Play interactive tour

Edit tour

Analysis Report https://n.wpslot.net/u?id=21VXS6F&ifca=D85JBJ

Overview

General Information

Sample URL:	https://n.wpslot.net/u?id=21VXS6F&ifca=D85JBJ
Analysis ID:	321425
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Startup

System is w10x64

iexplore.exe (PID: 852 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 4852 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:852 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown

DNS traffic detected: queries for: n.wpslot.net

Source: avignon-demi-webfont[1].eot.2.dr	String found in binary or memory: http://www.softmaker.dehttp://www.softmaker.dehttp://www.softmaker.de
Source: avignon-regular-webfont[1].eot.2.dr	String found in binary or memory: http://www.softmaker.dehttp://www.softmaker.dehttp://www.softmaker.deAvignonBook
Source: avignon-demi-webfont[1].eot.2.dr	String found in binary or memory: http://www.softmaker.dehttp://www.softmaker.dehttp://www.softmaker.deAvignonDemi
Source: {4E511632-2CAD-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://n.wpslot.net/u
Source: ~DFF170DD14E7BFC24B.TMP.1.dr, {4E511632-2CAD-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://n.wpslot.net/u?id=21VXS6F&ifca=D85JBJ
Source: {4E511632-2CAD-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://n.wpslot.net/u?id=21VXS6F&ifca=D85JBJRoot
Source: ~DFF170DD14E7BFC24B.TMP.1.dr	String found in binary or memory: https://n.wpslot.net/unsubscribe?id=21VXS6F&ifca=D85JBJ&confirm=true

Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702

Source: classification engine

Classification label: clean0.win@3/12@2/1

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF6FE7520CCB2DC8FD.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:852 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:852 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://n.wpslot.net/u?id=21VXS6F&ifca=D85JBJ	1%	Virustotal		Browse
https://n.wpslot.net/u?id=21VXS6F&ifca=D85JBJ	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
n.wpslot.net	1%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://www.softmaker.dehttp://www.softmaker.dehttp://www.softmaker.deAvignonBook	0%	Avira URL Cloud	safe
https://n.wpslot.net/u?id=21VXS6F&ifca=D85JBJ	1%	Virustotal		Browse
http://www.softmaker.dehttp://www.softmaker.dehttp://www.softmaker.de	0%	Avira URL Cloud	safe
https://n.wpslot.net/u?id=21VXS6F&ifca=D85JBJRoot	0%	Avira URL Cloud	safe
https://n.wpslot.net/u	0%	Avira URL Cloud	safe
http://www.softmaker.dehttp://www.softmaker.dehttp://www.softmaker.deAvignonDemi	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
n.wpslot.net	176.31.142.212	true	false	1%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://n.wpslot.net/u?id=21VXS6F&ifca=D85JBJ	false	1%, Virustotal, Browse	unknown
https://n.wpslot.net/unsubscribe?id=21VXS6F&ifca=D85JBJ&confirm=true	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.softmaker.dehttp://www.softmaker.dehttp://www.softmaker.deAvignonBook	avignon-regular-webfont[1].eot.2.dr	false	Avira URL Cloud: safe	unknown
http://www.softmaker.dehttp://www.softmaker.dehttp://www.softmaker.de	avignon-demi-webfont[1].eot.2.dr	false	Avira URL Cloud: safe	unknown
https://n.wpslot.net/u?id=21VXS6F&ifca=D85JBJRoot	{4E511632-2CAD-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://n.wpslot.net/u?id=21VXS6F&ifca=D85JBJ	~DFF170DD14E7BFC24B.TMP.1.dr, {4E511632-2CAD-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	1%, Virustotal, Browse	unknown
https://n.wpslot.net/unsubscribe?id=21VXS6F&ifca=D85JBJ&confirm=true	~DFF170DD14E7BFC24B.TMP.1.dr	false		unknown
https://n.wpslot.net/u	{4E511632-2CAD-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
http://www.softmaker.dehttp://www.softmaker.dehttp://www.softmaker.deAvignonDemi	avignon-demi-webfont[1].eot.2.dr	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
176.31.142.212	unknown	France		16276	OVHFR	false

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	321425
Start date:	22.11.2020
Start time:	02:26:37
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://n.wpslot.net/u?id=21VXS6F&ifca=D85JBJ
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@3/12@2/1
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://n.wpslot.net/unsubscribe?id=21VXS6F&ifca=D85JBJ&confirm=true
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe Excluded IPs from analysis (whitelisted): 104.83.120.32, 40.88.32.150, 13.88.21.125, 51.11.168.160, 92.122.213.194, 92.122.213.247, 2.20.84.85, 152.199.19.161, 93.184.221.240, 51.132.208.181 Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, wu.azureedge.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, go.microsoft.com, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, wu.wpc.apr-52dd2.edgecastdns.net, au-bg-shim.trafficmanager.net, fs.microsoft.com, ie9comview.vo.msecnd.net, wu.ec.azureedge.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, go.microsoft.com.edgekey.net, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net, cs9.wpc.v0cdn.net

