Play interactive tour

Edit tour

Analysis Report http://rwiqipwvnklaqkuu.ltiliqhting.com/asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=

Overview

General Information

Sample URL:	http://rwiqipwvnklaqkuu.ltiliqhting.com/asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=
Analysis ID:	321258
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish_10

HTML body contains low number of good links

HTML title does not match URL

Invalid T&C link found

Classification

Startup

System is w10x64

iexplore.exe (PID: 5900 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 5268 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5900 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\myp0dplr1edpvg99v613ua80[1].htm	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: http://rwiqipwvnklaqkuu.ltiliqhting.com/asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=	SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
Source: http://rwiqipwvnklaqkuu.ltiliqhting.com/asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=	UrlScan: detection malicious, Label: phishing brand: onedrive			Perma Link

Antivirus detection for URL or domain

Show sources

Source: https://daabaaru.com/fax/document/myp0dplr1edpvg99v613ua80.php?MTYwNTg5MTYwMDZkMDZjNTRlMTMzYjlkYjc1ZjYxZDhiY2U4OTBlZWU4OTcyNmFkYTEwMDA5MmRjMDdjYWM1YmYzN2UwMTdkM2M5ZGEwOTllYw==&data=SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Phishing site detected (based on favicon image match)

Show sources

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish_10

Show sources

Source: Yara match

File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\myp0dplr1edpvg99v613ua80[1].htm, type: DROPPED

Source: https://daabaaru.com/fax/document/myp0dplr1edpvg99v613ua80.php?MTYwNTg5MTYwMDZkMDZjNTRlMTMzYjlkYjc1ZjYxZDhiY2U4OTBlZWU4OTcyNmFkYTEwMDA5MmRjMDdjYWM1YmYzN2UwMTdkM2M5ZGEwOTllYw==&data=SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=	HTTP Parser: Number of links: 0
Source: https://daabaaru.com/fax/document/myp0dplr1edpvg99v613ua80.php?MTYwNTg5MTYwMDZkMDZjNTRlMTMzYjlkYjc1ZjYxZDhiY2U4OTBlZWU4OTcyNmFkYTEwMDA5MmRjMDdjYWM1YmYzN2UwMTdkM2M5ZGEwOTllYw==&data=SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=	HTTP Parser: Number of links: 0

Source: https://daabaaru.com/fax/document/myp0dplr1edpvg99v613ua80.php?MTYwNTg5MTYwMDZkMDZjNTRlMTMzYjlkYjc1ZjYxZDhiY2U4OTBlZWU4OTcyNmFkYTEwMDA5MmRjMDdjYWM1YmYzN2UwMTdkM2M5ZGEwOTllYw==&data=SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://daabaaru.com/fax/document/myp0dplr1edpvg99v613ua80.php?MTYwNTg5MTYwMDZkMDZjNTRlMTMzYjlkYjc1ZjYxZDhiY2U4OTBlZWU4OTcyNmFkYTEwMDA5MmRjMDdjYWM1YmYzN2UwMTdkM2M5ZGEwOTllYw==&data=SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=	HTTP Parser: Title: Sign in to your account does not match URL

Source: https://daabaaru.com/fax/document/myp0dplr1edpvg99v613ua80.php?MTYwNTg5MTYwMDZkMDZjNTRlMTMzYjlkYjc1ZjYxZDhiY2U4OTBlZWU4OTcyNmFkYTEwMDA5MmRjMDdjYWM1YmYzN2UwMTdkM2M5ZGEwOTllYw==&data=SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=	HTTP Parser: Invalid link: Terms of use
Source: https://daabaaru.com/fax/document/myp0dplr1edpvg99v613ua80.php?MTYwNTg5MTYwMDZkMDZjNTRlMTMzYjlkYjc1ZjYxZDhiY2U4OTBlZWU4OTcyNmFkYTEwMDA5MmRjMDdjYWM1YmYzN2UwMTdkM2M5ZGEwOTllYw==&data=SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=	HTTP Parser: Invalid link: Terms of use

Source: https://daabaaru.com/fax/document/myp0dplr1edpvg99v613ua80.php?MTYwNTg5MTYwMDZkMDZjNTRlMTMzYjlkYjc1ZjYxZDhiY2U4OTBlZWU4OTcyNmFkYTEwMDA5MmRjMDdjYWM1YmYzN2UwMTdkM2M5ZGEwOTllYw==&data=SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=	HTTP Parser: No <meta name="author".. found
Source: https://daabaaru.com/fax/document/myp0dplr1edpvg99v613ua80.php?MTYwNTg5MTYwMDZkMDZjNTRlMTMzYjlkYjc1ZjYxZDhiY2U4OTBlZWU4OTcyNmFkYTEwMDA5MmRjMDdjYWM1YmYzN2UwMTdkM2M5ZGEwOTllYw==&data=SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=	HTTP Parser: No <meta name="author".. found

Source: https://daabaaru.com/fax/document/myp0dplr1edpvg99v613ua80.php?MTYwNTg5MTYwMDZkMDZjNTRlMTMzYjlkYjc1ZjYxZDhiY2U4OTBlZWU4OTcyNmFkYTEwMDA5MmRjMDdjYWM1YmYzN2UwMTdkM2M5ZGEwOTllYw==&data=SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=	HTTP Parser: No <meta name="copyright".. found
Source: https://daabaaru.com/fax/document/myp0dplr1edpvg99v613ua80.php?MTYwNTg5MTYwMDZkMDZjNTRlMTMzYjlkYjc1ZjYxZDhiY2U4OTBlZWU4OTcyNmFkYTEwMDA5MmRjMDdjYWM1YmYzN2UwMTdkM2M5ZGEwOTllYw==&data=SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=	HTTP Parser: No <meta name="copyright".. found

Source: global traffic

HTTP traffic detected: GET /asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20= HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: rwiqipwvnklaqkuu.ltiliqhting.comConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: rwiqipwvnklaqkuu.ltiliqhting.com

Source: ~DF8164221878F877A2.TMP.1.dr	String found in binary or memory: http://rwiqipwvnklaqkuu.ltiliqhting.com/asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=
Source: {3E7062E8-2B9D-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: http://rwiqipwvnklaqkuu.ltiliqhting.com/asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=Root
Source: myp0dplr1edpvg99v613ua80[1].htm.2.dr	String found in binary or memory: https://aadcdn.msauthimages.net/c1c6b6c8-io4-zs4fy-s8uub0c-ziiztiuzc8njr-nhcgotapjss/logintenantbran
Source: SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=[1].htm.2.dr	String found in binary or memory: https://daabaaru.com/fax/document/?Jacqueline.Schrader
Source: imagestore.dat.2.dr	String found in binary or memory: https://daabaaru.com/fax/document/lib/img/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://daabaaru.com/fax/document/lib/img/favicon.ico~
Source: imagestore.dat.2.dr	String found in binary or memory: https://daabaaru.com/fax/document/lib/img/favicon.ico~(
Source: ~DF8164221878F877A2.TMP.1.dr	String found in binary or memory: https://daabaaru.com/fax/document/myp0dplr1edpvg99v613ua80.php?MTYwNTg5MTYwMDZkMDZjNTRlMTMzYjlkYjc1Z
Source: {3E7062E8-2B9D-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://daabaaru.com/fu.ltiliqhting.com/asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=ax/document

Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724

Source: classification engine

Classification label: mal72.phis.win@3/15@4/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFCA8D72B327600857.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5900 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5900 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol2	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer1	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://rwiqipwvnklaqkuu.ltiliqhting.com/asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=	0%	Avira URL Cloud	safe
http://rwiqipwvnklaqkuu.ltiliqhting.com/asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering
http://rwiqipwvnklaqkuu.ltiliqhting.com/asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=	100%	UrlScan	phishing brand: onedrive	Browse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://daabaaru.com/fax/document/myp0dplr1edpvg99v613ua80.php?MTYwNTg5MTYwMDZkMDZjNTRlMTMzYjlkYjc1ZjYxZDhiY2U4OTBlZWU4OTcyNmFkYTEwMDA5MmRjMDdjYWM1YmYzN2UwMTdkM2M5ZGEwOTllYw==&data=SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering
https://daabaaru.com/fax/document/?Jacqueline.Schrader	0%	Avira URL Cloud	safe
https://daabaaru.com/fu.ltiliqhting.com/asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=ax/document	0%	Avira URL Cloud	safe
https://daabaaru.com/fax/document/lib/img/favicon.ico~	0%	Avira URL Cloud	safe
https://daabaaru.com/fax/document/lib/img/favicon.ico	0%	Avira URL Cloud	safe
https://daabaaru.com/fax/document/myp0dplr1edpvg99v613ua80.php?MTYwNTg5MTYwMDZkMDZjNTRlMTMzYjlkYjc1Z	0%	Avira URL Cloud	safe
http://rwiqipwvnklaqkuu.ltiliqhting.com/asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=Root	0%	Avira URL Cloud	safe
https://aadcdn.msauthimages.net/c1c6b6c8-io4-zs4fy-s8uub0c-ziiztiuzc8njr-nhcgotapjss/logintenantbran	0%	Avira URL Cloud	safe
https://daabaaru.com/fax/document/lib/img/favicon.ico~(	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
daabaaru.com	198.54.120.245	true	false	unknown
cs1025.wpc.upsiloncdn.net	152.199.23.72	true	false	unknown
rwiqipwvnklaqkuu.ltiliqhting.com	168.62.48.44	true	false	unknown
aadcdn.msauthimages.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://daabaaru.com/fax/document/myp0dplr1edpvg99v613ua80.php?MTYwNTg5MTYwMDZkMDZjNTRlMTMzYjlkYjc1ZjYxZDhiY2U4OTBlZWU4OTcyNmFkYTEwMDA5MmRjMDdjYWM1YmYzN2UwMTdkM2M5ZGEwOTllYw==&data=SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
http://rwiqipwvnklaqkuu.ltiliqhting.com/asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://daabaaru.com/fax/document/?Jacqueline.Schrader	SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://daabaaru.com/fu.ltiliqhting.com/asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=ax/document	{3E7062E8-2B9D-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://daabaaru.com/fax/document/lib/img/favicon.ico~	imagestore.dat.2.dr	false	Avira URL Cloud: safe	unknown
https://daabaaru.com/fax/document/lib/img/favicon.ico	imagestore.dat.2.dr	false	Avira URL Cloud: safe	unknown
https://daabaaru.com/fax/document/myp0dplr1edpvg99v613ua80.php?MTYwNTg5MTYwMDZkMDZjNTRlMTMzYjlkYjc1Z	~DF8164221878F877A2.TMP.1.dr	false	Avira URL Cloud: safe	unknown
http://rwiqipwvnklaqkuu.ltiliqhting.com/asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=Root	{3E7062E8-2B9D-11EB-90E4-ECF4BB862DED}.dat.1.dr	true	Avira URL Cloud: safe	unknown
https://aadcdn.msauthimages.net/c1c6b6c8-io4-zs4fy-s8uub0c-ziiztiuzc8njr-nhcgotapjss/logintenantbran	myp0dplr1edpvg99v613ua80[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://daabaaru.com/fax/document/lib/img/favicon.ico~(	imagestore.dat.2.dr	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
198.54.120.245	unknown	United States	22612	NAMECHEAP-NETUS	false
168.62.48.44	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
152.199.23.72	unknown	United States	15133	EDGECASTUS	false

