasing Use ONLY: How to Change a Vendor in Logos Original Author Karrie Revolinski Date 5/10/13 Updated Author Date Original Author Karrie Revolinski Date 5/10/13 Updated Author Date Scope Adding or changing a vendor is done by the Purchasing staff. Departments request changes to vendors by filling out a New Vendor/Change

More information

INTERNATIONAL TELECOMMUNICATION UNION. SERIES V: DATA COMMUNICATION OVER THE TELEPHONE NETWORK Simultaneous transmission of data and other signals

INTERNATIONAL TELECOMMUNICATION UNION. SERIES V: DATA COMMUNICATION OVER THE TELEPHONE NETWORK Simultaneous transmission of data and other signals INTERNATIONAL TELECOMMUNICATION UNION ITU-T V.92 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (11/2000) SERIES V: DATA COMMUNICATION OVER THE TELEPHONE NETWORK Simultaneous transmission of data and

More information

MADEinUSA OPERATOR S MANUAL. RS232 Interface Rev. A

MADEinUSA OPERATOR S MANUAL. RS232 Interface Rev. A MADEinUSA OPERATOR S MANUAL RS232 Interface 92-3006 Rev. A www.iradion.com Iradion Laser, Inc. 51 Industrial Dr. N. Smithfield, RI 02896 (410) 762-5100 Table of Contents 1. Overview... 2 2. Equipment Required...

More information

UBN Universal Power Meter. MODBUS Protocol English 1UNMUP3K1004

UBN Universal Power Meter. MODBUS Protocol English 1UNMUP3K1004 Universal Power Meter MODBUS Protocol English 1UNMUP3K1004 Rev. 04-2004 Table of contents GENERAL CONTENTS... A CHAPTER 1 INTRODUCTION... 1-1 CHAPTER 2 SYMBOLS... 2-1 CHAPTER 3 DESCRIPTION... 3-1 3.1 LRC

More information

745 Transformer Protection System Communications Guide

745 Transformer Protection System Communications Guide Digital Energy Multilin 745 Transformer Protection System Communications Guide 745 revision: 5.20 GE publication code: GEK-106636E GE Multilin part number: 1601-0162-A6 Copyright 2010 GE Multilin GE Multilin

More information

PaperCut MF - General Elatec TWN Reader Tasks

PaperCut MF - General Elatec TWN Reader Tasks PaperCut MF - General Elatec TWN Reader Tasks This document aims to support PaperCut MF customers and resellers when configuring and troubleshooting Elatec TWN readers. As of writing, this document is

More information

IEEE C802.16e-05/179r1

IEEE C802.16e-05/179r1 Project IEEE 802.16 Broadband Wireless Access Working Group Title MBS AES-CTR Test Vector and Test Program Changes Rev 1 Date Submitted 2005-03-17 Source(s) JUNHYUK SONG, JICHEOL

More information

Supplier s declaration of conformity

Supplier s declaration of conformity Supplier s declaration of conformity As required by the following Notices: > Radiocommunications (Compliance Labelling - Devices) Notice 2014 made under section 182 of the Radiocommunications Act 1992;

More information

Name Date Class Period. 5.2 Exploring Properties of Perpendicular Bisectors

Name Date Class Period. 5.2 Exploring Properties of Perpendicular Bisectors Name Date Class Period Activity B 5.2 Exploring Properties of Perpendicular Bisectors MATERIALS QUESTION EXPLORE 1 geometry drawing software If a point is on the perpendicular bisector of a segment, is

More information

Generation of AES Key Dependent S-Boxes using RC4 Algorithm

Generation of AES Key Dependent S-Boxes using RC4 Algorithm 3 th International Conference on AEROSPACE SCIENCES & AVIATION TECHNOLOGY, ASAT- 3, May 26 28, 29, E-Mail: asat@mtc.edu.eg Military Technical College, Kory Elkoah, Cairo, Egypt Tel : +(22) 2425292 243638,

More information

SRA Life, Earth, and Physical Science Laboratories correlation to Illinois Learning Standards: Science Grades 6-8

SRA Life, Earth, and Physical Science Laboratories correlation to Illinois Learning Standards: Science Grades 6-8 SRA Life, Earth, and Physical Science Laboratories correlation to Illinois Learning Standards: Science Grades 6-8 SRA Life, Earth, and Physical Science Laboratories provide core science content in an alternate

