ID: Cookbook: browseurl.jbs Time: 19:37:50 Date: 11/05/2018 Version:

Similar documents
ID: Cookbook: browseurl.jbs Time: 11:59:06 Date: 14/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 13:46:19 Date: 09/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:27:59 Date: 16/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 13:10:41 Date: 01/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 15:46:38 Date: 29/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 17:39:02 Date: 22/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 12:58:02 Date: 02/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 16:58:45 Date: 04/06/2018 Version:

ID: Cookbook: browseurl.jbs Time: 10:12:02 Date: 15/01/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:56:26 Date: 03/07/2018 Version:

ID: Cookbook: urldownload.jbs Time: 23:23:00 Date: 11/01/2018 Version:

ID: Cookbook: browseurl.jbs Time: 07:02:50 Date: 27/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 16:56:06 Date: 13/02/2018 Version:

ID: Cookbook: browseurl.jbs Time: 14:46:55 Date: 31/08/2018 Version:

ID: Cookbook: browseurl.jbs Time: 18:05:31 Date: 26/12/2017 Version:

ID: Cookbook: browseurl.jbs Time: 15:47:47 Date: 11/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 13:47:53 Date: 16/02/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:04:11 Date: 14/06/2018 Version:

ID: Cookbook: browseurl.jbs Time: 15:48:15 Date: 29/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 22:12:09 Date: 17/11/2017 Version:

ID: Cookbook: urldownload.jbs Time: 20:31:22 Date: 09/08/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:07:43 Date: 27/09/2018 Version:

ID: Cookbook: browseurl.jbs Time: 18:10:52 Date: 18/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 14:05:23 Date: 30/07/2018 Version:

ID: Cookbook: urldownload.jbs Time: 19:58:34 Date: 02/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 00:46:14 Date: 03/07/2018 Version:

ID: Cookbook: browseurl.jbs Time: 14:54:22 Date: 05/09/2018 Version:

ID: Cookbook: browseurl.jbs Time: 18:45:10 Date: 08/10/2018 Version: Fire Opal

ID: Cookbook: browseurl.jbs Time: 09:46:57 Date: 19/10/2018 Version: Fire Opal

ID: Cookbook: browseurl.jbs Time: 23:19:26 Date: 20/08/2018 Version:

ID: Cookbook: urldownload.jbs Time: 18:48:38 Date: 19/06/2018 Version:

ID: Cookbook: urldownload.jbs Time: 22:46:20 Date: 19/02/2018 Version:

ID: Cookbook: browseurl.jbs Time: 23:36:16 Date: 10/04/2018 Version:

ID: Cookbook: urldownload.jbs Time: 20:09:25 Date: 13/06/2018 Version:

ID: Cookbook: urldownload.jbs Time: 02:55:04 Date: 01/02/2018 Version:

ID: Cookbook: urldownload.jbs Time: 08:25:02 Date: 29/10/2018 Version: Fire Opal

ID: Sample Name: SSI Set Details.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 01:14:07 Date: 13/04/2018 Version: 22.0.

ID: Sample Name: Dxd1yOZMU1.bin Cookbook: defaultwindowsofficecookbook.jbs Time: 09:43:59 Date: 21/10/2017 Version:

ID: Sample Name: test.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 18:57:54 Date: 12/04/2018 Version:

ID: Sample Name: scan00.html Cookbook: default.jbs Time: 22:21:27 Date: 16/12/2017 Version:

ID: Sample Name: FsQHOWXph8.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 20:31:13 Date: 16/03/2018 Version:

ID: Cookbook: browseurl.jbs Time: 15:35:36 Date: 03/11/2017 Version:

ID: Sample Name: FD-1 Phase Out Notice.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 14:36:29 Date: 04/05/2018 Version: 22.0.

ID: Cookbook: urldownload.jbs Time: 20:47:24 Date: 09/12/2017 Version:

ID: Cookbook: urldownload.jbs Time: 11:39:45 Date: 07/04/2018 Version:

ID: Cookbook: browseurl.jbs Time: 20:07:02 Date: 11/07/2018 Version:

ID: Sample Name: MobaXterm_installer.dat Cookbook: default.jbs Time: 18:29:43 Date: 25/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 19:21:50 Date: 15/10/2017 Version:

ID: Cookbook: urldownload.jbs Time: 16:41:45 Date: 23/06/2018 Version:

ID: Cookbook: urldownload.jbs Time: 19:53:36 Date: 07/03/2018 Version:

ID: Cookbook: urldownload.jbs Time: 21:28:55 Date: 28/06/2018 Version:

ID: Cookbook: browseurl.jbs Time: 15:26:33 Date: 16/03/2018 Version:

ID: Sample Name: Luxus.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 10:22:08 Date: 09/01/2018 Version:

ID: Sample Name: test.txt Cookbook: default.jbs Time: 13:18:36 Date: 31/03/2018 Version:

ID: Sample Name: MSM- 24_Supply_List RU_518.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 17:15:48 Date: 19/06/2018 Version: 22.0.

ID: Cookbook: browseurl.jbs Time: 00:12:30 Date: 24/03/2018 Version:

ID: Sample Name: TO_HM_CROWN PR#U0130NCE MOHAMMED B#U0130N SALMAN - Dear Prime Minister.doc Cookbook: defaultwindowsofficecookbook.

ID: Sample Name: image002 Cookbook: default.jbs Time: 18:19:28 Date: 18/05/2018 Version:

ID: Sample Name: MobaXterm_installer_10.5.msi Cookbook: defaultwindowsmsicookbook.jbs Time: 18:29:36 Date: 25/05/2018 Version: 22.0.

ID: Sample Name: Serial.txt Cookbook: default.jbs Time: 02:59:20 Date: 07/05/2018 Version:

ID: Sample Name: text_0.txt Cookbook: default.jbs Time: 16:20:15 Date: 12/01/2018 Version:

ID: Sample Name: testfiletestfile.txt Cookbook: default.jbs Time: 15:24:30 Date: 06/07/2018 Version:

ID: Sample Name: js.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 10:01:15 Date: 26/09/2018 Version:

ID: Cookbook: browseurl.jbs Time: 00:29:59 Date: 16/12/2017 Version:

ID: Cookbook: urldownload.jbs Time: 22:26:00 Date: 30/12/2017 Version:

ID: Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:55:50 Date:

ID: Sample Name: Payment_Remittance#.xps Cookbook: defaultwindowsofficecookbook.jbs Time: 01:35:46 Date: 20/09/2018 Version: 23.0.

ID: Sample Name: Coss, Daniel.vcf Cookbook: default.jbs Time: 15:16:47 Date: 21/06/2018 Version:

ID: Sample Name: E DA5e8a0c01b.txt Cookbook: default.jbs Time: 15:35:01 Date: 18/04/2018 Version:

ID: Sample Name: Commercial Card Services CTO Quality Control Checklist v9.docm Cookbook: defaultwindowsofficecookbook.jbs Time: 15:52:31 Date:

ID: Sample Name: MacKeeper.dmg Cookbook: default.jbs Time: 11:09:32 Date: 02/06/2018 Version:

ID: Cookbook: urldownload.jbs Time: 16:10:39 Date: 07/12/2017 Version:

ID: Sample Name: maintools.js Cookbook: default.jbs Time: 15:43:35 Date: 17/02/2018 Version:

ID: Sample Name: Liste_az.docx Cookbook: defaultwindowsofficecookbook.jbs Time: 00:17:54 Date: 30/12/2017 Version:

ID: Sample Name: lt.pak Cookbook: default.jbs Time: 12:40:34 Date: 26/07/2018 Version:

ID: Sample Name: dronefly.apk Cookbook: default.jbs Time: 10:24:54 Date: 07/06/2018 Version:

ID: Sample Name: test Cookbook: default.jbs Time: 09:46:13 Date: 21/05/2018 Version:

ID: Sample Name: tesseract-ocrsetup exe. Cookbook: default.jbs Time: 16:44:15 Date: 12/02/2018 Version:

ID: Sample Name: 21PO jpg...js Cookbook: default.jbs Time: 14:32:06 Date: 21/11/2017 Version:

ID: Sample Name: quzpecasrh Cookbook: default.jbs Time: 16:55:54 Date: 07/10/2017 Version:

ID: Sample Name: fly.jse Cookbook: default.jbs Time: 18:17:26 Date: 11/11/2017 Version:

ID: Cookbook: browseurl.jbs Time: 03:15:55 Date: 26/01/2019 Version: Tiger's Eye

ID: Sample Name: SSB SBV Daily Report - Logistics Template DEC '17 (8).xlsm Cookbook: defaultwindowsofficecookbook.jbs Time: 06:35:29 Date:

ID: Sample Name: PO xls Cookbook: defaultwindowsofficecookbook.jbs Time: 03:13:36 Date: 08/01/2018 Version:

ID: Sample Name: dialog.nvp Cookbook: default.jbs Time: 00:09:12 Date: 10/05/2018 Version:

ID: Sample Name: 11#Ucb#Uae#Uc4#Ube#Ue5#Ubb#UaafNOnOJTVYQ.exe Cookbook: default.jbs Time: 09:47:21 Date: 02/02/2018 Version: 20.0.

ID: Sample Name: 5GeZNwROcB.bin Cookbook: default.jbs Time: 15:22:54 Date: 30/11/2017 Version:

ID: Sample Name: faktury_pdf.rar Cookbook: default.jbs Time: 12:24:33 Date: 15/12/2017 Version:

ID: Sample Name: NEW ORDER LIST.jar Cookbook: default.jbs Time: 10:19:47 Date: 19/02/2018 Version:

ID: Sample Name: Unconfirmed crdownload Cookbook: default.jbs Time: 22:58:07 Date: 08/11/2017 Version:

ID: Sample Name: gpg4win exe.sig Cookbook: default.jbs Time: 21:44:31 Date: 02/02/2018 Version:

ID: Sample Name: vlaue.exe Cookbook: default.jbs Time: 18:54:49 Date: 26/01/2018 Version:

ID: Cookbook: urldownload.jbs Time: 20:31:48 Date: 13/04/2018 Version:

ID: Sample Name: numbering.xml Cookbook: defaultandroidfilecookbook.jbs Time: 05:15:39 Date: 27/04/2018 Version:

ID: Sample Name: DOCS.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 16:07:38 Date: 06/02/2018 Version:

ID: Cookbook: browseurl.jbs Time: 22:37:32 Date: 10/04/2018 Version:

ID: Sample Name: ff2c8cadaa0fd8da6138cce6fce37e001f53a5d9ceccd67945b15ae273f4d751.evaljs.js Cookbook: default.jbs Time: 16:44:00 Date:

ID: Sample Name:._k.php Cookbook: default.jbs Time: 05:41:18 Date: 25/04/2018 Version:

ID: Sample Name: [Content_Types].xml Cookbook: defaultandroidfilecookbook.jbs Time: 05:15:19 Date: 27/04/2018 Version: 22.0.