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	321258
Start date:	20.11.2020
Start time:	17:59:07
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 2m 33s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://rwiqipwvnklaqkuu.ltiliqhting.com/asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.phis.win@3/15@4/3
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, ielowutil.exe, backgroundTaskHost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 52.255.188.83, 52.147.198.201, 104.108.39.131, 13.88.21.125, 51.104.144.132 Excluded domains from analysis (whitelisted): skypedataprdcoleus16.cloudapp.net, e11290.dspg.akamaiedge.net, umwatsonrouting.trafficmanager.net, skypedataprdcoleus17.cloudapp.net, go.microsoft.com, arc.msn.com.nsatc.net, go.microsoft.com.edgekey.net, aadcdn.azureedge.net, aadcdn.ec.azureedge.net, watson.telemetry.microsoft.com, skypedataprdcolwus15.cloudapp.net, arc.msn.com VT rate limit hit for: http://rwiqipwvnklaqkuu.ltiliqhting.com/asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3E7062E6-2B9D-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.853347491182756
Encrypted:	false
SSDEEP:	48:IwEGcpr5GwpLpG/ap8crGIpcA+FGvnZpvA+aaGoUqp9A+GGo4hpmA+V+GWK69A+4:rYZzZN2c9WnitnpfnhhMnunHn+fnwcX
MD5:	8C385A7F0C20F227C678AB6847FA19BA
SHA1:	E89EB09F0A7D25E7D5A623A18C94EF52B55D5474
SHA-256:	ECF0AB41E50A631C494B9701391CA92C9103D97E0B703C54A48A836B3193B8E3
SHA-512:	97633F9891AF69FCA1065EC227ED504DEFCD2F8301F1916AAF039C2155F8682E5B0EC99469704A8DEF5DC5A33A870AFCA4798D20AAA880FE119F1CCAB9B0BB5A
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3E7062E8-2B9D-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	32586
Entropy (8bit):	2.141982914905027
Encrypted:	false
SSDEEP:	192:rxZyQ/6lkjFjq2RkWTMqY7PntBlWV+4WP0WSWsWGVPWgrdg:r3fyujhJtQqOPtBgY/P79DGVOgi
MD5:	46A4404CCF5BB77DE7A9651E3E82F941
SHA1:	5B30271E69E3E96514121FEFC0272C8E851A09E3
SHA-256:	10DED2E730196A164E2F7EDEF3B558B4179C46055E3DCD191750C1DE91B7FB32
SHA-512:	06B1ED848F8793D87D9AEC4FC504E53A1B55E97C63E3EE171240D8B764253B7EB4429C35B1E4C6A800AE9618040FB56E82C394ADEF0D56EFD7BEAD236A465981
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{482E3D4B-2B9D-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5652358969639593
Encrypted:	false
SSDEEP:	48:IwTGcprqGwpaXG4pQvGrapbShrGQpKrG7HpRmsTGIpG:rpZyQZ6zBShFAqTm4A
MD5:	7B4B94BC2E2AAF99521F1FB308215B1D
SHA1:	3C734697EC7ADC79450880EA9D1489E84BE02F43
SHA-256:	45558A2194290D900C26B5DEDFB449F1FF4BCB0C883A08F53BE876ADE2685DA7
SHA-512:	C606839C1CEBBD654158D9CE1B4F9ECF84ECB9E3A7A436A917170A7C57154BD5ABABA223A532964EA3A0EEE3E309DE01423B0F9D55534F7BEC02D3EF72764228
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	modified
Size (bytes):	18068
Entropy (8bit):	3.068703669669726
Encrypted:	false
SSDEEP:	48:+xpJE/nxpJE/6xpJE/CxpJE/tgyyyyyyyyyyyyyrxpJE/DuxpJE/GQQQQQV:CQQQQQV
MD5:	8001591BD989750FB6F2330E80BA0D86
SHA1:	23FE47255924724370847F3E7774AF4A23001EF4
SHA-256:	4178AF3623ADC4F6AC78430A697834548A86D1228927066C25A4218943BF1024
SHA-512:	7C249784A152EDCD4C6677F32216A194CE431BF095D1B4CA3A2E33EA67F132F75E9065D0F34B6FCBE52F5B90A0D0FBD1F44AF0ADA1CDE2B53D2E8DCBDDAC4231
Malicious:	false
Reputation:	low
Preview:	5.h.t.t.p.s.:././.d.a.a.b.a.a.r.u...c.o.m./.f.a.x./.d.o.c.u.m.e.n.t./.l.i.b./.i.m.g./.f.a.v.i.c.o.n...i.c.o.~(................h(......(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\arrow[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	513
Entropy (8bit):	4.720499940334011
Encrypted:	false
SSDEEP:	12:t4BdU/uRqv6DLfBHKFWJCDLfBSU1pRXIFl+MJ4bADc:t4TU/uRff0EcfIU1XXU+t2c
MD5:	A9CC2824EF3517B6C4160DCF8FF7D410
SHA1:	8DB9AEBAD84CA6E4225BFDD2458FF3821CC4F064
SHA-256:	34F9DB946E89F031A80DFCA7B16B2B686469C9886441261AE70A44DA1DFA2D58
SHA-512:	AA3DDAB0A1CFF9533F9A668ABA4FB5E3D75ED9F8AFF8A1CAA4C29F9126D85FF4529E82712C0119D2E81035D1CE1CC491FF9473384D211317D4D00E0E234AD97F
Malicious:	false
Reputation:	low
IE Cache URL:	https://daabaaru.com/fax/document/lib/img/arrow.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>assets</title><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.578H18v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944m0-.141-.071.07L5.929,11.929,5.858,12l.071.071,4.944,4.944.071.07.071-.07.594-.595.071-.07-.071-.071L7.858,12.522H18.1V11.478H7.858l3.751-3.757.071-.071-.071-.07-.594-.595-.071-.07Z" fill="#404040"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\login[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	101788
Entropy (8bit):	5.304944776832708
Encrypted:	false
SSDEEP:	1536:QpHDglbuhw+ExmazA/PWrF7qvEAFiQcpmNtuhPyJRD:l74wyJZ
MD5:	4DB4A299AE7E73B3CB53351867416D0C
SHA1:	36C0DFF7A6742EAD3229E476F05C559069C3080F
SHA-256:	10C50B88EBF99FDF813A4CCE86BA218A6E2EA3D266146520529F1E1BDDC5EBD3
SHA-512:	8EB086FC241C314DDD4B15AC6F34DBD61B838E2D7C2B535A02AF2A83A92294AB1C79EB122EFCA8FF648346F4515B35EDEEB13DC5E79EBC2C7E9ACCC4AC5BAA76
Malicious:	false
Reputation:	low
IE Cache URL:	https://daabaaru.com/fax/document/lib/css/login.css
Preview:	/! Copyright (C) Microsoft Corporation. All rights reserved. //*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any person