More information

INTERNATIONAL TELECOMMUNICATION UNION. SERIES V: DATA COMMUNICATION OVER THE TELEPHONE NETWORK Simultaneous transmission of data and other signals

INTERNATIONAL TELECOMMUNICATION UNION. SERIES V: DATA COMMUNICATION OVER THE TELEPHONE NETWORK Simultaneous transmission of data and other signals INTERNATIONAL TELECOMMUNICATION UNION ITU-T V.90 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (09/98) SERIES V: DATA COMMUNICATION OVER THE TELEPHONE NETWORK Simultaneous transmission of data and other

More information

ACOUSTIC NOISE AND VIBRATIONS DUE TO MAGNETIC FORCES IN ROTATING ELECTRICAL MACHINES

ACOUSTIC NOISE AND VIBRATIONS DUE TO MAGNETIC FORCES IN ROTATING ELECTRICAL MACHINES TECHNICAL TRAINING TTR01 ACOUSTIC NOISE AND VIBRATIONS DUE TO MAGNETIC FORCES IN ROTATING ELECTRICAL MACHINES 1 OBJECTIVES The objectives of the full technical training including all option modules are

More information

POINTAX 6000L2 Point Recorder

POINTAX 6000L2 Point Recorder GOSSEN METRAWATT CAMILLE BAUER Special Features 6 measuring channels Last printed point visible from front Electrically isolated, earth-free measuring channels Process signals ranging from 0/4... 20 ma,

More information

Osmium. Integration Guide Revision 1.2. Osmium Integration Guide

Osmium. Integration Guide Revision 1.2. Osmium Integration Guide Osmium Integration Guide Revision 1.2 R&D Centre: GT Silicon Pvt Ltd D201, Type 1, VH Extension, IIT Kanpur Kanpur (UP), India, PIN 208016 Tel: +91 512 259 5333 Fax: +91 512 259 6177 Email: info@gt-silicon.com

More information

SIREC D MP SIREC D200 SIREC D300 SIREC D400 : MP , CA 01. : E86060-D4001-A110-C (CD-ROM) E86060-D4001-A510-C (DVD) SIREC D

SIREC D MP SIREC D200 SIREC D300 SIREC D400 : MP , CA 01. : E86060-D4001-A110-C (CD-ROM) E86060-D4001-A510-C (DVD) SIREC D SIREC D MP 20-2007 SIREC D MP 20 2007 SIREC D200 SIREC D300 SIREC D400 : MP 20 2005,, CA 01. : E86060-D4001-A110-C5-7600 (CD-ROM) E86060-D4001-A510-C5-7600 (DVD) Siemens Siemens AG 2007 SIREC D,, - -,

More information

HEXAGON NOTATION. (1) Salmon, in the "Notes" at the end of his Conic Sections designates by. the point of intersection of the lines ab,

HEXAGON NOTATION. (1) Salmon, in the Notes at the end of his Conic Sections designates by. the point of intersection of the lines ab, HEXAGON NOTATION. R. D. BOHANNAN. (1) Salmon, in the "Notes" at the end of his Conic Sections designates by de; by the point of intersection of the lines ab, the Pascal line which contains the three points

More information

H ~ 580 mm Paper used: 0,26 mm gr ("cardstock") 0,15 mm gr Glue: PVA

H ~ 580 mm Paper used: 0,26 mm gr (cardstock) 0,15 mm gr Glue: PVA The Angara rocket family is a family of space-launch vehicles currently under development by the Khrunichev State Research and Production Space Center. The rockets, which are to provide lifting capabilities

More information

Exploring Special Lines (Pappus, Desargues, Pascal s Mystic Hexagram)

Exploring Special Lines (Pappus, Desargues, Pascal s Mystic Hexagram) Exploring Special Lines (Pappus, Desargues, Pascal s Mystic Hexagram) Introduction These three lab activities focus on some of the discoveries made by famous mathematicians by investigating lines. The

More information

Using the 2975 to perform Control Channel Logging

Using the 2975 to perform Control Channel Logging Application Note Using the 2975 to perform Control Channel Logging This revised application note provides P25 test professionals with an overview of how the 2975 can be used in troubleshooting P25 protocol

More information

M-BUS Communication Protocol. -for M-BUS modules and counters with integrated M-BUS interface-

M-BUS Communication Protocol. -for M-BUS modules and counters with integrated M-BUS interface- M-BUS Communication Protocol -for M-BUS modules and counters with integrated M-BUS interface- USER MANUAL v009 - June edition 2017 Limitation of Liability The Manufacturer reserves the right to modify