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4E511630-2CAD-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.853079330237767
Encrypted:	false
SSDEEP:	96:rT/ZQZc2B9WNTtNAFfNIFMN5rN0NZNRfNZYScX:rbZQZc2B9WhtgfOFM7K3fbcX
MD5:	A29F1D6A21D951152D36A0F1EA2093DF
SHA1:	03C4CA567C91D9800E719B644045489B43888A18
SHA-256:	DEC2307B3A771FB96D3AEE09D5A3658DF091C4D1DD426977DBD22E593E399CFB
SHA-512:	39CF09AC06711B11B426BA140B5529C21039D7164C9ACACDD3704B1794D17D644D9E4F78231E324834CA4C57878AED1B4652D8B88FA91F7979D11A7F884C7E1F
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4E511632-2CAD-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	35780
Entropy (8bit):	1.915822050606748
Encrypted:	false
SSDEEP:	192:rJZeQS6AkkFjR2MkWBM+YTUYmz9loM9mL:r/b9NkhA4a+WBmhGUm
MD5:	9F3250368A181F986EA0A42C7FDF99CE
SHA1:	1B4564E8C59D80D2A1E55A8092A68C546A7E8A64
SHA-256:	FBD4455073FF3EFFFFAD5836D2A1189F1894B811CC24F63A2588DD70999C7A92
SHA-512:	F23E8B89DD5F810D22129FC1D737B3A2197ED8012944127E765923BD12D07D307B89385D8D28155A29383430180ED5FDD7C63C2B9A45F6FF2065E027A50CF277
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4E511633-2CAD-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5650506673374784
Encrypted:	false
SSDEEP:	48:IwPlZGcprGGwpaDlZG4pQrGrapbSZrGQpK7G7HpRMsTGIpG:rd/ZeQ576fBSZFA6TM4A
MD5:	C1160044483D4BD00D5717B4A0F44D69
SHA1:	BB0F4349AA695A62FECAFDB8F8FB0901551B79D7
SHA-256:	61E86DE67DD293D7DCB776DC0566A6E2F6728057D99A2D769BF15B967F24B7DD
SHA-512:	035EB3DB19EA171F6975BCB8B3FB926BAE04B5D560D260DB989F01D62467DD1B8367B6EABCECC4CD846F306E71EC3CD88DF00B73ACAD9E753869341250DD6559
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\site[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	39643
Entropy (8bit):	4.9098474932705
Encrypted:	false
SSDEEP:	768:VpEGTLpEG72lVfq5FZmd3sRU6Fcz5qFwBWVACb9uzl:VpEGXpEGKlVfq5A5qu
MD5:	31CBF4F283C2233B4F55A93CA5EE9CEA
SHA1:	C7D3CECF28B481100258C6450F4B557EDEA0DC31
SHA-256:	8E197478F0F830AB8E3D092DA98A8993AF2A5C98F7809A7348EF2ABD7D02689A
SHA-512:	835C6497C2C8521B06C6DB20D48B64D1CA2F649D2400E45EFA8A63D56E0B4580F48B742160FABC5F01C320441A23B3286E6F3F9640123F7C73D6DC086025C112
Malicious:	false
Reputation:	low
IE Cache URL:	https://n.wpslot.net/css/site.css?t=2020-11-10T09:26:22Z
Preview:	.clear-flex {. width: 100%;.}..clearfix::after {. content: '';. display: block;. height: 0;. opacity: 0;. clear: both;.}..display-grid {. display: -ms-grid;. display: grid;.}.* {. padding: 0;. margin: 0;. outline: 0;. border: 0;.}.select,.input {. border-radius: 0;.}.:-webkit-autofill {. -webkit-box-shadow: 0 0 0px 1000px #0b0204 inset;. -webkit-text-fill-color: #ffffff;.}.:focus:-webkit-autofill {. -webkit-box-shadow: 0 0 0px 1000px #0b0204 inset;. -webkit-text-fill-color: #ffffff;.}.input.w-input {. -moz-box-sizing: border-box;. -webkit-box-sizing: border-box;. box-sizing: border-box;. background-color: rgba(0, 0, 0, 0);. border-style: solid;. border-width: 0 0 1px;. width: 100%;. font-size: 16px;. line-height: 35px;. height: 35px;. border-color: #bdbdbd;. color: #ffffff;.}.input.w-input::-webkit-input-placeholder {. opacity: 1;. color: #bdbdbd;. font-family: 'Avignon Book Italic';.}.input.w-input:-moz-placeholder {. opacity: 1;. color: #bdbdbd;. fo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\fonts[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2813