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\white_ellipsis[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	915
Entropy (8bit):	3.877322891561989
Encrypted:	false
SSDEEP:	24:t4CvnAVRf83f1QqCSzGUdiHTVtpRduf1QqCWbVHTVeUV0Uv6f1QqCWbVHTVeUV0W:fnL1QqC4GuiHFXS1QqCWRHQ3V1QqCWRV
MD5:	5AC590EE72BFE06A7CECFD75B588AD73
SHA1:	DDA2CB89A241BC424746D8CF2A22A35535094611
SHA-256:	6075736EA9C281D69C4A3D78FF97BB61B9416A5809919BABE5A0C5596F99AAEA
SHA-512:	B9135D934B9EA50B51BB0316E383B114C8F24DFE75FEF11DCBD1C96170EA59202F6BAFE11AAF534CC2F4ED334A8EA4DBE96AF2504130896D6203BFD2DA69138F
Malicious:	false
Reputation:	low
IE Cache URL:	https://daabaaru.com/fax/document/lib/img/white_ellipsis.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"><title>assets</title><path fill="#ffffff" d="M1.143,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.107,1.107,0,0,1-.446.089A1.107,1.107,0,0,1,.7,9.054a1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893A1.164,1.164,0,0,1,.7,6.946a1.107,1.107,0,0,1,.446-.089M8,6.857a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,8,6.857m6.857,0a1.107,1.107,0,0,1,.446.089,1.164,1.164,0,0,1,.607.607,1.161,1.161,0,0,1,0,.893,1.164,1.164,0,0,1-.607.607,1.161,1.161,0,0,1-.893,0,1.164,1.164,0,0,1-.607-.607,1.161,1.161,0,0,1,0-.893,1.164,1.164,0,0,1,.607-.607A1.107,1.107,0,0,1,14.857,6.857Z"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bannerlogo[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	9540
Entropy (8bit):	7.967996467719025
Encrypted:	false
SSDEEP:	192:fKCmrqpKUhHwbzguYy9g8LP16dxSzAzfie722U/76jEDzpEAi:forqphEBJ6dzzf32HsSzpzi
MD5:	633028E3E6562E7D4040E63BA949CEED
SHA1:	40FD1C8BEA780E2892F535C6971C0095C0334DE7
SHA-256:	A1BA8B90870A2394ED72F66855A85D8583749CCD37C7D89C12147172B0F0DF82
SHA-512:	B7F92F26A8F18B162D55FC1D01FF64D13A88EDA0DF6BBA475266788D89ACDF738C832B3283B4606ED5DE1F9FFE1BA76EB394890E1B53D9DFB861D8258170A764
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msauthimages.net/c1c6b6c8-io4-zs4fy-s8uub0c-ziiztiuzc8njr-nhcgotapjss/logintenantbranding/0/bannerlogo?ts=636996543392126455
Preview:	.PNG........IHDR.......<............sRGB.........gAMA......a.....pHYs..........o.d....tEXtSoftware.paint.net 4.1.6.N....$.IDATx^.}.\|....l...."....I%..z..RBBHh.w.PB $...J@.....".!..by...T,O.C.nv..?gvv33Y...?........=.....;.{g"<...]{74l..i....i?7....A.....P........E...P....t$....4.y.\|/t^..k...r.l......A..?.{GFL\|..j.\t.u8.7..A........m...3.<[r5...Y..4h...H..ngXb..kD...@H...A....{F\|.K.......H..-4..-<.....{Hf.4h.....}..{.&....k.Lb..4..Z..AK.....&.k.A......M..V....."...(dz.....4h..p8.?... .B....1..TE......8q....Qw.D.:!..6Q....##&H.4h..a93....n.E ri..c.....NH...O....W.......C.%.. .v<<=.a..Ll...Nn.B.Dt..6..N...j.A.a...0d.M...[.LF.L*..R.3..k#...H...;Z...G...4/F.....&..i..{.].......f...ra).....Gtc.K.'...4b@.yy.8......4hp..s...m.$...E..g.._.lY...r...<[._.F.b....^j..~.2q..\|......4hp..)..^EW#j.....j....u..^....B2<tIx{.S.]......%.p...b#.4h........[\|.[p.y......m[.b..\.!......p!.mn..Q9...1....c..4hP.....MK.2...ZI....fu....\.D.\.../._..!.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\myp0dplr1edpvg99v613ua80[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	5544
Entropy (8bit):	3.873797309940102
Encrypted:	false
SSDEEP:	48:1rT5EFT5ELvU2ouWmvAavqWRtUkfkGvIDdiU3UoVv:j06Doul7+kVwX/Vv
MD5:	94027E2DA1E911EBD0FBED95DFE6BB50
SHA1:	CE134805A68BFE4311BD64C6EAC7DBA87A7DFD10
SHA-256:	8C890EB69923B5CA8D7EC3D34760C8CEBD1A13342E1C277EEF1CC1CF6ED91838
SHA-512:	743934B70B4C390EA7CAA2B80AD565314420A0B6942D1EAA9CF492F58B8921223945091B9FBBC2E1732019C73E2D7A1E2DD34A39A5FC766184769D8A7633EC52
Malicious:	true
Yara Hits:	Rule: JoeSecurity_HtmlPhish_10, Description: Yara detected HtmlPhish_10, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\myp0dplr1edpvg99v613ua80[1].htm, Author: Joe Security
Reputation:	low
Preview:	<html dir=ltr lang=en>..<title>S.ig.n i...n to y.ou.r ac...cou.nt</title>..<link href=lib/img/favicon.ico rel="shortcut icon">..<link href=lib/css/login.css rel=stylesheet>..<div>.. <div>..<div class=background style=background:https://aadcdn.msauthimages.net/c1c6b6c8-io4-zs4fy-s8uub0c-ziiztiuzc8njr-nhcgotapjss/logintenantbranding/0/illustration?ts=636395932316151863> .. <div class=backgroundImage style="background-image:url(https://aadcdn.msauthimages.net/c1c6b6c8-io4-zs4fy-s8uub0c-ziiztiuzc8njr-nhcgotapjss/logintenantbranding/0/illustration?ts=636395932316151863)"></div><div class=backgroundImage style="background-image:url(https://aadcdn.msauthimages.net/c1c6b6c8-io4-zs4fy-s8uub0c-ziiztiuzc8njr-nhcgotapjss/logintenantbranding/0/illustration?ts=636395932316151863)"></div> <div class=background-overlay></div> .. </div>.. </div>.. <div ></div>.. <form method=post action=process>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
IE Cache URL:	https://daabaaru.com/fax/document/lib/img/favicon.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\illustration[1] Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 497 x 280, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	292413
Entropy (8bit):	7.993308460353361
Encrypted:	true
SSDEEP:	6144:D4mn/fYJnncC5kneJacZfS/EJFlHTKE3lWo20C5fTOYJh:D/YnfLJ1RAE520C55
MD5:	B4B22E30B93E08570B85286EEFB3A91B
SHA1:	66B30F7DAC4D69E0D7E3901663641FF21AFC4EB1
SHA-256:	A3E70BD6453F2E569E04DB73458569598C528E2112FDEEE434BABF6F8E3E0A83
SHA-512:	11B34EA66993EDD583B4ECF72652940DBF2DC136E09BA5E1746285188A0E4B0993180B38A1F992103C62658EFA2B4BE5D32866E6F6C4878A757D81E256022507
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msauthimages.net/c1c6b6c8-io4-zs4fy-s8uub0c-ziiztiuzc8njr-nhcgotapjss/logintenantbranding/0/illustration?ts=636395932316151863
Preview:	.PNG........IHDR.............Ly.7....sRGB.........gAMA......a.....pHYs..........+......tEXtSoftware.paint.net 4.0.5e.2e....IDATx^...W.........Hx..By.Ev.i$...H............DLL..1!.F.pDI.f7.....{ ......~.g.<@..U4..7qp.}.~.Y..^{.?......4..#.v.ce}+.....2.K...........}..{.;..\|.c.`?.Kcg.0.vv. "JJ...J........m%%%..W..[<...\|..:........qpp.y].u...w..q.O......Q..}..........G..0..=..N.r.$V.....p<.......\....(...(9....h.......9<......8........z5....c...}.]..\..Z.h3.c......X...(._..bum=...'..Y.=.yX...gws]...(.AEI..T..........q.n456......+..<..+k.......[....{.[QF.;......f......HTVV.w...h...]...._.G]...0.+Kbkc+.ffbd.n<}.\|.t4.....,......Y..?..O).+....;....;...AIl.m..[1:1.7.<..\|.G..P..U....-k...;.7brl$^y.......C....>#}.....1==G......;..r...e.e.........hjh.s.NGK{[,,-..\|...TTV...vl..FyEe./....Dl..Fkks447Eck[4................F.........e......j.....p....k.E.han...,cbb<&f&b.g..Z...!...FsS{.A+...:.F?.RGe...J.u............8...-.u.y3..cfe!...7.8y