ID: Sample Name: INDUSTRIAL.doc Cookbook: defaultwindowsofficecookbook.jbs Time: 02:35:30 Date: 25/04/2018 Version: 22.0.

Transcription:

ID: 59176 Cookbook: browseurl.jbs Time: 19:37:50 Date: 11/05/2018 Version: 22.0.0

Table of Contents Table of Contents Analysis Report Overview General Information Detection Confidence Classification Analysis Advice Signature Overview Networking: System Summary: Behavior Graph Simulations Behavior and APIs Antivirus Detection Initial Sample Dropped Files Unpacked PE Files Domains Yara Overview Initial Sample PCAP (Network Traffic) Dropped Files Memory Dumps Unpacked PEs Joe Sandbox View / Context IPs Domains ASN Dropped Files Screenshots Startup Created / dropped Files Contacted Domains/Contacted IPs Contacted Domains Contacted IPs Static File Info No static file info Network Behavior Network Port Distribution TCP Packets UDP Packets DNS Queries DNS Answers HTTP Request Dependency Graph HTTP Packets Code Manipulations Statistics Behavior System Behavior 2 4 4 4 4 5 5 6 6 7 7 7 8 8 8 8 8 8 8 9 9 9 9 9 9 9 9 9 9 9 9 10 10 17 17 17 18 18 18 18 18 21 22 22 23 23 29 29 29 29 Copyright Joe Security LLC 2018 Page 2 of 30

Analysis iexplore.exe PID: 3732 Parent PID: 548 General File Activities Registry Activities Analysis iexplore.exe PID: 3796 Parent PID: 3732 General File Activities Registry Activities Disassembly Code Analysis 29 29 29 30 30 30 30 30 30 30 Copyright Joe Security LLC 2018 Page 3 of 30

Analysis Report Overview General Information Joe Sandbox Version: 22.0.0 Analysis ID: 59176 Start time: 19:37:50 Joe Sandbox Product: CloudBasic Start date: 11.05.2018 Overall analysis duration: Hypervisor based Inspection enabled: Report type: Cookbook file name: Sample URL: 0h 5m 7s light browseurl.jbs http://jundiai.ginfes.com.br/birt/frameset/? repo rt=nfs_jundiai.rptdesign&cdverificacao=740537359&n umnota=59 Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1) Number of analysed new started processes analysed: 5 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies Analysis stop reason: Detection: Classification: HCA enabled EGA enabled HDC enabled Timeout CLEAN clean0.win@3/31@3/2 HCA Information: Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0 EGA Information: HDC Information: Cookbook Comments: Warnings: Failed Failed Adjust boot time Correcting counters for adjusted boot time Show All Exclude process from analysis (whitelisted): WmiPrvSE.exe, dllhost.exe Execution Graph export aborted for target iexplore.exe, PID 3796 because there are no executed function Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Detection Strategy Score Range Reporting Detection Copyright Joe Security LLC 2018 Page 4 of 30

Strategy Score Range Reporting Detection Threshold 0 0-100 Report FP / FN Confidence Strategy Score Range Further Analysis Required? Confidence Threshold 3 0-5 true Classification Copyright Joe Security LLC 2018 Page 5 of 30

Ransomware Miner Spreading malicious malicious malicious Evader Phishing suspicious suspicious suspicious clean clean clean Exploiter Banker Spyware Trojan / Bot Adware Analysis Advice Sample HTTP request are all non existing, likely the sample is no longer working Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior Signature Overview Networking System Summary Copyright Joe Security LLC 2018 Page 6 of 30

Click to jump to signature section Networking: Social media urls found in memory data Downloads files Downloads files from webservers via HTTP Found strings which match to known social media urls Performs DNS lookups Tries to download non-existing http data (HTTP/1.1 404 Not Found) Urls found in memory or binary data System Summary: Classification label Creates files inside the user directory Creates temporary files Reads ini files Spawns processes Uses an in-process (OLE) Automation server Found graphical window changes (likely an installer) Uses new MSVCR Dlls Behavior Graph Copyright Joe Security LLC 2018 Page 7 of 30

Behavior Graph ID: 59176 URL: http://jundiai.ginfes.com.br/birt/frameset/? report=nfs_... Startdate: 11/05/2018 Architecture: WINDOWS Score: 0 started iexplore.exe Hide Legend Legend: Process Signature Created File DNS/IP Info Is Dropped Is Windows Process Number of created Registry Values Number of created Files Visual Basic Delphi Java.Net C# or VB.NET 17 51 C, C++ or other language Is malicious started iexplore.exe 2 21 jundiai.ginfes.com.br 201.77.231.25, 49175, 49176, 80 UOLDIVEOSABR Brazil visualizar.ginfes.com.br 201.77.231.42, 49177, 49178, 49179 UOLDIVEOSABR Brazil Simulations Behavior and APIs Time Type Description 19:38:24 API Interceptor 556x Sleep call for process: iexplore.exe modified Antivirus Detection Initial Sample Source Detection Scanner Label Link http://jundiai.ginfes.com.br/birt/frameset/? report=nfs_jundiai.rptdesign&cdverificacao=740537359&n umnota=59 0% virustotal Browse Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Domains Source Detection Scanner Label Link visualizar.ginfes.com.br 0% virustotal Browse Copyright Joe Security LLC 2018 Page 8 of 30

Source Detection Scanner Label Link jundiai.ginfes.com.br 0% virustotal Browse Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Memory Dumps No yara matches Unpacked PEs No yara matches Joe Sandbox View / Context IPs No context Domains No context ASN No context Dropped Files No context Screenshots Copyright Joe Security LLC 2018 Page 9 of 30

Startup System is w7 iexplore.exe (PID: 3732 cmdline: '' -Embedding CA1F703CD665867E8132D2946FB55750) iexplore.exe (PID: 3796 cmdline: '' SCODEF:3732 CREDAT:275457 /prefetch:2 CA1F703CD665867E8132D2946FB55750) cleanup Created / dropped Files C:\Users\SAMTAR~1\AppData\Local\Temp\JavaDeployReg.log Size (bytes): 89 ASCII text, with CRLF line terminators Entropy (8bit): 4.502960495262106 BDED7575DEC362FBF781DD9BF5BDD52A 60CEA5879A73E5498D31D65428B8062E05E90466 DA2471DD638907A51EA4C206A3BFA149095595D1759FFBEDB07BFBEF459631E1 1FB2CEF0177BA7DB26D36903D939820C8E060DADE12C63DBC2A6B97CA477D79561149B1C732416DE41C701ADA 9B604C3BE75A6DB9E62D11F2779F90275FDEC7 Copyright Joe Security LLC 2018 Page 10 of 30

C:\Users\SAMTAR~1\AppData\Local\Temp\~DF3046EC75B42A9CA8.TMP data Size (bytes): 29745 Entropy (8bit): 2.2469757165098936 C3FBE53FFAA795E033DBE3A572F988A5 15AF14B8C7916959BFC2A9EC6EFC323DCBDE7A2E 88D62D93295BED8D3B686D58AFBA19DEA066740BA6213C162CDBC8340DFF8A30 8E6E90D98F5C9D695C0F80BF12151091B7934030859E647490D5CA867015F1997D7286A68FBB75885910423974D5F 819F2366D7F80B69F90EA5FF5B71A6EE382 C:\Users\SAMTAR~1\AppData\Local\Temp\~DF6BBDE13588711BF5.TMP FoxPro FPT, blocks size 258, next free block index 16711424 Size (bytes): 13109 Entropy (8bit): 2.285777954099503 452E2CA938BC7970157E5786376CDA00 0886F5903E4416CFA4B2A8397521952E5AA94AAE F85C39FEBFBEDCA8E6A1263B5A95BF43E93B7C9D9633F67E7C2D2D12D7415F45 BC7BFAE60E64AE0E7AB89F467DD7EF4167E3390FE5B2C7B51F8BE46F3419CFD54EDDC5669FBC30759352622C5 D9D15D978946190C8C7294A0B2F1A73A2888ECE C:\Users\SAMTAR~1\AppData\Local\Temp\~DF8C2430A51EBAFA93.TMP FoxPro FPT, blocks size 258, next free block index 16711424 Size (bytes): 75792 Entropy (8bit): 4.2682993772612745 BAEB0FE02A5A4BA8D87C86AFC4A030D9 CDEFC26A91A3F0619A3475C6182BFC6A3B0D8A28 AC9A82C454F2A8E642B44202929E3E2EB51BEB3AE310A3D3BA6C649C24192FA1 DA31C7D00EB3252707ED1131B2604615DBC9E8F0A570C003AEBAC4FE6CE15F5F0EB368FA96E783C52B8D685BE 3CF0D9B5D330C173F9B577FA680B911EE14C452 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 Size (bytes): 26036 Entropy (8bit): 7.96414732129194 Microsoft Cabinet archive data, 6509 bytes, 1 file 806381CE371CD7EF9CC216BB58438764 7EBD518D1A89C6F0079BE759A38869DE9ECC399A D858B12945B35906DD709A2FA9EAFEDA3CDE7E342041AEE65BBD43CDF783C993 292C5FB7B6ED27E52F6EF48754DE5D1B9A756961A5309905EB086135BD5C5420D4882051CC8C1D82D845E8AEBD 50ACABDE23EE17A401379448DB0A13C30E2CC1 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E0 4 data Size (bytes): 471 Entropy (8bit): 7.145090462928694 F0210FCA650329651CC216A3079899E2 D10B86C6F353C30D98B55BFCAADD40E7D493397C 397AD878DB2D20AFD65BA634252E0347735B089E1C9526BD654829881D1221F9 Copyright Joe Security LLC 2018 Page 11 of 30