More information

Carls-MacBook-Pro:Desktop carl$ exiftool -a -G1 EMMANUEL-MACRON-PORTRAIT-OFFICIEL.jpg [ExifTool] ExifTool Version Number : [System] File Name :

Carls-MacBook-Pro:Desktop carl$ exiftool -a -G1 EMMANUEL-MACRON-PORTRAIT-OFFICIEL.jpg [ExifTool] ExifTool Version Number : [System] File Name : Carls-MacBook-Pro:Desktop carl$ exiftool -a -G1 EMMANUEL-MACRON-PORTRAIT-OFFICIEL.jpg [ExifTool] ExifTool Version Number : 10.52 [System] File Name : EMMANUEL-MACRON-PORTRAIT-OFFICIEL.jpg [System] Directory

More information

Data Center Energy Trends

Data Center Energy Trends Data Center Energy Trends Data center electricity usage Increased by 56% from 2005 to 2010 1.1% to 1.5% total world electricity usage 1.7% to 2.2% total US electricity (Note: Includes impact of 2008 recession.)

More information

Windings and Axes 1.0 Introduction In these notes, we will describe the different windings on a synchronous machine. We will confine our analysis to

Windings and Axes 1.0 Introduction In these notes, we will describe the different windings on a synchronous machine. We will confine our analysis to Windings and Axes 1.0 Introduction In these notes, we will describe the different windings on a synchronous machine. We will confine our analysis to two-pole machines of the salient pole rotor construction.

More information

overhead storage M O U N T I N G A P P L I C A B I L I T Y U N I V E R S A L O V E R H E A D B A S I C S

overhead storage M O U N T I N G A P P L I C A B I L I T Y U N I V E R S A L O V E R H E A D B A S I C S M O U N T I N G A P P L I C A B I L I T Y..........................1 1 2 U N I V E R S A L O V E R H E A D B A S I C S.......................1 1 4 U N I V E R S A L O V E R H E A D A P P L I C AT I O N

More information

G.SRT.B.5: Quadrilateral Proofs

G.SRT.B.5: Quadrilateral Proofs Regents Exam Questions G.SRT.B.5: Quadrilateral Proofs www.jmap.org Name: G.SRT.B.5: Quadrilateral Proofs 1 Given that ABCD is a parallelogram, a student wrote the proof below to show that a pair of its

More information

DATA SHEET. BZX884 series Voltage regulator diodes DISCRETE SEMICONDUCTORS. Product data sheet Supersedes data of 2003 May Mar 26 BOTTOM VIEW

DATA SHEET. BZX884 series Voltage regulator diodes DISCRETE SEMICONDUCTORS. Product data sheet Supersedes data of 2003 May Mar 26 BOTTOM VIEW DISCRETE SEMICONDUCTORS DATA SHEET BOTTOM VIEW M3D891 Supersedes data of 2003 May 15 2004 Mar 26 FEATURES Two tolerance series: ±2% and ±5% Working voltage range: nominal 2.4 V to 75 V (E24 range) Leadless

More information

CooLink Programmers Reference Manual (PRM)

CooLink Programmers Reference Manual (PRM) CooLink Programmers Reference Manual (PRM) CooLink RS232/RS485 Interface Adapter for Residential Air Conditioners CooLink D CooLink S CooLink T Document Revision 0.8 7/15/2012 CooLink PRM Contents 2 Table

More information

UCP-Config Program Version: 3.28 HG A

UCP-Config Program Version: 3.28 HG A Program Description HG 76342-A UCP-Config Program Version: 3.28 HG 76342-A English, Revision 01 Dev. by: C.M. Date: 28.01.2014 Author(s): RAD Götting KG, Celler Str. 5, D-31275 Lehrte - Röddensen (Germany),

More information

LC-10 Chipless TagReader v 2.0 August 2006

LC-10 Chipless TagReader v 2.0 August 2006 LC-10 Chipless TagReader v 2.0 August 2006 The LC-10 is a portable instrument that connects to the USB port of any computer. The LC-10 operates in the frequency range of 1-50 MHz, and is designed to detect

More information

SUPPLY NETWORK ANALYZER CVM-96 SERIES

SUPPLY NETWORK ANALYZER CVM-96 SERIES SUPPLY NETWORK ANALYZER CVM-96 SERIES (Power Demand) INSTRUCTION MANUAL ( M 981 326 / 00B - GB) (c) CIRCUTOR S.A. ----- Supply network analyzer CVM-96 ------ User's manual --- Page No. 1 CVM-96 SUPPLY