Entropy (8bit):	5.02414750899614
Encrypted:	false
SSDEEP:	24:LFVoZNeYxJpV6N0keYYIVg3xcbeYTVV44xcbe36Tkz3i3g/:xVovx5V62kxdVgBcbx5V42cbMiK
MD5:	A5A744825560EDB0C263302D9C440692
SHA1:	0A8E3367B969932A5FB121E93F9A5F537613F5CF
SHA-256:	FE3A16D9FF2BD64874EC75B523B14ADF20FBBCA652482815DD1383AF41692336
SHA-512:	06E8FFE6700DAC6CE47C8B9925C67BCF10CCB1B45312B3C85FB357D488F3DC821DCB53AD85791E014BD42550D6DE9A9DB4C4A2907ACB35824D0DBB05A1920B2B
Malicious:	false
Reputation:	low
IE Cache URL:	https://n.wpslot.net/css/fonts.css
Preview:	/* ==========================================================================...#Fonts..========================================================================== */..@font-face {.. font-family: 'Avignon Book';.. src: url('fonts/avignon-regular-webfont.eot');.. src: url('fonts/avignon-regular-webfont.eot?#iefix') format('embedded-opentype'),.. url('fonts/avignon-regular-webfont.woff') format('woff'),.. url('fonts/avignon-regular-webfont.ttf') format('truetype'),.. url('fonts/avignon-regular-webfont.svg#avignonbook') format('svg');.. font-weight: normal;.. font-style: normal;..}....@font-face {.. font-family: 'Avignon Book Italic';.. src: url('fonts/avignon-italic-webfont.eot');.. src: url('fonts/avignon-italic-webfont.eot?#iefix') format('embedded-opentype'),.. url('fonts/avignon-italic-webfont.woff') format('woff'),.. url('fonts/avignon-italic-webfont.ttf') format('truetype'),.. url('fonts/avignon-italic-webfont.s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\avignon-demi-webfont[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Avignon family
Category:	downloaded
Size (bytes):	194038
Entropy (8bit):	5.9965382746383815
Encrypted:	false
SSDEEP:	3072:CxH7iJG48Vna2YrkiYVDbk0bGlaPQQA37YQoKGLJM/MZ1UKv9o5y3mUscwUU8dIu:CxHOG48Vna2YrkiYVDbkOG4PQQArYQoT
MD5:	40FED42EF530AD90EC281F844B0271F7
SHA1:	44AD7D546CFBE10BF4497481506784516107519D
SHA-256:	83D3FAED6C774A4577A789E7D8755DA241330292F5BEF39071E64587CD7F9F96
SHA-512:	76D904B7D1F6EC0A51BD76C4BE0383AE65984EEAFAE8A9DAB0450331E9325857365088836F1DDF6A6ED451A0510E6713A431F5C0084303A0662C08AD3EAFDE5B
Malicious:	false
Reputation:	low
IE Cache URL:	https://n.wpslot.net/css/fonts/avignon-demi-webfont.eot?
Preview:	....8.............................LP....... ...........@.....tb.....................A.v.i.g.n.o.n.....D.e.m.i...,.V.e.r.s.i.o.n. .1...0. .0.8.-.1.0.-.2.0.0.2.....A.v.i.g.n.o.n.-.D.e.m.i................0GPOSf.........^LTSHAKgq........OS/2i.=........`PCLT.F.......6VDMX{..(........cmap.:....F.....cvt ......X4....fpgm.S.1..V....sglyfTUg...X8..I.hdmx.Q~......./.head.w.....<...6hhea...6...t...$hmtx\|..E........kern............loca.V..........maxp...p....... name:*a.........post-.:2.......prep...+..X0.............bt._.<.................l@].....y...............................y...................................................../.......................2.................. ...........smak. . ............@.............. .....?...............F...........#...".k.".....7.".7...../...%...9.......9...................................;...........9...9..."...%..."...............>... .w.>...>...>... .c.>...>.......>...>.8.>...>... ...>... ...>.........M.7.a...A...S...(.......7.6...(.7.;...........f.h