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E0 4 C5CA0CE0D36CB0716ECC6E37F96C261EF4E992C6C6B03D7EF703252D5494DE7AAFB222089C8BEC0A52ECD39D CF139748318B994898E994C7D29C8C513BB690DA C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F data Size (bytes): 4405 Entropy (8bit): 5.519366423614025 8F49D05A12DAF7DC1437D8CCDB188A74 CC31C730E0CB60FF2135016D781AD8F1F8DB788F B6CAF30D26C9B2571099F0E345C3C5F343AE0D4378DE4FEECB0E9E5D9DA27C16 956F073E850CC741480764D01450C632CDCA0CE7B449221FF81DA4C278785D1F1933A85C43FE97994CC7C67EBB 70E177ADA752BFDE76A88D061C7B047FB548C C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 data Size (bytes): 1368 Entropy (8bit): 3.133320065872682 EA265396DBFACD13E20386B6D064C550 7EE65A048714C86E85F5C2270396D71513502212 DA2EF947CC8A607C72DA986D5C32B1F924E4E6A9AD99B298FB7704A8B20BB60D 9244DD59EF6E4AC83A51C9AF3D45CA91D1734C3FF0CAB0E43C6099B123CC701182503ED55EC58CC4CCACDBB1 DE133BC8F728938242304F083A376A51B2FB8C10 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF3971487123 2B4792417E04 data Size (bytes): 868 Entropy (8bit): 3.8128898875585953 E349E807C06E56E07555AFE2E66ED924 AF7D265600B8AAC0D43694AFC91A7AB25F2DB9B0 888393213AA8BEE66FE54D36E526C74C01F8A942B55BD1C8843ADBEA3ABF6595 ADF9EC042F8B64998939D395D075857C637B634C63A369E8C9469D2F14AF923E9A38985E809B8A98059A93503C6E 6562795C752B79E0BCFC169E6E1E18BF0A09 C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F data Size (bytes): 452 Entropy (8bit): 3.264610413537225 C686595028392BA7C941FB882B3A3B63 72469B4E20655566C873FCEBD95BCCAF469DBE85 42E5DF5BF453B25987AA3DB54D076A9467E2D1E11B04F84D110C07679363780F EDD24FA9E482E699C41D2910AFC6C843E1F7EAA660C3DF8E31043A39E0D72F3F751C57FD2B810385FBFDC05636 8E6F1C26B1B3CB2E4C340C9D66F669B667B97B C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico PNG image data, 16 x 16, 4-bit colormap, non-interlaced Size (bytes): 237 Copyright Joe Security LLC 2018 Page 12 of 30

C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico Entropy (8bit): 6.1480026084285395 9FB559A691078558E77D6848202F6541 EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31 6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 0E08938568CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCF B74437DE520395234D0009D452FB96A8ECE236B C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1 data Size (bytes): 18176 Entropy (8bit): 5.525633053475079 5A34CB996293FDE2CB7A4AC89587393A 3C96C993500690D1A77873CD62BC639B3A10653F C6A5377CBC07EECE33790CFC70572E12C7A48AD8296BE25C0CC805A1F384DBAD E1B7D0107733F81937415104E70F68B1BE6FD0CA65DCCF4FF72637943D44278D3A77F704AEDFF59D2DBC0D56A6 09B2590C8EC0DD6BC48AB30F1DAD0C07A0A3EE C:\Users\user\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml Size (bytes): 38276900 Entropy (8bit): 5.132342714615937 XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators CA59D9C2CC8C35A5FEBDE98D351F4990 2588144B161DA256D0CD06319F13EBFA8F97E250 6876C93ECBBA8B97E9CFC83D00CA3149A055EEB2BE78DAD6001FBB3AE36DFD56 327283FBD8AC8EFBD353B95E4164FC01E10FC4235E5FD2B9E8E0FFBBC3E6A8943558FD636E8BD7D232D468D4F 5AE122E5B0E61C04ABAE054A5415ED8C98FEAD5 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1A4F9261-5542-11E8-B3E3-CCDA62336E41}.dat Size (bytes): 46680 Microsoft Word Document Entropy (8bit): 1.917337488196678 C9D8A0828F6ED82EE69126C30B167EF9 947D7F2B4860C1729778CC49E3DA93F4ACD7DE72 35BEDCF06C2094BFB05D724FDB60C10C0685F16E65562EEEC3C93DA8AA891D97 66B43CE4C64324180A35656A5CFB20208C7EC2837EF6AAFB96798F35F3953EAB3EA38E2A67B0CD5995309904EE 20A3B5EC8CBCB98CD9CBAFF78C21E5958E6EC1 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1A4F9263-5542-11E8-B3E3-CCDA62336E41}.dat Size (bytes): 63522 Microsoft Word Document Entropy (8bit): 3.372868147767355 C117DC8D2AD79CB9845C1B41E56F89DF 58EC7621E5831DC7969AF988D30FB84600B2C050 447704908D715F0DDE60052F627E849BAC176DC7CB98FC1B5A02D2E1EBD04890 15703592F8764B9A32757362784B1677053925DAA972EA03A6439256E4DF9129DEC2F29C910D40B3366300A15BB1 BE71A5A0398B086DD60DED910B4E308E52A9 Copyright Joe Security LLC 2018 Page 13 of 30

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{23069020-5542-11E8-B3E3-CCDA62336E41}.dat Size (bytes): 19032 Microsoft Word Document Entropy (8bit): 1.5867685812804582 BBF2C1323D64B16B0491168FF6345460 C598F17DD89A7C30ABC56AC8E2E5B9925F88E2C3 C0B765599DD3F73102A8337C04C308D3C757C86A0D1E836BC66A51BEF9933AD7 4D6BF06DC6BD5730483AA73B1E3044E46EEC48C0574A9D56CE6A221E10E6928073B605A0E705166932B5D07AE83 9B5C3706A157AE0910323C2F42C96FC1DAC94 C:\Users\user\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver699B.tmp Size (bytes): 15845 Entropy (8bit): 5.061709702572858 XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators 095C72688DE7D90E6526DC0D8878F3F6 A1CAE182FB7E86C74FB5467C0014B2A27472BE37 8684403DA59628039E9B4B0D245C5B7E1FAC1242A087DED44EAF3B792E4A231E AB7FD229A6F532AE11E4CCEB01F823810B33D5C740BC9F290C79646C422AFFC27DDB8476C931D6E4A9686EED97 0E219B6CEBBF68F9A12B6C629B6816CDE1615C C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CMFZC4R\cab_01[1].gif GIF image data, version 89a, 2 x 102 Size (bytes): 873 Entropy (8bit): 2.215404426619227 8B6F6A65FA8C4D29860EF7CE39F2EC5F 482CC13D8B9014051CC9F1A36F71899D52B43FCB B6A97D0B95A70A54B4A581E7212020FB0F699F245D53679C91576D94586188A3 31A32B77A6F2A506852851F6002FB31973E3E960A64AA6F7D94D184ACCF632BB35DCD6D41E9F924292E1AEA7755 A2B80E9674A809F6CDF44699722FBB6828EAD C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CMFZC4R\consultarNota[1].htm Size (bytes): 79032 Entropy (8bit): 5.5174916075547715 HTML document, ISO-8859 text, with very long lines, with CRLF, LF line terminators 8D41A0F695A372EF597485EDBB85FA43 0A40DECB4F920D41E5F0894643BC6651FA92BD8A 968685A2B58EF9FCD2D72D1ADD89600117DAAC8AC86D162029911DBB59A93924 91AB16829A6DA662912A4966CA673507873920B533D5FC9EC220C1DAA0C7846C8BF862108C8EE1860E90AFE145C E4D3DDE3202EDCD805865C89CD80A84439E38 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CMFZC4R\iecompatviewlist[1].xml Size (bytes): 382769 Entropy (8bit): 5.132342714615937 XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators CE5A2E8A386F7070BAA6799FB7C39E0D 70AE543F05CABCD2FBED9C95BF03182A43728021 C0654B0B4367B3A082D00BCECD1DB365D6A3D7B8747F0B059EB4D016E0D94182 032F54676DE8A245CB847D3337BA7C0136B9D773FDA9BEF52C5C156C8C4F4F212DE46796F08F0794169396F2FA1 6436E831E9E369BA0A6513EC6DFFD77093526 Copyright Joe Security LLC 2018 Page 14 of 30

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CMFZC4R\iecompatviewlist[1].xml C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CMFZC4R\rod_01[1].GIF GIF image data, version 89a, 2 x 59 Size (bytes): 843 Entropy (8bit): 1.9301581420363354 DDB05ADF9D8751DC2968D04DAEF3CE94 B8A19D9DB0E333C2E46D00979042344FED58AA95 E3A409811FE5E240D8E1D07B30B2995C4B3E03AD28A501936F012D77BAA2B1F7 0999CEF2073D3DCA4BBC5235AFFF30955985DE8E9C669C43B8863791F045640269F63F170B00E63484B0C995F453 5E8C300FAAA837F0634C3FDCE3274176C465 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CMFZC4R\suggestions[1].en-US data Size (bytes): 18176 Entropy (8bit): 5.525633053475079 5A34CB996293FDE2CB7A4AC89587393A 3C96C993500690D1A77873CD62BC639B3A10653F C6A5377CBC07EECE33790CFC70572E12C7A48AD8296BE25C0CC805A1F384DBAD E1B7D0107733F81937415104E70F68B1BE6FD0CA65DCCF4FF72637943D44278D3A77F704AEDFF59D2DBC0D56A6 9B2590C8EC0DD6BC48AB30F1DAD0C07A0A3EE C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59KZ\estilo[1].css Size (bytes): 630 ASCII text, with CRLF line terminators Entropy (8bit): 5.188597206184034 F9B169D199F76AE761082BF84C4D7C77 B1753FAF25FEC2498DCB610B514CD44F6F175415 205B775B6DFD522A99B2F807433F890228BA301DAB1E41D2548BCD9A3A7D2181 69F000D6AD0F4ADBB3F8378149A9B07519598B7F604DE6CC7B7B804AEA5F380915F844E45495079593C7FEA132C 9B4D28B45416A78D208DF10197F70FB43DABD C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59KZ\frameset[1].htm Size (bytes): 507 Entropy (8bit): 5.570975057544901 HTML document, ASCII text, with CRLF line terminators A6802B8EA0FD6B7C516EBD5BC871E491 56D84C0C56506F219210B1F4C56099B63D8F158E 2F3679626AA9335DC3FA88A8BB78DFB6DF22A3A81163362FF03E48A483568219 E8FE2146C493045EF0182CD504F11FE9675820AEBB8EFBE74AC2F704765F83E9CD150B64FD7A43602B68A9538F7 BCEC12D309A6E66E874DB9E9972039A59CB1A C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59KZ\image[1].jpg JPEG image data, EXIF standard Size (bytes): 3857 Entropy (8bit): 7.729201887285876 DC141FEE582256D06263108A4C934F29 Copyright Joe Security LLC 2018 Page 15 of 30