More information

PERIPHERAL INTERFACING Rev. 1.0

PERIPHERAL INTERFACING Rev. 1.0 This work is licensed under the Creative Commons Attribution-NonCommercial-Share Alike 2.5 India License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/2.5/in/deed.en

More information

3TK28 Safety Relays. General data. 7/70 Siemens LV

3TK28 Safety Relays. General data. 7/70 Siemens LV 3TK28 Safety Relays General data Overview SIRIUS safety relays are the key elements of a consistent and cost-effective safety chain. Be it EMERGENCY-STOP disconnection, protective door monitoring or the

More information

Start Address Function Data CRC End 3,5 bytes 8 bits 8 bits n x 8 bits 16 bits 3,5 bytes

Start Address Function Data CRC End 3,5 bytes 8 bits 8 bits n x 8 bits 16 bits 3,5 bytes MODBUS COMANDS 1.- Modbus protocol. The Modbus protocol is a communications standard in the industry which permits the network connection of multiple equipments, where exists a master and several slaves.

More information

MICROCONTROLLER PRODUCTS. AN428 Using the ADC and PWM of the 83C752/87C752. Author: Greg Goodhue December Philips Semiconductors

MICROCONTROLLER PRODUCTS. AN428 Using the ADC and PWM of the 83C752/87C752. Author: Greg Goodhue December Philips Semiconductors MICROCONTROLLER PRODUCTS Using the ADC and PWM of the 83C752/87C752 Author: Greg Goodhue December 1990 Philips Semiconductors The Philips 83C752/87C752 is a single-chip control-oriented microcontroller.

More information

Power Analyzer CVM-NRG96. User manual Extended version

Power Analyzer CVM-NRG96. User manual Extended version Power Analyzer CVM-NRG96 User manual Extended version Checks on receipt. This manual assists in the installation and use of the CVM NRG 96 power analyzer so that the best possible use can be gained from

More information

KNX manual High-performance switch actuators RM 4 H FIX1 RM 8 H FIX2

KNX manual High-performance switch actuators RM 4 H FIX1 RM 8 H FIX2 KNX manual High-performance switch actuators RM 4 H FIX1 RM 8 H FIX2 4940212 4940217 2018-10-17 Contents 1 Function description 3 2 Operation 4 3 Technical data 5 4 The FIX2 RM 8 H application programme

More information

!"#$%& '()#"#-#"*+,(-# «!"#$% " $&'()*+,$)& -."/01*&$"2 3' $+ 8'$/"$+». -(/+% &'*"%0 (1'#&# 2*'(0,.#-%'3 % #"*+,(-#

!#$%& '()##-#*+,(-# «!#$%  $&'()*+,$)& -./01*&$2 3' $+ 8'$/$+». -(/+% &'*%0 (1'#&# 2*'(0,.#-%'3 % #*+,(-# "#$%& '()#"#-#"*+,(-# «!"#$% " $&'()*+,$)& -."/01*&$"2 3'04+5+ 67+$+ 8'$/"$+». -(/+% &'*"%0 (1'#&# 2*'(0,.#-%'3 % #"*+,(-#!"#$!%##&'()%*% +%&,*"-&#*#.. /(01*"* 2%-#&#3# -$,"*0*%%45 6748$,, 1*"*,$9$,*9*%&6

More information

6ES BE30-0XB0 6ES AE30-0XB0 6ES HE30-0XB0

6ES BE30-0XB0 6ES AE30-0XB0 6ES HE30-0XB0 Overview The compact high-performance CPU With 2 integral input/outputs Expandable by: - 1 signal board (SB) or communication board (CB) - 8 signal modules (SM) - Max. 3 communication modules (CM) Technical

More information

Jeffrey's Image Metadata Viewer

Jeffrey's Image Metadata Viewer 1 of 7 1/24/2017 3:41 AM Jeffrey's Image Metadata Viewer Jeffrey Friedl's Image Metadata Viewer (How to use) Some of my other stuff My Blog Lightroom plugins Pretty Photos Photo Tech URL: or... File: No

More information

Hacking. Joshua Lackey, Ph.D.