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\avignon-regular-webfont[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Avignon family
Category:	downloaded
Size (bytes):	187066
Entropy (8bit):	6.03237808375965
Encrypted:	false
SSDEEP:	3072:JMip24BwzGJE9Hhwp2chr/7lyDUTENaQePSa5HMgl36jCCuFrOZZvnIL3b4SKKdj:jp24BwqE9Be2chr/7kDUTENaQePSa5BP
MD5:	589D0675883F51E3827E72C8C89B8529
SHA1:	F1A17B7A4FB7C7FC37F47D5F2FDF241EEB6C2A78
SHA-256:	51CD3B8BBD0731A2C103D58ABDBD0E5A70E8CDA6D05D7B179DF0AEC52A7CE641
SHA-512:	4C5A9A88EE14CDD892261A216AE28FF991F8275B2A1F8996AA2D26EF7709E503996A659E00E3BED1AD7A163414FC8ED23D9A23F79E264B18AA3CC29CEF44D2B5
Malicious:	false
Reputation:	low
IE Cache URL:	https://n.wpslot.net/css/fonts/avignon-regular-webfont.eot?
Preview:	..................................LP....... ...........@.....T3.....................A.v.i.g.n.o.n.....R.e.g.u.l.a.r...,.V.e.r.s.i.o.n. .1...0. .0.8.-.1.0.-.2.0.0.2.....A.v.i.g.n.o.n.-.R.e.g.u.l.a.r................0GPOS`.g.......RLTSH...j........OS/2h;=........`PCLT.F.{...d...6VDMXw..i........cmap.R.}..EL...Vcvt ......V.....fpgm.S.1..T....sglyf.F....V ..1.hdmxn...........head...N...<...6hhea.......t...$hmtxS;..........kern...G........loca. .(...,....maxp...p....... name.w`6.......5post.Z..........prep...+..V..............3T._.<...........#.....l?........F.................F.................................................................-.......................2.................. ...........smak.@. ...F.....F..@.............. .....?...............O...#...!.../.b.&...&...#.[.&.[.....9...,...........B.......#...........................B...&.......B......."...,..."......./.......H...$...H...H...H...$.s.H...H..... .H...H.H.H...H...$...H...$.8.H.........L.B.h...p...#...........[.E...2.[.`..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\u[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	984
Entropy (8bit):	5.24959414573647
Encrypted:	false
SSDEEP:	24:4WYus7pN4ODUDRh+ozxyaOpB39ZpdVP+W4T:4p7RDUaGOT3HzUT
MD5:	03B52C64057974838A53E10C7FABD569
SHA1:	8C3C666FA80EDEAF41C122FDF341037A9A0605D0
SHA-256:	0900B5CD25BFEED9BA922074A35F6D6B1C88A9C11ABA36BE12EF94E02230CFAA
SHA-512:	E59E1E47EE21769DE4F8AB0C27F9A3A46BB60961B72316C01FFED8AB11A3A77FB6888E7B9F71023C1434B79B0A7222B55DD53A999E16CB02F34DEEA3DEEA9A47
Malicious:	false
Reputation:	low
IE Cache URL:	https://n.wpslot.net/u?id=21VXS6F&ifca=D85JBJ
Preview:	.<!DOCTYPE html>.<html lang="en">.<head>. . <meta http-equiv="content-type" content="text/html; charset=UTF-8">. <meta charset="UTF-8">. <meta name="robots" content="noindex, nofollow">. <meta name="viewport" content="width=device-width, initial-scale=0.60, maximum-scale=1"> 320-->. <title>Unsubscribe</title>. <link rel="shortcut icon" href="/img/empty.ico"/>. <link rel="stylesheet" type="text/css" href="/css/fonts.css"/>. <link rel="stylesheet" type="text/css" href="/css/site.css?t=2020-11-10T09:26:22Z"/>.</head>.<body ng-app>..<div class="unsubContainer">. <p>CLICK THE BUTTON BELOW<br>TO UNSUBSCRIBE</p>. <a ng-hide="inProgress" class="w-button" ng-click="inProgress = true". href="/unsubscribe?id=21VXS6F&ifca=D85JBJ&confirm=true">UNSUBSCRIBE</a>. <div ng-cloak ng-show="inProgress" class="icon loader white"></div>.</div>..<script type="text/javascript" src="/js/angular.min.js?t=2020-11-10T09:26:22Z"></script>.</body>.</html>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\unsubscribe[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	644
Entropy (8bit):	5.0807188774889696
Encrypted:	false
SSDEEP:	12:4WYurYfD1cSN4F/d40hsM+IlM+KoRCxwdou4oQb:4WYus7pN4GUDR7ouY
MD5:	06084FB6C0D023E07F8EBE8539C3FF9D
SHA1:	51D7F27F1808C713AABB46F709EA5227EFCEB478
SHA-256:	DF65FC946597098D93F7A5C62CC5C4215064A853CE789472B4AE052942AF2C76
SHA-512:	DEB0C19968B30F0A9129466B967DC4BF30EFDC6DED936DE44A65800FBA5F3BBA0C3CC09188E36652A683B77075AE266AA76525EC941E7D0E74E21EC7E8C94AFF
Malicious:	false
Reputation:	low
IE Cache URL:	https://n.wpslot.net/unsubscribe?id=21VXS6F&ifca=D85JBJ&confirm=true
Preview:	.<!DOCTYPE html>.<html lang="en">.<head>. . <meta http-equiv="content-type" content="text/html; charset=UTF-8">. <meta charset="UTF-8">. <meta name="robots" content="noindex, nofollow">. <meta name="viewport" content="width=device-width, initial-scale=0.60, maximum-scale=1"> 320-->. <title>Unsubscribed</title>. <link rel="shortcut icon" href="/img/empty.ico"/>. <link rel="stylesheet" type="text/css" href="/css/fonts.css"/>. <link rel="stylesheet" type="text/css" href="/css/site.css?t=2020-11-10T09:26:22Z"/>.</head>.<body>..<div class="unsubContainer">. <p>YOU ARE UNSUBSCRIBED</p>.</div>..</body>.</html>