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2PG59KZ\image[1].jpg FCF038A0EA3DE731B082A0CD11DDF017F4EFA431 D2CDAC25F34037A16FBBD1CE2FC45EBE0DB87D20FC3E3795853C45BCEDADCCF6 D72BAC6517DBDA492AB67387C71A10085D98BFD508D410929A907D550ECC14B14CA84AF0ADACFDA723EBDD56 DBA67832E3DF4DEDCE27DE78E5D28D6EB04A07C4 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3GRP7RI\favicon[1].ico Size (bytes): 237 Entropy (8bit): 6.1480026084285395 PNG image data, 16 x 16, 4-bit colormap, non-interlaced 9FB559A691078558E77D6848202F6541 EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31 6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 0E08938568CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCF B74437DE520395234D0009D452FB96A8ECE236B C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULEAKRVD\logo[1].gif GIF image data, version 89a, 175 x 100 Size (bytes): 4729 Entropy (8bit): 7.255048076695556 3B822834EC1EFBE3C5ECECBD37EBE580 8A05DDAAEAA8CABB1D175673BBBB3C4C6DE8682D 43AFE970685E19035E16249D2C980B60BBE281483B0EB87F0E83B784396DE8E2 F255D8CC1B73C27EECB38AF40DE89C2378E22EF002DC9A788BA1882B0551325855259DA4232B478362FB44704A2 9394BA8CE430E188BBA56F39278F537DD042D C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULEAKRVD\pdf[1].jpg JPEG image data, JFIF standard 1.01 Size (bytes): 824 Entropy (8bit): 7.119472747592219 90820415BC6B548A576E1B9551FA8BDC 347890CE914763C7CAB7F5D762ADBBB2D61A858D AB5E190BFB9ED0B4A7C98589DAFBA79E355035603646DFFF54135F68D782BC38 D4597B26F38836ADF62C9E6C96885D9EE667A32401652058B440D3B8F2CF054C7CC75B0A3F01DB26D6182279F0E 74C2E269BF77063487A0DAC1AF634507F3204 C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULEAKRVD\urlblockindex[1].bin Size (bytes): 16 Entropy (8bit): 1.6216407621868583 data FA518E3DFAE8CA3A0E495460FD60C791 E4F30E49120657D37267C0162FD4A08934800C69 775853600060162C4B4E5F883F9FD5A278E61C471B3EE1826396B6D129499AA7 D21667F3FB081D39B579178E74E9BB1B6E9A97F2659029C165729A58F1787DC0ADADD980CD026C7A601D416665A 81AC13A69E49A6A2FE2FDD0967938AA645C07 C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NN4ZQ5Z9XJKXNU205EDP.temp data Copyright Joe Security LLC 2018 Page 16 of 30

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NN4ZQ5Z9XJKXNU205EDP.temp Size (bytes): 5026 Entropy (8bit): 3.0852937596422665 DF72302533BE20AA5C31CA4FCD75A792 CD1E08A9F33CE091F5C6A264BA3C6CE0E0A7FC5B B0898988D0255768BA805F7441651BE018EFB11D2991A84F5D6735BB9D7A80CF 4202713C152E76BFF9C603B5AF2D4F4FF1DE65FD861C1803764EC0B45B18ABF6A1DB3B377309A6EE1AF4881B4F 692D240080C196DCE06F3D68A388A6C1769D9A \samr Size (bytes): 116 Entropy (8bit): 4.053374040827533 Hitachi SH big-endian COFF object, not stripped 080E701E8B8E2E9C68203C150AC7C6B7 4EF041621388B805758AE1D3B122F9D364705223 FE129AE2A7C96708754F6F51091E6E512C9FEACA1042A1E9DB914C651FEB344D C11D88B8E355B7B922B985802464B693F75BA4C2A62F9137A15842CA82F9B6B3ED13059EDC0DF1C04E7DE43719 D892B4C0D22BB67BE0D57EAB368BA1BC057E79 Contacted Domains/Contacted IPs Contacted Domains Name IP Active Malicious Antivirus Detection Reputation visualizar.ginfes.com.br 201.77.231.42 true 0%, virustotal, Browse jundiai.ginfes.com.br 201.77.231.25 true 0%, virustotal, Browse Contacted IPs No. of IPs < 25% 25% < No. of IPs < 50% 50% < No. of IPs < 75% 75% < No. of IPs Copyright Joe Security LLC 2018 Page 17 of 30

IP Country Flag ASN ASN Name Malicious 201.77.231.25 Brazil 13878 UOLDIVEOSABR 201.77.231.42 Brazil 13878 UOLDIVEOSABR Static File Info No static file info Network Behavior Network Port Distribution Total Packets: 131 80 (HTTP) 53 (DNS) TCP Packets Timestamp Source Port Dest Port Source IP Dest IP 19:38:31.150849104 CEST 63758 53 192.168.2.3 8.8.8.8 19:38:31.377764940 CEST 60052 53 192.168.2.3 8.8.8.8 19:38:31.386749983 CEST 52046 53 192.168.2.3 8.8.8.8 19:38:31.736768961 CEST 53 60052 8.8.8.8 192.168.2.3 19:38:31.933105946 CEST 53 63758 8.8.8.8 192.168.2.3 19:38:31.933152914 CEST 53 52046 8.8.8.8 192.168.2.3 19:38:31.948900938 CEST 49175 80 192.168.2.3 201.77.231.25 19:38:31.948947906 CEST 80 49175 201.77.231.25 192.168.2.3 19:38:31.949027061 CEST 49175 80 192.168.2.3 201.77.231.25 19:38:31.949810028 CEST 49176 80 192.168.2.3 201.77.231.25 19:38:31.949831009 CEST 80 49176 201.77.231.25 192.168.2.3 19:38:31.949889898 CEST 49176 80 192.168.2.3 201.77.231.25 19:38:31.950815916 CEST 49175 80 192.168.2.3 201.77.231.25 19:38:31.950834990 CEST 80 49175 201.77.231.25 192.168.2.3 19:38:32.590359926 CEST 80 49175 201.77.231.25 192.168.2.3 19:38:32.590435982 CEST 49175 80 192.168.2.3 201.77.231.25 19:38:33.559745073 CEST 59644 53 192.168.2.3 8.8.8.8 19:38:34.021790028 CEST 53 59644 8.8.8.8 192.168.2.3 19:38:34.022972107 CEST 49177 80 192.168.2.3 201.77.231.42 19:38:34.022994995 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:34.023083925 CEST 49177 80 192.168.2.3 201.77.231.42 19:38:34.023617983 CEST 49178 80 192.168.2.3 201.77.231.42 19:38:34.023633003 CEST 80 49178 201.77.231.42 192.168.2.3 19:38:34.023720026 CEST 49178 80 192.168.2.3 201.77.231.42 19:38:34.024185896 CEST 49177 80 192.168.2.3 201.77.231.42 19:38:34.024198055 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:34.225182056 CEST 52564 53 192.168.2.3 8.8.8.8 Copyright Joe Security LLC 2018 Page 18 of 30

Timestamp Source Port Dest Port Source IP Dest IP 19:38:34.227837086 CEST 52396 53 192.168.2.3 8.8.8.8 19:38:34.231199980 CEST 54053 53 192.168.2.3 8.8.8.8 19:38:34.234184027 CEST 55741 53 192.168.2.3 8.8.8.8 19:38:34.238321066 CEST 59843 53 192.168.2.3 8.8.8.8 19:38:34.242114067 CEST 51586 53 192.168.2.3 8.8.8.8 19:38:34.510087967 CEST 53 52564 8.8.8.8 192.168.2.3 19:38:34.510145903 CEST 53 52396 8.8.8.8 192.168.2.3 19:38:34.510164976 CEST 53 54053 8.8.8.8 192.168.2.3 19:38:34.716169119 CEST 53 51586 8.8.8.8 192.168.2.3 19:38:34.838737965 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:34.838895082 CEST 49177 80 192.168.2.3 201.77.231.42 19:38:34.862364054 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:34.862389088 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:34.862396955 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:34.862577915 CEST 49177 80 192.168.2.3 201.77.231.42 19:38:34.862596035 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:34.867757082 CEST 49177 80 192.168.2.3 201.77.231.42 19:38:34.903482914 CEST 53 59843 8.8.8.8 192.168.2.3 19:38:34.903533936 CEST 53 55741 8.8.8.8 192.168.2.3 19:38:35.061992884 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:35.062017918 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:35.062161922 CEST 49177 80 192.168.2.3 201.77.231.42 19:38:35.126418114 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:35.126440048 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:35.126447916 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:35.126575947 CEST 49177 80 192.168.2.3 201.77.231.42 19:38:35.138267994 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:35.138288975 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:35.138295889 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:35.138434887 CEST 49177 80 192.168.2.3 201.77.231.42 19:38:35.138503075 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:35.138556004 CEST 49177 80 192.168.2.3 201.77.231.42 19:38:35.221400976 CEST 49177 80 192.168.2.3 201.77.231.42 19:38:35.298435926 CEST 49177 80 192.168.2.3 201.77.231.42 19:38:35.298449993 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:35.298938990 CEST 49178 80 192.168.2.3 201.77.231.42 19:38:35.298952103 CEST 80 49178 201.77.231.42 192.168.2.3 19:38:35.300009966 CEST 49179 80 192.168.2.3 201.77.231.42 19:38:35.300033092 CEST 80 49179 201.77.231.42 192.168.2.3 19:38:35.300117016 CEST 49179 80 192.168.2.3 201.77.231.42 19:38:35.300425053 CEST 49179 80 192.168.2.3 201.77.231.42 19:38:35.300434113 CEST 80 49179 201.77.231.42 192.168.2.3 19:38:35.306031942 CEST 49180 80 192.168.2.3 201.77.231.42 19:38:35.306051016 CEST 80 49180 201.77.231.42 192.168.2.3 19:38:35.306101084 CEST 49180 80 192.168.2.3 201.77.231.42 19:38:35.306461096 CEST 49180 80 192.168.2.3 201.77.231.42 19:38:35.306471109 CEST 80 49180 201.77.231.42 192.168.2.3 19:38:35.323612928 CEST 52564 53 192.168.2.3 8.8.8.8 19:38:35.323713064 CEST 52396 53 192.168.2.3 8.8.8.8 19:38:35.323795080 CEST 54053 53 192.168.2.3 8.8.8.8 19:38:35.323908091 CEST 51586 53 192.168.2.3 8.8.8.8 19:38:35.324090958 CEST 59843 53 192.168.2.3 8.8.8.8 19:38:35.324177027 CEST 55741 53 192.168.2.3 8.8.8.8 19:38:35.604209900 CEST 53 52564 8.8.8.8 192.168.2.3 19:38:35.604237080 CEST 53 52396 8.8.8.8 192.168.2.3 19:38:35.604253054 CEST 53 54053 8.8.8.8 192.168.2.3 19:38:35.604265928 CEST 53 51586 8.8.8.8 192.168.2.3 19:38:35.604285002 CEST 53 59843 8.8.8.8 192.168.2.3 19:38:35.604300976 CEST 53 55741 8.8.8.8 192.168.2.3 19:38:35.635227919 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:35.635236979 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:35.635241032 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:35.635302067 CEST 49177 80 192.168.2.3 201.77.231.42 19:38:35.685367107 CEST 63510 53 192.168.2.3 8.8.8.8 Copyright Joe Security LLC 2018 Page 19 of 30