Hacking. Joshua Lackey, Ph.D. Hacking Joshua Lackey, Ph.D. Ph.D., Mathematics. University of Oregon. 1995 2000 Senior Ethical Hacker. IBM Global Services. 1999 2005 Security Software Developer. Microsoft SWI Attack Team. 2005 Background

More information

PTN-1B/PTH-1B HG 3 HG 2 PTN-1B/PTH-1B. Type. Standard. Power supply. Semi-standard. Bore 24 V DC 2V 0.05A. f50 f63 f80 f100 f125 to f160 f180 to f250

PTN-1B/PTH-1B HG 3 HG 2 PTN-1B/PTH-1B. Type. Standard. Power supply. Semi-standard. Bore 24 V DC 2V 0.05A. f50 f63 f80 f100 f125 to f160 f180 to f250 2 f f f f f f f f f f f f Power supply V DC2V.A Standard Semi-standard Type Nominal pressure Maximum allowable pressure Proof test pressure Minimum operating pressure Working speed range Working temperature

More information

G.SRT.B.5: Quadrilateral Proofs

G.SRT.B.5: Quadrilateral Proofs Regents Exam Questions G.SRT.B.5: Quadrilateral Proofs www.jmap.org Name: G.SRT.B.5: Quadrilateral Proofs 1 Given that ABCD is a parallelogram, a student wrote the proof below to show that a pair of its

More information

MATHCOUNTS. 100 Classroom Lessons. August Prepared by

MATHCOUNTS. 100 Classroom Lessons. August Prepared by MATHCOUNTS 100 Classroom Lessons August 2000 Prepared by John Cocharo The Oakridge School 5900 W. Pioneer Parkway Arlington, TX 76013 (817) 451-4994 (school) jcocharo@esc11.net (school) cocharo@hotmail.com

More information

Universal-Transducer Multi-E11-MU

Universal-Transducer Multi-E11-MU Universal-Transducer Multi-E11-MU Safety Informations Observe instructions! The device described in these instructions shall only be installed by a qualified electrician according to both EN 50110-1/-2

More information

Traffic Monitoring and Management for UCS

Traffic Monitoring and Management for UCS Traffic Monitoring and Management for UCS Session ID- Steve McQuerry, CCIE # 6108, UCS Technical Marketing @smcquerry www.ciscolivevirtual.com Agenda UCS Networking Overview Network Statistics in UCSM

More information

ALPHA Encoder / Decoder IC s

ALPHA Encoder / Decoder IC s EASY TO USE TELEMETRY SYSTEM USING ALPHA MODULES Features 3 digital I/O Serial Data output Connects directly to ALPHA Modules Easy Enc / Dec Pairing Function Receiver Acknowledge Signal Minimal External

More information

Delta Din-rail Power Meter DPM-D520I User Manual.

Delta Din-rail Power Meter DPM-D520I User Manual. Delta Din-rail Power Meter DPM-D520I User Manual www.deltaww.com Table of Content 1. Preface 4 2. Notes 5 2.1 Safety Notes 5 2.2 Installation Environment 6 3. Descriptions of Parts 7 3.1 Operating Interface

More information

APC 2M-14 Quick Installation Guide

APC 2M-14 Quick Installation Guide APC 2M-14 Quick Installation Guide Revision 1.4 20 October 2011 Copyright 2011 Deliberant www.deliberant.com Copyright 2011 Deliberant This user s guide and the software described in it are copyrighted

More information

Thursday 6 June 2013 Afternoon

Thursday 6 June 2013 Afternoon Thursday 6 June 2013 Afternoon A2 GCE ELECTRONICS F614/01 Electronics Control Systems *F628070613* Candidates answer on the Question Paper. OCR supplied materials: None Other materials required: Scientific

More information

"Terminal RG-1000" Customer Programming Software. User Guide. August 2016 R4.3

Terminal RG-1000 Customer Programming Software. User Guide. August 2016 R4.3 "Terminal RG-1000" Customer Programming Software User Guide August 2016 R4.3 Table of Contents Table of Contents Introduction 2 3 1.1 Software installation 3 1.2 Connecting the RG-1000 GATEWAYs to the

More information

March 1, Courtney Wilton Portland Public Schools 501 North Dixon Portland, OR 97227

March 1, Courtney Wilton Portland Public Schools 501 North Dixon Portland, OR 97227 March 1, 2017 Courtney Wilton Portland Public Schools 501 North Dixon Portland, OR 97227 Via email: Regarding: cwilton@pps.net Lead Paint Condition Assessment Sunnyside School 3421 SE Salmon Street Portland,