C:\Users\user\AppData\Local\Temp\~DF4C58437C8BBA4D34.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.32352424685266234
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAQHlm:kBqoxxJhHWSVSEabQFm
MD5:	B334CC71A7703CFB0B68B7A17EAEA652
SHA1:	686A9D7F16085B929613F8CA0D59ADDA9A4CB936
SHA-256:	A1DFFF06DFF69CA4F1A8A34C1AB7571F37649634DD914C8D5FAAC50A59ACD7B5
SHA-512:	01DF47CC2A9CF0D81B162A8B116950F7CE29190F4D02C7FB06C7C7C9611114A4184D7AA770964DA9AC190E706332D933BDB53375B09E5E989EAFC54E3AB32470
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF6FE7520CCB2DC8FD.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.4809905323650239
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loEF9loE9lWYANa55ZY1:kBqoI/JHNa55ZY1
MD5:	18E94463D95D440C659290B797747B97
SHA1:	63C78685C10DAEA443DEB433B751F32D4D4BCEB6
SHA-256:	1241F8E87E7579D276C7E553CCB62EF3F2F79E2132384F847D28481883239D9F
SHA-512:	FB5C0675D137F6FEEDBB7D1DEA24E9C1EA4313A48250F169B3D27B371875767BCB813DC9AF6928FCFE0A0ADDC653397A858B5353B544711AECECE2A883703086
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFF170DD14E7BFC24B.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	43773
Entropy (8bit):	0.4927093641573615
Encrypted:	false
SSDEEP:	96:kBqoxKAuvScS+WQKjQnEHJPb7VfUlIEH4zyQ:kBqoxKAuqR+WQKjQnm59+
MD5:	A8FB09A7FE4B7BE75D9431BAB41ED8BD
SHA1:	C9F67B10B41B8B1F23F2727A1E3CA0ADDF655870
SHA-256:	15D493FC54A0E8F8B5D094D34EEE1EE4D17EC301E7BCBDDB1505FB49051812A8
SHA-512:	258D9669E6BAB1C984D4A870B3DF97897BF1BC6B0E26F3BF52F2CE93A7FE1A1AD61547E20688B348710651B8778F98A7070B2C8DA57C2D108A3B544C8072673A
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 22, 2020 02:27:25.072717905 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.072726965 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.098908901 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.098963976 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.099005938 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.099127054 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.104590893 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.104890108 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.130665064 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.130705118 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.132739067 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.132781982 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.132808924 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.132824898 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.132855892 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.132880926 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.134171009 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.134211063 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.134239912 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.134309053 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.134351969 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.180610895 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.182410955 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.186165094 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.206974030 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.207088947 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.208633900 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.208767891 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.223752975 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.223795891 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.223917961 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.286611080 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.287491083 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.288181067 CET	49699	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.313575029 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.313699961 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.314079046 CET	443	49699	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.314172029 CET	49699	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.314307928 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.314898014 CET	49699	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.340835094 CET	443	49699	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.340998888 CET	443	49699	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.341089964 CET	49699	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.341474056 CET	49699	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.342242956 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.342284918 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.342315912 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.342336893 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.342395067 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.342401981 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.342976093 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.343060017 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.343060017 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.343116045 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.343154907 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.343170881 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.343177080 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.343194008 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.343216896 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.343239069 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.343255997 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.343277931 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.343295097 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.343318939 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.343337059 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.343358040 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.343372107 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.343405962 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.343409061 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.343456984 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.369466066 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.369561911 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.369605064 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.369621038 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.369638920 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.369661093 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.369668961 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.369700909 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.369723082 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.369741917 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.369755030 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.369781017 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.369801998 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.369820118 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.369827986 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.369858980 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.369874001 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.369905949 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.369906902 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.369961023 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.369975090 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.369999886 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.370014906 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.370039940 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.370059967 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.370079994 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.370096922 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.370117903 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.370131969 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.370157003 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.370172024 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.370196104 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.370210886 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.370244980 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.370249987 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.370287895 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.370302916 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.370326042 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.370342016 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.370378017 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.384114981 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.388802052 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.405795097 CET	49699	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.409521103 CET	443	49699	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.412780046 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.412842035 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.412889004 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.412925959 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.412929058 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.412956953 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.412962914 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.412966967 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.412967920 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413007021 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.413024902 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413047075 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.413067102 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413088083 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.413111925 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413126945 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.413132906 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413175106 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.413177013 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413217068 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.413223028 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413258076 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.413271904 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413290024 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.413309097 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413328886 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.413345098 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413367033 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.413388014 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413424015 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413438082 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.413480043 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.413492918 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413516998 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.413530111 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413563967 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.413569927 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413606882 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.413618088 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413645029 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.413662910 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413687944 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.413702965 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413727045 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.413739920 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413764000 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.413779974 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413804054 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.413825035 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413835049 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.413852930 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.413888931 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.416811943 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.416856050 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.416884899 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.416894913 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.416920900 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.416939020 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.416960955 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.416980982 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.416997910 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.417021036 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.417036057 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.417069912 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.417078972 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.417114019 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.417120934 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.417152882 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.417167902 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.417192936 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.417212963 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.417253017 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.431776047 CET	443	49699	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.431818962 CET	443	49699	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.431942940 CET	49699	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.439795971 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.439837933 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.439876080 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.439914942 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.439934969 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.439954996 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.439968109 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.439976931 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.439981937 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.439994097 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440032959 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440047979 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440071106 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440087080 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440094948 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440119982 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440135956 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440162897 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440177917 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440201044 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440218925 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440242052 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440257072 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440273046 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440296888 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440310955 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440327883 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440351963 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440368891 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440391064 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440404892 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440438032 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440442085 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440480947 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440495968 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440519094 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440534115 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440557957 