Timestamp Source Port Dest Port Source IP Dest IP 19:38:35.691257954 CEST 52884 53 192.168.2.3 8.8.8.8 19:38:35.695498943 CEST 50446 53 192.168.2.3 8.8.8.8 19:38:35.699094057 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:35.699173927 CEST 49177 80 192.168.2.3 201.77.231.42 19:38:35.764676094 CEST 80 49178 201.77.231.42 192.168.2.3 19:38:35.764811039 CEST 49178 80 192.168.2.3 201.77.231.42 19:38:35.867837906 CEST 50955 53 192.168.2.3 8.8.8.8 19:38:35.896975040 CEST 53764 53 192.168.2.3 8.8.8.8 19:38:35.952650070 CEST 53 63510 8.8.8.8 192.168.2.3 19:38:35.982779026 CEST 57719 53 192.168.2.3 8.8.8.8 19:38:35.998274088 CEST 80 49179 201.77.231.42 192.168.2.3 19:38:35.998294115 CEST 80 49180 201.77.231.42 192.168.2.3 19:38:35.998311996 CEST 80 49180 201.77.231.42 192.168.2.3 19:38:35.998392105 CEST 49179 80 192.168.2.3 201.77.231.42 19:38:35.998409986 CEST 49180 80 192.168.2.3 201.77.231.42 19:38:36.052983046 CEST 80 49180 201.77.231.42 192.168.2.3 19:38:36.052993059 CEST 80 49180 201.77.231.42 192.168.2.3 19:38:36.053041935 CEST 49180 80 192.168.2.3 201.77.231.42 19:38:36.091924906 CEST 62790 53 192.168.2.3 8.8.8.8 19:38:36.095299006 CEST 63620 53 192.168.2.3 8.8.8.8 19:38:36.166769981 CEST 53 52884 8.8.8.8 192.168.2.3 19:38:36.166831970 CEST 53 50446 8.8.8.8 192.168.2.3 19:38:36.261178017 CEST 64090 53 192.168.2.3 8.8.8.8 19:38:36.273914099 CEST 57005 53 192.168.2.3 8.8.8.8 19:38:36.352161884 CEST 53 50955 8.8.8.8 192.168.2.3 19:38:36.352200031 CEST 53 53764 8.8.8.8 192.168.2.3 19:38:36.352219105 CEST 53 57719 8.8.8.8 192.168.2.3 19:38:36.402471066 CEST 57136 53 192.168.2.3 8.8.8.8 19:38:36.405425072 CEST 50854 53 192.168.2.3 8.8.8.8 19:38:36.431416035 CEST 49180 80 192.168.2.3 201.77.231.42 19:38:36.431437016 CEST 80 49180 201.77.231.42 192.168.2.3 19:38:36.434139013 CEST 49179 80 192.168.2.3 201.77.231.42 19:38:36.434155941 CEST 80 49179 201.77.231.42 192.168.2.3 19:38:36.456283092 CEST 53 62790 8.8.8.8 192.168.2.3 19:38:36.485321045 CEST 53092 53 192.168.2.3 8.8.8.8 19:38:36.652432919 CEST 53 63620 8.8.8.8 192.168.2.3 19:38:36.652466059 CEST 53 64090 8.8.8.8 192.168.2.3 19:38:36.754326105 CEST 53 57005 8.8.8.8 192.168.2.3 19:38:36.754373074 CEST 53 57136 8.8.8.8 192.168.2.3 19:38:36.754395962 CEST 53 50854 8.8.8.8 192.168.2.3 19:38:36.858319998 CEST 80 49179 201.77.231.42 192.168.2.3 19:38:36.858331919 CEST 80 49180 201.77.231.42 192.168.2.3 19:38:36.858397961 CEST 49179 80 192.168.2.3 201.77.231.42 19:38:36.858413935 CEST 49180 80 192.168.2.3 201.77.231.42 19:38:36.953999043 CEST 53 53092 8.8.8.8 192.168.2.3 19:38:37.007308960 CEST 49180 80 192.168.2.3 201.77.231.42 19:38:37.007324934 CEST 80 49180 201.77.231.42 192.168.2.3 19:38:37.470423937 CEST 80 49180 201.77.231.42 192.168.2.3 19:38:37.470482111 CEST 49180 80 192.168.2.3 201.77.231.42 19:38:48.528183937 CEST 54223 53 192.168.2.3 8.8.8.8 19:38:48.801978111 CEST 53 54223 8.8.8.8 192.168.2.3 19:38:48.835607052 CEST 49189 80 192.168.2.3 201.77.231.42 19:38:48.835639000 CEST 80 49189 201.77.231.42 192.168.2.3 19:38:48.835716963 CEST 49189 80 192.168.2.3 201.77.231.42 19:38:48.835932970 CEST 49189 80 192.168.2.3 201.77.231.42 19:38:48.835947037 CEST 80 49189 201.77.231.42 192.168.2.3 19:38:49.482125044 CEST 80 49189 201.77.231.42 192.168.2.3 19:38:49.482142925 CEST 80 49189 201.77.231.42 192.168.2.3 19:38:49.482151031 CEST 80 49189 201.77.231.42 192.168.2.3 19:38:49.482260942 CEST 49189 80 192.168.2.3 201.77.231.42 19:38:49.482464075 CEST 49189 80 192.168.2.3 201.77.231.42 19:38:49.482522011 CEST 80 49189 201.77.231.42 192.168.2.3 19:38:49.482527971 CEST 49189 80 192.168.2.3 201.77.231.42 19:38:49.482573032 CEST 49189 80 192.168.2.3 201.77.231.42 Copyright Joe Security LLC 2018 Page 20 of 30

Timestamp Source Port Dest Port Source IP Dest IP 19:38:52.611017942 CEST 80 49175 201.77.231.25 192.168.2.3 19:38:52.611164093 CEST 49175 80 192.168.2.3 201.77.231.25 19:38:55.645694971 CEST 80 49177 201.77.231.42 192.168.2.3 19:38:55.645879030 CEST 49177 80 192.168.2.3 201.77.231.42 19:38:55.754637957 CEST 80 49178 201.77.231.42 192.168.2.3 19:38:55.754791021 CEST 49178 80 192.168.2.3 201.77.231.42 19:38:56.842474937 CEST 80 49179 201.77.231.42 192.168.2.3 19:38:56.842609882 CEST 49179 80 192.168.2.3 201.77.231.42 19:38:57.477638006 CEST 80 49180 201.77.231.42 192.168.2.3 19:38:57.477756023 CEST 49180 80 192.168.2.3 201.77.231.42 19:38:59.134936094 CEST 60015 53 192.168.2.3 8.8.8.8 19:38:59.408051968 CEST 53 60015 8.8.8.8 192.168.2.3 19:38:59.830389977 CEST 52745 53 192.168.2.3 8.8.8.8 19:39:00.102761984 CEST 53 52745 8.8.8.8 192.168.2.3 19:39:03.477339983 CEST 54838 53 192.168.2.3 8.8.8.8 19:39:03.745995998 CEST 53 54838 8.8.8.8 192.168.2.3 19:39:03.748214960 CEST 59453 53 192.168.2.3 8.8.8.8 19:39:04.042668104 CEST 53 59453 8.8.8.8 192.168.2.3 19:39:07.035029888 CEST 64102 53 192.168.2.3 8.8.8.8 19:39:07.311455011 CEST 53 64102 8.8.8.8 192.168.2.3 19:39:07.313325882 CEST 54134 53 192.168.2.3 8.8.8.8 19:39:07.589272976 CEST 53 54134 8.8.8.8 192.168.2.3 19:39:23.519826889 CEST 49180 80 192.168.2.3 201.77.231.42 19:39:23.519846916 CEST 80 49180 201.77.231.42 192.168.2.3 19:39:23.520081997 CEST 49179 80 192.168.2.3 201.77.231.42 19:39:23.520092964 CEST 80 49179 201.77.231.42 192.168.2.3 19:39:23.520302057 CEST 49178 80 192.168.2.3 201.77.231.42 19:39:23.520312071 CEST 80 49178 201.77.231.42 192.168.2.3 19:39:23.520519972 CEST 49177 80 192.168.2.3 201.77.231.42 19:39:23.520529032 CEST 80 49177 201.77.231.42 192.168.2.3 19:39:23.520734072 CEST 49175 80 192.168.2.3 201.77.231.25 19:39:23.520744085 CEST 80 49175 201.77.231.25 192.168.2.3 19:39:23.796614885 CEST 61917 53 192.168.2.3 8.8.8.8 19:39:24.062827110 CEST 53 61917 8.8.8.8 192.168.2.3 19:39:27.048301935 CEST 49176 80 192.168.2.3 201.77.231.25 UDP Packets Timestamp Source Port Dest Port Source IP Dest IP 19:38:31.150849104 CEST 63758 53 192.168.2.3 8.8.8.8 19:38:31.377764940 CEST 60052 53 192.168.2.3 8.8.8.8 19:38:31.386749983 CEST 52046 53 192.168.2.3 8.8.8.8 19:38:31.736768961 CEST 53 60052 8.8.8.8 192.168.2.3 19:38:31.933105946 CEST 53 63758 8.8.8.8 192.168.2.3 19:38:31.933152914 CEST 53 52046 8.8.8.8 192.168.2.3 19:38:33.559745073 CEST 59644 53 192.168.2.3 8.8.8.8 19:38:34.021790028 CEST 53 59644 8.8.8.8 192.168.2.3 19:38:34.225182056 CEST 52564 53 192.168.2.3 8.8.8.8 19:38:34.227837086 CEST 52396 53 192.168.2.3 8.8.8.8 19:38:34.231199980 CEST 54053 53 192.168.2.3 8.8.8.8 19:38:34.234184027 CEST 55741 53 192.168.2.3 8.8.8.8 19:38:34.238321066 CEST 59843 53 192.168.2.3 8.8.8.8 19:38:34.242114067 CEST 51586 53 192.168.2.3 8.8.8.8 19:38:34.510087967 CEST 53 52564 8.8.8.8 192.168.2.3 19:38:34.510145903 CEST 53 52396 8.8.8.8 192.168.2.3 19:38:34.510164976 CEST 53 54053 8.8.8.8 192.168.2.3 19:38:34.716169119 CEST 53 51586 8.8.8.8 192.168.2.3 19:38:34.903482914 CEST 53 59843 8.8.8.8 192.168.2.3 19:38:34.903533936 CEST 53 55741 8.8.8.8 192.168.2.3 19:38:35.323612928 CEST 52564 53 192.168.2.3 8.8.8.8 19:38:35.323713064 CEST 52396 53 192.168.2.3 8.8.8.8 19:38:35.323795080 CEST 54053 53 192.168.2.3 8.8.8.8 19:38:35.323908091 CEST 51586 53 192.168.2.3 8.8.8.8 19:38:35.324090958 CEST 59843 53 192.168.2.3 8.8.8.8 Copyright Joe Security LLC 2018 Page 21 of 30