More information

NOTICE OF REQUEST FOR PROPOSALS (RFP) RFP ADDENDUM 1 NORTH SAN JOSE STREET LIGHT CONVERSION TO LED

NOTICE OF REQUEST FOR PROPOSALS (RFP) RFP ADDENDUM 1 NORTH SAN JOSE STREET LIGHT CONVERSION TO LED NOTICE OF REQUEST FOR PROPOSALS (RFP) ADDENDUM 1 NORTH SAN JOSE STREET LIGHT CONVERSION TO LED JULY 28, 2009 INSTRUCTIONS: The purpose of this Addendum is to update information concerning the Mandatory

More information

GUIDE SPECIFICATIONS CONTROLS SPECIFICATIONS AND CONTROL POINT DATA MAP GENERAL DESCRIPTION

GUIDE SPECIFICATIONS CONTROLS SPECIFICATIONS AND CONTROL POINT DATA MAP GENERAL DESCRIPTION GUIDE SPECIFICATIONS 256920-UGS-A-0506 Simplicity Intelli-Comfort Optional Control in 3-25 Ton Packaged Units GENERAL DESCRIPTION CONTROLS SPECIFICATIONS AND CONTROL POINT DATA MAP Equipment with Simplicity

More information

C E R A M I C S. Mo t i f

C E R A M I C S. Mo t i f Mo t i f Mo t i f We are very pleased to introduce the lovely Motif line from Pratt & Larson. The Motif designs were created by Jennifer Plaster, one of the many talented artists that work at Pratt & Larson.

More information

Blue Bamboo P25 Device Manager Guide

Blue Bamboo P25 Device Manager Guide Blue Bamboo P25 Device Manager Guide Version of Device Manager: 1.1.28 Document version: 2.3 Document date: 2011-09-20 Products: P25 / P25-M / P25i / P25i-M BLUE BAMBOO Headquarters Blue Bamboo Transaction

More information

PERFORMANCE SPECIFICATION SHEET ELECTRON TUBE, MAGNETRON TYPE 6410A

PERFORMANCE SPECIFICATION SHEET ELECTRON TUBE, MAGNETRON TYPE 6410A INCH-POUND MIL-PRF-1/665G 22 July 2016 SUPERSEDING MIL-PRF-1/665F 12 June 2006 PERFORMANCE SPECIFICATION SHEET ELECTRON TUBE, MAGNETRON TYPE 6410A This specification is approved for use by all Departments

More information

General regulation functions ElectroStatic Discharge (ESD) ultra high-speed switching High-frequency applications

General regulation functions ElectroStatic Discharge (ESD) ultra high-speed switching High-frequency applications Rev. 4 23 March 2018 Product data sheet 1 Product profile 1.1 General description General-purpose Zener diodes in an SOD882 (DFN1006-2) leadless ultra small Surface- Mounted Device (SMD) plastic package.

More information

Parameter Value Unit Notes

Parameter Value Unit Notes Features Single axis measurement from ±5 to ±60 High resolution and accuracy. Low temperature drift, with optional temperature compensation to further improve temperature performance. RS232 and RS485 output

More information

Decorative Street Lighting

Decorative Street Lighting Decorative Street Lighting Options offered by: TSN 475238 Rev. 01/08 Copyright 2008 Oncor Electric Delivery. All Rights Reserved. In response to our customers desire for more variety in street light accessories,

More information

Power Distribution Module 54.05

Power Distribution Module 54.05 Power Distribution Module.0 For pin connector locations on the top of the main PDM, see Fig.. 7 B8 C8 D8 E8 F7 9 CC IGN ISO BT B E F C D 08//9 6 7. 6-Pin Connector. 6-Pin Connector B. 6-Pin Connector C.

More information

Maine Learning Results Science Grade: 3 - Adopted: 2007

Maine Learning Results Science Grade: 3 - Adopted: 2007 Main Criteria: Maine Learning Results Secondary Criteria: Subjects: Science, Social Studies Grade: 3 Correlation Options: Show Correlated Maine Learning Results Science Grade: 3 - Adopted: 2007 STRAND

More information

0FlashPix Interoperability Test Suite User s Manual

0FlashPix Interoperability Test Suite User s Manual 0FlashPix Interoperability Test Suite User s Manual Version 1.0 Version 1.0 1996 Eastman Kodak Company 1996 Eastman Kodak Company All rights reserved. No parts of this document may be reproduced, in whatever

More information