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440573931 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440596104 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440606117 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440634012 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440649033 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440673113 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440686941 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440711021 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440726042 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440758944 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440762997 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440793037 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440815926 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440831900 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440853119 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440871954 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440891981 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440912008 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440927982 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440949917 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.440963984 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.440990925 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441008091 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441029072 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441046953 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441076040 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441077948 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441121101 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441133976 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441159010 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441173077 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441195965 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441212893 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441236973 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441253901 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441273928 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441289902 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441303968 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441323996 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441342115 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441359043 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441392899 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441417933 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441467047 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441473007 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441509008 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441546917 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441548109 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441562891 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441586971 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441601992 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441626072 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441641092 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441663980 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441679001 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441720963 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441735029 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441775084 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441788912 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441812038 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441826105 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441850901 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441864967 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441889048 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441903114 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441936970 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441943884 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.441978931 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.441988945 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.442034960 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.442040920 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.442091942 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.442101002 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.442131042 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.442147970 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.442186117 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.442193985 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.442236900 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.442245007 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.442275047 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.442291975 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.442312956 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.442326069 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.442351103 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.442358971 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.442389011 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.442411900 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.442436934 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.442454100 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.442478895 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.442493916 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.442517042 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.442559004 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.442572117 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.442949057 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.442986965 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.443017006 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.443026066 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.443052053 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.443068027 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.443073988 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.443108082 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.443126917 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.443147898 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.443165064 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.443188906 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.443207979 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.443236113 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.443237066 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.443281889 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.443290949 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.443320990 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.443336010 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.443361044 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.443377018 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.443402052 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.443418026 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.443439960 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.443460941 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.443480968 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.443490982 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.443520069 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.443535089 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.443568945 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.443569899 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.443612099 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.443619967 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.443650961 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.443666935 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.443691015 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.443706989 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.443730116 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.443744898 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.443782091 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.468458891 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.468504906 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.468542099 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.468545914 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.468556881 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.468590975 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.468600035 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.468635082 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.468653917 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.468673944 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.468693972 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.468713999 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.468734026 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.468753099 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.468766928 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.468790054 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.468805075 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.468828917 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.468837976 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.468868017 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.468882084 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.468913078 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.468915939 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.468959093 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.468966007 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.468997955 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.469021082 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.469046116 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.469055891 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.469085932 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.469099998 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.469124079 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.469139099 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.469162941 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.469177961 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.469202042 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.469218016 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.469250917 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.469253063 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.469305992 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.469424009 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.469464064 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.469480038 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.469525099 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.469540119 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.469579935 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.469594955 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.469616890 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.469645977 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.469662905 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.469679117 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.469722033 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.469734907 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.469758987 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.469774008 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.469799042 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.469814062 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.469839096 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.469854116 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.469877958 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.469894886 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.469917059 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.469933033 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.469955921 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.469973087 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.470004082 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.470005035 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.470047951 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.470057011 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.470088005 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.470103025 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.470127106 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.470145941 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.470168114 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.470184088 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.470205069 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.470221043 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.470247030 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.470256090 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.470285892 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.470299006 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.470350027 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.470354080 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.470391989 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.470400095 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.470429897 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.470444918 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.470478058 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.470484018 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.470521927 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.470530987 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.470560074 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.470578909 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.470599890 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.470614910 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.470638037 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.470652103 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.470675945 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.470690966 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.470715046 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.470724106 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.470753908 CET	443	49698	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.470767975 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.470804930 CET	49698	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.473153114 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.473195076 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.473232031 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.473236084 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.473261118 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.473278046 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.473279953 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.473334074 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.473428011 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.473472118 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.473488092 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.473510981 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.473531961 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.473551989 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.473588943 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.473613024 