Timestamp Source Port Dest Port Source IP Dest IP 19:38:35.324177027 CEST 55741 53 192.168.2.3 8.8.8.8 19:38:35.604209900 CEST 53 52564 8.8.8.8 192.168.2.3 19:38:35.604237080 CEST 53 52396 8.8.8.8 192.168.2.3 19:38:35.604253054 CEST 53 54053 8.8.8.8 192.168.2.3 19:38:35.604265928 CEST 53 51586 8.8.8.8 192.168.2.3 19:38:35.604285002 CEST 53 59843 8.8.8.8 192.168.2.3 19:38:35.604300976 CEST 53 55741 8.8.8.8 192.168.2.3 19:38:35.685367107 CEST 63510 53 192.168.2.3 8.8.8.8 19:38:35.691257954 CEST 52884 53 192.168.2.3 8.8.8.8 19:38:35.695498943 CEST 50446 53 192.168.2.3 8.8.8.8 19:38:35.867837906 CEST 50955 53 192.168.2.3 8.8.8.8 19:38:35.896975040 CEST 53764 53 192.168.2.3 8.8.8.8 19:38:35.952650070 CEST 53 63510 8.8.8.8 192.168.2.3 19:38:35.982779026 CEST 57719 53 192.168.2.3 8.8.8.8 19:38:36.091924906 CEST 62790 53 192.168.2.3 8.8.8.8 19:38:36.095299006 CEST 63620 53 192.168.2.3 8.8.8.8 19:38:36.166769981 CEST 53 52884 8.8.8.8 192.168.2.3 19:38:36.166831970 CEST 53 50446 8.8.8.8 192.168.2.3 19:38:36.261178017 CEST 64090 53 192.168.2.3 8.8.8.8 19:38:36.273914099 CEST 57005 53 192.168.2.3 8.8.8.8 19:38:36.352161884 CEST 53 50955 8.8.8.8 192.168.2.3 19:38:36.352200031 CEST 53 53764 8.8.8.8 192.168.2.3 19:38:36.352219105 CEST 53 57719 8.8.8.8 192.168.2.3 19:38:36.402471066 CEST 57136 53 192.168.2.3 8.8.8.8 19:38:36.405425072 CEST 50854 53 192.168.2.3 8.8.8.8 19:38:36.456283092 CEST 53 62790 8.8.8.8 192.168.2.3 19:38:36.485321045 CEST 53092 53 192.168.2.3 8.8.8.8 19:38:36.652432919 CEST 53 63620 8.8.8.8 192.168.2.3 19:38:36.652466059 CEST 53 64090 8.8.8.8 192.168.2.3 19:38:36.754326105 CEST 53 57005 8.8.8.8 192.168.2.3 19:38:36.754373074 CEST 53 57136 8.8.8.8 192.168.2.3 19:38:36.754395962 CEST 53 50854 8.8.8.8 192.168.2.3 19:38:36.953999043 CEST 53 53092 8.8.8.8 192.168.2.3 19:38:48.528183937 CEST 54223 53 192.168.2.3 8.8.8.8 19:38:48.801978111 CEST 53 54223 8.8.8.8 192.168.2.3 19:38:59.134936094 CEST 60015 53 192.168.2.3 8.8.8.8 19:38:59.408051968 CEST 53 60015 8.8.8.8 192.168.2.3 19:38:59.830389977 CEST 52745 53 192.168.2.3 8.8.8.8 19:39:00.102761984 CEST 53 52745 8.8.8.8 192.168.2.3 19:39:03.477339983 CEST 54838 53 192.168.2.3 8.8.8.8 19:39:03.745995998 CEST 53 54838 8.8.8.8 192.168.2.3 19:39:03.748214960 CEST 59453 53 192.168.2.3 8.8.8.8 19:39:04.042668104 CEST 53 59453 8.8.8.8 192.168.2.3 19:39:07.035029888 CEST 64102 53 192.168.2.3 8.8.8.8 19:39:07.311455011 CEST 53 64102 8.8.8.8 192.168.2.3 19:39:07.313325882 CEST 54134 53 192.168.2.3 8.8.8.8 19:39:07.589272976 CEST 53 54134 8.8.8.8 192.168.2.3 19:39:23.796614885 CEST 61917 53 192.168.2.3 8.8.8.8 19:39:24.062827110 CEST 53 61917 8.8.8.8 192.168.2.3 DNS Queries Timestamp Source IP Dest IP Trans ID OP Code Name Type Class 19:38:31.150849104 CEST 192.168.2.3 8.8.8.8 0xe85a Standard query (0) jundiai.gi nfes.com.br A (IP address) IN (0x0001) 19:38:33.559745073 CEST 192.168.2.3 8.8.8.8 0x88ca Standard query (0) visualizar.ginfes.com.br A (IP address) IN (0x0001) 19:38:48.528183937 CEST 192.168.2.3 8.8.8.8 0x4a08 Standard query (0) visualizar.ginfes.com.br A (IP address) IN (0x0001) DNS Answers Timestamp Source IP Dest IP Trans ID Replay Code Name CName Address Type Class 8.8.8.8 192.168.2.3 0xe85a No error (0) jundiai.gi 19:38:31.933105946 nfes.com.br CEST 201.77.231.25 A (IP address) IN (0x0001) Copyright Joe Security LLC 2018 Page 22 of 30

Timestamp Source IP Dest IP Trans ID Replay Code Name CName Address Type Class 8.8.8.8 192.168.2.3 0x88ca No error (0) visualizar 19:38:34.021790028.ginfes.com.br CEST 8.8.8.8 192.168.2.3 0x4a08 No error (0) visualizar 19:38:48.801978111.ginfes.com.br CEST 201.77.231.42 A (IP address) IN (0x0001) 201.77.231.42 A (IP address) IN (0x0001) HTTP Request Dependency Graph jundiai.ginfes.com.br visualizar.ginfes.com.br HTTP Packets Session ID Source IP Source Port Destination IP Destination Port Process 0 192.168.2.3 49175 201.77.231.25 80 Timestamp kbytes transferred Direction Data 19:38:31.950815916 CEST 6 OUT GET /birt/frameset/? report=nfs_jundiai.rptdesign&cdverificacao=740537359&numnota=59 HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Accept-Language: en-us User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: jundiai.ginfes.com.br DNT: 1 Connection: Keep-Alive 19:38:32.590359926 CEST 38 IN HTTP/1.1 200 OK Server: Apache-Coyote/1.1 X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1 Set-Cookie: JSESSIONID=A5A2B0E68ADB1B8AFB162BA2414EC98F; Path=/birt/frameset Content-Type: text/html;charset=utf-8 Transfer-Encoding: chunked Content-Encoding: gzip Vary: Accept-Encoding Date: Fri, 11 May 2018 17:38:31 GMT Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 00 0d 0a 31 37 61 0d 0a 35 51 c1 52 db 30 10 3d d7 33 fe 07 55 07 b8 10 2f 9d 84 81 16 8b 0e 38 66 0a 93 d8 1e 10 a5 3d 65 84 ac 24 ca 28 92 2b ad 13 e0 eb 89 b1 7b d2 db b7 b3 da f7 de c6 51 1c a5 5f a7 65 c6 ff 56 39 f9 c5 e7 33 52 3d dd cc ee 32 42 47 00 cf e3 0c 60 ca a7 7d 63 92 9c 7e 23 dc 0b 1b 34 6a 67 85 01 c8 0b 1a 47 84 10 ba 46 6c 7e 00 ec f7 fb 64 3f 4e 9c 5f 01 7f 80 35 6e cd 04 8c 73 41 25 35 d6 f4 2a ee b6 75 ec 01 a5 f3 9c 5f 93 e2 7a 9e 33 fa 50 de 94 fc 91 92 ac 2c 78 5e 70 46 8b f2 ae 98 e6 7f 4e 48 51 de 96 b3 59 f9 dc cd a6 41 7a dd 20 c1 b7 46 31 8a ea 15 61 23 76 a2 67 fb cf e3 c8 38 29 3a 75 84 91 e3 41 d4 4e 87 56 18 fd 2e 7c b2 d2 76 a9 42 22 dd 36 79 f1 e0 55 e3 3c 82 74 36 b4 06 85 2f 1c 8a 9f 8b 45 4f 33 bb 0c 8b 4d 6b 6b 2d f4 91 ac 7f 2b af 97 5a 0a 29 1c 3b 9f 9c 9e 8d cf c7 67 df 8f 6c bb ed 86 d8 01 4a db 6c 2a af 02 8a da 79 66 5b 63 8e 2f e3 e8 cb 41 36 f4 0a 3b 07 6b 25 ea ee dd 2a 14 a4 93 37 52 ff 5a bd 63 34 73 16 95 c5 11 3f 78 a3 44 f6 d5 60 b2 0b ec 92 c8 b5 f0 41 21 7b e2 b7 a3 8b cf 38 50 a3 51 57 f7 8f 15 a9 c4 4a a5 d0 d7 9f 19 c3 ff 45 2f ae 7e 1b a8 01 a6 30 1c e0 03 3e 93 a3 b0 fb 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a17a5qr0=3u/8f=e$(+{q_ev93r=2bg`}c~#4jggfl~d?n_5nsa%5*u_z3p,x^pfnhqyaz F1a#vg8):uANV. vb "6yU<t6/EO3Mkk-+Z);glJl*yf[c/A6;k%*7RZc4s?xD`A!{8PQWJE/~0>0 Session ID Source IP Source Port Destination IP Destination Port Process 1 192.168.2.3 49177 201.77.231.42 80 Timestamp kbytes transferred Direction Data 19:38:34.024185896 CEST 94 OUT GET /report/consultarnota? report=nfs_jundiai&cdverificacao=740537359&numnota=59&cnpjprestador=null HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Referer: http://jundiai.ginfes.com.br/birt/frameset/? report=nfs_jundiai.rptdesign&cdverificacao=740537359&numnota=59 Accept-Language: en-us User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: visualizar.ginfes.com.br DNT: 1 Connection: Keep-Alive 19:38:34.838737965 CEST 98 IN HTTP/1.1 200 OK Server: Apache-Coyote/1.1 X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1 Set-Cookie: JSESSIONID=617CED08707E2EBF7724B1BDAEC38D14; Path=/report Content-Type: text/html;charset=iso-8859-1 Transfer-Encoding: chunked Content-Encoding: gzip Vary: Accept-Encoding Date: Fri, 11 May 2018 17:38:34 GMT Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 00 0d 0a Data Ascii: a Copyright Joe Security LLC 2018 Page 23 of 30