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	133
Entropy (8bit):	4.800878350748012
Encrypted:	false
SSDEEP:	3:gnkAqRAdu6/GY7voOkADFoHDjLv2mXduRmQtlcdGhkceYLn:7AqJm7+mmHvLvOYwllhkceYL
MD5:	1B1EFEE01F42705B5F0E808D5B9B326E
SHA1:	97628AA6B1EF88186F3DA3BAE58E93D219405EC7
SHA-256:	1A006DDC9C8E703DC3A9353AF27AD602C96C472A11CD919DC5A1C6A4A59E1D7E
SHA-512:	BED96C6533CCCB03D32D40258B464C010BB415B33D48881EB7E0B320CC5992C7186459F1F2D0A49F6EFBB67FEAC936EEFCA246D0EEDDE0F1C7C62C1659394E00
Malicious:	false
Reputation:	low
IE Cache URL:	http://rwiqipwvnklaqkuu.ltiliqhting.com/asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=
Preview:	<script type="text/javascript">window.location.href = "https://daabaaru.com/fax/document/?Jacqueline.Schrader@rabobank.com"</script>.

C:\Users\user\AppData\Local\Temp\~DF8164221878F877A2.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	42267
Entropy (8bit):	0.8136970667119444
Encrypted:	false
SSDEEP:	192:kBqoxKAuqR+4+UluNPWPXfWwWP0WSWsWGVPW:kBqoxKAuqR+4+UluNPWPXenP79DGVO
MD5:	27B8B9A161922324ADA1FD93B02AEF49
SHA1:	51CFAE3E07AAD72086D946FFC211B5425C61EDEC
SHA-256:	4571FC4B8BCF76AE6DC4851420CD72BCC8F41CEBD531A263D145BF6F6DF72389
SHA-512:	917F4A1625A6F6D626DC812288631FB63978AF65A59937F4A23C2326C38CE1C2F47B124E8DF325805BF5F358780DA76C642E998CE7042BEFAC856D6CA384E2DD
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFCA8D72B327600857.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.47942421065485163
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loaF9lo29lWHZEljxJb7:kBqoIhnHZEl9Jb7
MD5:	DFB75F47EDB174BA88EC56C42CA3E0EF
SHA1:	168107F2857FAF458BD58C8533045CD326E51610
SHA-256:	7D9D4C50F46DB701E1C8D3C8921F732B155882128D6206E013BAC379F3FCF47F
SHA-512:	80B750E9FDB88A3B4337AC1704A8ED5C02CA75641BD5658C110499513F1392C913C6F4726BFD7DDE2F15561458370DCA96F3E2CE3BE1E3C9BB0123109A8B7B22
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFF5D05630EB173D68.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.2889869811528073
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
MD5:	834735C9C0422EAA34CE0690CF19970E
SHA1:	446820612B1BBD99E2921CD7462DDDDB5109FE7D
SHA-256:	391092BB856DF25C9ED2BDE51ED68920E7E92B3F042C86BC6FF59C3C453CA571
SHA-512:	B2ECBFE12ABA3CDBC3C6320F8F2E4B5ACE82BCE5729C61FE6C7D86BCAD1B44DE2B76808D60F49856B798CB14BCD9C623251B23336798A4BB66F32C9475DBD047
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 20, 2020 17:59:55.711420059 CET	49711	80	192.168.2.3	168.62.48.44
Nov 20, 2020 17:59:55.712136984 CET	49712	80	192.168.2.3	168.62.48.44
Nov 20, 2020 17:59:55.812665939 CET	80	49711	168.62.48.44	192.168.2.3
Nov 20, 2020 17:59:55.812863111 CET	49711	80	192.168.2.3	168.62.48.44
Nov 20, 2020 17:59:55.812994957 CET	80	49712	168.62.48.44	192.168.2.3
Nov 20, 2020 17:59:55.813087940 CET	49712	80	192.168.2.3	168.62.48.44
Nov 20, 2020 17:59:55.814938068 CET	49711	80	192.168.2.3	168.62.48.44
Nov 20, 2020 17:59:55.950814962 CET	80	49711	168.62.48.44	192.168.2.3
Nov 20, 2020 17:59:56.133583069 CET	80	49711	168.62.48.44	192.168.2.3
Nov 20, 2020 17:59:56.133799076 CET	49711	80	192.168.2.3	168.62.48.44
Nov 20, 2020 17:59:56.389200926 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:56.389796972 CET	49714	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:56.560720921 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 17:59:56.560857058 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:56.560955048 CET	443	49714	198.54.120.245	192.168.2.3
Nov 20, 2020 17:59:56.561012983 CET	49714	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:56.565922976 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:56.566257954 CET	49714	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:56.738210917 CET	443	49714	198.54.120.245	192.168.2.3
Nov 20, 2020 17:59:56.738256931 CET	443	49714	198.54.120.245	192.168.2.3
Nov 20, 2020 17:59:56.738291025 CET	49714	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:56.738293886 CET	443	49714	198.54.120.245	192.168.2.3
Nov 20, 2020 17:59:56.738311052 CET	49714	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:56.738322020 CET	443	49714	198.54.120.245	192.168.2.3
Nov 20, 2020 17:59:56.738337994 CET	49714	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:56.738378048 CET	49714	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:56.740032911 CET	443	49714	198.54.120.245	192.168.2.3
Nov 20, 2020 17:59:56.740565062 CET	49714	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:56.752310991 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 17:59:56.752353907 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 17:59:56.752393007 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 17:59:56.752418995 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 17:59:56.752507925 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:56.753484964 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 17:59:56.753537893 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:56.753556013 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:56.860771894 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:56.867084026 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:56.867261887 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:56.871304989 CET	49714	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:56.871721983 CET	49714	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:57.301753044 CET	49714	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:57.301882982 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:57.474118948 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 17:59:57.474169016 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 17:59:57.474222898 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:57.474262953 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:57.474730015 CET	443	49714	198.54.120.245	192.168.2.3
Nov 20, 2020 17:59:57.474757910 CET	443	49714	198.54.120.245	192.168.2.3
Nov 20, 2020 17:59:57.474832058 CET	49714	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:57.474869013 CET	49714	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:57.574626923 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:57.575493097 CET	49714	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:57.792448997 CET	443	49714	198.54.120.245	192.168.2.3
Nov 20, 2020 17:59:57.792896032 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 17:59:58.428229094 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 17:59:58.428524971 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:58.431499958 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 17:59:58.603157997 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:01.165499926 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:01.165695906 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:01.166729927 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:01.338139057 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:01.646173000 CET	80	49711	168.62.48.44	192.168.2.3
Nov 20, 2020 18:00:01.646358967 CET	49711	80	192.168.2.3	168.62.48.44
Nov 20, 2020 18:00:06.134412050 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:06.134438038 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:06.134510994 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:06.134543896 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:06.150233030 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:06.156639099 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:06.162856102 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:06.202255011 CET	49725	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.202673912 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.218533993 CET	443	49725	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.218697071 CET	49725	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.218818903 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.218907118 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.219861031 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.220225096 CET	49725	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.236772060 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.236800909 CET	443	49725	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.236824989 CET	443	49725	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.236848116 CET	443	49725	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.236871004 CET	443	49725	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.236886978 CET	443	49725	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.236907959 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.236933947 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.236957073 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.236974955 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.237016916 CET	49725	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.237034082 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.237046957 CET	49725	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.237052917 CET	49725	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.237078905 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.237085104 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.237720013 CET	443	49725	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.237746954 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.237840891 CET	49725	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.238430977 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.248291016 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.248888969 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.249130011 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.252440929 CET	49725	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.252815008 CET	49725	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.264803886 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.264848948 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.264956951 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.264985085 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.264997005 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.265060902 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.265754938 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.267955065 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.267999887 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.268043041 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.268044949 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.268058062 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.268083096 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.268100977 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.268122911 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.268131971 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.268165112 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.268177032 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.268207073 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.268214941 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.268248081 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.268253088 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.268296957 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.268851042 CET	443	49725	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.268889904 CET	443	49725	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.268951893 CET	49725	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.268981934 CET	49725	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.269181967 CET	443	49725	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.269253016 CET	49725	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.271995068 CET	49725	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:06.323199987 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:06.325674057 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.328186035 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:06.328350067 CET	443	49725	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:06.334045887 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:06.364706039 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:06.364742041 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:06.364763021 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:06.364788055 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:06.364811897 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:06.364835024 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:06.364856958 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:06.364880085 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:06.364840984 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:06.364902020 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:06.364924908 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:06.364994049 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:06.365003109 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:06.365006924 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:06.365011930 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:06.365017891 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:06.365020990 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:06.365025043 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:06.536456108 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:06.536555052 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:06.536668062 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:06.536689997 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:06.536714077 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:06.536725044 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:06.536746025 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:06.536763906 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:06.536770105 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:06.536794901 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:06.536825895 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:07.815510035 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:07.816750050 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.833013058 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.836198092 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.836265087 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.836308956 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.836316109 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.836348057 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.836352110 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.836361885 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.836389065 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.836410999 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.836430073 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.836447001 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.836469889 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.836488008 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.836512089 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.836528063 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.836550951 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.836570978 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.836601019 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.836611032 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.836644888 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.836659908 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.836683989 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.836703062 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.836716890 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.836746931 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.836759090 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.836776972 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.836800098 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.836818933 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.836841106 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.836859941 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.836880922 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.836896896 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.836929083 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.836946011 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.836975098 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.836990118 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.837014914 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.837033033 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.837054968 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.837083101 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.837093115 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.837107897 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.837132931 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.837152958 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.837172985 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.837196112 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.837212086 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.837230921 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.837253094 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.837272882 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.837296963 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.837316036 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.837337017 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.837359905 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.837377071 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.837394953 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.837438107 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.837445021 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.837503910 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.853801012 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.853883028 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.853919029 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.853950977 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.853996038 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854029894 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854063034 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854085922 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854113102 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854119062 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854134083 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854157925 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854160070 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854182959 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854201078 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854212999 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854240894 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854247093 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854281902 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854285955 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854320049 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854331017 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854370117 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854373932 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854414940 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854429007 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854454994 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854468107 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854496002 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854504108 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854536057 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854547977 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854574919 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854585886 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854617119 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854624987 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854660988 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854675055 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854707956 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854712009 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854754925 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854760885 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854793072 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854806900 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854832888 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854846954 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854872942 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854881048 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854911089 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854918957 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854949951 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.854964972 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.854990959 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855004072 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855041027 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855042934 