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.473628044 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.473660946 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.473663092 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.473705053 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.473710060 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.473743916 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.473759890 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.473784924 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.473804951 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.473825932 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.473836899 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.473867893 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.473882914 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.473908901 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.473917961 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.473949909 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.473963976 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.473998070 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.474000931 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.474042892 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.474050045 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.474081993 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.474097967 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.474123001 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.474133968 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.474164963 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.474181890 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.474205017 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.474220991 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.474246025 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.474251032 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.474284887 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.474299908 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.474333048 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.474335909 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.474375963 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.474380970 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.474412918 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.474428892 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.474453926 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.474469900 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.474570990 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.499567986 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.499670982 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.500207901 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.500248909 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.500283003 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.500287056 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.500317097 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.500341892 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.500391006 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.500391960 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.500403881 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.500432968 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.500452995 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.500495911 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.500572920 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.500621080 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.500634909 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.500663042 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.500679970 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.500703096 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.500724077 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.500742912 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.500766039 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.500782013 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.500802040 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.500821114 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.500843048 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.500860929 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.500880003 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.500927925 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.500947952 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.500997066 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.501013041 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.501058102 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.501115084 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.501152992 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.501173019 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.501192093 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.501214981 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.501230001 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.501259089 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.501302958 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.501307964 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.501348019 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.501363993 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.501411915 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.501595020 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.501632929 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.501662970 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.501671076 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.501692057 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.501709938 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.501743078 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.501746893 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.501764059 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.501785040 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.501806974 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.501821995 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.501847982 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.501868963 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.501888037 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.501933098 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.525547981 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.525688887 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.526261091 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.526299953 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.526465893 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.526518106 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.526611090 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.526669979 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.526720047 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.526786089 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.526798010 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.526840925 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.526882887 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.526949883 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.527003050 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.527040958 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.527081966 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.527142048 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.527158022 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.527184963 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.527230024 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.527282000 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.527493000 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.527535915 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.527571917 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.527574062 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.527611017 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.527616024 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.527652979 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.527684927 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.527700901 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.527750015 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.527776003 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.527793884 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.527832031 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.527832031 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.527853012 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.527869940 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.527900934 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.527909040 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.527930021 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.527973890 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.527987957 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.528028011 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.528062105 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.528099060 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.528110981 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.528160095 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.528181076 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.528240919 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.528242111 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.528284073 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.528337002 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.528367996 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.528394938 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.528409958 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.528425932 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.528470993 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.528609037 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.528650999 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.528682947 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.528687954 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.528733015 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.528772116 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.551592112 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.551711082 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.552391052 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.552439928 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.552472115 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.552520990 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.552663088 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.552704096 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.552723885 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.552742958 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.552762985 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.552783012 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.552802086 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.552855015 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.552932024 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.552973986 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.552990913 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.553037882 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.553122997 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.553164005 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.553184032 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.553201914 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.553226948 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.553239107 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.553262949 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.553308010 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.553666115 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.553728104 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.553829908 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.553869009 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.553893089 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.553925037 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.554112911 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.554153919 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.554188013 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.554214954 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.554327011 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.554363966 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.554392099 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.554414034 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.554436922 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.554456949 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.554483891 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.554529905 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.554641962 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.554676056 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.554713964 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.554740906 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.638976097 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.665349960 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.665492058 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.672939062 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:25.699378014 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:25.699459076 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:41.207684040 CET	49702	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:41.233844995 CET	443	49702	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:41.234616995 CET	49702	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:41.236747980 CET	49702	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:41.262804031 CET	443	49702	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:41.264147997 CET	443	49702	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:41.264200926 CET	443	49702	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:41.264230967 CET	443	49702	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:41.264287949 CET	49702	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:41.264333010 CET	49702	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:41.264347076 CET	49702	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:41.271589994 CET	49702	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:41.297844887 CET	443	49702	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:41.298016071 CET	49702	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:41.300178051 CET	49702	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:41.326339006 CET	443	49702	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:41.326594114 CET	49702	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:43.651869059 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:43.709692001 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:43.709851980 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:43.784924030 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:43.811012983 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:43.811108112 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:43.817390919 CET	49697	443	192.168.2.3	176.31.142.212
Nov 22, 2020 02:27:43.843434095 CET	443	49697	176.31.142.212	192.168.2.3
Nov 22, 2020 02:27:43.843525887 CET	49697	443	192.168.2.3	176.31.142.212