Timestamp kbytes transferred Direction Data 19:38:35.298435926 CEST 113 OUT GET /report/imagens/logo.gif HTTP/1.1 Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5 Referer: http://visualizar.ginfes.com.br/report/consultarnota? report=nfs_jundiai&cdverificacao=740537359&num Nota=59&cnpjPrestador=null Accept-Language: en-us User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: visualizar.ginfes.com.br DNT: 1 Connection: Keep-Alive Cookie: JSESSIONID=617CED08707E2EBF7724B1BDAEC38D14 19:38:35.635227919 CEST 117 IN HTTP/1.1 200 OK Server: Apache-Coyote/1.1 X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1 Accept-Ranges: bytes ETag: W/"4729-1516300000000" Last-Modified: Thu, 18 Jan 2018 18:26:40 GMT Content-Type: image/gif Transfer-Encoding: chunked Content-Encoding: gzip Vary: Accept-Encoding Date: Fri, 11 May 2018 17:38:34 GMT Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 00 0d 0a 32 30 30 0d 0a ed d3 fb 3f d3 8f 02 c7 f1 cf 67 1b e6 7e ab 6d 66 d6 92 10 92 d0 37 09 0d c9 88 48 25 b7 98 5b 73 89 48 d1 46 6c 24 73 cb 90 08 5f 33 86 59 ee d7 35 77 e5 12 25 21 d7 2e be 28 5a 25 49 09 9d 76 ce f9 2f ce 0f e7 f9 c3 eb 0f 78 3f 1e 6f 6b 9b 53 46 c7 bc 6b 01 3f 60 13 00 46 c7 c6 2c 0a 1e a7 b2 38 42 a1 d0 ec 7a 13 d4 c6 fb fd 87 0f 87 c2 8b 61 96 2e d0 53 97 60 27 dd 60 16 17 77 3b 93 cd ae c6 79 26 66 29 9d 0f 84 5a 7b f5 f6 f5 c3 ac dc b1 ee 89 35 ad 7c 35 62 86 16 f1 9a ac bd af 6a 48 aa b8 0d 71 f2 9f f7 b3 73 73 32 8e c1 3f 7f fe 54 f2 8e f9 b2 ba 0a fc df ff fd 0f d3 f9 6f fe fb 05 00 2e 04 40 80 8e 67 40 44 40 11 05 2d 8f c1 3a d6 e3 24 b9 7d b6 85 84 fa 92 be 54 94 92 ad 1c 91 81 33 a7 41 24 b1 cf 18 f5 ec a7 d9 9a e7 b8 f7 06 33 e3 ad 19 50 2b 55 0f 9b c6 f2 e7 05 9a 06 4d 31 e2 63 a5 e6 a0 5a b8 84 8a ed f9 95 11 b8 9e 25 a2 d0 b5 a9 72 bc 62 f7 8d c8 df f0 73 97 1d 39 2e 8d 3e ef 07 1b 05 4e d5 c4 c7 32 39 82 ac a0 17 f0 13 b5 29 97 86 27 d5 2e 36 92 5e ea 87 9c 6e ad 39 d9 10 96 53 de 3c 9c eb 23 2a 83 c0 34 19 12 78 55 03 8f 09 d9 90 00 fc b7 10 9f da 6b 3b b6 77 a7 a9 fb 00 e9 3d fa c1 23 af 59 8d cb 2f a0 16 a9 d8 79 a2 ea db 01 d2 a6 9b 9f 23 eb 46 22 b4 5a a9 78 69 9e 1f 19 32 73 e0 58 18 b1 bb a0 07 f6 4e 31 de 21 2c 7d c7 5b 54 4c de 2c cd 73 a4 9d 1c 21 26 a7 6e ec fc 39 a2 e6 a4 a8 18 3c e0 5d e7 bf f0 e1 69 52 bc 54 e1 94 27 cb 4f 74 52 ac 21 c3 cb 01 eb 03 05 54 0a 87 99 27 f8 1b 6f 3e 4e bc e7 26 ba d0 3a 7e ad 2b 25 2e ef 01 81 9a c9 77 54 28 82 37 2a 02 79 62 fd 2e 61 dd 5c e3 cd 79 0d 0a 32 30 30 0d 0a 5c 48 f1 79 3f 45 15 7a 71 a4 22 8c 5e 1c 3f 55 d9 ca 8a c3 59 74 03 22 72 e5 2b 85 b7 e4 6d 5e e5 24 52 c0 1b 6f e8 af c3 81 b7 49 bb 5e 9e da 77 57 d2 54 8e 96 82 d7 d5 d8 7b da ff 02 dc d7 4e cc 9f e7 1b 8d 14 27 2c 9c 54 d4 79 ea 6b 81 29 46 2d e5 b0 1f dc d9 03 58 eb 36 7b 59 3a 05 91 16 83 ce 99 ed f2 cf 73 d0 5a a2 a6 00 18 b5 e9 02 48 f7 01 52 e1 75 8a 9c 4a e6 e5 90 d1 fd e6 10 fc fc 32 93 ba 9d 7c 59 84 86 40 73 b2 3f e7 90 38 4c 52 c9 83 00 30 f6 1a 00 dc 96 37 9a ef b1 49 45 08 16 7c 29 e5 a2 e7 cb e3 4b 9e 82 9c a4 05 9e a6 98 77 2f c2 e3 6a d5 19 62 29 53 1a 2f 24 d0 ae b0 27 83 b4 61 90 76 1e 09 76 2b 4b a0 c9 6a 55 e5 17 95 dc 09 e2 79 8b 48 85 e1 c7 98 52 22 6e 54 40 d6 49 4f 50 3d a1 cb af cc 2c ba 3c af 9d 2f d6 ee f6 b0 6e 51 5e 59 93 bb cf 79 3e a4 f9 c4 48 85 39 f4 55 4b 70 40 cd f9 8f 33 81 76 ed 93 02 4d 5a 4f be 5b 40 29 74 4c a0 2b 86 1e 9d 7a d8 06 b3 0c 3b 98 bb de cf 39 c8 d9 8c 0c d6 e6 09 cd 05 55 f4 3f 87 1d f5 60 b2 9a 1a 5e 62 65 97 ec f4 da 93 9f 4a 96 5a 43 49 94 43 a0 a2 49 d5 a1 62 8c a3 49 d5 80 d2 c3 e1 9a 81 2f 58 9d 86 de 39 63 81 5e a5 5c 84 c6 2a d3 74 0a de d8 3f 12 48 04 9f af c6 eb 8c 3e df b8 df be f2 54 33 ae 6d 9d f9 bb 26 0a 78 7e 78 78 b3 e7 19 e1 5d 50 44 ef de f4 7b 8d 23 92 24 f4 f5 e8 44 74 9b e7 90 a5 e4 eb 1b cd b6 fb 4c 0e 3d fd 69 11 72 98 43 52 d4 3c 5c 1c 94 21 8c da ec 53 82 55 ad be bc 3a 25 28 c9 fc de bf 7 1 e0 b1 e3 1e c7 16 16 59 f8 99 f4 6e c1 fe 53 7d ce f7 83 ce 37 ab d7 54 cd a2 3a 7c df ed 1c 5d 3a 67 bd bc 7e f3 be 57 fb 87 84 3d f0 b0 9e 0d 0a 32 30 30 0d 0a 0f 93 91 9d 86 e3 31 66 a1 2b 77 2a 32 a2 9a 67 ca 90 8c b6 51 17 65 86 0f 2c ad c7 93 f3 59 35 ee 8c f9 1b 71 27 dd b7 2b 65 ea bc 4d 66 d7 d5 dc ed be d1 f2 e9 6d 68 bf b0 f2 5c fb 53 ed fd 54 18 ab f6 ef a3 Data Ascii: a200?g~mf7h%[shfl$s_3y5w%!.(z%iv/x?oksfk?`f,8bza.s`'`w;y&f)z{5 5bjHqss2?To.@g@D@-:$}T3A$ 3P+UM1cZ%rbs9.>N29)'.6^n9S<#*4xUk;w=#Y/y#F"Zxi2sXN1!,}[TL,s!&n9<]iRT'OtR!T'o>N&:~+%.wT(7*yb.a\y200\Hy? Ezq"^?UYt"r+m^$RoI^wWT{N',Tyk)F-X6{Y:sZHRuJ2 Y@s?8LR07IE )Kw/jb)S/$'avv+KjUyHR"nT@IOP=,</nQ^Yy>H9U Kp@3vMZO[@)tL+z;9U?`^beJZCICIbI/X9c^\*t?H>T3m&x~xx]PD{#$DtL=irCR<\!SU:%(qYnS}7T: ]:g~w=2001f+w*2gqe, Y5q'+eMfmh\ST Session ID Source IP Source Port Destination IP Destination Port Process 2 192.168.2.3 49178 201.77.231.42 80 Timestamp kbytes transferred Direction Data 19:38:35.298938990 CEST 113 OUT GET /report/imagens/pdf.jpg HTTP/1.1 Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5 Referer: http://visualizar.ginfes.com.br/report/consultarnota? report=nfs_jundiai&cdverificacao=740537359&num Nota=59&cnpjPrestador=null Accept-Language: en-us User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: visualizar.ginfes.com.br DNT: 1 Connection: Keep-Alive Cookie: JSESSIONID=617CED08707E2EBF7724B1BDAEC38D14 Copyright Joe Security LLC 2018 Page 24 of 30