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855083942 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855092049 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855123043 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855132103 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855161905 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855174065 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855201960 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855207920 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855237961 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855252028 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855278969 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855292082 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855317116 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855329990 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855366945 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855366945 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855411053 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855415106 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855448008 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855460882 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855488062 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855501890 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855528116 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855535030 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855565071 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855576992 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855604887 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855609894 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855640888 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855653048 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855690002 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855690002 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855731964 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855739117 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855772018 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855779886 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855812073 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855820894 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855851889 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855859041 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855889082 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855901003 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855928898 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855943918 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.855968952 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.855978012 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.856018066 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.856019020 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.856060982 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.856066942 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.856100082 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.856112957 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.856139898 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.856148958 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.856180906 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.856188059 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.856219053 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.856226921 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.856259108 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.856265068 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.856311083 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.872597933 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.872659922 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.872687101 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.872714996 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.872750998 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.872783899 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.872819901 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.872859001 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.872905016 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.872920990 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.872945070 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.872951984 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.872957945 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.872961998 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.872966051 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.872984886 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.872996092 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873023987 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873053074 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873061895 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873076916 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873100042 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873122931 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873143911 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873157978 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873178959 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873195887 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873224020 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873239994 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873267889 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873281956 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873305082 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873320103 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873343945 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873353958 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873394966 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873405933 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873447895 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873464108 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873483896 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873502970 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873519897 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873538971 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873558044 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873578072 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873601913 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873610020 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873641968 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873656988 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873678923 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873692989 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873716116 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873730898 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873753071 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873766899 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873789072 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873804092 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873826981 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873840094 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873864889 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873881102 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873908997 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873924017 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873950005 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.873965979 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.873987913 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874001026 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874025106 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874041080 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874062061 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874075890 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874097109 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874119043 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874135017 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874151945 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874171972 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874186039 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874216080 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874222994 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874255896 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874269962 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874291897 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874310970 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874329090 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874347925 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874366045 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874380112 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874401093 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874418020 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874438047 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874450922 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874474049 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874489069 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874519110 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874531031 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874560118 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874573946 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874594927 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874608040 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874631882 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874644041 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874669075 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874681950 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874706030 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874722004 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874742031 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874758959 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874778032 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874790907 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874821901 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874826908 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874862909 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874874115 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874897957 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874912977 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874936104 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874954939 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.874974012 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.874986887 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875010014 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875024080 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875046968 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875060081 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875083923 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875098944 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875128031 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875137091 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875169039 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875183105 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875205040 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875220060 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875241995 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875256062 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875278950 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875291109 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875329971 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875358105 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875366926 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875372887 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875402927 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875423908 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875437021 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875454903 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875473976 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875487089 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875509024 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875523090 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875556946 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875566006 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875596046 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875610113 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875632048 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875648022 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875669003 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875683069 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875705004 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875716925 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875741005 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875756025 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875776052 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875793934 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875813007 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875824928 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875857115 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875863075 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875895977 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875907898 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875930071 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875943899 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.875967979 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.875983953 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876003981 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876019955 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876039028 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876055002 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876076937 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876091003 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876111984 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876125097 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876156092 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876163006 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876194954 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876209021 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876230001 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876245022 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876266003 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876279116 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876301050 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876317024 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876336098 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876349926 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876373053 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876389027 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876409054 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876422882 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876451969 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876458883 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876492023 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876504898 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876528025 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876542091 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876564026 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876581907 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876604080 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876617908 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876638889 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876655102 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876673937 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876687050 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876708984 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876724958 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876751900 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876758099 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876791000 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876806021 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876826048 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.876846075 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.876878023 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.893311024 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.893379927 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.893444061 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.893466949 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.893507004 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.893541098 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.893564939 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.893570900 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.893596888 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.893603086 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.893604994 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.893636942 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.893636942 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.893666983 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.893675089 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.893697977 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.893703938 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.893718004 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.893728971 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.893758059 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.893773079 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.910119057 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.910183907 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.910238028 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.910269976 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.910293102 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.910306931 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.910331011 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.910336971 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.910342932 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.910345078 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.910362005 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.910377026 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.910404921 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.910407066 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.910424948 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.910439968 CET	443	49724	152.199.23.72	192.168.2.3
Nov 20, 2020 18:00:07.910456896 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.910505056 CET	49724	443	192.168.2.3	152.199.23.72
Nov 20, 2020 18:00:07.999917984 CET	443	49713	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:08.000157118 CET	49713	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:12.026854992 CET	49727	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:12.208791971 CET	443	49727	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:12.208899975 CET	49727	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:12.211103916 CET	49727	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:12.384258986 CET	443	49727	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:12.384288073 CET	443	49727	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:12.384299994 CET	443	49727	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:12.384306908 CET	443	49727	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:12.384471893 CET	49727	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:12.385561943 CET	443	49727	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:12.385709047 CET	49727	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:12.392654896 CET	49727	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:12.593614101 CET	443	49727	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:12.593796968 CET	49727	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:12.596182108 CET	49727	443	192.168.2.3	198.54.120.245
Nov 20, 2020 18:00:12.773983002 CET	443	49727	198.54.120.245	192.168.2.3
Nov 20, 2020 18:00:12.774152040 CET	49727	443	192.168.2.3	198.54.120.245

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 20, 2020 17:59:52.828905106 CET	57544	53	192.168.2.3	8.8.8.8
Nov 20, 2020 17:59:52.856132984 CET	53	57544	8.8.8.8	192.168.2.3
Nov 20, 2020 17:59:53.577507019 CET	55984	53	192.168.2.3	8.8.8.8
Nov 20, 2020 17:59:53.604475021 CET	53	55984	8.8.8.8	192.168.2.3
Nov 20, 2020 17:59:54.287421942 CET	64185	53	192.168.2.3	8.8.8.8
Nov 20, 2020 17:59:54.314631939 CET	53	64185	8.8.8.8	192.168.2.3
Nov 20, 2020 17:59:54.526159048 CET	65110	53	192.168.2.3	8.8.8.8
Nov 20, 2020 17:59:54.615294933 CET	53	65110	8.8.8.8	192.168.2.3
Nov 20, 2020 17:59:55.649369001 CET	58361	53	192.168.2.3	8.8.8.8
Nov 20, 2020 17:59:55.659660101 CET	63492	53	192.168.2.3	8.8.8.8
Nov 20, 2020 17:59:55.690960884 CET	53	58361	8.8.8.8	192.168.2.3
Nov 20, 2020 17:59:55.695153952 CET	53	63492	8.8.8.8	192.168.2.3
Nov 20, 2020 17:59:56.340729952 CET	60831	53	192.168.2.3	8.8.8.8
Nov 20, 2020 17:59:56.382381916 CET	53	60831	8.8.8.8	192.168.2.3
Nov 20, 2020 17:59:56.468293905 CET	60100	53	192.168.2.3	8.8.8.8
Nov 20, 2020 17:59:56.495450974 CET	53	60100	8.8.8.8	192.168.2.3
Nov 20, 2020 17:59:57.635884047 CET	53195	53	192.168.2.3	8.8.8.8
Nov 20, 2020 17:59:57.671668053 CET	53	53195	8.8.8.8	192.168.2.3
Nov 20, 2020 17:59:59.047538996 CET	50141	53	192.168.2.3	8.8.8.8
Nov 20, 2020 17:59:59.074980021 CET	53	50141	8.8.8.8	192.168.2.3
Nov 20, 2020 18:00:00.081125021 CET	53023	53	192.168.2.3	8.8.8.8
Nov 20, 2020 18:00:00.108449936 CET	53	53023	8.8.8.8	192.168.2.3
Nov 20, 2020 18:00:01.176451921 CET	49563	53	192.168.2.3	8.8.8.8
Nov 20, 2020 18:00:01.203773975 CET	53	49563	8.8.8.8	192.168.2.3
Nov 20, 2020 18:00:01.815476894 CET	51352	53	192.168.2.3	8.8.8.8
Nov 20, 2020 18:00:01.842518091 CET	53	51352	8.8.8.8	192.168.2.3
Nov 20, 2020 18:00:03.026276112 CET	59349	53	192.168.2.3	8.8.8.8
Nov 20, 2020 18:00:03.062134027 CET	53	59349	8.8.8.8	192.168.2.3
Nov 20, 2020 18:00:04.415446997 CET	57084	53	192.168.2.3	8.8.8.8
Nov 20, 2020 18:00:04.442562103 CET	53	57084	8.8.8.8	192.168.2.3
Nov 20, 2020 18:00:05.064898968 CET	58823	53	192.168.2.3	8.8.8.8
Nov 20, 2020 18:00:05.092598915 CET	53	58823	8.8.8.8	192.168.2.3
Nov 20, 2020 18:00:06.160326958 CET	57568	53	192.168.2.3	8.8.8.8
Nov 20, 2020 18:00:06.199795008 CET	53	57568	8.8.8.8	192.168.2.3
Nov 20, 2020 18:00:06.997919083 CET	50540	53	192.168.2.3	8.8.8.8
Nov 20, 2020 18:00:07.025255919 CET	53	50540	8.8.8.8	192.168.2.3
Nov 20, 2020 18:00:11.985373974 CET	54366	53	192.168.2.3	8.8.8.8
Nov 20, 2020 18:00:12.024426937 CET	53	54366	8.8.8.8	192.168.2.3
Nov 20, 2020 18:00:17.439239025 CET	53034	53	192.168.2.3	8.8.8.8
Nov 20, 2020 18:00:17.466114044 CET	53	53034	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Nov 20, 2020 17:59:55.649369001 CET	192.168.2.3	8.8.8.8	0x61d7	Standard query (0)	rwiqipwvnklaqkuu.ltiliqhting.com	A (IP address)	IN (0x0001)
Nov 20, 2020 17:59:56.340729952 CET	192.168.2.3	8.8.8.8	0x8c16	Standard query (0)	daabaaru.com	A (IP address)	IN (0x0001)
Nov 20, 2020 18:00:06.160326958 CET	192.168.2.3	8.8.8.8	0x8163	Standard query (0)	aadcdn.msauthimages.net	A (IP address)	IN (0x0001)
Nov 20, 2020 18:00:11.985373974 CET	192.168.2.3	8.8.8.8	0x97cc	Standard query (0)	daabaaru.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Nov 20, 2020 17:59:55.690960884 CET	8.8.8.8	192.168.2.3	0x61d7	No error (0)	rwiqipwvnklaqkuu.ltiliqhting.com		168.62.48.44	A (IP address)	IN (0x0001)
Nov 20, 2020 17:59:56.382381916 CET	8.8.8.8	192.168.2.3	0x8c16	No error (0)	daabaaru.com		198.54.120.245	A (IP address)	IN (0x0001)
Nov 20, 2020 18:00:06.199795008 CET	8.8.8.8	192.168.2.3	0x8163	No error (0)	aadcdn.msauthimages.net	aadcdn.azureedge.net		CNAME (Canonical name)	IN (0x0001)
Nov 20, 2020 18:00:06.199795008 CET	8.8.8.8	192.168.2.3	0x8163	No error (0)	cs1025.wpc.upsiloncdn.net		152.199.23.72	A (IP address)	IN (0x0001)
Nov 20, 2020 18:00:12.024426937 CET	8.8.8.8	192.168.2.3	0x97cc	No error (0)	daabaaru.com		198.54.120.245	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

rwiqipwvnklaqkuu.ltiliqhting.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49711	168.62.48.44	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Nov 20, 2020 17:59:55.814938068 CET	42	OUT	GET /asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20= HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: rwiqipwvnklaqkuu.ltiliqhting.com Connection: Keep-Alive
Nov 20, 2020 17:59:56.133583069 CET	53	IN	HTTP/1.1 200 OK Date: Fri, 20 Nov 2020 16:59:55 GMT Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1g PHP/7.2.34 X-Powered-By: PHP/7.2.34 Content-Length: 133 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 22 68 74 74 70 73 3a 2f 2f 64 61 61 62 61 61 72 75 2e 63 6f 6d 2f 66 61 78 2f 64 6f 63 75 6d 65 6e 74 2f 3f 4a 61 63 71 75 65 6c 69 6e 65 2e 53 63 68 72 61 64 65 72 40 72 61 62 6f 62 61 6e 6b 2e 63 6f 6d 22 3c 2f 73 63 72 69 70 74 3e 0a Data Ascii: <script type="text/javascript">window.location.href = "https://daabaaru.com/fax/document/?Jacqueline.Schrader@rabobank.com"</script>

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Nov 20, 2020 17:59:56.740032911 CET	198.54.120.245	443	192.168.2.3	49714	CN=daabaaru.com CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Mar 05 01:00:00 CET 2020 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019	Sat Mar 06 00:59:59 CET 2021 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Mar 12 01:00:00 CET 2019	Mon Jan 01 00:59:59 CET 2029
Nov 20, 2020 17:59:56.753484964 CET	198.54.120.245	443	192.168.2.3	49713	CN=daabaaru.com CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Mar 05 01:00:00 CET 2020 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019	Sat Mar 06 00:59:59 CET 2021 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Mar 12 01:00:00 CET 2019	Mon Jan 01 00:59:59 CET 2029
Nov 20, 2020 18:00:06.237720013 CET	152.199.23.72	443	192.168.2.3	49725	CN=aadcdn.msauthimages.net, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Sep 03 22:55:38 CEST 2020 Wed Jul 29 14:30:00 CEST 2020 Thu Aug 01 14:00:00 CEST 2013	Sun Aug 29 22:55:38 CEST 2021 Fri Jun 28 01:59:59 CEST 2024 Fri Jan 15 13:00:00 CET 2038	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Jul 29 14:30:00 CEST 2020	Fri Jun 28 01:59:59 CEST 2024
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Fri Jan 15 13:00:00 CET 2038
Nov 20, 2020 18:00:06.237746954 CET	152.199.23.72	443	192.168.2.3	49724	CN=aadcdn.msauthimages.net, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Sep 03 22:55:38 CEST 2020 Wed Jul 29 14:30:00 CEST 2020 Thu Aug 01 14:00:00 CEST 2013	Sun Aug 29 22:55:38 CEST 2021 Fri Jun 28 01:59:59 CEST 2024 Fri Jan 15 13:00:00 CET 2038	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Jul 29 14:30:00 CEST 2020	Fri Jun 28 01:59:59 CEST 2024
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Fri Jan 15 13:00:00 CET 2038
Nov 20, 2020 18:00:12.385561943 CET	198.54.120.245	443	192.168.2.3	49727	CN=daabaaru.com CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Mar 05 01:00:00 CET 2020 Fri Nov 02 01:00:00 CET 2018 Tue Mar 12 01:00:00 CET 2019	Sat Mar 06 00:59:59 CET 2021 Wed Jan 01 00:59:59 CET 2031 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Tue Mar 12 01:00:00 CET 2019	Mon Jan 01 00:59:59 CET 2029

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 5900 Parent PID: 792

General

Start time:	17:59:52
Start date:	20/11/2020
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff7ce500000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: iexplore.exe PID: 5268 Parent PID: 5900

General

Start time:	17:59:53
Start date:	20/11/2020
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5900 CREDAT:17410 /prefetch:2
Imagebase:	0x910000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report http://rwiqipwvnklaqkuu.ltiliqhting.com/asci/SmFjcXVlbGluZS5TY2hyYWRlckByYWJvYmFuay5jb20=

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Dropped Files

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 5900 Parent PID: 792

General

Chronological Activities

Analysis Process: iexplore.exe PID: 5268 Parent PID: 5900

General

Chronological Activities

Disassembly