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 22, 2020 02:27:23.961940050 CET	51281	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:23.999130011 CET	53	51281	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:25.023294926 CET	49199	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:25.063536882 CET	53	49199	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:40.696542025 CET	50620	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:40.723726034 CET	53	50620	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:41.154623032 CET	64938	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:41.205127954 CET	53	64938	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:41.934082985 CET	60152	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:41.961347103 CET	53	60152	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:42.780378103 CET	57544	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:42.807553053 CET	53	57544	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:43.596894026 CET	55984	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:43.632548094 CET	53	55984	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:44.528425932 CET	64185	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:44.555557013 CET	53	64185	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:44.959991932 CET	65110	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:44.987231970 CET	53	65110	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:45.639411926 CET	58361	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:45.666591883 CET	53	58361	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:46.737993002 CET	63492	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:46.773919106 CET	53	63492	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:47.134888887 CET	60831	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:47.171758890 CET	53	60831	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:47.771706104 CET	60100	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:47.799355984 CET	53	60100	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:48.814776897 CET	53195	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:48.842047930 CET	53	53195	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:49.924978018 CET	50141	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:49.952255964 CET	53	50141	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:52.321197987 CET	53023	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:52.348460913 CET	53	53023	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:53.200246096 CET	49563	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:53.227458000 CET	53	49563	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:53.806734085 CET	51352	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:53.857952118 CET	53	51352	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:53.960041046 CET	59349	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:53.987236977 CET	53	59349	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:54.328712940 CET	57084	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:54.364134073 CET	53	57084	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:54.690665007 CET	58823	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:54.717962980 CET	53	58823	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:54.977780104 CET	59349	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:55.005057096 CET	53	59349	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:55.400392056 CET	57568	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:55.436291933 CET	53	57568	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:55.694684029 CET	58823	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:55.721968889 CET	53	58823	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:56.276618004 CET	59349	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:56.303874969 CET	53	59349	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:56.850744963 CET	58823	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:56.877957106 CET	53	58823	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:58.610270977 CET	59349	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:58.637526035 CET	53	59349	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:58.914940119 CET	58823	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:58.942132950 CET	53	58823	8.8.8.8	192.168.2.3
Nov 22, 2020 02:27:59.425965071 CET	50540	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:27:59.453242064 CET	53	50540	8.8.8.8	192.168.2.3
Nov 22, 2020 02:28:00.588303089 CET	54366	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:28:00.615581036 CET	53	54366	8.8.8.8	192.168.2.3
Nov 22, 2020 02:28:01.657067060 CET	53034	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:28:01.692748070 CET	53	53034	8.8.8.8	192.168.2.3
Nov 22, 2020 02:28:02.616969109 CET	59349	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:28:02.644239902 CET	53	59349	8.8.8.8	192.168.2.3
Nov 22, 2020 02:28:02.929361105 CET	58823	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:28:02.956481934 CET	53	58823	8.8.8.8	192.168.2.3
Nov 22, 2020 02:28:03.084914923 CET	57762	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:28:03.112124920 CET	53	57762	8.8.8.8	192.168.2.3
Nov 22, 2020 02:28:04.205156088 CET	55435	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:28:04.240829945 CET	53	55435	8.8.8.8	192.168.2.3
Nov 22, 2020 02:28:09.298877001 CET	50713	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:28:09.336848974 CET	53	50713	8.8.8.8	192.168.2.3
Nov 22, 2020 02:28:18.037527084 CET	56132	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:28:18.064841032 CET	53	56132	8.8.8.8	192.168.2.3
Nov 22, 2020 02:28:20.669688940 CET	58987	53	192.168.2.3	8.8.8.8
Nov 22, 2020 02:28:20.706723928 CET	53	58987	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Nov 22, 2020 02:27:25.023294926 CET	192.168.2.3	8.8.8.8	0x3c7e	Standard query (0)	n.wpslot.net	A (IP address)	IN (0x0001)
Nov 22, 2020 02:27:41.154623032 CET	192.168.2.3	8.8.8.8	0x8503	Standard query (0)	n.wpslot.net	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Nov 22, 2020 02:27:25.063536882 CET	8.8.8.8	192.168.2.3	0x3c7e	No error (0)	n.wpslot.net		176.31.142.212	A (IP address)	IN (0x0001)
Nov 22, 2020 02:27:41.205127954 CET	8.8.8.8	192.168.2.3	0x8503	No error (0)	n.wpslot.net		176.31.142.212	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Nov 22, 2020 02:27:25.132781982 CET	176.31.142.212	443	192.168.2.3	49697	CN=n.wpslot.net CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Fri Nov 06 15:45:36 CET 2020 Thu Mar 17 17:40:46 CET 2016	Thu Feb 04 15:45:36 CET 2021 Wed Mar 17 17:40:46 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 22, 2020 02:27:25.132781982 CET	176.31.142.212	443	192.168.2.3	49697	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Mar 17 17:40:46 CET 2016	Wed Mar 17 17:40:46 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Nov 22, 2020 02:27:25.134211063 CET	176.31.142.212	443	192.168.2.3	49698	CN=n.wpslot.net CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Fri Nov 06 15:45:36 CET 2020 Thu Mar 17 17:40:46 CET 2016	Thu Feb 04 15:45:36 CET 2021 Wed Mar 17 17:40:46 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 22, 2020 02:27:25.134211063 CET	176.31.142.212	443	192.168.2.3	49698	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Mar 17 17:40:46 CET 2016	Wed Mar 17 17:40:46 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Nov 22, 2020 02:27:41.264200926 CET	176.31.142.212	443	192.168.2.3	49702	CN=n.wpslot.net CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Fri Nov 06 15:45:36 CET 2020 Thu Mar 17 17:40:46 CET 2016	Thu Feb 04 15:45:36 CET 2021 Wed Mar 17 17:40:46 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Nov 22, 2020 02:27:41.264200926 CET	176.31.142.212	443	192.168.2.3	49702	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Mar 17 17:40:46 CET 2016	Wed Mar 17 17:40:46 CET 2021		37f463bf4616ecd445d4a1937da06e19

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 852 Parent PID: 792

General

Start time:	02:27:22
Start date:	22/11/2020
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff775510000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: iexplore.exe PID: 4852 Parent PID: 852

General

Start time:	02:27:23
Start date:	22/11/2020
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:852 CREDAT:17410 /prefetch:2
Imagebase:	0x80000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://n.wpslot.net/u?id=21VXS6F&ifca=D85JBJ

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 852 Parent PID: 792

General

Chronological Activities

Analysis Process: iexplore.exe PID: 4852 Parent PID: 852

General

Chronological Activities

Disassembly