Timestamp kbytes transferred Direction Data 19:38:35.764676094 CEST 122 IN HTTP/1.1 200 OK Server: Apache-Coyote/1.1 X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1 Accept-Ranges: bytes ETag: W/"824-1516300000000" Last-Modified: Thu, 18 Jan 2018 18:26:40 GMT Content-Type: image/jpeg Transfer-Encoding: chunked Content-Encoding: gzip Vary: Accept-Encoding Date: Fri, 11 May 2018 17:38:34 GMT Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 00 0d 0a 32 30 30 0d 0a fb 7f e3 ff 03 06 01 2f 37 4f 37 06 46 46 06 06 46 20 64 f8 7f 9b a1 85 81 93 8d 8d 83 8d 95 93 83 9d 8b 8b 93 93 8b 57 8c 8f 97 87 87 57 4a 58 44 40 4c 5e 46 51 41 5e 46 4e 4e 59 dd 48 4b 59 55 5f 55 4e 4e db 5a 47 df d8 d4 c2 c2 42 51 cb d6 d1 c6 cc d1 c8 dc c2 94 91 93 8b 8b 97 9b 57 92 8f 4f d2 54 45 4e c5 14 1b 30 d1 43 b0 35 51 65 4c 4d ff 1f 60 10 e4 60 50 66 50 66 66 54 62 60 12 64 64 16 64 fc 7f 84 41 8a 81 81 89 19 e4 52 04 60 61 65 63 67 66 02 ca 19 0a 30 30 32 33 33 33 b2 b2 72 42 a5 18 99 98 59 18 58 05 d9 14 0d 85 84 1d 03 8b 37 2a 19 99 26 36 b2 8b 88 8a 85 16 4d 9c f4 10 a8 45 92 11 64 1c 03 8a 71 4c cc ac 20 9b 94 04 19 98 80 c6 b1 22 c9 02 8d 13 54 64 59 f8 41 48 c9 31 f1 a1 f0 ff 5b 0c 3c 40 bd 4c 82 cc 82 0c f6 0c 97 df cd 7a c4 ba ea d5 1b f6 99 d3 1e af 15 69 8a f6 e2 b0 64 e8 49 75 f8 fe 23 68 d3 d7 07 3d cb 43 56 e7 5e dd 76 cb 21 e8 d4 a3 f4 e5 96 77 7e 27 33 ff 5d 55 b6 f5 72 d4 a2 b0 7d 33 ad ae e7 17 f9 b8 ea 2e 35 5b f0 4a 48 b4 ed 02 bf 16 fb 84 ec 2b ed a5 4b 9a 0b 73 7f 0b 77 17 7e d5 cc e1 df b3 49 e8 50 d8 74 c1 4b 0e 37 ab 75 e3 24 95 d5 a6 14 af 2c ef ed fd f1 72 4b fc 1c d5 2b eb 2e ed 2f dd dc bf e4 e9 e9 b7 71 b6 2b cf 9d 4b d1 6e e6 2b f9 ca 62 2b a0 30 f1 f1 ee 39 a1 a7 ae 16 bb 9e 53 92 f5 df b4 88 cf cd f0 e0 c1 e3 d7 36 dc f5 5f be 35 f5 d7 bf d7 ef 22 af 1c 9e b4 6b ca 6d cf 68 6b 95 64 4b 85 9e df 87 8b 77 9e cd 8e 6f 8f 51 b2 99 c8 f9 85 8d e9 d4 61 af 9c 14 e1 9d 87 76 fe 2b b2 0b 4d d5 f4 f3 fd ca 95 fd e2 e5 4b b7 d9 8b 3e 5d 2b ae ab d4 d9 12 ae d1 b7 f2 47 ce 0d 0a 31 30 62 0d 0a ae 05 4c 73 72 b5 14 0a 27 69 ac 3e b3 79 ad 76 cf 9d 79 9f 66 7f 8d 35 0d fc d4 32 e9 cf 44 ee cd 6f 4f eb 96 7c 6b 67 be 17 57 dd 5f 56 bd 73 c1 ab f0 32 e5 f7 42 3e d1 4b 2a 35 b8 82 14 15 bd 26 05 9f c8 ad 90 38 5e 79 e2 d5 81 fb 37 3e 2a eb 1f db 79 70 56 90 b2 67 df c7 70 46 3e 26 ff 4b ab a6 ab bc 92 4e fd e8 b5 fd 90 b0 75 c8 02 bd c0 54 55 d7 9a 15 cd 27 58 44 16 a4 27 08 7f 52 eb 4e b9 eb ae f4 6b aa cf 16 93 cb 79 9e fe 21 13 2e 3a 4d b8 c7 f0 44 66 ce 83 b9 9f fb f8 8e 24 71 7a 7d 97 9c f3 d2 62 c5 73 b9 ca f7 49 2f f3 7e a4 c4 ab ca 3 5 75 e9 de e7 e9 7e b2 f8 42 60 b0 a8 c4 12 bd 30 ed dc 87 1e a1 c7 b4 83 bc 93 39 df b2 15 ba 8a 30 4c 7f d2 6b fd 2b 27 fe b5 c3 45 a9 0a 99 ee 9c 80 fa 5c 91 00 96 4b 02 d3 6e 7b 09 18 4c e9 61 7c a0 b1 a8 8b e1 ff 4d 00 c3 17 74 81 38 03 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a200/7o7fff dwwjxd@l^fqa^fnnyhkyu_unnzgbqwoten0c5qelm``pfpfftb`dddar`aecgf0023 33rBYX7*&6MEdqL "TdYAH1[<@LzidIu#h=CV^v!w~'3]Ur}3.5[JH+Ksw~IPtK7u$,rK+./q+Kn+b+09S6_5"kmhkdKwoQav+MK >]+G10bLsr'i>yvyf52DoO kgw_vs2b>k*5&8^y7>*ypvgpf>&knutu'xd'rnky!.:mdf$qz}bsi/~5u~b`090lk+'e\kn{la Mt80 Session ID Source IP Source Port Destination IP Destination Port Process 3 192.168.2.3 49179 201.77.231.42 80 Timestamp kbytes transferred Direction Data 19:38:35.300425053 CEST 114 OUT GET /report/css/estilo.css HTTP/1.1 Accept: text/css, */* Referer: http://visualizar.ginfes.com.br/report/consultarnota? report=nfs_jundiai&cdverificacao=740537359&num Nota=59&cnpjPrestador=null Accept-Language: en-us User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: visualizar.ginfes.com.br DNT: 1 Connection: Keep-Alive Cookie: JSESSIONID=617CED08707E2EBF7724B1BDAEC38D14 19:38:35.998274088 CEST 123 IN HTTP/1.1 200 OK Server: Apache-Coyote/1.1 X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1 Accept-Ranges: bytes ETag: W/"630-1516300000000" Last-Modified: Thu, 18 Jan 2018 18:26:40 GMT Content-Type: text/css Transfer-Encoding: chunked Content-Encoding: gzip Vary: Accept-Encoding Date: Fri, 11 May 2018 17:38:35 GMT Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 00 0d 0a 31 31 34 0d 0a 9d 91 41 4b c4 30 10 85 ef 85 fe 87 b0 5e b6 d0 76 db 2e c8 92 9e 7a 51 3c 78 12 cf 92 b6 69 3a 98 26 65 92 a2 ab f8 df 4d b6 bb 50 c5 5d d4 40 0e 33 bc 3c de f7 92 36 1a 47 fd 1e 06 35 6b 9e 05 ea 49 b5 74 42 b9 4e d3 0d 0c 4c 70 65 36 0d ab 9f b2 3c 15 d0 45 04 f9 c8 99 4d 5e cb 30 e8 39 88 de 52 92 67 d9 e8 e7 8f 30 08 83 b4 d6 96 79 bb 17 68 6d 4f 49 b1 1d 97 da 62 e7 46 e2 ce 49 6e c1 4e d2 eb 3b ad 6c d2 b1 01 e4 9e 92 0a 81 49 f2 a8 a0 d1 2d 27 f7 0f f1 61 11 1b a6 4c 62 38 42 e7 2c 9b 09 8d 46 4a 46 0d ca 72 f4 1b 2d fd e2 2a 73 a7 aa ca a3 a7 81 37 ee 42 e6 8b 8c 52 8b af c4 c9 01 95 12 0f be 5a 90 7b a1 e7 5e 45 67 79 51 b7 6c e4 17 fb 73 12 df df ed dd cd 8f fd 5d cf 76 7f 2f 60 c6 15 c8 f6 17 58 07 97 c0 c5 18 fe 55 f1 6f 0b 1d 38 7c 2b 74 7e 8a a2 5e 17 db 5d 7c bc 51 79 fa f7 4f 5a 74 62 b2 76 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a114ak0^v.zq<xi:&emp]@3<6g5kitbnlpe6<em^09rg0yhmoibfinn;li-'alb8b,fjfr-*s7brz{^egyqls]v/ `XUo8 +t~^] QyOZtbv0 Copyright Joe Security LLC 2018 Page 25 of 30

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback